2 This file is part of GNUnet.
3 (C) 2010, 2012 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file exit/gnunet-daemon-exit.c
23 * @brief tool to allow IP traffic exit from the GNUnet mesh to the Internet
24 * @author Philipp Toelke
25 * @author Christian Grothoff
28 * - need some statistics
32 * - factor out crc computations from DNS/EXIT/VPN into shared library?
35 * - which code should advertise services? the service model is right
36 * now a bit odd, especially as this code DOES the exit and knows
37 * the DNS "name", but OTOH this is clearly NOT the place to advertise
38 * the service's existence; maybe the daemon should turn into a
39 * service with an API to add local-exit services dynamically?
42 #include "gnunet_util_lib.h"
43 #include "gnunet_protocols.h"
44 #include "gnunet_applications.h"
45 #include "gnunet_mesh_service.h"
46 #include "gnunet_statistics_service.h"
47 #include "gnunet_constants.h"
48 #include "tcpip_tun.h"
52 * Information about an address.
57 * AF_INET or AF_INET6.
62 * Remote address information.
67 * Address, if af is AF_INET.
72 * Address, if af is AF_INET6.
78 * IPPROTO_TCP or IPPROTO_UDP;
83 * Remote port, in host byte order!
90 * This struct is saved into the services-hashmap to represent
91 * a service this peer is specifically offering an exit for
92 * (for a specific domain name).
98 * Remote address to use for the service.
100 struct SocketAddress address;
103 * DNS name of the service.
108 * Port I am listening on within GNUnet for this service, in host
109 * byte order. (as we may redirect ports).
116 * Information we use to track a connection (the classical 6-tuple of
117 * IP-version, protocol, source-IP, destination-IP, source-port and
120 struct RedirectInformation
124 * Address information for the other party (equivalent of the
125 * arguments one would give to "connect").
127 struct SocketAddress remote_address;
130 * Address information we used locally (AF and proto must match
131 * "remote_address"). Equivalent of the arguments one would give to
134 struct SocketAddress local_address;
137 Note 1: additional information might be added here in the
138 future to support protocols that require special handling,
141 Note 2: we might also sometimes not match on all components
142 of the tuple, to support protocols where things do not always
149 * Queue of messages to a tunnel.
151 struct TunnelMessageQueue
154 * This is a doubly-linked list.
156 struct TunnelMessageQueue *next;
159 * This is a doubly-linked list.
161 struct TunnelMessageQueue *prev;
164 * Payload to send via the tunnel.
169 * Number of bytes in 'payload'.
176 * This struct is saved into connections_map to allow finding the
177 * right tunnel given an IP packet from TUN. It is also associated
178 * with the tunnel's closure so we can find it again for the next
179 * message from the tunnel.
184 * Mesh tunnel that is used for this connection.
186 struct GNUNET_MESH_Tunnel *tunnel;
189 * Heap node for this state in the connections_heap.
191 struct GNUNET_CONTAINER_HeapNode *heap_node;
194 * Key this state has in the connections_map.
196 GNUNET_HashCode state_key;
199 * Associated service record, or NULL for no service.
201 struct LocalService *serv;
204 * Head of DLL of messages for this tunnel.
206 struct TunnelMessageQueue *head;
209 * Tail of DLL of messages for this tunnel.
211 struct TunnelMessageQueue *tail;
214 * Active tunnel transmission request (or NULL).
216 struct GNUNET_MESH_TransmitHandle *th;
219 * Primary redirection information for this connection.
221 struct RedirectInformation ri;
227 * The handle to the configuration used throughout the process
229 static const struct GNUNET_CONFIGURATION_Handle *cfg;
232 * The handle to the helper
234 static struct GNUNET_HELPER_Handle *helper_handle;
237 * Arguments to the exit helper.
239 static char *exit_argv[7];
242 * IPv6 prefix (0..127) from configuration file.
244 static unsigned long long ipv6prefix;
249 static struct GNUNET_STATISTICS_Handle *stats;
254 static struct GNUNET_MESH_Handle *mesh_handle;
257 * This hashmaps contains the mapping from peer, service-descriptor,
258 * source-port and destination-port to a struct TunnelState
260 static struct GNUNET_CONTAINER_MultiHashMap *connections_map;
263 * Heap so we can quickly find "old" connections.
265 static struct GNUNET_CONTAINER_Heap *connections_heap;
268 * If there are at least this many connections, old ones will be removed
270 static long long unsigned int max_connections = 200;
273 * This hashmaps saves interesting things about the configured UDP services
275 static struct GNUNET_CONTAINER_MultiHashMap *udp_services;
278 * This hashmaps saves interesting things about the configured TCP services
280 static struct GNUNET_CONTAINER_MultiHashMap *tcp_services;
283 * Are we an IPv4-exit?
285 static int ipv4_exit;
288 * Are we an IPv6-exit?
290 static int ipv6_exit;
293 * Do we support IPv4 at all on the TUN interface?
295 static int ipv4_enabled;
298 * Do we support IPv6 at all on the TUN interface?
300 static int ipv6_enabled;
304 * Given IP information about a connection, calculate the respective
305 * hash we would use for the 'connections_map'.
307 * @param hash resulting hash
308 * @param ri information about the connection
311 hash_redirect_info (GNUNET_HashCode *hash,
312 const struct RedirectInformation *ri)
316 memset (hash, 0, sizeof (GNUNET_HashCode));
317 /* the GNUnet hashmap only uses the first sizeof(unsigned int) of the hash,
318 so we put the IP address in there (and hope for few collisions) */
320 switch (ri->remote_address.af)
323 memcpy (off, &ri->remote_address.address.ipv4, sizeof (struct in_addr));
324 off += sizeof (struct in_addr);
327 memcpy (off, &ri->remote_address.address.ipv6, sizeof (struct in6_addr));
328 off += sizeof (struct in_addr);
333 memcpy (off, &ri->remote_address.port, sizeof (uint16_t));
334 off += sizeof (uint16_t);
335 switch (ri->local_address.af)
338 memcpy (off, &ri->local_address.address.ipv4, sizeof (struct in_addr));
339 off += sizeof (struct in_addr);
342 memcpy (off, &ri->local_address.address.ipv6, sizeof (struct in6_addr));
343 off += sizeof (struct in_addr);
348 memcpy (off, &ri->local_address.port, sizeof (uint16_t));
349 off += sizeof (uint16_t);
350 memcpy (off, &ri->remote_address.proto, sizeof (uint8_t));
351 off += sizeof (uint8_t);
356 * Get our connection tracking state. Warns if it does not exists,
357 * refreshes the timestamp if it does exist.
359 * @param af address family
360 * @param protocol IPPROTO_UDP or IPPROTO_TCP
361 * @param destination_ip target IP
362 * @param destination_port target port
363 * @param local_ip local IP
364 * @param local_port local port
365 * @param state_key set to hash's state if non-NULL
366 * @return NULL if we have no tracking information for this tuple
368 static struct TunnelState *
369 get_redirect_state (int af,
371 const void *destination_ip,
372 uint16_t destination_port,
373 const void *local_ip,
375 GNUNET_HashCode *state_key)
377 struct RedirectInformation ri;
379 struct TunnelState *state;
381 ri.remote_address.af = af;
383 ri.remote_address.address.ipv4 = *((struct in_addr*) destination_ip);
385 ri.remote_address.address.ipv6 = * ((struct in6_addr*) destination_ip);
386 ri.remote_address.port = destination_port;
387 ri.remote_address.proto = protocol;
388 ri.local_address.af = af;
390 ri.local_address.address.ipv4 = *((struct in_addr*) local_ip);
392 ri.local_address.address.ipv6 = * ((struct in6_addr*) local_ip);
393 ri.local_address.port = local_port;
394 ri.local_address.proto = protocol;
395 hash_redirect_info (&key, &ri);
396 if (NULL != state_key)
398 state = GNUNET_CONTAINER_multihashmap_get (connections_map, &key);
401 /* Mark this connection as freshly used */
402 if (NULL == state_key)
403 GNUNET_CONTAINER_heap_update_cost (connections_heap,
405 GNUNET_TIME_absolute_get ().abs_value);
411 * Given a service descriptor and a destination port, find the
412 * respective service entry.
