2 This file is part of GNUnet.
3 (C) 2010, 2012 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file exit/gnunet-daemon-exit.c
23 * @brief tool to allow IP traffic exit from the GNUnet mesh to the Internet
24 * @author Philipp Toelke
25 * @author Christian Grothoff
31 * - which code should advertise services? the service model is right
32 * now a bit odd, especially as this code DOES the exit and knows
33 * the DNS "name", but OTOH this is clearly NOT the place to advertise
34 * the service's existence; maybe the daemon should turn into a
35 * service with an API to add local-exit services dynamically?
38 #include "gnunet_util_lib.h"
39 #include "gnunet_protocols.h"
40 #include "gnunet_applications.h"
41 #include "gnunet_mesh_service.h"
42 #include "gnunet_statistics_service.h"
43 #include "gnunet_constants.h"
44 #include "gnunet_tun_lib.h"
48 * Information about an address.
53 * AF_INET or AF_INET6.
58 * Remote address information.
63 * Address, if af is AF_INET.
68 * Address, if af is AF_INET6.
74 * IPPROTO_TCP or IPPROTO_UDP;
79 * Remote port, in host byte order!
86 * This struct is saved into the services-hashmap to represent
87 * a service this peer is specifically offering an exit for
88 * (for a specific domain name).
94 * Remote address to use for the service.
96 struct SocketAddress address;
99 * DNS name of the service.
104 * Port I am listening on within GNUnet for this service, in host
105 * byte order. (as we may redirect ports).
112 * Information we use to track a connection (the classical 6-tuple of
113 * IP-version, protocol, source-IP, destination-IP, source-port and
116 struct RedirectInformation
120 * Address information for the other party (equivalent of the
121 * arguments one would give to "connect").
123 struct SocketAddress remote_address;
126 * Address information we used locally (AF and proto must match
127 * "remote_address"). Equivalent of the arguments one would give to
130 struct SocketAddress local_address;
133 Note 1: additional information might be added here in the
134 future to support protocols that require special handling,
137 Note 2: we might also sometimes not match on all components
138 of the tuple, to support protocols where things do not always
145 * Queue of messages to a tunnel.
147 struct TunnelMessageQueue
150 * This is a doubly-linked list.
152 struct TunnelMessageQueue *next;
155 * This is a doubly-linked list.
157 struct TunnelMessageQueue *prev;
160 * Payload to send via the tunnel.
165 * Number of bytes in 'payload'.
172 * This struct is saved into connections_map to allow finding the
173 * right tunnel given an IP packet from TUN. It is also associated
174 * with the tunnel's closure so we can find it again for the next
175 * message from the tunnel.
180 * Mesh tunnel that is used for this connection.
182 struct GNUNET_MESH_Tunnel *tunnel;
185 * Heap node for this state in the connections_heap.
187 struct GNUNET_CONTAINER_HeapNode *heap_node;
190 * Key this state has in the connections_map.
192 struct GNUNET_HashCode state_key;
195 * Associated service record, or NULL for no service.
197 struct LocalService *serv;
200 * Head of DLL of messages for this tunnel.
202 struct TunnelMessageQueue *head;
205 * Tail of DLL of messages for this tunnel.
207 struct TunnelMessageQueue *tail;
210 * Active tunnel transmission request (or NULL).
212 struct GNUNET_MESH_TransmitHandle *th;
215 * Primary redirection information for this connection.
217 struct RedirectInformation ri;
223 * Return value from 'main'.
225 static int global_ret;
228 * The handle to the configuration used throughout the process
230 static const struct GNUNET_CONFIGURATION_Handle *cfg;
233 * The handle to the helper
235 static struct GNUNET_HELPER_Handle *helper_handle;
238 * Arguments to the exit helper.
240 static char *exit_argv[8];
243 * IPv6 address of our TUN interface.
245 static struct in6_addr exit_ipv6addr;
248 * IPv6 prefix (0..127) from configuration file.
250 static unsigned long long ipv6prefix;
253 * IPv4 address of our TUN interface.
255 static struct in_addr exit_ipv4addr;
258 * IPv4 netmask of our TUN interface.
260 static struct in_addr exit_ipv4mask;
266 static struct GNUNET_STATISTICS_Handle *stats;
271 static struct GNUNET_MESH_Handle *mesh_handle;
274 * This hashmaps contains the mapping from peer, service-descriptor,
275 * source-port and destination-port to a struct TunnelState
277 static struct GNUNET_CONTAINER_MultiHashMap *connections_map;
280 * Heap so we can quickly find "old" connections.
282 static struct GNUNET_CONTAINER_Heap *connections_heap;
285 * If there are at least this many connections, old ones will be removed
287 static unsigned long long max_connections;
290 * This hashmaps saves interesting things about the configured UDP services
292 static struct GNUNET_CONTAINER_MultiHashMap *udp_services;
295 * This hashmaps saves interesting things about the configured TCP services
297 static struct GNUNET_CONTAINER_MultiHashMap *tcp_services;
300 * Are we an IPv4-exit?
302 static int ipv4_exit;
305 * Are we an IPv6-exit?
307 static int ipv6_exit;
310 * Do we support IPv4 at all on the TUN interface?
312 static int ipv4_enabled;
315 * Do we support IPv6 at all on the TUN interface?
317 static int ipv6_enabled;
321 * Given IP information about a connection, calculate the respective
322 * hash we would use for the 'connections_map'.
324 * @param hash resulting hash
325 * @param ri information about the connection
328 hash_redirect_info (struct GNUNET_HashCode *hash,
329 const struct RedirectInformation *ri)
333 memset (hash, 0, sizeof (struct GNUNET_HashCode));
334 /* the GNUnet hashmap only uses the first sizeof(unsigned int) of the hash,
335 so we put the IP address in there (and hope for few collisions) */
337 switch (ri->remote_address.af)
340 memcpy (off, &ri->remote_address.address.ipv4, sizeof (struct in_addr));
341 off += sizeof (struct in_addr);
344 memcpy (off, &ri->remote_address.address.ipv6, sizeof (struct in6_addr));
345 off += sizeof (struct in_addr);
350 memcpy (off, &ri->remote_address.port, sizeof (uint16_t));
351 off += sizeof (uint16_t);
352 switch (ri->local_address.af)
355 memcpy (off, &ri->local_address.address.ipv4, sizeof (struct in_addr));
356 off += sizeof (struct in_addr);
359 memcpy (off, &ri->local_address.address.ipv6, sizeof (struct in6_addr));
360 off += sizeof (struct in_addr);
365 memcpy (off, &ri->local_address.port, sizeof (uint16_t));
366 off += sizeof (uint16_t);
367 memcpy (off, &ri->remote_address.proto, sizeof (uint8_t));
368 off += sizeof (uint8_t);
373 * Get our connection tracking state. Warns if it does not exists,
374 * refreshes the timestamp if it does exist.
376 * @param af address family
377 * @param protocol IPPROTO_UDP or IPPROTO_TCP
378 * @param destination_ip target IP
379 * @param destination_port target port
380 * @param local_ip local IP
381 * @param local_port local port
382 * @param state_key set to hash's state if non-NULL
383 * @return NULL if we have no tracking information for this tuple
385 static struct TunnelState *
386 get_redirect_state (int af,
388 const void *destination_ip,
389 uint16_t destination_port,
390 const void *local_ip,
392 struct GNUNET_HashCode *state_key)
394 struct RedirectInformation ri;
395 struct GNUNET_HashCode key;
396 struct TunnelState *state;
398 if ( ( (af == AF_INET) && (protocol == IPPROTO_ICMP) ) ||
399 ( (af == AF_INET6) && (protocol == IPPROTO_ICMPV6) ) )
402 destination_port = 0;
405 ri.remote_address.af = af;
407 ri.remote_address.address.ipv4 = *((struct in_addr*) destination_ip);
409 ri.remote_address.address.ipv6 = * ((struct in6_addr*) destination_ip);
410 ri.remote_address.port = destination_port;
411 ri.remote_address.proto = protocol;
412 ri.local_address.af = af;
414 ri.local_address.address.ipv4 = *((struct in_addr*) local_ip);
416 ri.local_address.address.ipv6 = * ((struct in6_addr*) local_ip);
417 ri.local_address.port = local_port;
418 ri.local_address.proto = protocol;
419 hash_redirect_info (&key, &ri);
420 if (NULL != state_key)
422 state = GNUNET_CONTAINER_multihashmap_get (connections_map, &key);
425 /* Mark this connection as freshly used */
426 if (NULL == state_key)
427 GNUNET_CONTAINER_heap_update_cost (connections_heap,
429 GNUNET_TIME_absolute_get ().abs_value);
435 * Given a service descriptor and a destination port, find the
436 * respective service entry.
438 * @param service_map map of services (TCP or UDP)
439 * @param desc service descriptor
440 * @param destination_port destination port
441 * @return NULL if we are not aware of such a service
443 static struct LocalService *
444 find_service (struct GNUNET_CONTAINER_MultiHashMap *service_map,
445 const struct GNUNET_HashCode *desc,
446 uint16_t destination_port)
448 char key[sizeof (struct GNUNET_HashCode) + sizeof (uint16_t)];
450 memcpy (&key[0], &destination_port, sizeof (uint16_t));
451 memcpy (&key[sizeof(uint16_t)], desc, sizeof (struct GNUNET_HashCode));
452 return GNUNET_CONTAINER_multihashmap_get (service_map,
453 (struct GNUNET_HashCode *) key);
458 * Free memory associated with a service record.
461 * @param key service descriptor
462 * @param value service record to free
466 free_service_record (void *cls,
467 const struct GNUNET_HashCode *key,
470 struct LocalService *service = value;
472 GNUNET_free_non_null (service->name);
473 GNUNET_free (service);
479 * Given a service descriptor and a destination port, find the
480 * respective service entry.
482 * @param service_map map of services (TCP or UDP)
483 * @param name name of the service
484 * @param destination_port destination port
485 * @param service service information record to store (service->name will be set).
488 store_service (struct GNUNET_CONTAINER_MultiHashMap *service_map,
490 uint16_t destination_port,
491 struct LocalService *service)
493 char key[sizeof (struct GNUNET_HashCode) + sizeof (uint16_t)];
494 struct GNUNET_HashCode desc;
496 GNUNET_CRYPTO_hash (name, strlen (name) + 1, &desc);
497 service->name = GNUNET_strdup (name);
498 memcpy (&key[0], &destination_port, sizeof (uint16_t));
499 memcpy (&key[sizeof(uint16_t)], &desc, sizeof (struct GNUNET_HashCode));
501 GNUNET_CONTAINER_multihashmap_put (service_map,
502 (struct GNUNET_HashCode *) key,
504 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
506 free_service_record (NULL, (struct GNUNET_HashCode *) key, service);
507 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
508 _("Got duplicate service records for `%s:%u'\n"),
510 (unsigned int) destination_port);
516 * MESH is ready to receive a message for the tunnel. Transmit it.
518 * @param cls the 'struct TunnelState'.
519 * @param size number of bytes available in buf
520 * @param buf where to copy the message
521 * @return number of bytes copied to buf
524 send_to_peer_notify_callback (void *cls, size_t size, void *buf)
526 struct TunnelState *s = cls;
527 struct GNUNET_MESH_Tunnel *tunnel = s->tunnel;
528 struct TunnelMessageQueue *tnq;
536 s->th = GNUNET_MESH_notify_transmit_ready (tunnel,
537 GNUNET_NO /* corking */,
538 GNUNET_TIME_UNIT_FOREVER_REL,
541 &send_to_peer_notify_callback,
545 GNUNET_assert (size >= tnq->len);
546 memcpy (buf, tnq->payload, tnq->len);
548 GNUNET_CONTAINER_DLL_remove (s->head,
552 if (NULL != (tnq = s->head))
553 s->th = GNUNET_MESH_notify_transmit_ready (tunnel,
554 GNUNET_NO /* corking */,
555 GNUNET_TIME_UNIT_FOREVER_REL,
558 &send_to_peer_notify_callback,
560 GNUNET_STATISTICS_update (stats,
561 gettext_noop ("# Bytes transmitted via mesh tunnels"),
568 * Send the given packet via the mesh tunnel.
570 * @param mesh_tunnel destination
571 * @param tnq message to queue
574 send_packet_to_mesh_tunnel (struct GNUNET_MESH_Tunnel *mesh_tunnel,
575 struct TunnelMessageQueue *tnq)
577 struct TunnelState *s;
579 s = GNUNET_MESH_tunnel_get_data (mesh_tunnel);
580 GNUNET_assert (NULL != s);
581 GNUNET_CONTAINER_DLL_insert_tail (s->head, s->tail, tnq);
583 s->th = GNUNET_MESH_notify_transmit_ready (mesh_tunnel,
584 GNUNET_NO /* cork */,
585 GNUNET_TIME_UNIT_FOREVER_REL,
587 &send_to_peer_notify_callback,
593 * @brief Handles an ICMP packet received from the helper.
595 * @param icmp A pointer to the Packet
596 * @param pktlen number of bytes in 'icmp'
597 * @param af address family (AFINET or AF_INET6)
598 * @param destination_ip destination IP-address of the IP packet (should
599 * be our local address)
600 * @param source_ip original source IP-address of the IP packet (should
601 * be the original destination address)
604 icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp,
607 const void *destination_ip,
608 const void *source_ip)
610 struct TunnelState *state;
611 struct TunnelMessageQueue *tnq;
612 struct GNUNET_EXIT_IcmpToVPNMessage *i2v;
613 const struct GNUNET_TUN_IPv4Header *ipv4;
614 const struct GNUNET_TUN_IPv6Header *ipv6;
615 const struct GNUNET_TUN_UdpHeader *udp;
617 uint16_t source_port;
618 uint16_t destination_port;
622 char sbuf[INET6_ADDRSTRLEN];
623 char dbuf[INET6_ADDRSTRLEN];
624 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
625 "Received ICMP packet going from %s to %s\n",
628 sbuf, sizeof (sbuf)),
631 dbuf, sizeof (dbuf)));
633 if (pktlen < sizeof (struct GNUNET_TUN_IcmpHeader))
640 /* Find out if this is an ICMP packet in response to an existing
641 TCP/UDP packet and if so, figure out ports / protocol of the
642 existing session from the IP data in the ICMP payload */
644 destination_port = 0;
648 protocol = IPPROTO_ICMP;
651 case GNUNET_TUN_ICMPTYPE_ECHO_REPLY:
652 case GNUNET_TUN_ICMPTYPE_ECHO_REQUEST:
654 case GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE:
655 case GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH:
656 case GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED:
658 sizeof (struct GNUNET_TUN_IcmpHeader) +
659 sizeof (struct GNUNET_TUN_IPv4Header) + 8)
665 ipv4 = (const struct GNUNET_TUN_IPv4Header *) &icmp[1];
666 protocol = ipv4->protocol;
667 /* could be TCP or UDP, but both have the ports in the right
668 place, so that doesn't matter here */
669 udp = (const struct GNUNET_TUN_UdpHeader *) &ipv4[1];
670 /* swap ports, as they are from the original message */
671 destination_port = ntohs (udp->source_port);
672 source_port = ntohs (udp->destination_port);
673 /* throw away ICMP payload, won't be useful for the other side anyway */
674 pktlen = sizeof (struct GNUNET_TUN_IcmpHeader);
677 GNUNET_STATISTICS_update (stats,
678 gettext_noop ("# ICMPv4 packets dropped (type not allowed)"),
684 protocol = IPPROTO_ICMPV6;
687 case GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE:
688 case GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG:
689 case GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED:
690 case GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM:
692 sizeof (struct GNUNET_TUN_IcmpHeader) +
693 sizeof (struct GNUNET_TUN_IPv6Header) + 8)
699 ipv6 = (const struct GNUNET_TUN_IPv6Header *) &icmp[1];
700 protocol = ipv6->next_header;
701 /* could be TCP or UDP, but both have the ports in the right
702 place, so that doesn't matter here */
703 udp = (const struct GNUNET_TUN_UdpHeader *) &ipv6[1];
704 /* swap ports, as they are from the original message */
705 destination_port = ntohs (udp->source_port);
706 source_port = ntohs (udp->destination_port);
707 /* throw away ICMP payload, won't be useful for the other side anyway */
708 pktlen = sizeof (struct GNUNET_TUN_IcmpHeader);
710 case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST:
711 case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY:
714 GNUNET_STATISTICS_update (stats,
715 gettext_noop ("# ICMPv6 packets dropped (type not allowed)"),
726 state = get_redirect_state (af, IPPROTO_ICMP,
732 state = get_redirect_state (af, IPPROTO_ICMPV6,
738 state = get_redirect_state (af, IPPROTO_UDP,
746 state = get_redirect_state (af, IPPROTO_TCP,
754 GNUNET_STATISTICS_update (stats,
755 gettext_noop ("# ICMP packets dropped (not allowed)"),
761 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
762 _("ICMP Packet dropped, have no matching connection information\n"));
765 mlen = sizeof (struct GNUNET_EXIT_IcmpToVPNMessage) + pktlen - sizeof (struct GNUNET_TUN_IcmpHeader);
766 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueue) + mlen);
767 tnq->payload = &tnq[1];
769 i2v = (struct GNUNET_EXIT_IcmpToVPNMessage *) &tnq[1];
770 i2v->header.size = htons ((uint16_t) mlen);
771 i2v->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_VPN);
772 i2v->af = htonl (af);
773 memcpy (&i2v->icmp_header,
776 send_packet_to_mesh_tunnel (state->tunnel,
782 * @brief Handles an UDP packet received from the helper.
784 * @param udp A pointer to the Packet
785 * @param pktlen number of bytes in 'udp'
786 * @param af address family (AFINET or AF_INET6)
787 * @param destination_ip destination IP-address of the IP packet (should
788 * be our local address)
789 * @param source_ip original source IP-address of the IP packet (should
790 * be the original destination address)
793 udp_from_helper (const struct GNUNET_TUN_UdpHeader *udp,
796 const void *destination_ip,
797 const void *source_ip)
799 struct TunnelState *state;
800 struct TunnelMessageQueue *tnq;
801 struct GNUNET_EXIT_UdpReplyMessage *urm;
805 char sbuf[INET6_ADDRSTRLEN];
806 char dbuf[INET6_ADDRSTRLEN];
807 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
808 "Received UDP packet going from %s:%u to %s:%u\n",
811 sbuf, sizeof (sbuf)),
812 (unsigned int) ntohs (udp->source_port),
815 dbuf, sizeof (dbuf)),
816 (unsigned int) ntohs (udp->destination_port));
818 if (pktlen < sizeof (struct GNUNET_TUN_UdpHeader))
824 if (pktlen != ntohs (udp->len))
830 state = get_redirect_state (af, IPPROTO_UDP,
832 ntohs (udp->source_port),
834 ntohs (udp->destination_port),
838 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
839 _("UDP Packet dropped, have no matching connection information\n"));
842 mlen = sizeof (struct GNUNET_EXIT_UdpReplyMessage) + pktlen - sizeof (struct GNUNET_TUN_UdpHeader);
843 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueue) + mlen);
844 tnq->payload = &tnq[1];
846 urm = (struct GNUNET_EXIT_UdpReplyMessage *) &tnq[1];
847 urm->header.size = htons ((uint16_t) mlen);
848 urm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_UDP_REPLY);
849 urm->source_port = htons (0);
850 urm->destination_port = htons (0);
853 pktlen - sizeof (struct GNUNET_TUN_UdpHeader));
854 send_packet_to_mesh_tunnel (state->tunnel,
860 * @brief Handles a TCP packet received from the helper.