414 * @param service_map map of services (TCP or UDP)
415 * @param desc service descriptor
416 * @param dpt destination port
417 * @return NULL if we are not aware of such a service
419 static struct LocalService *
420 find_service (struct GNUNET_CONTAINER_MultiHashMap *service_map,
421 const GNUNET_HashCode *desc,
424 char key[sizeof (GNUNET_HashCode) + sizeof (uint16_t)];
426 memcpy (&key[0], &dpt, sizeof (uint16_t));
427 memcpy (&key[sizeof(uint16_t)], desc, sizeof (GNUNET_HashCode));
428 return GNUNET_CONTAINER_multihashmap_get (service_map,
429 (GNUNET_HashCode *) key);
434 * Free memory associated with a service record.
437 * @param key service descriptor
438 * @param value service record to free
442 free_service_record (void *cls,
443 const GNUNET_HashCode *key,
446 struct LocalService *service = value;
448 GNUNET_free_non_null (service->name);
449 GNUNET_free (service);
455 * Given a service descriptor and a destination port, find the
456 * respective service entry.
458 * @param service_map map of services (TCP or UDP)
459 * @param name name of the service
460 * @param dpt destination port
461 * @param service service information record to store (service->name will be set).
464 store_service (struct GNUNET_CONTAINER_MultiHashMap *service_map,
467 struct LocalService *service)
469 char key[sizeof (GNUNET_HashCode) + sizeof (uint16_t)];
470 GNUNET_HashCode desc;
472 GNUNET_CRYPTO_hash (name, strlen (name) + 1, &desc);
473 service->name = GNUNET_strdup (name);
474 memcpy (&key[0], &dpt, sizeof (uint16_t));
475 memcpy (&key[sizeof(uint16_t)], &desc, sizeof (GNUNET_HashCode));
477 GNUNET_CONTAINER_multihashmap_put (service_map,
478 (GNUNET_HashCode *) key,
480 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
482 free_service_record (NULL, (GNUNET_HashCode *) key, service);
483 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
484 _("Got duplicate service records for `%s:%u'\n"),
492 * MESH is ready to receive a message for the tunnel. Transmit it.
494 * @param cls the 'struct TunnelState'.
495 * @param size number of bytes available in buf
496 * @param buf where to copy the message
497 * @return number of bytes copied to buf
500 send_to_peer_notify_callback (void *cls, size_t size, void *buf)
502 struct TunnelState *s = cls;
503 struct GNUNET_MESH_Tunnel *tunnel = s->tunnel;
504 struct TunnelMessageQueue *tnq;
508 GNUNET_assert (size >= tnq->len);
509 memcpy (buf, tnq->payload, tnq->len);
511 GNUNET_CONTAINER_DLL_remove (s->head,
515 if (NULL != (tnq = s->head))
516 s->th = GNUNET_MESH_notify_transmit_ready (tunnel,
517 GNUNET_NO /* corking */,
519 GNUNET_TIME_UNIT_FOREVER_REL,
522 &send_to_peer_notify_callback,
524 GNUNET_STATISTICS_update (stats,
525 gettext_noop ("# Bytes transmitted via mesh tunnels"),
532 * Send the given packet via the mesh tunnel.
534 * @param mesh_tunnel destination
535 * @param payload message to transmit
536 * @param payload_length number of bytes in payload
537 * @param desc descriptor to add before payload (optional)
538 * @param mtype message type to use
541 send_packet_to_mesh_tunnel (struct GNUNET_MESH_Tunnel *mesh_tunnel,
543 size_t payload_length,
544 const GNUNET_HashCode *desc,
547 struct TunnelState *s;
548 struct TunnelMessageQueue *tnq;
549 struct GNUNET_MessageHeader *msg;
553 len = sizeof (struct GNUNET_MessageHeader) + sizeof (GNUNET_HashCode) + payload_length;
554 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
559 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueue) + len);
560 tnq->payload = &tnq[1];
562 msg = (struct GNUNET_MessageHeader *) &tnq[1];
563 msg->size = htons ((uint16_t) len);
564 msg->type = htons (mtype);
567 dp = (GNUNET_HashCode *) &msg[1];
569 memcpy (&dp[1], payload, payload_length);
573 memcpy (&msg[1], payload, payload_length);
575 s = GNUNET_MESH_tunnel_get_data (mesh_tunnel);
576 GNUNET_assert (NULL != s);
577 GNUNET_CONTAINER_DLL_insert_tail (s->head, s->tail, tnq);
579 s->th = GNUNET_MESH_notify_transmit_ready (mesh_tunnel, GNUNET_NO /* cork */, 0 /* priority */,
580 GNUNET_TIME_UNIT_FOREVER_REL,
582 &send_to_peer_notify_callback,
588 * @brief Handles an UDP packet received from the helper.
590 * @param udp A pointer to the Packet
591 * @param pktlen number of bytes in 'udp'
592 * @param af address family (AFINET or AF_INET6)
593 * @param destination_ip destination IP-address of the IP packet (should
594 * be our local address)
595 * @param source_ip original source IP-address of the IP packet (should
596 * be the original destination address)
599 udp_from_helper (const struct udp_packet *udp,
602 const void *destination_ip,
603 const void *source_ip)
605 struct TunnelState *state;
608 char sbuf[INET6_ADDRSTRLEN];
609 char dbuf[INET6_ADDRSTRLEN];
610 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
611 "Received UDP packet going from %s:%u to %s:%u\n",
614 sbuf, sizeof (sbuf)),
615 (unsigned int) ntohs (udp->spt),
618 dbuf, sizeof (dbuf)),
619 (unsigned int) ntohs (udp->dpt));
621 if (pktlen < sizeof (struct udp_packet))
627 if (pktlen != ntohs (udp->len))
633 state = get_redirect_state (af, IPPROTO_UDP,
641 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
642 _("Packet dropped, have no matching connection information\n"));
645 send_packet_to_mesh_tunnel (state->tunnel,
646 &udp[1], pktlen - sizeof (struct udp_packet),
649 ? GNUNET_MESSAGE_TYPE_VPN_SERVICE_UDP_BACK
650 : GNUNET_MESSAGE_TYPE_VPN_REMOTE_UDP_BACK);
655 * @brief Handles a TCP packet received from the helper.