862 * @param tcp A pointer to the Packet
863 * @param pktlen the length of the packet, including its TCP header
864 * @param af address family (AFINET or AF_INET6)
865 * @param destination_ip destination IP-address of the IP packet (should
866 * be our local address)
867 * @param source_ip original source IP-address of the IP packet (should
868 * be the original destination address)
871 tcp_from_helper (const struct GNUNET_TUN_TcpHeader *tcp,
874 const void *destination_ip,
875 const void *source_ip)
877 struct TunnelState *state;
878 char buf[pktlen] GNUNET_ALIGN;
879 struct GNUNET_TUN_TcpHeader *mtcp;
880 struct GNUNET_EXIT_TcpDataMessage *tdm;
881 struct TunnelMessageQueue *tnq;
885 char sbuf[INET6_ADDRSTRLEN];
886 char dbuf[INET6_ADDRSTRLEN];
887 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
888 "Received TCP packet with %u bytes going from %s:%u to %s:%u\n",
889 pktlen - sizeof (struct GNUNET_TUN_TcpHeader),
892 sbuf, sizeof (sbuf)),
893 (unsigned int) ntohs (tcp->source_port),
896 dbuf, sizeof (dbuf)),
897 (unsigned int) ntohs (tcp->destination_port));
899 if (pktlen < sizeof (struct GNUNET_TUN_TcpHeader))
905 state = get_redirect_state (af, IPPROTO_TCP,
907 ntohs (tcp->source_port),
909 ntohs (tcp->destination_port),
913 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
914 _("TCP Packet dropped, have no matching connection information\n"));
918 /* mug port numbers and crc to avoid information leakage;
919 sender will need to lookup the correct values anyway */
920 memcpy (buf, tcp, pktlen);
921 mtcp = (struct GNUNET_TUN_TcpHeader *) buf;
922 mtcp->source_port = 0;
923 mtcp->destination_port = 0;
926 mlen = sizeof (struct GNUNET_EXIT_TcpDataMessage) + (pktlen - sizeof (struct GNUNET_TUN_TcpHeader));
927 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
933 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueue) + mlen);
934 tnq->payload = &tnq[1];
936 tdm = (struct GNUNET_EXIT_TcpDataMessage *) &tnq[1];
937 tdm->header.size = htons ((uint16_t) mlen);
938 tdm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_VPN);
939 tdm->reserved = htonl (0);
940 memcpy (&tdm->tcp_header,
943 send_packet_to_mesh_tunnel (state->tunnel,
949 * Receive packets from the helper-process
952 * @param client unsued
953 * @param message message received from helper
956 message_token (void *cls GNUNET_UNUSED, void *client GNUNET_UNUSED,
957 const struct GNUNET_MessageHeader *message)
959 const struct GNUNET_TUN_Layer2PacketHeader *pkt_tun;
962 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
963 "Got %u-byte message of type %u from gnunet-helper-exit\n",
964 ntohs (message->size),
965 ntohs (message->type));
966 GNUNET_STATISTICS_update (stats,
967 gettext_noop ("# Packets received from TUN"),
969 if (ntohs (message->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER)
974 size = ntohs (message->size);
975 if (size < sizeof (struct GNUNET_TUN_Layer2PacketHeader) + sizeof (struct GNUNET_MessageHeader))
980 GNUNET_STATISTICS_update (stats,
981 gettext_noop ("# Bytes received from TUN"),
983 pkt_tun = (const struct GNUNET_TUN_Layer2PacketHeader *) &message[1];
984 size -= sizeof (struct GNUNET_TUN_Layer2PacketHeader) + sizeof (struct GNUNET_MessageHeader);
985 switch (ntohs (pkt_tun->proto))
989 const struct GNUNET_TUN_IPv4Header *pkt4;
991 if (size < sizeof (struct GNUNET_TUN_IPv4Header))
993 /* Kernel to blame? */
997 pkt4 = (const struct GNUNET_TUN_IPv4Header *) &pkt_tun[1];
998 if (size != ntohs (pkt4->total_length))
1000 /* Kernel to blame? */
1004 if (pkt4->header_length * 4 != sizeof (struct GNUNET_TUN_IPv4Header))
1006 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1007 _("IPv4 packet options received. Ignored.\n"));
1011 size -= sizeof (struct GNUNET_TUN_IPv4Header);
1012 switch (pkt4->protocol)
1015 udp_from_helper ((const struct GNUNET_TUN_UdpHeader *) &pkt4[1], size,
1017 &pkt4->destination_address,
1018 &pkt4->source_address);
1021 tcp_from_helper ((const struct GNUNET_TUN_TcpHeader *) &pkt4[1], size,
1023 &pkt4->destination_address,
1024 &pkt4->source_address);
1027 icmp_from_helper ((const struct GNUNET_TUN_IcmpHeader *) &pkt4[1], size,
1029 &pkt4->destination_address,
1030 &pkt4->source_address);
1033 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1034 _("IPv4 packet with unsupported next header %u received. Ignored.\n"),
1035 (int) pkt4->protocol);
1042 const struct GNUNET_TUN_IPv6Header *pkt6;
1044 if (size < sizeof (struct GNUNET_TUN_IPv6Header))
1046 /* Kernel to blame? */
1050 pkt6 = (struct GNUNET_TUN_IPv6Header *) &pkt_tun[1];
1051 if (size != ntohs (pkt6->payload_length) + sizeof (struct GNUNET_TUN_IPv6Header))
1053 /* Kernel to blame? */
1057 size -= sizeof (struct GNUNET_TUN_IPv6Header);
1058 switch (pkt6->next_header)
1061 udp_from_helper ((const struct GNUNET_TUN_UdpHeader *) &pkt6[1], size,
1063 &pkt6->destination_address,
1064 &pkt6->source_address);
1067 tcp_from_helper ((const struct GNUNET_TUN_TcpHeader *) &pkt6[1], size,
1069 &pkt6->destination_address,
1070 &pkt6->source_address);
1072 case IPPROTO_ICMPV6:
1073 icmp_from_helper ((const struct GNUNET_TUN_IcmpHeader *) &pkt6[1], size,
1075 &pkt6->destination_address,
1076 &pkt6->source_address);
1079 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1080 _("IPv6 packet with unsupported next header %d received. Ignored.\n"),
1087 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1088 _("Packet from unknown protocol %u received. Ignored.\n"),
1089 ntohs (pkt_tun->proto));
1097 * We need to create a (unique) fresh local address (IP+port).
1100 * @param af desired address family
1101 * @param proto desired protocol (IPPROTO_UDP or IPPROTO_TCP)
1102 * @param local_address address to initialize
1105 setup_fresh_address (int af,
1107 struct SocketAddress *local_address)
1109 local_address->af = af;
1110 local_address->proto = (uint8_t) proto;
1111 /* default "local" port range is often 32768--61000,
1112 so we pick a random value in that range */
1113 if ( ( (af == AF_INET) && (proto == IPPROTO_ICMP) ) ||
1114 ( (af == AF_INET6) && (proto == IPPROTO_ICMPV6) ) )
1115 local_address->port = 0;
1118 = (uint16_t) 32768 + GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1124 struct in_addr addr;
1125 struct in_addr mask;
1128 addr = exit_ipv4addr;
1129 mask = exit_ipv4mask;
1130 if (0 == ~mask.s_addr)
1132 /* only one valid IP anyway */
1133 local_address->address.ipv4 = addr;
1136 /* Given 192.168.0.1/255.255.0.0, we want a mask
1137 of '192.168.255.255', thus: */
1138 mask.s_addr = addr.s_addr | ~mask.s_addr;
1139 /* Pick random IPv4 address within the subnet, except 'addr' or 'mask' itself */
1142 rnd.s_addr = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1144 local_address->address.ipv4.s_addr = (addr.s_addr | rnd.s_addr) & mask.s_addr;
1146 while ( (local_address->address.ipv4.s_addr == addr.s_addr) ||
1147 (local_address->address.ipv4.s_addr == mask.s_addr) );
1152 struct in6_addr addr;
1153 struct in6_addr mask;
1154 struct in6_addr rnd;
1157 addr = exit_ipv6addr;
1158 GNUNET_assert (ipv6prefix < 128);
1159 if (ipv6prefix == 127)
1161 /* only one valid IP anyway */
1162 local_address->address.ipv6 = addr;
1165 /* Given ABCD::/96, we want a mask of 'ABCD::FFFF:FFFF,
1168 for (i=127;i>=ipv6prefix;i--)
1169 mask.s6_addr[i / 8] |= (1 << (i % 8));
1171 /* Pick random IPv6 address within the subnet, except 'addr' or 'mask' itself */
1176 rnd.s6_addr[i] = (unsigned char) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1178 local_address->address.ipv6.s6_addr[i]
1179 = (addr.s6_addr[i] | rnd.s6_addr[i]) & mask.s6_addr[i];
1182 while ( (0 == memcmp (&local_address->address.ipv6,
1184 sizeof (struct in6_addr))) ||
1185 (0 == memcmp (&local_address->address.ipv6,
1187 sizeof (struct in6_addr))) );
1197 * We are starting a fresh connection (TCP or UDP) and need
1198 * to pick a source port and IP address (within the correct
1199 * range and address family) to associate replies with the
1200 * connection / correct mesh tunnel. This function generates
1201 * a "fresh" source IP and source port number for a connection
1202 * After picking a good source address, this function sets up
1203 * the state in the 'connections_map' and 'connections_heap'
1204 * to allow finding the state when needed later. The function
1205 * also makes sure that we remain within memory limits by
1206 * cleaning up 'old' states.
1208 * @param state skeleton state to setup a record for; should
1209 * 'state->ri.remote_address' filled in so that
1210 * this code can determine which AF/protocol is
1211 * going to be used (the 'tunnel' should also
1212 * already be set); after calling this function,
1213 * heap_node and the local_address will be
1214 * also initialized (heap_node != NULL can be
1215 * used to test if a state has been fully setup).
1218 setup_state_record (struct TunnelState *state)
1220 struct GNUNET_HashCode key;
1221 struct TunnelState *s;
1223 /* generate fresh, unique address */
1226 if (NULL == state->serv)
1227 setup_fresh_address (state->ri.remote_address.af,
1228 state->ri.remote_address.proto,
1229 &state->ri.local_address);
1231 setup_fresh_address (state->serv->address.af,
1232 state->serv->address.proto,
1233 &state->ri.local_address);
1234 } while (NULL != get_redirect_state (state->ri.remote_address.af,
1235 state->ri.remote_address.proto,
1236 &state->ri.remote_address.address,
1237 state->ri.remote_address.port,
1238 &state->ri.local_address.address,
1239 state->ri.local_address.port,
1242 char buf[INET6_ADDRSTRLEN];
1243 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1244 "Picked local address %s:%u for new connection\n",
1245 inet_ntop (state->ri.local_address.af,
1246 &state->ri.local_address.address,
1248 (unsigned int) state->ri.local_address.port);
1250 state->state_key = key;
1251 GNUNET_assert (GNUNET_OK ==
1252 GNUNET_CONTAINER_multihashmap_put (connections_map,
1254 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
1255 state->heap_node = GNUNET_CONTAINER_heap_insert (connections_heap,
1257 GNUNET_TIME_absolute_get ().abs_value);
1258 while (GNUNET_CONTAINER_heap_get_size (connections_heap) > max_connections)
1260 s = GNUNET_CONTAINER_heap_remove_root (connections_heap);
1261 GNUNET_assert (state != s);
1262 s->heap_node = NULL;
1263 GNUNET_MESH_tunnel_destroy (s->tunnel);
1264 GNUNET_assert (GNUNET_OK ==
1265 GNUNET_CONTAINER_multihashmap_remove (connections_map,
1274 * Prepare an IPv4 packet for transmission via the TUN interface.
1275 * Initializes the IP header and calculates checksums (IP+UDP/TCP).
1276 * For UDP, the UDP header will be fully created, whereas for TCP
1277 * only the ports and checksum will be filled in. So for TCP,
1278 * a skeleton TCP header must be part of the provided payload.
1280 * @param payload payload of the packet (starting with UDP payload or
1281 * TCP header, depending on protocol)
1282 * @param payload_length number of bytes in 'payload'
1283 * @param protocol IPPROTO_UDP or IPPROTO_TCP
1284 * @param tcp_header skeleton of the TCP header, NULL for UDP
1285 * @param src_address source address to use (IP and port)
1286 * @param dst_address destination address to use (IP and port)
1287 * @param pkt4 where to write the assembled packet; must
1288 * contain enough space for the IP header, UDP/TCP header
1292 prepare_ipv4_packet (const void *payload, size_t payload_length,
1294 const struct GNUNET_TUN_TcpHeader *tcp_header,
1295 const struct SocketAddress *src_address,
1296 const struct SocketAddress *dst_address,
1297 struct GNUNET_TUN_IPv4Header *pkt4)
1301 len = payload_length;
1305 len += sizeof (struct GNUNET_TUN_UdpHeader);
1308 len += sizeof (struct GNUNET_TUN_TcpHeader);
1309 GNUNET_assert (NULL != tcp_header);
1315 if (len + sizeof (struct GNUNET_TUN_IPv4Header) > UINT16_MAX)
1321 GNUNET_TUN_initialize_ipv4_header (pkt4,
1324 &src_address->address.ipv4,
1325 &dst_address->address.ipv4);
1330 struct GNUNET_TUN_UdpHeader *pkt4_udp = (struct GNUNET_TUN_UdpHeader *) &pkt4[1];
1332 pkt4_udp->source_port = htons (src_address->port);
1333 pkt4_udp->destination_port = htons (dst_address->port);
1334 pkt4_udp->len = htons ((uint16_t) payload_length);
1335 GNUNET_TUN_calculate_udp4_checksum (pkt4,
1337 payload, payload_length);
1338 memcpy (&pkt4_udp[1], payload, payload_length);
1343 struct GNUNET_TUN_TcpHeader *pkt4_tcp = (struct GNUNET_TUN_TcpHeader *) &pkt4[1];
1345 *pkt4_tcp = *tcp_header;
1346 pkt4_tcp->source_port = htons (src_address->port);
1347 pkt4_tcp->destination_port = htons (dst_address->port);
1348 GNUNET_TUN_calculate_tcp4_checksum (pkt4,
1352 memcpy (&pkt4_tcp[1], payload, payload_length);
1362 * Prepare an IPv6 packet for transmission via the TUN interface.
1363 * Initializes the IP header and calculates checksums (IP+UDP/TCP).
1364 * For UDP, the UDP header will be fully created, whereas for TCP
1365 * only the ports and checksum will be filled in. So for TCP,
1366 * a skeleton TCP header must be part of the provided payload.
1368 * @param payload payload of the packet (starting with UDP payload or
1369 * TCP header, depending on protocol)
1370 * @param payload_length number of bytes in 'payload'
1371 * @param protocol IPPROTO_UDP or IPPROTO_TCP
1372 * @param tcp_header skeleton TCP header data to send, NULL for UDP
1373 * @param src_address source address to use (IP and port)
1374 * @param dst_address destination address to use (IP and port)
1375 * @param pkt6 where to write the assembled packet; must
1376 * contain enough space for the IP header, UDP/TCP header
1380 prepare_ipv6_packet (const void *payload, size_t payload_length,
1382 const struct GNUNET_TUN_TcpHeader *tcp_header,
1383 const struct SocketAddress *src_address,
1384 const struct SocketAddress *dst_address,
1385 struct GNUNET_TUN_IPv6Header *pkt6)
1389 len = payload_length;
1393 len += sizeof (struct GNUNET_TUN_UdpHeader);
1396 len += sizeof (struct GNUNET_TUN_TcpHeader);
1402 if (len > UINT16_MAX)
1408 GNUNET_TUN_initialize_ipv6_header (pkt6,
1411 &src_address->address.ipv6,
1412 &dst_address->address.ipv6);
1418 struct GNUNET_TUN_UdpHeader *pkt6_udp = (struct GNUNET_TUN_UdpHeader *) &pkt6[1];
1420 pkt6_udp->source_port = htons (src_address->port);
1421 pkt6_udp->destination_port = htons (dst_address->port);
1422 pkt6_udp->len = htons ((uint16_t) payload_length);
1423 GNUNET_TUN_calculate_udp6_checksum (pkt6,
1427 memcpy (&pkt6_udp[1], payload, payload_length);
1432 struct GNUNET_TUN_TcpHeader *pkt6_tcp = (struct GNUNET_TUN_TcpHeader *) &pkt6[1];
1434 /* memcpy first here as some TCP header fields are initialized this way! */
1435 *pkt6_tcp = *tcp_header;
1436 pkt6_tcp->source_port = htons (src_address->port);
1437 pkt6_tcp->destination_port = htons (dst_address->port);
1438 GNUNET_TUN_calculate_tcp6_checksum (pkt6,
1442 memcpy (&pkt6_tcp[1], payload, payload_length);
1453 * Send a TCP packet via the TUN interface.
1455 * @param destination_address IP and port to use for the TCP packet's destination
1456 * @param source_address IP and port to use for the TCP packet's source
1457 * @param tcp_header header template to use
1458 * @param payload payload of the TCP packet
1459 * @param payload_length number of bytes in 'payload'
1462 send_tcp_packet_via_tun (const struct SocketAddress *destination_address,
1463 const struct SocketAddress *source_address,
1464 const struct GNUNET_TUN_TcpHeader *tcp_header,
1465 const void *payload, size_t payload_length)
1469 GNUNET_STATISTICS_update (stats,
1470 gettext_noop ("# TCP packets sent via TUN"),
1472 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1473 "Sending packet with %u bytes TCP payload via TUN\n",
1474 (unsigned int) payload_length);
1475 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
1476 switch (source_address->af)
1479 len += sizeof (struct GNUNET_TUN_IPv4Header);
1482 len += sizeof (struct GNUNET_TUN_IPv6Header);
1488 len += sizeof (struct GNUNET_TUN_TcpHeader);
1489 len += payload_length;
1490 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1496 char buf[len] GNUNET_ALIGN;
1497 struct GNUNET_MessageHeader *hdr;
1498 struct GNUNET_TUN_Layer2PacketHeader *tun;
1500 hdr = (struct GNUNET_MessageHeader *) buf;
1501 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1502 hdr->size = htons (len);
1503 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
1504 tun->flags = htons (0);
1505 switch (source_address->af)
1509 struct GNUNET_TUN_IPv4Header * ipv4 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
1511 tun->proto = htons (ETH_P_IPV4);
1512 prepare_ipv4_packet (payload, payload_length,
1516 destination_address,
1522 struct GNUNET_TUN_IPv6Header * ipv6 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
1524 tun->proto = htons (ETH_P_IPV6);
1525 prepare_ipv6_packet (payload, payload_length,
1529 destination_address,
1537 (void) GNUNET_HELPER_send (helper_handle,
1538 (const struct GNUNET_MessageHeader*) buf,
1546 * Process a request via mesh to send a request to a TCP service
1547 * offered by this system.
1549 * @param cls closure, NULL
1550 * @param tunnel connection to the other end
1551 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1552 * @param sender who sent the message
1553 * @param message the actual message
1554 * @param atsi performance data for the connection
1555 * @return GNUNET_OK to keep the connection open,
1556 * GNUNET_SYSERR to close it (signal serious error)
1559 receive_tcp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1560 void **tunnel_ctx GNUNET_UNUSED,
1561 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1562 const struct GNUNET_MessageHeader *message,
1563 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1565 struct TunnelState *state = *tunnel_ctx;
1566 const struct GNUNET_EXIT_TcpServiceStartMessage *start;
1567 uint16_t pkt_len = ntohs (message->size);
1569 GNUNET_STATISTICS_update (stats,
1570 gettext_noop ("# TCP service creation requests received via mesh"),
1572 GNUNET_STATISTICS_update (stats,
1573 gettext_noop ("# Bytes received from MESH"),
1574 pkt_len, GNUNET_NO);
1575 /* check that we got at least a valid header */
1576 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpServiceStartMessage))
1578 GNUNET_break_op (0);
1579 return GNUNET_SYSERR;
1581 start = (const struct GNUNET_EXIT_TcpServiceStartMessage*) message;
1582 pkt_len -= sizeof (struct GNUNET_EXIT_TcpServiceStartMessage);
1583 if ( (NULL == state) ||
1584 (NULL != state->serv) ||
1585 (NULL != state->heap_node) )
1587 GNUNET_break_op (0);
1588 return GNUNET_SYSERR;
1590 if (start->tcp_header.off * 4 < sizeof (struct GNUNET_TUN_TcpHeader))
1592 GNUNET_break_op (0);
1593 return GNUNET_SYSERR;
1595 GNUNET_break_op (ntohl (start->reserved) == 0);
1596 /* setup fresh connection */
1597 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1598 "Received data from %s for forwarding to TCP service %s on port %u\n",
1599 GNUNET_i2s (sender),
1600 GNUNET_h2s (&start->service_descriptor),
1601 (unsigned int) ntohs (start->tcp_header.destination_port));
1602 if (NULL == (state->serv = find_service (tcp_services, &start->service_descriptor,
1603 ntohs (start->tcp_header.destination_port))))
1605 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1606 _("No service found for %s on port %d!\n"),
1608 ntohs (start->tcp_header.destination_port));
1609 GNUNET_STATISTICS_update (stats,
1610 gettext_noop ("# TCP requests dropped (no such service)"),
1612 return GNUNET_SYSERR;
1614 state->ri.remote_address = state->serv->address;
1615 setup_state_record (state);
1616 send_tcp_packet_via_tun (&state->ri.remote_address,
1617 &state->ri.local_address,
1619 &start[1], pkt_len);
1625 * Process a request to forward TCP data to the Internet via this peer.
1627 * @param cls closure, NULL
1628 * @param tunnel connection to the other end
1629 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1630 * @param sender who sent the message
1631 * @param message the actual message
1632 * @param atsi performance data for the connection
1633 * @return GNUNET_OK to keep the connection open,
1634 * GNUNET_SYSERR to close it (signal serious error)
1637 receive_tcp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1638 void **tunnel_ctx GNUNET_UNUSED,
1639 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1640 const struct GNUNET_MessageHeader *message,
1641 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1643 struct TunnelState *state = *tunnel_ctx;
1644 const struct GNUNET_EXIT_TcpInternetStartMessage *start;
1645 uint16_t pkt_len = ntohs (message->size);
1646 const struct in_addr *v4;
1647 const struct in6_addr *v6;
1648 const void *payload;
1651 GNUNET_STATISTICS_update (stats,
1652 gettext_noop ("# Bytes received from MESH"),
1653 pkt_len, GNUNET_NO);
1654 GNUNET_STATISTICS_update (stats,
1655 gettext_noop ("# TCP IP-exit creation requests received via mesh"),
1657 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpInternetStartMessage))
1659 GNUNET_break_op (0);
1660 return GNUNET_SYSERR;
1662 start = (const struct GNUNET_EXIT_TcpInternetStartMessage*) message;
1663 pkt_len -= sizeof (struct GNUNET_EXIT_TcpInternetStartMessage);
1664 if ( (NULL == state) ||
1665 (NULL != state->serv) ||
1666 (NULL != state->heap_node) )
1668 GNUNET_break_op (0);
1669 return GNUNET_SYSERR;
1671 if (start->tcp_header.off * 4 < sizeof (struct GNUNET_TUN_TcpHeader))
1673 GNUNET_break_op (0);
1674 return GNUNET_SYSERR;
1676 af = (int) ntohl (start->af);
1677 state->ri.remote_address.af = af;
1681 if (pkt_len < sizeof (struct in_addr))
1683 GNUNET_break_op (0);
1684 return GNUNET_SYSERR;
1688 GNUNET_break_op (0);
1689 return GNUNET_SYSERR;
1691 v4 = (const struct in_addr*) &start[1];
1693 pkt_len -= sizeof (struct in_addr);
1694 state->ri.remote_address.address.ipv4 = *v4;
1697 if (pkt_len < sizeof (struct in6_addr))
1699 GNUNET_break_op (0);
1700 return GNUNET_SYSERR;
1704 GNUNET_break_op (0);
1705 return GNUNET_SYSERR;
1707 v6 = (const struct in6_addr*) &start[1];
1709 pkt_len -= sizeof (struct in6_addr);
1710 state->ri.remote_address.address.ipv6 = *v6;
1713 GNUNET_break_op (0);
1714 return GNUNET_SYSERR;
1717 char buf[INET6_ADDRSTRLEN];
1718 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1719 "Received data from %s for starting TCP stream to %s:%u\n",
1720 GNUNET_i2s (sender),
1722 &state->ri.remote_address.address,
1724 (unsigned int) ntohs (start->tcp_header.destination_port));
1726 state->ri.remote_address.proto = IPPROTO_TCP;
1727 state->ri.remote_address.port = ntohs (start->tcp_header.destination_port);
1728 setup_state_record (state);
1729 send_tcp_packet_via_tun (&state->ri.remote_address,
1730 &state->ri.local_address,
1738 * Process a request to forward TCP data on an established
1739 * connection via this peer.