657 * @param tcp A pointer to the Packet
658 * @param pktlen the length of the packet, including its header
659 * @param af address family (AFINET or AF_INET6)
660 * @param destination_ip destination IP-address of the IP packet (should
661 * be our local address)
662 * @param source_ip original source IP-address of the IP packet (should
663 * be the original destination address)
666 tcp_from_helper (const struct tcp_packet *tcp,
669 const void *destination_ip,
670 const void *source_ip)
672 struct TunnelState *state;
674 struct tcp_packet *mtcp;
677 char sbuf[INET6_ADDRSTRLEN];
678 char dbuf[INET6_ADDRSTRLEN];
679 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
680 "Received TCP packet going from %s:%u to %s:%u\n",
683 sbuf, sizeof (sbuf)),
684 (unsigned int) ntohs (tcp->spt),
687 dbuf, sizeof (dbuf)),
688 (unsigned int) ntohs (tcp->dpt));
690 if (pktlen < sizeof (struct tcp_packet))
696 state = get_redirect_state (af, IPPROTO_TCP,
704 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
705 _("Packet dropped, have no matching connection information\n"));
709 /* mug port numbers and crc to avoid information leakage;
710 sender will need to lookup the correct values anyway */
711 memcpy (buf, tcp, pktlen);
712 mtcp = (struct tcp_packet *) buf;
716 send_packet_to_mesh_tunnel (state->tunnel,
720 ? GNUNET_MESSAGE_TYPE_VPN_SERVICE_TCP_BACK
721 : GNUNET_MESSAGE_TYPE_VPN_REMOTE_TCP_BACK);
726 * Receive packets from the helper-process
729 * @param client unsued
730 * @param message message received from helper
733 message_token (void *cls GNUNET_UNUSED, void *client GNUNET_UNUSED,
734 const struct GNUNET_MessageHeader *message)
736 const struct tun_header *pkt_tun;
739 GNUNET_STATISTICS_update (stats,
740 gettext_noop ("# Packets received from TUN"),
742 if (ntohs (message->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER)
747 size = ntohs (message->size);
748 if (size < sizeof (struct tun_header) + sizeof (struct GNUNET_MessageHeader))
753 pkt_tun = (const struct tun_header *) &message[1];
754 size -= sizeof (struct tun_header) + sizeof (struct GNUNET_MessageHeader);
755 switch (ntohs (pkt_tun->proto))
759 const struct ip6_header *pkt6;
761 if (size < sizeof (struct ip6_header))
763 /* Kernel to blame? */
767 pkt6 = (struct ip6_header *) &pkt_tun[1];
768 if (size != ntohs (pkt6->payload_length))
770 /* Kernel to blame? */
774 size -= sizeof (struct ip6_header);
775 switch (pkt6->next_header)
778 udp_from_helper ((const struct udp_packet *) &pkt6[1], size,
780 &pkt6->destination_address,
781 &pkt6->source_address);
784 tcp_from_helper ((const struct tcp_packet *) &pkt6[1], size,
786 &pkt6->destination_address,
787 &pkt6->source_address);
790 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
791 _("IPv6 packet with unsupported next header received. Ignored.\n"));
798 const struct ip4_header *pkt4;
800 if (size < sizeof (struct ip4_header))
802 /* Kernel to blame? */
806 pkt4 = (const struct ip4_header *) &pkt_tun[1];
807 if (size != ntohs (pkt4->total_length))
809 /* Kernel to blame? */
813 if (pkt4->header_length * 4 != sizeof (struct ip4_header))
815 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
816 _("IPv4 packet options received. Ignored.\n"));
819 size -= sizeof (struct ip4_header);
820 switch (pkt4->protocol)
823 udp_from_helper ((const struct udp_packet *) &pkt4[1], size,
825 &pkt4->destination_address,
826 &pkt4->source_address);
828 tcp_from_helper ((const struct tcp_packet *) &pkt4[1], size,
830 &pkt4->destination_address,
831 &pkt4->source_address);
834 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
835 _("IPv4 packet with unsupported next header received. Ignored.\n"));
841 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
842 _("Packet from unknown protocol %u received. Ignored.\n"),
843 ntohs (pkt_tun->proto));
850 * We need to create a (unique) fresh local address (IP+port).
853 * @param af desired address family
854 * @param proto desired protocol (IPPROTO_UDP or IPPROTO_TCP)
855 * @param local_address address to initialize
858 setup_fresh_address (int af,
860 struct SocketAddress *local_address)
862 local_address->af = af;
863 local_address->proto = (uint8_t) proto;
864 /* default "local" port range is often 32768--61000,
865 so we pick a random value in that range */
867 = (uint16_t) 32768 + GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
873 const char *ipv4addr = exit_argv[4];
874 const char *ipv4mask = exit_argv[5];
879 GNUNET_assert (1 == inet_pton (AF_INET, ipv4addr, &addr));
880 GNUNET_assert (1 == inet_pton (AF_INET, ipv4mask, &mask));
881 if (0 == ~mask.s_addr)
883 /* only one valid IP anyway */
884 local_address->address.ipv4 = addr;
887 /* Given 192.168.0.1/255.255.0.0, we want a mask
888 of '192.168.255.255', thus: */
889 mask.s_addr = addr.s_addr | ~mask.s_addr;
890 /* Pick random IPv4 address within the subnet, except 'addr' or 'mask' itself */
893 rnd.s_addr = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
895 local_address->address.ipv4.s_addr = (addr.s_addr | rnd.s_addr) & mask.s_addr;
897 while ( (local_address->address.ipv4.s_addr == addr.s_addr) ||
898 (local_address->address.ipv4.s_addr == mask.s_addr) );
903 const char *ipv6addr = exit_argv[2];
904 struct in6_addr addr;
905 struct in6_addr mask;
909 GNUNET_assert (1 == inet_pton (AF_INET6, ipv6addr, &addr));
910 GNUNET_assert (ipv6prefix < 128);
911 if (ipv6prefix == 127)
913 /* only one valid IP anyway */
914 local_address->address.ipv6 = addr;
917 /* Given ABCD::/96, we want a mask of 'ABCD::FFFF:FFFF,
920 for (i=127;i>=128-ipv6prefix;i--)
921 mask.s6_addr[i / 8] |= (1 << (i % 8));
923 /* Pick random IPv6 address within the subnet, except 'addr' or 'mask' itself */
928 rnd.s6_addr[i] = (unsigned char) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
930 local_address->address.ipv6.s6_addr[i]
931 = (addr.s6_addr[i] | rnd.s6_addr[i]) & mask.s6_addr[i];
934 while ( (0 == memcmp (&local_address->address.ipv6,
936 sizeof (struct in6_addr))) ||
937 (0 == memcmp (&local_address->address.ipv6,
939 sizeof (struct in6_addr))) );
949 * We are starting a fresh connection (TCP or UDP) and need
950 * to pick a source port and IP address (within the correct
951 * range and address family) to associate replies with the
952 * connection / correct mesh tunnel. This function generates
953 * a "fresh" source IP and source port number for a connection
954 * After picking a good source address, this function sets up
955 * the state in the 'connections_map' and 'connections_heap'
956 * to allow finding the state when needed later. The function
957 * also makes sure that we remain within memory limits by
958 * cleaning up 'old' states.
960 * @param state skeleton state to setup a record for; should
961 * 'state->ri.remote_address' filled in so that
962 * this code can determine which AF/protocol is
963 * going to be used (the 'tunnel' should also
964 * already be set); after calling this function,
965 * heap_node and the local_address will be
966 * also initialized (heap_node != NULL can be
967 * used to test if a state has been fully setup).
970 setup_state_record (struct TunnelState *state)
973 struct TunnelState *s;
975 /* generate fresh, unique address */
978 setup_fresh_address (state->serv->address.af,
979 state->serv->address.proto,
980 &state->ri.local_address);
981 } while (NULL != get_redirect_state (state->ri.remote_address.af,
982 state->ri.remote_address.proto,
983 &state->ri.remote_address.address,
984 state->ri.remote_address.port,
985 &state->ri.local_address.address,
986 state->ri.local_address.port,
989 char buf[INET6_ADDRSTRLEN];
990 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
991 "Picked local address %s:%u for new connection\n",
992 inet_ntop (state->ri.local_address.af,
993 &state->ri.local_address.address,
995 (unsigned int) state->ri.local_address.port);
997 GNUNET_assert (GNUNET_OK ==
998 GNUNET_CONTAINER_multihashmap_put (connections_map,
1000 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
1001 state->heap_node = GNUNET_CONTAINER_heap_insert (connections_heap,
1003 GNUNET_TIME_absolute_get ().abs_value);
1004 while (GNUNET_CONTAINER_heap_get_size (connections_heap) > max_connections)
1006 s = GNUNET_CONTAINER_heap_remove_root (connections_heap);
1007 GNUNET_assert (state != s);
1008 s->heap_node = NULL;
1009 GNUNET_MESH_tunnel_destroy (s->tunnel);
1010 GNUNET_assert (GNUNET_OK ==
1011 GNUNET_CONTAINER_multihashmap_remove (connections_map,
1020 * Prepare an IPv4 packet for transmission via the TUN interface.
1021 * Initializes the IP header and calculates checksums (IP+UDP/TCP).
1022 * For UDP, the UDP header will be fully created, whereas for TCP
1023 * only the ports and checksum will be filled in. So for TCP,
1024 * a skeleton TCP header must be part of the provided payload.
1026 * @param payload payload of the packet (starting with UDP payload or
1027 * TCP header, depending on protocol)
1028 * @param payload_length number of bytes in 'payload'
1029 * @param protocol IPPROTO_UDP or IPPROTO_TCP
1030 * @param src_address source address to use (IP and port)
1031 * @param dst_address destination address to use (IP and port)
1032 * @param pkt6 where to write the assembled packet; must
1033 * contain enough space for the IP header, UDP/TCP header
1037 prepare_ipv4_packet (const void *payload, size_t payload_length,
1039 const struct tcp_packet *tcp_header,
1040 const struct SocketAddress *src_address,
1041 const struct SocketAddress *dst_address,
1042 struct ip4_header *pkt4)
1046 len = payload_length;
1050 len += sizeof (struct udp_packet);
1053 len += sizeof (struct tcp_packet);
1054 GNUNET_assert (NULL != tcp_header);
1060 if (len + sizeof (struct ip4_header) > UINT16_MAX)
1067 pkt4->header_length = sizeof (struct ip4_header) / 4;
1068 pkt4->diff_serv = 0;
1069 pkt4->total_length = htons ((uint16_t) (sizeof (struct ip4_header) + len));
1070 pkt4->identification = (uint16_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1073 pkt4->fragmentation_offset = 0;
1075 pkt4->protocol = protocol;
1077 pkt4->destination_address = dst_address->address.ipv4;
1078 pkt4->source_address = src_address->address.ipv4;
1079 pkt4->checksum = GNUNET_CRYPTO_crc16_n (pkt4, sizeof (struct ip4_header));
1085 struct udp_packet *pkt4_udp = (struct udp_packet *) &pkt4[1];
1087 pkt4_udp->spt = htons (src_address->port);
1088 pkt4_udp->dpt = htons (dst_address->port);
1089 pkt4_udp->crc = 0; /* Optional for IPv4 */
1090 pkt4_udp->len = htons ((uint16_t) payload_length);
1091 memcpy (&pkt4_udp[1], payload, payload_length);
1096 struct tcp_packet *pkt4_tcp = (struct tcp_packet *) &pkt4[1];
1098 memcpy (pkt4_tcp, tcp_header, sizeof (struct tcp_packet));
1099 memcpy (&pkt4_tcp[1], payload, payload_length);
1100 pkt4_tcp->spt = htons (src_address->port);
1101 pkt4_tcp->dpt = htons (dst_address->port);
1104 sum = GNUNET_CRYPTO_crc16_step (sum,
1105 &pkt4->source_address,
1106 sizeof (struct in_addr) * 2);
1107 uint32_t tmp = htonl ((protocol << 16) | (0xffff & len));
1108 sum = GNUNET_CRYPTO_crc16_step (sum, & tmp, sizeof (uint32_t));
1109 sum = GNUNET_CRYPTO_crc16_step (sum, & pkt4_tcp, len);
1110 pkt4_tcp->crc = GNUNET_CRYPTO_crc16_finish (sum);
1120 * Prepare an IPv6 packet for transmission via the TUN interface.
1121 * Initializes the IP header and calculates checksums (IP+UDP/TCP).
1122 * For UDP, the UDP header will be fully created, whereas for TCP
1123 * only the ports and checksum will be filled in. So for TCP,
1124 * a skeleton TCP header must be part of the provided payload.
1126 * @param payload payload of the packet (starting with UDP payload or
1127 * TCP header, depending on protocol)
1128 * @param payload_length number of bytes in 'payload'
1129 * @param protocol IPPROTO_UDP or IPPROTO_TCP
1130 * @param src_address source address to use (IP and port)
1131 * @param dst_address destination address to use (IP and port)
1132 * @param pkt6 where to write the assembled packet; must
1133 * contain enough space for the IP header, UDP/TCP header
1137 prepare_ipv6_packet (const void *payload, size_t payload_length,
1139 const struct tcp_packet *tcp_header,
1140 const struct SocketAddress *src_address,
1141 const struct SocketAddress *dst_address,
1142 struct ip6_header *pkt6)
1146 len = payload_length;
1150 len += sizeof (struct udp_packet);
1153 /* tcp_header (with port/crc not set) must be part of payload! */
1154 if (len < sizeof (struct tcp_packet))
1164 if (len > UINT16_MAX)
1171 pkt6->next_header = protocol;
1172 pkt6->payload_length = htons ((uint16_t) (len + sizeof (struct ip6_header)));
1173 pkt6->hop_limit = 255;
1174 pkt6->destination_address = dst_address->address.ipv6;
1175 pkt6->source_address = src_address->address.ipv6;
1181 struct udp_packet *pkt6_udp = (struct udp_packet *) &pkt6[1];
1183 memcpy (&pkt6[1], payload, payload_length);
1185 pkt6_udp->spt = htons (src_address->port);
1186 pkt6_udp->dpt = htons (dst_address->port);
1187 pkt6_udp->len = htons ((uint16_t) payload_length);
1190 sum = GNUNET_CRYPTO_crc16_step (sum,
1191 &pkt6->source_address,
1192 sizeof (struct in6_addr) * 2);
1193 uint32_t tmp = htons (len);
1194 sum = GNUNET_CRYPTO_crc16_step (sum, &tmp, sizeof (uint32_t));
1195 tmp = htonl (pkt6->next_header);
1196 sum = GNUNET_CRYPTO_crc16_step (sum, &tmp, sizeof (uint32_t));
1197 sum = GNUNET_CRYPTO_crc16_step (sum, pkt6_udp, len);
1198 pkt6_udp->crc = GNUNET_CRYPTO_crc16_finish (sum);
1203 struct tcp_packet *pkt6_tcp = (struct tcp_packet *) pkt6;
1205 memcpy (pkt6_tcp, payload, payload_length);
1207 pkt6_tcp->spt = htons (src_address->port);
1208 pkt6_tcp->dpt = htons (dst_address->port);
1211 sum = GNUNET_CRYPTO_crc16_step (sum, &pkt6->source_address,
1212 sizeof (struct in6_addr) * 2);
1213 uint32_t tmp = htonl (len);
1214 sum = GNUNET_CRYPTO_crc16_step (sum, &tmp, sizeof (uint32_t));
1215 tmp = htonl (pkt6->next_header);
1216 sum = GNUNET_CRYPTO_crc16_step (sum, &tmp, sizeof (uint32_t));
1217 sum = GNUNET_CRYPTO_crc16_step (sum, pkt6_tcp, len);
1218 pkt6_tcp->crc = GNUNET_CRYPTO_crc16_finish (sum);
1229 * Send a TCP packet via the TUN interface.