1741 * @param cls closure, NULL
1742 * @param tunnel connection to the other end
1743 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1744 * @param sender who sent the message
1745 * @param message the actual message
1746 * @param atsi performance data for the connection
1747 * @return GNUNET_OK to keep the connection open,
1748 * GNUNET_SYSERR to close it (signal serious error)
1751 receive_tcp_data (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1752 void **tunnel_ctx GNUNET_UNUSED,
1753 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1754 const struct GNUNET_MessageHeader *message,
1755 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1757 struct TunnelState *state = *tunnel_ctx;
1758 const struct GNUNET_EXIT_TcpDataMessage *data;
1759 uint16_t pkt_len = ntohs (message->size);
1761 GNUNET_STATISTICS_update (stats,
1762 gettext_noop ("# Bytes received from MESH"),
1763 pkt_len, GNUNET_NO);
1764 GNUNET_STATISTICS_update (stats,
1765 gettext_noop ("# TCP data requests received via mesh"),
1767 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpDataMessage))
1769 GNUNET_break_op (0);
1770 return GNUNET_SYSERR;
1772 data = (const struct GNUNET_EXIT_TcpDataMessage*) message;
1773 pkt_len -= sizeof (struct GNUNET_EXIT_TcpDataMessage);
1774 if ( (NULL == state) ||
1775 (NULL == state->heap_node) )
1777 /* connection should have been up! */
1778 GNUNET_STATISTICS_update (stats,
1779 gettext_noop ("# TCP DATA requests dropped (no session)"),
1781 return GNUNET_SYSERR;
1783 if (data->tcp_header.off * 4 < sizeof (struct GNUNET_TUN_TcpHeader))
1785 GNUNET_break_op (0);
1786 return GNUNET_SYSERR;
1789 GNUNET_break_op (ntohl (data->reserved) == 0);
1791 char buf[INET6_ADDRSTRLEN];
1792 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1793 "Received additional %u bytes of data from %s for TCP stream to %s:%u\n",
1795 GNUNET_i2s (sender),
1796 inet_ntop (state->ri.remote_address.af,
1797 &state->ri.remote_address.address,
1799 (unsigned int) state->ri.remote_address.port);
1802 send_tcp_packet_via_tun (&state->ri.remote_address,
1803 &state->ri.local_address,
1811 * Send an ICMP packet via the TUN interface.
1813 * @param destination_address IP to use for the ICMP packet's destination
1814 * @param source_address IP to use for the ICMP packet's source
1815 * @param icmp_header ICMP header to send
1816 * @param payload payload of the ICMP packet (does NOT include ICMP header)
1817 * @param payload_length number of bytes of data in payload
1820 send_icmp_packet_via_tun (const struct SocketAddress *destination_address,
1821 const struct SocketAddress *source_address,
1822 const struct GNUNET_TUN_IcmpHeader *icmp_header,
1823 const void *payload, size_t payload_length)
1826 struct GNUNET_TUN_IcmpHeader *icmp;
1828 GNUNET_STATISTICS_update (stats,
1829 gettext_noop ("# ICMP packets sent via TUN"),
1831 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1832 "Sending packet with %u bytes ICMP payload via TUN\n",
1833 (unsigned int) payload_length);
1834 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
1835 switch (destination_address->af)
1838 len += sizeof (struct GNUNET_TUN_IPv4Header);
1841 len += sizeof (struct GNUNET_TUN_IPv6Header);
1847 len += sizeof (struct GNUNET_TUN_IcmpHeader);
1848 len += payload_length;
1849 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1855 char buf[len] GNUNET_ALIGN;
1856 struct GNUNET_MessageHeader *hdr;
1857 struct GNUNET_TUN_Layer2PacketHeader *tun;
1859 hdr= (struct GNUNET_MessageHeader *) buf;
1860 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1861 hdr->size = htons (len);
1862 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
1863 tun->flags = htons (0);
1864 switch (source_address->af)
1868 struct GNUNET_TUN_IPv4Header * ipv4 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
1870 tun->proto = htons (ETH_P_IPV4);
1871 GNUNET_TUN_initialize_ipv4_header (ipv4,
1873 sizeof (struct GNUNET_TUN_IcmpHeader) + payload_length,
1874 &source_address->address.ipv4,
1875 &destination_address->address.ipv4);
1876 icmp = (struct GNUNET_TUN_IcmpHeader*) &ipv4[1];
1881 struct GNUNET_TUN_IPv6Header * ipv6 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
1883 tun->proto = htons (ETH_P_IPV6);
1884 GNUNET_TUN_initialize_ipv6_header (ipv6,
1886 sizeof (struct GNUNET_TUN_IcmpHeader) + payload_length,
1887 &source_address->address.ipv6,
1888 &destination_address->address.ipv6);
1889 icmp = (struct GNUNET_TUN_IcmpHeader*) &ipv6[1];
1896 *icmp = *icmp_header;
1900 GNUNET_TUN_calculate_icmp_checksum (icmp,
1903 (void) GNUNET_HELPER_send (helper_handle,
1904 (const struct GNUNET_MessageHeader*) buf,
1912 * Synthesize a plausible ICMP payload for an ICMPv4 error
1913 * response on the given tunnel.
1915 * @param state tunnel information
1916 * @param ipp IPv6 header to fill in (ICMP payload)
1917 * @param udp "UDP" header to fill in (ICMP payload); might actually
1918 * also be the first 8 bytes of the TCP header
1921 make_up_icmpv4_payload (struct TunnelState *state,
1922 struct GNUNET_TUN_IPv4Header *ipp,
1923 struct GNUNET_TUN_UdpHeader *udp)
1925 GNUNET_TUN_initialize_ipv4_header (ipp,
1926 state->ri.remote_address.proto,
1927 sizeof (struct GNUNET_TUN_TcpHeader),
1928 &state->ri.remote_address.address.ipv4,
1929 &state->ri.local_address.address.ipv4);
1930 udp->source_port = htons (state->ri.remote_address.port);
1931 udp->destination_port = htons (state->ri.local_address.port);
1932 udp->len = htons (0);
1933 udp->crc = htons (0);
1938 * Synthesize a plausible ICMP payload for an ICMPv6 error
1939 * response on the given tunnel.
1941 * @param state tunnel information
1942 * @param ipp IPv6 header to fill in (ICMP payload)
1943 * @param udp "UDP" header to fill in (ICMP payload); might actually
1944 * also be the first 8 bytes of the TCP header
1947 make_up_icmpv6_payload (struct TunnelState *state,
1948 struct GNUNET_TUN_IPv6Header *ipp,
1949 struct GNUNET_TUN_UdpHeader *udp)
1951 GNUNET_TUN_initialize_ipv6_header (ipp,
1952 state->ri.remote_address.proto,
1953 sizeof (struct GNUNET_TUN_TcpHeader),
1954 &state->ri.remote_address.address.ipv6,
1955 &state->ri.local_address.address.ipv6);
1956 udp->source_port = htons (state->ri.remote_address.port);
1957 udp->destination_port = htons (state->ri.local_address.port);
1958 udp->len = htons (0);
1959 udp->crc = htons (0);
1964 * Process a request to forward ICMP data to the Internet via this peer.
1966 * @param cls closure, NULL
1967 * @param tunnel connection to the other end
1968 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1969 * @param sender who sent the message
1970 * @param message the actual message
1971 * @param atsi performance data for the connection
1972 * @return GNUNET_OK to keep the connection open,
1973 * GNUNET_SYSERR to close it (signal serious error)
1976 receive_icmp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1977 void **tunnel_ctx GNUNET_UNUSED,
1978 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1979 const struct GNUNET_MessageHeader *message,
1980 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1982 struct TunnelState *state = *tunnel_ctx;
1983 const struct GNUNET_EXIT_IcmpInternetMessage *msg;
1984 uint16_t pkt_len = ntohs (message->size);
1985 const struct in_addr *v4;
1986 const struct in6_addr *v6;
1987 const void *payload;
1988 char buf[sizeof (struct GNUNET_TUN_IPv6Header) + 8] GNUNET_ALIGN;
1991 GNUNET_STATISTICS_update (stats,
1992 gettext_noop ("# Bytes received from MESH"),
1993 pkt_len, GNUNET_NO);
1994 GNUNET_STATISTICS_update (stats,
1995 gettext_noop ("# ICMP IP-exit requests received via mesh"),
1997 if (pkt_len < sizeof (struct GNUNET_EXIT_IcmpInternetMessage))
1999 GNUNET_break_op (0);
2000 return GNUNET_SYSERR;
2002 msg = (const struct GNUNET_EXIT_IcmpInternetMessage*) message;
2003 pkt_len -= sizeof (struct GNUNET_EXIT_IcmpInternetMessage);
2005 af = (int) ntohl (msg->af);
2006 if ( (NULL != state->heap_node) &&
2007 (af != state->ri.remote_address.af) )
2009 /* other peer switched AF on this tunnel; not allowed */
2010 GNUNET_break_op (0);
2011 return GNUNET_SYSERR;
2017 if (pkt_len < sizeof (struct in_addr))
2019 GNUNET_break_op (0);
2020 return GNUNET_SYSERR;
2024 GNUNET_break_op (0);
2025 return GNUNET_SYSERR;
2027 v4 = (const struct in_addr*) &msg[1];
2029 pkt_len -= sizeof (struct in_addr);
2030 state->ri.remote_address.address.ipv4 = *v4;
2031 if (NULL == state->heap_node)
2033 state->ri.remote_address.af = af;
2034 state->ri.remote_address.proto = IPPROTO_ICMP;
2035 setup_state_record (state);
2037 /* check that ICMP type is something we want to support
2038 and possibly make up payload! */
2039 switch (msg->icmp_header.type)
2041 case GNUNET_TUN_ICMPTYPE_ECHO_REPLY:
2042 case GNUNET_TUN_ICMPTYPE_ECHO_REQUEST:
2044 case GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE:
2045 case GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH:
2046 case GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED:
2049 GNUNET_break_op (0);
2050 return GNUNET_SYSERR;
2052 /* make up payload */
2054 struct GNUNET_TUN_IPv4Header *ipp = (struct GNUNET_TUN_IPv4Header *) buf;
2055 struct GNUNET_TUN_UdpHeader *udp = (struct GNUNET_TUN_UdpHeader *) &ipp[1];
2057 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2058 pkt_len = sizeof (struct GNUNET_TUN_IPv4Header) + 8;
2059 make_up_icmpv4_payload (state,
2066 GNUNET_break_op (0);
2067 GNUNET_STATISTICS_update (stats,
2068 gettext_noop ("# ICMPv4 packets dropped (type not allowed)"),
2070 return GNUNET_SYSERR;
2075 if (pkt_len < sizeof (struct in6_addr))
2077 GNUNET_break_op (0);
2078 return GNUNET_SYSERR;
2082 GNUNET_break_op (0);
2083 return GNUNET_SYSERR;
2085 v6 = (const struct in6_addr*) &msg[1];
2087 pkt_len -= sizeof (struct in6_addr);
2088 state->ri.remote_address.address.ipv6 = *v6;
2089 if (NULL == state->heap_node)
2091 state->ri.remote_address.af = af;
2092 state->ri.remote_address.proto = IPPROTO_ICMPV6;
2093 setup_state_record (state);
2095 /* check that ICMP type is something we want to support
2096 and possibly make up payload! */
2097 switch (msg->icmp_header.type)
2099 case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY:
2100 case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST:
2102 case GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE:
2103 case GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG:
2104 case GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED:
2105 case GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM:
2108 GNUNET_break_op (0);
2109 return GNUNET_SYSERR;
2111 /* make up payload */
2113 struct GNUNET_TUN_IPv6Header *ipp = (struct GNUNET_TUN_IPv6Header *) buf;
2114 struct GNUNET_TUN_UdpHeader *udp = (struct GNUNET_TUN_UdpHeader *) &ipp[1];
2116 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2117 pkt_len = sizeof (struct GNUNET_TUN_IPv6Header) + 8;
2118 make_up_icmpv6_payload (state,
2125 GNUNET_break_op (0);
2126 GNUNET_STATISTICS_update (stats,
2127 gettext_noop ("# ICMPv6 packets dropped (type not allowed)"),
2129 return GNUNET_SYSERR;
2135 GNUNET_break_op (0);
2136 return GNUNET_SYSERR;
2140 char buf[INET6_ADDRSTRLEN];
2141 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2142 "Received ICMP data from %s for forwarding to %s\n",
2143 GNUNET_i2s (sender),
2145 &state->ri.remote_address.address,
2146 buf, sizeof (buf)));
2148 send_icmp_packet_via_tun (&state->ri.remote_address,
2149 &state->ri.local_address,
2157 * Setup ICMP payload for ICMP error messages. Called
2158 * for both IPv4 and IPv6 addresses.
2160 * @param state context for creating the IP Packet
2161 * @param buf where to create the payload, has at least
2162 * sizeof (struct GNUNET_TUN_IPv6Header) + 8 bytes
2163 * @return number of bytes of payload we created in buf
2166 make_up_icmp_service_payload (struct TunnelState *state,
2169 switch (state->serv->address.af)
2173 struct GNUNET_TUN_IPv4Header *ipv4;
2174 struct GNUNET_TUN_UdpHeader *udp;
2176 ipv4 = (struct GNUNET_TUN_IPv4Header *)buf;
2177 udp = (struct GNUNET_TUN_UdpHeader *) &ipv4[1];
2178 make_up_icmpv4_payload (state,
2181 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2182 return sizeof (struct GNUNET_TUN_IPv4Header) + 8;
2187 struct GNUNET_TUN_IPv6Header *ipv6;
2188 struct GNUNET_TUN_UdpHeader *udp;
2190 ipv6 = (struct GNUNET_TUN_IPv6Header *)buf;
2191 udp = (struct GNUNET_TUN_UdpHeader *) &ipv6[1];
2192 make_up_icmpv6_payload (state,
2195 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2196 return sizeof (struct GNUNET_TUN_IPv6Header) + 8;
2207 * Process a request via mesh to send ICMP data to a service
2208 * offered by this system.
2210 * @param cls closure, NULL
2211 * @param tunnel connection to the other end
2212 * @param tunnel_ctx pointer to our 'struct TunnelState *'
2213 * @param sender who sent the message
2214 * @param message the actual message
2215 * @param atsi performance data for the connection
2216 * @return GNUNET_OK to keep the connection open,
2217 * GNUNET_SYSERR to close it (signal serious error)
2220 receive_icmp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
2222 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
2223 const struct GNUNET_MessageHeader *message,
2224 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
2226 struct TunnelState *state = *tunnel_ctx;
2227 const struct GNUNET_EXIT_IcmpServiceMessage *msg;
2228 uint16_t pkt_len = ntohs (message->size);
2229 struct GNUNET_TUN_IcmpHeader icmp;
2230 char buf[sizeof (struct GNUNET_TUN_IPv6Header) + 8] GNUNET_ALIGN;
2231 const void *payload;
2233 GNUNET_STATISTICS_update (stats,
2234 gettext_noop ("# Bytes received from MESH"),
2235 pkt_len, GNUNET_NO);
2236 GNUNET_STATISTICS_update (stats,
2237 gettext_noop ("# ICMP service requests received via mesh"),
2239 /* check that we got at least a valid header */
2240 if (pkt_len < sizeof (struct GNUNET_EXIT_IcmpServiceMessage))
2242 GNUNET_break_op (0);
2243 return GNUNET_SYSERR;
2245 msg = (const struct GNUNET_EXIT_IcmpServiceMessage*) message;
2246 pkt_len -= sizeof (struct GNUNET_EXIT_IcmpServiceMessage);
2247 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2248 "Received data from %s for forwarding to ICMP service %s\n",
2249 GNUNET_i2s (sender),
2250 GNUNET_h2s (&msg->service_descriptor));
2251 if (NULL == state->serv)
2253 /* first packet to service must not be ICMP (cannot determine service!) */
2254 GNUNET_break_op (0);
2255 return GNUNET_SYSERR;
2257 icmp = msg->icmp_header;
2259 state->ri.remote_address = state->serv->address;
2260 setup_state_record (state);
2262 /* check that ICMP type is something we want to support,
2263 perform ICMP PT if needed ans possibly make up payload */
2267 switch (msg->icmp_header.type)
2269 case GNUNET_TUN_ICMPTYPE_ECHO_REPLY:
2270 if (state->serv->address.af == AF_INET6)
2271 icmp.type = GNUNET_TUN_ICMPTYPE6_ECHO_REPLY;
2273 case GNUNET_TUN_ICMPTYPE_ECHO_REQUEST:
2274 if (state->serv->address.af == AF_INET6)
2275 icmp.type = GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST;
2277 case GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE:
2278 if (state->serv->address.af == AF_INET6)
2279 icmp.type = GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE;
2282 GNUNET_break_op (0);
2283 return GNUNET_SYSERR;
2286 pkt_len = make_up_icmp_service_payload (state, buf);
2288 case GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED:
2289 if (state->serv->address.af == AF_INET6)
2290 icmp.type = GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED;
2293 GNUNET_break_op (0);
2294 return GNUNET_SYSERR;
2297 pkt_len = make_up_icmp_service_payload (state, buf);
2299 case GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH:
2300 if (state->serv->address.af == AF_INET6)
2302 GNUNET_STATISTICS_update (stats,
2303 gettext_noop ("# ICMPv4 packets dropped (impossible PT to v6)"),
2309 GNUNET_break_op (0);
2310 return GNUNET_SYSERR;
2313 pkt_len = make_up_icmp_service_payload (state, buf);
2316 GNUNET_break_op (0);
2317 GNUNET_STATISTICS_update (stats,
2318 gettext_noop ("# ICMPv4 packets dropped (type not allowed)"),
2320 return GNUNET_SYSERR;
2322 /* end of AF_INET */
2325 switch (msg->icmp_header.type)
2327 case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY:
2328 if (state->serv->address.af == AF_INET)
2329 icmp.type = GNUNET_TUN_ICMPTYPE_ECHO_REPLY;
2331 case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST:
2332 if (state->serv->address.af == AF_INET)
2333 icmp.type = GNUNET_TUN_ICMPTYPE_ECHO_REQUEST;
2335 case GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE:
2336 if (state->serv->address.af == AF_INET)
2337 icmp.type = GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE;
2340 GNUNET_break_op (0);
2341 return GNUNET_SYSERR;
2344 pkt_len = make_up_icmp_service_payload (state, buf);
2346 case GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED:
2347 if (state->serv->address.af == AF_INET)
2348 icmp.type = GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED;
2351 GNUNET_break_op (0);
2352 return GNUNET_SYSERR;
2355 pkt_len = make_up_icmp_service_payload (state, buf);
2357 case GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG:
2358 case GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM:
2359 if (state->serv->address.af == AF_INET)
2361 GNUNET_STATISTICS_update (stats,
2362 gettext_noop ("# ICMPv6 packets dropped (impossible PT to v4)"),
2368 GNUNET_break_op (0);
2369 return GNUNET_SYSERR;
2372 pkt_len = make_up_icmp_service_payload (state, buf);
2375 GNUNET_break_op (0);
2376 GNUNET_STATISTICS_update (stats,
2377 gettext_noop ("# ICMPv6 packets dropped (type not allowed)"),
2379 return GNUNET_SYSERR;
2381 /* end of AF_INET6 */
2384 GNUNET_break_op (0);
2385 return GNUNET_SYSERR;
2388 send_icmp_packet_via_tun (&state->ri.remote_address,
2389 &state->ri.local_address,
2397 * Send a UDP packet via the TUN interface.