1231 * @param destination_address IP and port to use for the TCP packet's destination
1232 * @param source_address IP and port to use for the TCP packet's source
1233 * @param tcp header template to use
1234 * @param payload payload of the TCP packet
1235 * @param payload_length number of bytes in 'payload'
1238 send_tcp_packet_via_tun (const struct SocketAddress *destination_address,
1239 const struct SocketAddress *source_address,
1240 const struct tcp_packet *tcp_header,
1241 const void *payload, size_t payload_length)
1245 GNUNET_STATISTICS_update (stats,
1246 gettext_noop ("# TCP packets sent via TUN"),
1248 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1249 "Sending packet with %u bytes TCP payload via TUN\n",
1250 (unsigned int) payload_length);
1251 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct tun_header);
1252 switch (source_address->af)
1255 len += sizeof (struct ip4_header);
1258 len += sizeof (struct ip6_header);
1264 len += payload_length;
1265 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1272 struct GNUNET_MessageHeader *hdr;
1273 struct tun_header *tun;
1275 hdr= (struct GNUNET_MessageHeader *) buf;
1276 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1277 hdr->size = htons (len);
1278 tun = (struct tun_header*) &hdr[1];
1279 tun->flags = htons (0);
1280 switch (source_address->af)
1284 struct ip4_header * ipv4 = (struct ip4_header*) &tun[1];
1286 tun->proto = htons (ETH_P_IPV4);
1287 prepare_ipv4_packet (payload, payload_length,
1291 destination_address,
1297 struct ip6_header * ipv6 = (struct ip6_header*) &tun[1];
1299 tun->proto = htons (ETH_P_IPV6);
1300 prepare_ipv6_packet (payload, payload_length,
1304 destination_address,
1312 (void) GNUNET_HELPER_send (helper_handle,
1313 (const struct GNUNET_MessageHeader*) buf,
1321 * Process a request via mesh to send a request to a TCP service
1322 * offered by this system.
1324 * @param cls closure, NULL
1325 * @param tunnel connection to the other end
1326 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1327 * @param sender who sent the message
1328 * @param message the actual message
1329 * @param atsi performance data for the connection
1330 * @return GNUNET_OK to keep the connection open,
1331 * GNUNET_SYSERR to close it (signal serious error)
1334 receive_tcp_service (void *unused GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1335 void **tunnel_ctx GNUNET_UNUSED,
1336 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1337 const struct GNUNET_MessageHeader *message,
1338 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1340 struct TunnelState *state = *tunnel_ctx;
1341 const struct GNUNET_EXIT_TcpServiceStartMessage *start;
1342 uint16_t pkt_len = ntohs (message->size);
1344 GNUNET_STATISTICS_update (stats,
1345 gettext_noop ("# TCP service creation requests received via mesh"),
1347 /* check that we got at least a valid header */
1348 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpServiceStartMessage))
1350 GNUNET_break_op (0);
1351 return GNUNET_SYSERR;
1353 start = (const struct GNUNET_EXIT_TcpServiceStartMessage*) message;
1354 pkt_len -= sizeof (struct GNUNET_EXIT_TcpServiceStartMessage);
1355 if ( (NULL == state) ||
1356 (NULL != state->serv) ||
1357 (NULL != state->heap_node) )
1359 GNUNET_break_op (0);
1360 return GNUNET_SYSERR;
1362 GNUNET_break_op (ntohl (start->reserved) == 0);
1363 /* setup fresh connection */
1364 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1365 "Received data from %s for forwarding to TCP service %s on port %u\n",
1366 GNUNET_i2s (sender),
1367 GNUNET_h2s (&start->service_descriptor),
1368 (unsigned int) ntohs (start->tcp_header.dpt));
1369 if (NULL == (state->serv = find_service (tcp_services, &start->service_descriptor,
1370 ntohs (start->tcp_header.dpt))))
1372 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1373 _("No service found for %s on port %d!\n"),
1375 ntohs (start->tcp_header.dpt));
1376 return GNUNET_SYSERR;
1378 state->ri.remote_address = state->serv->address;
1379 setup_state_record (state);
1380 send_tcp_packet_via_tun (&state->ri.remote_address,
1381 &state->ri.local_address,
1383 &start[1], pkt_len);
1389 * Process a request to forward TCP data to the Internet via this peer.
1391 * @param cls closure, NULL
1392 * @param tunnel connection to the other end
1393 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1394 * @param sender who sent the message
1395 * @param message the actual message
1396 * @param atsi performance data for the connection
1397 * @return GNUNET_OK to keep the connection open,
1398 * GNUNET_SYSERR to close it (signal serious error)
1401 receive_tcp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1402 void **tunnel_ctx GNUNET_UNUSED,
1403 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1404 const struct GNUNET_MessageHeader *message,
1405 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1407 struct TunnelState *state = *tunnel_ctx;
1408 const struct GNUNET_EXIT_TcpInternetStartMessage *start;
1409 uint16_t pkt_len = ntohs (message->size);
1410 const struct in_addr *v4;
1411 const struct in6_addr *v6;
1412 const void *payload;
1415 GNUNET_STATISTICS_update (stats,
1416 gettext_noop ("# TCP IP-exit creation requests received via mesh"),
1418 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpInternetStartMessage))
1420 GNUNET_break_op (0);
1421 return GNUNET_SYSERR;
1423 start = (const struct GNUNET_EXIT_TcpInternetStartMessage*) message;
1424 pkt_len -= sizeof (struct GNUNET_EXIT_TcpInternetStartMessage);
1425 if ( (NULL == state) ||
1426 (NULL != state->serv) ||
1427 (NULL != state->heap_node) )
1429 GNUNET_break_op (0);
1430 return GNUNET_SYSERR;
1432 af = (int) ntohl (start->af);
1433 state->ri.remote_address.af = af;
1437 if (pkt_len < sizeof (struct in_addr))
1439 GNUNET_break_op (0);
1440 return GNUNET_SYSERR;
1442 v4 = (const struct in_addr*) &start[1];
1444 pkt_len -= sizeof (struct in_addr);
1445 state->ri.remote_address.address.ipv4 = *v4;
1448 if (pkt_len < sizeof (struct in6_addr))
1450 GNUNET_break_op (0);
1451 return GNUNET_SYSERR;
1453 v6 = (const struct in6_addr*) &start[1];
1455 pkt_len -= sizeof (struct in_addr);
1456 state->ri.remote_address.address.ipv6 = *v6;
1459 GNUNET_break_op (0);
1460 return GNUNET_SYSERR;
1463 char buf[INET6_ADDRSTRLEN];
1464 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1465 "Received data from %s for starting TCP stream to %s:%u\n",
1466 GNUNET_i2s (sender),
1468 &state->ri.remote_address.address,
1470 (unsigned int) ntohs (start->tcp_header.dpt));
1473 state->ri.remote_address.proto = IPPROTO_TCP;
1474 state->ri.remote_address.port = ntohs (start->tcp_header.dpt);
1475 setup_state_record (state);
1476 send_tcp_packet_via_tun (&state->ri.remote_address,
1477 &state->ri.local_address,
1485 * Process a request to forward TCP data on an established
1486 * connection via this peer.
1488 * @param cls closure, NULL
1489 * @param tunnel connection to the other end
1490 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1491 * @param sender who sent the message
1492 * @param message the actual message
1493 * @param atsi performance data for the connection
1494 * @return GNUNET_OK to keep the connection open,
1495 * GNUNET_SYSERR to close it (signal serious error)
1498 receive_tcp_data (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1499 void **tunnel_ctx GNUNET_UNUSED,
1500 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1501 const struct GNUNET_MessageHeader *message,
1502 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1504 struct TunnelState *state = *tunnel_ctx;
1505 const struct GNUNET_EXIT_TcpDataMessage *data;
1506 uint16_t pkt_len = ntohs (message->size);
1508 GNUNET_STATISTICS_update (stats,
1509 gettext_noop ("# TCP data requests received via mesh"),
1511 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpDataMessage))
1513 GNUNET_break_op (0);
1514 return GNUNET_SYSERR;
1516 data = (const struct GNUNET_EXIT_TcpDataMessage*) message;
1517 pkt_len -= sizeof (struct GNUNET_EXIT_TcpDataMessage);
1518 if ( (NULL == state) ||
1519 (NULL == state->heap_node) )
1521 /* connection should have been up! */
1522 GNUNET_break_op (0);
1523 /* FIXME: call statistics */
1524 return GNUNET_SYSERR;
1526 GNUNET_break_op (ntohl (data->reserved) == 0);
1528 char buf[INET6_ADDRSTRLEN];
1529 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1530 "Received additional data from %s for TCP stream to %s:%u\n",
1531 GNUNET_i2s (sender),
1532 inet_ntop (state->ri.remote_address.af,
1533 &state->ri.remote_address.address,
1535 (unsigned int) state->ri.remote_address.port);
1538 send_tcp_packet_via_tun (&state->ri.remote_address,
1539 &state->ri.local_address,
1547 * Send a UDP packet via the TUN interface.
1549 * @param destination_address IP and port to use for the UDP packet's destination
1550 * @param source_address IP and port to use for the UDP packet's source
1551 * @param payload payload of the UDP packet (does NOT include UDP header)
1552 * @param payload_length number of bytes of data in payload
1555 send_udp_packet_via_tun (const struct SocketAddress *destination_address,
1556 const struct SocketAddress *source_address,
1557 const void *payload, size_t payload_length)
1561 GNUNET_STATISTICS_update (stats,
1562 gettext_noop ("# UDP packets sent via TUN"),
1564 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1565 "Sending packet with %u bytes UDP payload via TUN\n",
1566 (unsigned int) payload_length);
1567 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct tun_header);
1568 switch (source_address->af)
1571 len += sizeof (struct ip4_header);
1574 len += sizeof (struct ip6_header);
1580 len += sizeof (struct udp_packet);
1581 len += payload_length;
1582 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1589 struct GNUNET_MessageHeader *hdr;
1590 struct tun_header *tun;
1592 hdr= (struct GNUNET_MessageHeader *) buf;
1593 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1594 hdr->size = htons (len);
1595 tun = (struct tun_header*) &hdr[1];
1596 tun->flags = htons (0);
1597 switch (source_address->af)
1601 struct ip4_header * ipv4 = (struct ip4_header*) &tun[1];
1603 tun->proto = htons (ETH_P_IPV4);
1604 prepare_ipv4_packet (payload, payload_length,
1608 destination_address,
1614 struct ip6_header * ipv6 = (struct ip6_header*) &tun[1];
1616 tun->proto = htons (ETH_P_IPV6);
1617 prepare_ipv6_packet (payload, payload_length,
1621 destination_address,
1629 (void) GNUNET_HELPER_send (helper_handle,
1630 (const struct GNUNET_MessageHeader*) buf,
1638 * Process a request to forward UDP data to the Internet via this peer.
1640 * @param cls closure, NULL
1641 * @param tunnel connection to the other end
1642 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1643 * @param sender who sent the message
1644 * @param message the actual message
1645 * @param atsi performance data for the connection
1646 * @return GNUNET_OK to keep the connection open,
1647 * GNUNET_SYSERR to close it (signal serious error)
1650 receive_udp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1651 void **tunnel_ctx GNUNET_UNUSED,
1652 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1653 const struct GNUNET_MessageHeader *message,
1654 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1656 struct TunnelState *state = *tunnel_ctx;
1657 const struct GNUNET_EXIT_UdpInternetMessage *msg;
1658 uint16_t pkt_len = ntohs (message->size);
1659 const struct in_addr *v4;
1660 const struct in6_addr *v6;
1661 const void *payload;
1664 GNUNET_STATISTICS_update (stats,
1665 gettext_noop ("# UDP IP-exit requests received via mesh"),
1667 if (pkt_len < sizeof (struct GNUNET_EXIT_UdpInternetMessage))
1669 GNUNET_break_op (0);
1670 return GNUNET_SYSERR;
1672 msg = (const struct GNUNET_EXIT_UdpInternetMessage*) message;
1673 pkt_len -= sizeof (struct GNUNET_EXIT_UdpInternetMessage);
1674 af = (int) ntohl (msg->af);
1675 state->ri.remote_address.af = af;
1679 if (pkt_len < sizeof (struct in_addr))
1681 GNUNET_break_op (0);
1682 return GNUNET_SYSERR;
1684 v4 = (const struct in_addr*) &msg[1];
1686 pkt_len -= sizeof (struct in_addr);
1687 state->ri.remote_address.address.ipv4 = *v4;
1690 if (pkt_len < sizeof (struct in6_addr))
1692 GNUNET_break_op (0);
1693 return GNUNET_SYSERR;
1695 v6 = (const struct in6_addr*) &msg[1];
1697 pkt_len -= sizeof (struct in_addr);
1698 state->ri.remote_address.address.ipv6 = *v6;
1701 GNUNET_break_op (0);
1702 return GNUNET_SYSERR;
1705 char buf[INET6_ADDRSTRLEN];
1706 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1707 "Received data from %s for forwarding to UDP %s:%u\n",
1708 GNUNET_i2s (sender),
1710 &state->ri.remote_address.address,
1712 (unsigned int) ntohs (msg->destination_port));
1714 state->ri.remote_address.proto = IPPROTO_UDP;
1715 state->ri.remote_address.port = msg->destination_port;
1716 if (NULL == state->heap_node)
1717 setup_state_record (state);
1718 if (0 != ntohs (msg->source_port))
1719 state->ri.local_address.port = msg->source_port;
1720 send_udp_packet_via_tun (&state->ri.remote_address,
1721 &state->ri.local_address,
1728 * Process a request via mesh to send a request to a UDP service
1729 * offered by this system.