2399 * @param destination_address IP and port to use for the UDP packet's destination
2400 * @param source_address IP and port to use for the UDP packet's source
2401 * @param payload payload of the UDP packet (does NOT include UDP header)
2402 * @param payload_length number of bytes of data in payload
2405 send_udp_packet_via_tun (const struct SocketAddress *destination_address,
2406 const struct SocketAddress *source_address,
2407 const void *payload, size_t payload_length)
2411 GNUNET_STATISTICS_update (stats,
2412 gettext_noop ("# UDP packets sent via TUN"),
2414 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2415 "Sending packet with %u bytes UDP payload via TUN\n",
2416 (unsigned int) payload_length);
2417 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
2418 switch (source_address->af)
2421 len += sizeof (struct GNUNET_TUN_IPv4Header);
2424 len += sizeof (struct GNUNET_TUN_IPv6Header);
2430 len += sizeof (struct GNUNET_TUN_UdpHeader);
2431 len += payload_length;
2432 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
2438 char buf[len] GNUNET_ALIGN;
2439 struct GNUNET_MessageHeader *hdr;
2440 struct GNUNET_TUN_Layer2PacketHeader *tun;
2442 hdr= (struct GNUNET_MessageHeader *) buf;
2443 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
2444 hdr->size = htons (len);
2445 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
2446 tun->flags = htons (0);
2447 switch (source_address->af)
2451 struct GNUNET_TUN_IPv4Header * ipv4 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
2453 tun->proto = htons (ETH_P_IPV4);
2454 prepare_ipv4_packet (payload, payload_length,
2458 destination_address,
2464 struct GNUNET_TUN_IPv6Header * ipv6 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
2466 tun->proto = htons (ETH_P_IPV6);
2467 prepare_ipv6_packet (payload, payload_length,
2471 destination_address,
2479 (void) GNUNET_HELPER_send (helper_handle,
2480 (const struct GNUNET_MessageHeader*) buf,
2488 * Process a request to forward UDP data to the Internet via this peer.
2490 * @param cls closure, NULL
2491 * @param tunnel connection to the other end
2492 * @param tunnel_ctx pointer to our 'struct TunnelState *'
2493 * @param sender who sent the message
2494 * @param message the actual message
2495 * @param atsi performance data for the connection
2496 * @return GNUNET_OK to keep the connection open,
2497 * GNUNET_SYSERR to close it (signal serious error)
2500 receive_udp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
2501 void **tunnel_ctx GNUNET_UNUSED,
2502 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
2503 const struct GNUNET_MessageHeader *message,
2504 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
2506 struct TunnelState *state = *tunnel_ctx;
2507 const struct GNUNET_EXIT_UdpInternetMessage *msg;
2508 uint16_t pkt_len = ntohs (message->size);
2509 const struct in_addr *v4;
2510 const struct in6_addr *v6;
2511 const void *payload;
2514 GNUNET_STATISTICS_update (stats,
2515 gettext_noop ("# Bytes received from MESH"),
2516 pkt_len, GNUNET_NO);
2517 GNUNET_STATISTICS_update (stats,
2518 gettext_noop ("# UDP IP-exit requests received via mesh"),
2520 if (pkt_len < sizeof (struct GNUNET_EXIT_UdpInternetMessage))
2522 GNUNET_break_op (0);
2523 return GNUNET_SYSERR;
2525 msg = (const struct GNUNET_EXIT_UdpInternetMessage*) message;
2526 pkt_len -= sizeof (struct GNUNET_EXIT_UdpInternetMessage);
2527 af = (int) ntohl (msg->af);
2528 state->ri.remote_address.af = af;
2532 if (pkt_len < sizeof (struct in_addr))
2534 GNUNET_break_op (0);
2535 return GNUNET_SYSERR;
2539 GNUNET_break_op (0);
2540 return GNUNET_SYSERR;
2542 v4 = (const struct in_addr*) &msg[1];
2544 pkt_len -= sizeof (struct in_addr);
2545 state->ri.remote_address.address.ipv4 = *v4;
2548 if (pkt_len < sizeof (struct in6_addr))
2550 GNUNET_break_op (0);
2551 return GNUNET_SYSERR;
2555 GNUNET_break_op (0);
2556 return GNUNET_SYSERR;
2558 v6 = (const struct in6_addr*) &msg[1];
2560 pkt_len -= sizeof (struct in6_addr);
2561 state->ri.remote_address.address.ipv6 = *v6;
2564 GNUNET_break_op (0);
2565 return GNUNET_SYSERR;
2568 char buf[INET6_ADDRSTRLEN];
2569 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2570 "Received data from %s for forwarding to UDP %s:%u\n",
2571 GNUNET_i2s (sender),
2573 &state->ri.remote_address.address,
2575 (unsigned int) ntohs (msg->destination_port));
2577 state->ri.remote_address.proto = IPPROTO_UDP;
2578 state->ri.remote_address.port = msg->destination_port;
2579 if (NULL == state->heap_node)
2580 setup_state_record (state);
2581 if (0 != ntohs (msg->source_port))
2582 state->ri.local_address.port = msg->source_port;
2583 send_udp_packet_via_tun (&state->ri.remote_address,
2584 &state->ri.local_address,
2591 * Process a request via mesh to send a request to a UDP service
2592 * offered by this system.
2594 * @param cls closure, NULL
2595 * @param tunnel connection to the other end
2596 * @param tunnel_ctx pointer to our 'struct TunnelState *'
2597 * @param sender who sent the message
2598 * @param message the actual message
2599 * @param atsi performance data for the connection
2600 * @return GNUNET_OK to keep the connection open,
2601 * GNUNET_SYSERR to close it (signal serious error)
2604 receive_udp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
2606 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
2607 const struct GNUNET_MessageHeader *message,
2608 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
2610 struct TunnelState *state = *tunnel_ctx;
2611 const struct GNUNET_EXIT_UdpServiceMessage *msg;
2612 uint16_t pkt_len = ntohs (message->size);
2614 GNUNET_STATISTICS_update (stats,
2615 gettext_noop ("# Bytes received from MESH"),
2616 pkt_len, GNUNET_NO);
2617 GNUNET_STATISTICS_update (stats,
2618 gettext_noop ("# UDP service requests received via mesh"),
2620 /* check that we got at least a valid header */
2621 if (pkt_len < sizeof (struct GNUNET_EXIT_UdpServiceMessage))
2623 GNUNET_break_op (0);
2624 return GNUNET_SYSERR;
2626 msg = (const struct GNUNET_EXIT_UdpServiceMessage*) message;
2627 pkt_len -= sizeof (struct GNUNET_EXIT_UdpServiceMessage);
2628 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2629 "Received data from %s for forwarding to UDP service %s on port %u\n",
2630 GNUNET_i2s (sender),
2631 GNUNET_h2s (&msg->service_descriptor),
2632 (unsigned int) ntohs (msg->destination_port));
2633 if (NULL == (state->serv = find_service (udp_services, &msg->service_descriptor,
2634 ntohs (msg->destination_port))))
2636 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
2637 _("No service found for %s on port %d!\n"),
2639 ntohs (msg->destination_port));
2640 GNUNET_STATISTICS_update (stats,
2641 gettext_noop ("# UDP requests dropped (no such service)"),
2643 return GNUNET_SYSERR;
2645 state->ri.remote_address = state->serv->address;
2646 setup_state_record (state);
2647 if (0 != ntohs (msg->source_port))
2648 state->ri.local_address.port = msg->source_port;
2649 send_udp_packet_via_tun (&state->ri.remote_address,
2650 &state->ri.local_address,
2657 * Callback from GNUNET_MESH for new tunnels.
2659 * @param cls closure
2660 * @param tunnel new handle to the tunnel
2661 * @param initiator peer that started the tunnel
2662 * @param atsi performance information for the tunnel
2663 * @return initial tunnel context for the tunnel
2666 new_tunnel (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
2667 const struct GNUNET_PeerIdentity *initiator GNUNET_UNUSED,
2668 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
2670 struct TunnelState *s = GNUNET_malloc (sizeof (struct TunnelState));
2672 GNUNET_STATISTICS_update (stats,
2673 gettext_noop ("# Inbound MESH tunnels created"),
2675 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2676 "Received inbound tunnel from `%s'\n",
2677 GNUNET_i2s (initiator));
2684 * Function called by mesh whenever an inbound tunnel is destroyed.
2685 * Should clean up any associated state.
2687 * @param cls closure (set from GNUNET_MESH_connect)
2688 * @param tunnel connection to the other end (henceforth invalid)
2689 * @param tunnel_ctx place where local state associated
2690 * with the tunnel is stored
2693 clean_tunnel (void *cls GNUNET_UNUSED, const struct GNUNET_MESH_Tunnel *tunnel,
2696 struct TunnelState *s = tunnel_ctx;
2697 struct TunnelMessageQueue *tnq;
2699 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2700 "Tunnel destroyed\n");
2701 while (NULL != (tnq = s->head))
2703 GNUNET_CONTAINER_DLL_remove (s->head,
2708 if (s->heap_node != NULL)
2710 GNUNET_assert (GNUNET_YES ==
2711 GNUNET_CONTAINER_multihashmap_remove (connections_map,
2714 GNUNET_CONTAINER_heap_remove_node (s->heap_node);
2715 s->heap_node = NULL;
2719 GNUNET_MESH_notify_transmit_ready_cancel (s->th);
2727 * Function that frees everything from a hashmap
2731 * @param value value to free
2734 free_iterate (void *cls GNUNET_UNUSED,
2735 const struct GNUNET_HashCode * hash GNUNET_UNUSED, void *value)
2737 GNUNET_free (value);
2743 * Function scheduled as very last function, cleans up after us
2746 cleanup (void *cls GNUNET_UNUSED,
2747 const struct GNUNET_SCHEDULER_TaskContext *tskctx)
2751 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2752 "Exit service is shutting down now\n");
2753 if (helper_handle != NULL)
2755 GNUNET_HELPER_stop (helper_handle);
2756 helper_handle = NULL;
2758 if (mesh_handle != NULL)
2760 GNUNET_MESH_disconnect (mesh_handle);
2763 if (NULL != connections_map)
2765 GNUNET_CONTAINER_multihashmap_iterate (connections_map, &free_iterate, NULL);
2766 GNUNET_CONTAINER_multihashmap_destroy (connections_map);
2767 connections_map = NULL;
2769 if (NULL != connections_heap)
2771 GNUNET_CONTAINER_heap_destroy (connections_heap);
2772 connections_heap = NULL;
2774 if (NULL != tcp_services)
2776 GNUNET_CONTAINER_multihashmap_iterate (tcp_services, &free_service_record, NULL);
2777 GNUNET_CONTAINER_multihashmap_destroy (tcp_services);
2778 tcp_services = NULL;
2780 if (NULL != udp_services)
2782 GNUNET_CONTAINER_multihashmap_iterate (udp_services, &free_service_record, NULL);
2783 GNUNET_CONTAINER_multihashmap_destroy (udp_services);
2784 udp_services = NULL;
2788 GNUNET_STATISTICS_destroy (stats, GNUNET_NO);
2792 GNUNET_free_non_null (exit_argv[i]);
2797 * Add services to the service map.