1731 * @param cls closure, NULL
1732 * @param tunnel connection to the other end
1733 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1734 * @param sender who sent the message
1735 * @param message the actual message
1736 * @param atsi performance data for the connection
1737 * @return GNUNET_OK to keep the connection open,
1738 * GNUNET_SYSERR to close it (signal serious error)
1741 receive_udp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1743 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1744 const struct GNUNET_MessageHeader *message,
1745 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1747 struct TunnelState *state = *tunnel_ctx;
1748 const struct GNUNET_EXIT_UdpServiceMessage *msg;
1749 uint16_t pkt_len = ntohs (message->size);
1751 GNUNET_STATISTICS_update (stats,
1752 gettext_noop ("# UDP service requests received via mesh"),
1754 /* check that we got at least a valid header */
1755 if (pkt_len < sizeof (struct GNUNET_EXIT_UdpServiceMessage))
1757 GNUNET_break_op (0);
1758 return GNUNET_SYSERR;
1760 msg = (const struct GNUNET_EXIT_UdpServiceMessage*) message;
1761 pkt_len -= sizeof (struct GNUNET_EXIT_UdpServiceMessage);
1762 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1763 "Received data from %s for forwarding to UDP service %s on port %u\n",
1764 GNUNET_i2s (sender),
1765 GNUNET_h2s (&msg->service_descriptor),
1766 (unsigned int) ntohs (msg->destination_port));
1767 if (NULL == (state->serv = find_service (udp_services, &msg->service_descriptor,
1768 ntohs (msg->destination_port))))
1770 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1771 _("No service found for %s on port %d!\n"),
1773 ntohs (msg->destination_port));
1774 return GNUNET_SYSERR;
1776 state->ri.remote_address = state->serv->address;
1777 setup_state_record (state);
1778 if (0 != ntohs (msg->source_port))
1779 state->ri.local_address.port = msg->source_port;
1780 send_udp_packet_via_tun (&state->ri.remote_address,
1781 &state->ri.local_address,
1788 * Callback from GNUNET_MESH for new tunnels.
1790 * @param cls closure
1791 * @param tunnel new handle to the tunnel
1792 * @param initiator peer that started the tunnel
1793 * @param atsi performance information for the tunnel
1794 * @return initial tunnel context for the tunnel
1797 new_tunnel (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1798 const struct GNUNET_PeerIdentity *initiator GNUNET_UNUSED,
1799 const struct GNUNET_ATS_Information *ats GNUNET_UNUSED)
1801 struct TunnelState *s = GNUNET_malloc (sizeof (struct TunnelState));
1803 GNUNET_STATISTICS_update (stats,
1804 gettext_noop ("# Inbound MESH tunnels created"),
1806 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1807 "Received inbound tunnel from `%s'\n",
1808 GNUNET_i2s (initiator));
1815 * Function called by mesh whenever an inbound tunnel is destroyed.
1816 * Should clean up any associated state.
1818 * @param cls closure (set from GNUNET_MESH_connect)
1819 * @param tunnel connection to the other end (henceforth invalid)
1820 * @param tunnel_ctx place where local state associated
1821 * with the tunnel is stored
1824 clean_tunnel (void *cls GNUNET_UNUSED, const struct GNUNET_MESH_Tunnel *tunnel,
1827 struct TunnelState *s = tunnel_ctx;
1828 struct TunnelMessageQueue *tnq;
1830 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1831 "Tunnel destroyed\n");
1832 while (NULL != (tnq = s->head))
1834 GNUNET_CONTAINER_DLL_remove (s->head,
1839 if (s->heap_node != NULL)
1841 GNUNET_assert (GNUNET_YES ==
1842 GNUNET_CONTAINER_multihashmap_remove (connections_map,
1845 GNUNET_CONTAINER_heap_remove_node (s->heap_node);
1846 s->heap_node = NULL;
1850 GNUNET_MESH_notify_transmit_ready_cancel (s->th);
1858 * Function that frees everything from a hashmap
1862 * @param value value to free
1865 free_iterate (void *cls GNUNET_UNUSED,
1866 const GNUNET_HashCode * hash GNUNET_UNUSED, void *value)
1868 GNUNET_free (value);
1874 * Function scheduled as very last function, cleans up after us
1877 cleanup (void *cls GNUNET_UNUSED,
1878 const struct GNUNET_SCHEDULER_TaskContext *tskctx)
1882 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1883 "Exit service is shutting down now\n");
1884 if (helper_handle != NULL)
1886 GNUNET_HELPER_stop (helper_handle);
1887 helper_handle = NULL;
1889 if (mesh_handle != NULL)
1891 GNUNET_MESH_disconnect (mesh_handle);
1894 if (NULL != connections_map)
1896 GNUNET_CONTAINER_multihashmap_iterate (connections_map, &free_iterate, NULL);
1897 GNUNET_CONTAINER_multihashmap_destroy (connections_map);
1898 connections_map = NULL;
1900 if (NULL != connections_heap)
1902 GNUNET_CONTAINER_heap_destroy (connections_heap);
1903 connections_heap = NULL;
1905 if (NULL != tcp_services)
1907 GNUNET_CONTAINER_multihashmap_iterate (tcp_services, &free_service_record, NULL);
1908 GNUNET_CONTAINER_multihashmap_destroy (tcp_services);
1909 tcp_services = NULL;
1911 if (NULL != udp_services)
1913 GNUNET_CONTAINER_multihashmap_iterate (udp_services, &free_service_record, NULL);
1914 GNUNET_CONTAINER_multihashmap_destroy (udp_services);
1915 udp_services = NULL;
1919 GNUNET_STATISTICS_destroy (stats, GNUNET_YES);
1923 GNUNET_free_non_null (exit_argv[i]);
1928 * Add services to the service map.
1930 * @param proto IPPROTO_TCP or IPPROTO_UDP
1931 * @param cpy copy of the service descriptor (can be mutilated)
1932 * @param name DNS name of the service
1935 add_services (int proto,
1942 struct LocalService *serv;
1944 for (redirect = strtok (cpy, " "); redirect != NULL;
1945 redirect = strtok (NULL, " "))
1947 if (NULL == (hostname = strstr (redirect, ":")))
1949 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1950 "option `%s' for domain `%s' is not formatted correctly!\n",
1957 if (NULL == (hostport = strstr (hostname, ":")))
1959 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1960 "option `%s' for domain `%s' is not formatted correctly!\n",
1968 int local_port = atoi (redirect);
1969 int remote_port = atoi (hostport);
1971 if (!((local_port > 0) && (local_port < 65536)))
1973 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1974 "`%s' is not a valid port number (for domain `%s')!", redirect,
1978 if (!((remote_port > 0) && (remote_port < 65536)))
1980 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1981 "`%s' is not a valid port number (for domain `%s')!", hostport,
1986 serv = GNUNET_malloc (sizeof (struct LocalService));
1987 serv->my_port = (uint16_t) local_port;
1988 serv->address.port = remote_port;
1989 if (0 == strcmp ("localhost4", hostname))
1991 const char *ip4addr = exit_argv[4];
1993 serv->address.af = AF_INET;
1994 GNUNET_assert (1 != inet_pton (AF_INET, ip4addr, &serv->address.address.ipv4));
1996 else if (0 == strcmp ("localhost6", hostname))
1998 const char *ip6addr = exit_argv[2];
2000 serv->address.af = AF_INET6;
2001 GNUNET_assert (1 == inet_pton (AF_INET6, ip6addr, &serv->address.address.ipv6));
2005 struct addrinfo *res;
2008 ret = getaddrinfo (hostname, NULL, NULL, &res);
2009 if ( (ret != 0) || (res == NULL) )
2011 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2012 _("No addresses found for hostname `%s' of service `%s'!\n"),
2019 serv->address.af = res->ai_family;
2020 switch (res->ai_family)
2023 serv->address.address.ipv4 = ((struct sockaddr_in *) res->ai_addr)->sin_addr;
2026 serv->address.address.ipv6 = ((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
2030 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2031 _("No IP addresses found for hostname `%s' of service `%s'!\n"),
2039 store_service ((IPPROTO_UDP == proto) ? udp_services : tcp_services,
2048 * Reads the configuration servicecfg and populates udp_services
2051 * @param section name of section in config, equal to hostname
2054 read_service_conf (void *cls GNUNET_UNUSED, const char *section)
2058 if ((strlen (section) < 8) ||
2059 (0 != strcmp (".gnunet.", section + (strlen (section) - 8))))
2062 GNUNET_CONFIGURATION_get_value_string (cfg, section, "UDP_REDIRECTS",
2065 add_services (IPPROTO_UDP, cpy, section);
2069 GNUNET_CONFIGURATION_get_value_string (cfg, section, "TCP_REDIRECTS",
2072 add_services (IPPROTO_TCP, cpy, section);
2079 * @brief Main function that will be run by the scheduler.
2081 * @param cls closure
2082 * @param args remaining command-line arguments
2083 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
2084 * @param cfg_ configuration
2087 run (void *cls, char *const *args GNUNET_UNUSED,
2088 const char *cfgfile GNUNET_UNUSED,
2089 const struct GNUNET_CONFIGURATION_Handle *cfg_)
2091 static struct GNUNET_MESH_MessageHandler handlers[] = {
2092 {&receive_udp_service, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_SERVICE, 0},
2093 {&receive_udp_remote, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_INTERNET, 0},
2094 {&receive_tcp_service, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_SERVICE_START, 0},
2095 {&receive_tcp_remote, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_INTERNET_START, 0},
2096 {&receive_tcp_data, GNUNET_MESSAGE_TYPE_VPN_TCP_DATA, 0},
2100 static GNUNET_MESH_ApplicationType apptypes[] = {
2101 GNUNET_APPLICATION_TYPE_END,
2102 GNUNET_APPLICATION_TYPE_END,
2103 GNUNET_APPLICATION_TYPE_END
2105 unsigned int app_idx;
2116 stats = GNUNET_STATISTICS_create ("exit", cfg);
2117 ipv4_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV4");
2118 ipv6_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV6");
2119 ipv4_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV4");
2120 ipv6_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV6");
2121 if (ipv4_exit && (! ipv4_enabled))
2123 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2124 _("Cannot enable IPv4 exit but disable IPv4 on TUN interface, will use ENABLE_IPv4=YES\n"));
2125 ipv4_enabled = GNUNET_YES;
2127 if (ipv6_exit && (! ipv6_enabled))
2129 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2130 _("Cannot enable IPv6 exit but disable IPv6 on TUN interface, will use ENABLE_IPv6=YES\n"));
2131 ipv6_enabled = GNUNET_YES;
2133 if (! (ipv4_enabled || ipv6_enabled))
2135 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2136 _("No useful service enabled. Exiting.\n"));
2137 GNUNET_SCHEDULER_shutdown ();
2141 if (GNUNET_YES == ipv4_exit)
2143 apptypes[app_idx] = GNUNET_APPLICATION_TYPE_IPV4_GATEWAY;
2146 if (GNUNET_YES == ipv6_exit)
2148 apptypes[app_idx] = GNUNET_APPLICATION_TYPE_IPV6_GATEWAY;
2152 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &cleanup, cls);
2155 GNUNET_CONFIGURATION_get_value_number (cfg, "exit", "MAX_CONNECTIONS",
2157 max_connections = 1024;
2158 exit_argv[0] = GNUNET_strdup ("exit-gnunet");
2159 if (GNUNET_SYSERR ==
2160 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "TUN_IFNAME", &tun_ifname))
2162 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2163 "No entry 'TUN_IFNAME' in configuration!\n");
2164 GNUNET_SCHEDULER_shutdown ();
2167 exit_argv[1] = tun_ifname;
2170 if (GNUNET_SYSERR ==
2171 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "EXIT_IFNAME", &exit_ifname))
2173 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2174 "No entry 'EXIT_IFNAME' in configuration!\n");
2175 GNUNET_SCHEDULER_shutdown ();
2178 exit_argv[2] = exit_ifname;
2182 exit_argv[2] = GNUNET_strdup ("%");
2184 if (GNUNET_YES == ipv6_enabled)
2186 if ( (GNUNET_SYSERR ==
2187 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6ADDR",
2189 (1 != inet_pton (AF_INET6, ipv6addr, &v6))) )
2191 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2192 "No valid entry 'IPV6ADDR' in configuration!\n");
2193 GNUNET_SCHEDULER_shutdown ();
2196 exit_argv[3] = ipv6addr;
2197 if (GNUNET_SYSERR ==
2198 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6PREFIX",
2201 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2202 "No entry 'IPV6PREFIX' in configuration!\n");
2203 GNUNET_SCHEDULER_shutdown ();
2206 exit_argv[4] = ipv6prefix_s;
2208 GNUNET_CONFIGURATION_get_value_number (cfg, "exit",
2211 (ipv6prefix >= 127) )
2213 GNUNET_SCHEDULER_shutdown ();
2219 /* IPv6 explicitly disabled */
2220 exit_argv[3] = GNUNET_strdup ("-");
2221 exit_argv[4] = GNUNET_strdup ("-");
2223 if (GNUNET_YES == ipv4_enabled)
2225 if ( (GNUNET_SYSERR ==
2226 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4ADDR",
2228 (1 != inet_pton (AF_INET, ipv4addr, &v4))) )
2230 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2231 "No valid entry for 'IPV4ADDR' in configuration!\n");
2232 GNUNET_SCHEDULER_shutdown ();
2235 exit_argv[5] = ipv4addr;
2236 if ( (GNUNET_SYSERR ==
2237 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4MASK",
2239 (1 != inet_pton (AF_INET, ipv4mask, &v4))) )
2241 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2242 "No valid entry 'IPV4MASK' in configuration!\n");
2243 GNUNET_SCHEDULER_shutdown ();
2246 exit_argv[6] = ipv4mask;
2250 /* IPv4 explicitly disabled */
2251 exit_argv[5] = GNUNET_strdup ("-");
2252 exit_argv[6] = GNUNET_strdup ("-");
2254 exit_argv[7] = NULL;
2256 udp_services = GNUNET_CONTAINER_multihashmap_create (65536);
2257 tcp_services = GNUNET_CONTAINER_multihashmap_create (65536);
2258 GNUNET_CONFIGURATION_iterate_sections (cfg, &read_service_conf, NULL);
2260 connections_map = GNUNET_CONTAINER_multihashmap_create (65536);
2261 connections_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
2263 = GNUNET_MESH_connect (cfg, 42 /* queue size */, NULL,
2265 &clean_tunnel, handlers,
2267 if (NULL == mesh_handle)
2269 GNUNET_SCHEDULER_shutdown ();
2272 helper_handle = GNUNET_HELPER_start ("gnunet-helper-exit",
2274 &message_token, NULL);
2281 * @param argc number of arguments from the command line
2282 * @param argv command line arguments
2283 * @return 0 ok, 1 on error
2286 main (int argc, char *const *argv)
2288 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
2289 GNUNET_GETOPT_OPTION_END
2292 return (GNUNET_OK ==
2293 GNUNET_PROGRAM_run (argc, argv, "gnunet-daemon-exit",
2295 ("Daemon to run to provide an IP exit node for the VPN"),
2296 options, &run, NULL)) ? 0 : 1;
2300 /* end of gnunet-daemon-exit.c */
projects / oweals / gnunet.git / blob