2799 * @param proto IPPROTO_TCP or IPPROTO_UDP
2800 * @param cpy copy of the service descriptor (can be mutilated)
2801 * @param name DNS name of the service
2804 add_services (int proto,
2811 struct LocalService *serv;
2813 for (redirect = strtok (cpy, " "); redirect != NULL;
2814 redirect = strtok (NULL, " "))
2816 if (NULL == (hostname = strstr (redirect, ":")))
2818 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2819 "option `%s' for domain `%s' is not formatted correctly!\n",
2826 if (NULL == (hostport = strstr (hostname, ":")))
2828 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2829 "option `%s' for domain `%s' is not formatted correctly!\n",
2837 int local_port = atoi (redirect);
2838 int remote_port = atoi (hostport);
2840 if (!((local_port > 0) && (local_port < 65536)))
2842 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2843 "`%s' is not a valid port number (for domain `%s')!", redirect,
2847 if (!((remote_port > 0) && (remote_port < 65536)))
2849 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2850 "`%s' is not a valid port number (for domain `%s')!", hostport,
2855 serv = GNUNET_malloc (sizeof (struct LocalService));
2856 serv->address.proto = proto;
2857 serv->my_port = (uint16_t) local_port;
2858 serv->address.port = remote_port;
2859 if (0 == strcmp ("localhost4", hostname))
2861 const char *ip4addr = exit_argv[5];
2863 serv->address.af = AF_INET;
2864 GNUNET_assert (1 == inet_pton (AF_INET, ip4addr, &serv->address.address.ipv4));
2866 else if (0 == strcmp ("localhost6", hostname))
2868 const char *ip6addr = exit_argv[3];
2870 serv->address.af = AF_INET6;
2871 GNUNET_assert (1 == inet_pton (AF_INET6, ip6addr, &serv->address.address.ipv6));
2875 struct addrinfo *res;
2878 ret = getaddrinfo (hostname, NULL, NULL, &res);
2879 if ( (ret != 0) || (res == NULL) )
2881 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2882 _("No addresses found for hostname `%s' of service `%s'!\n"),
2889 serv->address.af = res->ai_family;
2890 switch (res->ai_family)
2895 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2896 _("Service `%s' configured for IPv4, but IPv4 is disabled!\n"),
2902 serv->address.address.ipv4 = ((struct sockaddr_in *) res->ai_addr)->sin_addr;
2907 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2908 _("Service `%s' configured for IPv4, but IPv4 is disabled!\n"),
2914 serv->address.address.ipv6 = ((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
2918 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2919 _("No IP addresses found for hostname `%s' of service `%s'!\n"),
2927 store_service ((IPPROTO_UDP == proto) ? udp_services : tcp_services,
2936 * Reads the configuration servicecfg and populates udp_services
2939 * @param section name of section in config, equal to hostname
2942 read_service_conf (void *cls GNUNET_UNUSED, const char *section)
2946 if ((strlen (section) < 8) ||
2947 (0 != strcmp (".gnunet.", section + (strlen (section) - 8))))
2950 GNUNET_CONFIGURATION_get_value_string (cfg, section, "UDP_REDIRECTS",
2953 add_services (IPPROTO_UDP, cpy, section);
2957 GNUNET_CONFIGURATION_get_value_string (cfg, section, "TCP_REDIRECTS",
2960 add_services (IPPROTO_TCP, cpy, section);
2967 * Test if the given AF is supported by this system.
2970 * @return GNUNET_OK if the AF is supported
2977 s = socket (af, SOCK_STREAM, 0);
2980 if (EAFNOSUPPORT == errno)
2982 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
2984 return GNUNET_SYSERR;
2992 * @brief Main function that will be run by the scheduler.
2994 * @param cls closure
2995 * @param args remaining command-line arguments
2996 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
2997 * @param cfg_ configuration
3000 run (void *cls, char *const *args GNUNET_UNUSED,
3001 const char *cfgfile GNUNET_UNUSED,
3002 const struct GNUNET_CONFIGURATION_Handle *cfg_)
3004 static struct GNUNET_MESH_MessageHandler handlers[] = {
3005 {&receive_icmp_service, GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_SERVICE, 0},
3006 {&receive_icmp_remote, GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_INTERNET, 0},
3007 {&receive_udp_service, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_SERVICE, 0},
3008 {&receive_udp_remote, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_INTERNET, 0},
3009 {&receive_tcp_service, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_SERVICE_START, 0},
3010 {&receive_tcp_remote, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_INTERNET_START, 0},
3011 {&receive_tcp_data, GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_EXIT, 0},
3015 static GNUNET_MESH_ApplicationType apptypes[] = {
3016 GNUNET_APPLICATION_TYPE_END,
3017 GNUNET_APPLICATION_TYPE_END,
3018 GNUNET_APPLICATION_TYPE_END
3020 unsigned int app_idx;
3029 GNUNET_OS_check_helper_binary ("gnunet-helper-exit"))
3031 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3032 _("`%s' must be installed SUID, refusing to run\n"),
3033 "gnunet-helper-exit");
3038 stats = GNUNET_STATISTICS_create ("exit", cfg);
3039 ipv4_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV4");
3040 ipv6_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV6");
3041 ipv4_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV4");
3042 ipv6_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV6");
3044 if ( (ipv4_exit || ipv4_enabled) &&
3045 GNUNET_OK != test_af (AF_INET))
3047 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3048 _("This system does not support IPv4, will disable IPv4 functions despite them being enabled in the configuration\n"));
3049 ipv4_exit = GNUNET_NO;
3050 ipv4_enabled = GNUNET_NO;
3052 if ( (ipv6_exit || ipv6_enabled) &&
3053 GNUNET_OK != test_af (AF_INET6))
3055 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3056 _("This system does not support IPv6, will disable IPv6 functions despite them being enabled in the configuration\n"));
3057 ipv6_exit = GNUNET_NO;
3058 ipv6_enabled = GNUNET_NO;
3060 if (ipv4_exit && (! ipv4_enabled))
3062 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3063 _("Cannot enable IPv4 exit but disable IPv4 on TUN interface, will use ENABLE_IPv4=YES\n"));
3064 ipv4_enabled = GNUNET_YES;
3066 if (ipv6_exit && (! ipv6_enabled))
3068 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3069 _("Cannot enable IPv6 exit but disable IPv6 on TUN interface, will use ENABLE_IPv6=YES\n"));
3070 ipv6_enabled = GNUNET_YES;
3072 if (! (ipv4_enabled || ipv6_enabled))
3074 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3075 _("No useful service enabled. Exiting.\n"));
3076 GNUNET_SCHEDULER_shutdown ();
3080 if (GNUNET_YES == ipv4_exit)
3082 apptypes[app_idx] = GNUNET_APPLICATION_TYPE_IPV4_GATEWAY;
3085 if (GNUNET_YES == ipv6_exit)
3087 apptypes[app_idx] = GNUNET_APPLICATION_TYPE_IPV6_GATEWAY;
3091 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &cleanup, cls);
3094 GNUNET_CONFIGURATION_get_value_number (cfg, "exit", "MAX_CONNECTIONS",
3096 max_connections = 1024;
3097 exit_argv[0] = GNUNET_strdup ("exit-gnunet");
3098 if (GNUNET_SYSERR ==
3099 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "TUN_IFNAME", &tun_ifname))
3101 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3102 "No entry 'TUN_IFNAME' in configuration!\n");
3103 GNUNET_SCHEDULER_shutdown ();
3106 exit_argv[1] = tun_ifname;
3109 if (GNUNET_SYSERR ==
3110 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "EXIT_IFNAME", &exit_ifname))
3112 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3113 "No entry 'EXIT_IFNAME' in configuration!\n");
3114 GNUNET_SCHEDULER_shutdown ();
3117 exit_argv[2] = exit_ifname;
3121 exit_argv[2] = GNUNET_strdup ("%");
3125 if (GNUNET_YES == ipv6_enabled)
3127 if ( (GNUNET_SYSERR ==
3128 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6ADDR",
3130 (1 != inet_pton (AF_INET6, ipv6addr, &exit_ipv6addr))) )
3132 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3133 "No valid entry 'IPV6ADDR' in configuration!\n");
3134 GNUNET_SCHEDULER_shutdown ();
3137 exit_argv[3] = ipv6addr;
3138 if (GNUNET_SYSERR ==
3139 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6PREFIX",
3142 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3143 "No entry 'IPV6PREFIX' in configuration!\n");
3144 GNUNET_SCHEDULER_shutdown ();
3147 exit_argv[4] = ipv6prefix_s;
3149 GNUNET_CONFIGURATION_get_value_number (cfg, "exit",
3152 (ipv6prefix >= 127) )
3154 GNUNET_SCHEDULER_shutdown ();
3160 /* IPv6 explicitly disabled */
3161 exit_argv[3] = GNUNET_strdup ("-");
3162 exit_argv[4] = GNUNET_strdup ("-");
3164 if (GNUNET_YES == ipv4_enabled)
3166 if ( (GNUNET_SYSERR ==
3167 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4ADDR",
3169 (1 != inet_pton (AF_INET, ipv4addr, &exit_ipv4addr))) )
3171 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3172 "No valid entry for 'IPV4ADDR' in configuration!\n");
3173 GNUNET_SCHEDULER_shutdown ();
3176 exit_argv[5] = ipv4addr;
3177 if ( (GNUNET_SYSERR ==
3178 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4MASK",
3180 (1 != inet_pton (AF_INET, ipv4mask, &exit_ipv4mask))) )
3182 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3183 "No valid entry 'IPV4MASK' in configuration!\n");
3184 GNUNET_SCHEDULER_shutdown ();
3187 exit_argv[6] = ipv4mask;
3191 /* IPv4 explicitly disabled */
3192 exit_argv[5] = GNUNET_strdup ("-");
3193 exit_argv[6] = GNUNET_strdup ("-");
3195 exit_argv[7] = NULL;
3197 udp_services = GNUNET_CONTAINER_multihashmap_create (65536);
3198 tcp_services = GNUNET_CONTAINER_multihashmap_create (65536);
3199 GNUNET_CONFIGURATION_iterate_sections (cfg, &read_service_conf, NULL);
3201 connections_map = GNUNET_CONTAINER_multihashmap_create (65536);
3202 connections_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
3204 = GNUNET_MESH_connect (cfg, NULL,
3206 &clean_tunnel, handlers,
3208 if (NULL == mesh_handle)
3210 GNUNET_SCHEDULER_shutdown ();
3213 helper_handle = GNUNET_HELPER_start (GNUNET_NO,
3214 "gnunet-helper-exit",
3224 * @param argc number of arguments from the command line
3225 * @param argv command line arguments
3226 * @return 0 ok, 1 on error
3229 main (int argc, char *const *argv)
3231 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
3232 GNUNET_GETOPT_OPTION_END
3235 if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv))
3238 return (GNUNET_OK ==
3239 GNUNET_PROGRAM_run (argc, argv, "gnunet-daemon-exit",
3241 ("Daemon to run to provide an IP exit node for the VPN"),
3242 options, &run, NULL)) ? global_ret : 1;
3246 /* end of gnunet-daemon-exit.c */
projects / oweals / gnunet.git / blob