2 This file is part of GNUnet.
3 (C) 2010-2013 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file exit/gnunet-daemon-exit.c
23 * @brief tool to allow IP traffic exit from the GNUnet cadet to the Internet
24 * @author Philipp Toelke
25 * @author Christian Grothoff
31 * - which code should advertise services? the service model is right
32 * now a bit odd, especially as this code DOES the exit and knows
33 * the DNS "name", but OTOH this is clearly NOT the place to advertise
34 * the service's existence; maybe the daemon should turn into a
35 * service with an API to add local-exit services dynamically?
38 #include "gnunet_util_lib.h"
39 #include "gnunet_protocols.h"
40 #include "gnunet_applications.h"
41 #include "gnunet_dht_service.h"
42 #include "gnunet_cadet_service.h"
43 #include "gnunet_dnsparser_lib.h"
44 #include "gnunet_dnsstub_lib.h"
45 #include "gnunet_statistics_service.h"
46 #include "gnunet_constants.h"
47 #include "gnunet_signatures.h"
48 #include "gnunet_tun_lib.h"
49 #include "gnunet_regex_service.h"
51 #include "block_dns.h"
55 * Maximum path compression length for cadet regex announcing for IPv4 address
58 #define REGEX_MAX_PATH_LEN_IPV4 4
61 * Maximum path compression length for cadet regex announcing for IPv6 address
64 #define REGEX_MAX_PATH_LEN_IPV6 8
67 * How frequently do we re-announce the regex for the exit?
69 #define REGEX_REFRESH_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 30)
72 * How frequently do we re-announce the DNS exit in the DHT?
74 #define DHT_PUT_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 15)
77 * How long do we typically sign the DNS exit advertisement for?
79 #define DNS_ADVERTISEMENT_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 3)
83 * Generic logging shorthand
85 #define LOG(kind, ...) \
86 GNUNET_log_from (kind, "exit", __VA_ARGS__);
90 * Information about an address.
95 * AF_INET or AF_INET6.
100 * Remote address information.
105 * Address, if af is AF_INET.
110 * Address, if af is AF_INET6.
112 struct in6_addr ipv6;
116 * IPPROTO_TCP or IPPROTO_UDP;
121 * Remote port, in host byte order!
128 * This struct is saved into the services-hashmap to represent
129 * a service this peer is specifically offering an exit for
130 * (for a specific domain name).
136 * Remote address to use for the service.
138 struct SocketAddress address;
141 * DNS name of the service.
146 * Port I am listening on within GNUnet for this service, in host
147 * byte order. (as we may redirect ports).
154 * Information we use to track a connection (the classical 6-tuple of
155 * IP-version, protocol, source-IP, destination-IP, source-port and
158 struct RedirectInformation
162 * Address information for the other party (equivalent of the
163 * arguments one would give to "connect").
165 struct SocketAddress remote_address;
168 * Address information we used locally (AF and proto must match
169 * "remote_address"). Equivalent of the arguments one would give to
172 struct SocketAddress local_address;
175 Note 1: additional information might be added here in the
176 future to support protocols that require special handling,
179 Note 2: we might also sometimes not match on all components
180 of the tuple, to support protocols where things do not always
187 * Queue of messages to a channel.
189 struct ChannelMessageQueue
192 * This is a doubly-linked list.
194 struct ChannelMessageQueue *next;
197 * This is a doubly-linked list.
199 struct ChannelMessageQueue *prev;
202 * Payload to send via the channel.
207 * Number of bytes in 'payload'.
214 * This struct is saved into connections_map to allow finding the
215 * right channel given an IP packet from TUN. It is also associated
216 * with the channel's closure so we can find it again for the next
217 * message from the channel.
222 * Cadet channel that is used for this connection.
224 struct GNUNET_CADET_Channel *channel;
227 * Who is the other end of this channel.
228 * FIXME is this needed? Only used for debugging messages
230 struct GNUNET_PeerIdentity peer;
233 * Active channel transmission request (or NULL).
235 struct GNUNET_CADET_TransmitHandle *th;
238 * #GNUNET_NO if this is a channel for TCP/UDP,
239 * #GNUNET_YES if this is a channel for DNS,
240 * #GNUNET_SYSERR if the channel is not yet initialized.
250 * Heap node for this state in the connections_heap.
252 struct GNUNET_CONTAINER_HeapNode *heap_node;
255 * Key this state has in the connections_map.
257 struct GNUNET_HashCode state_key;
260 * Associated service record, or NULL for no service.
262 struct LocalService *serv;
265 * Head of DLL of messages for this channel.
267 struct ChannelMessageQueue *head;
270 * Tail of DLL of messages for this channel.
272 struct ChannelMessageQueue *tail;
275 * Primary redirection information for this connection.
277 struct RedirectInformation ri;
284 * DNS reply ready for transmission.
289 * Socket we are using to transmit this request (must match if we receive
292 struct GNUNET_DNSSTUB_RequestSocket *rs;
295 * Number of bytes in 'reply'.
300 * Original DNS request ID as used by the client.
302 uint16_t original_id;
305 * DNS request ID that we used for forwarding.
317 * Return value from 'main'.
319 static int global_ret;
322 * Handle to our regex announcement for IPv4.
324 static struct GNUNET_REGEX_Announcement *regex4;
327 * Handle to our regex announcement for IPv4.
329 static struct GNUNET_REGEX_Announcement *regex6;
332 * The handle to the configuration used throughout the process
334 static const struct GNUNET_CONFIGURATION_Handle *cfg;
337 * The handle to the helper
339 static struct GNUNET_HELPER_Handle *helper_handle;
342 * Arguments to the exit helper.
344 static char *exit_argv[8];
347 * IPv6 address of our TUN interface.
349 static struct in6_addr exit_ipv6addr;
352 * IPv6 prefix (0..127) from configuration file.
354 static unsigned long long ipv6prefix;
357 * IPv4 address of our TUN interface.
359 static struct in_addr exit_ipv4addr;
362 * IPv4 netmask of our TUN interface.
364 static struct in_addr exit_ipv4mask;
369 static struct GNUNET_STATISTICS_Handle *stats;
372 * The handle to cadet
374 static struct GNUNET_CADET_Handle *cadet_handle;
377 * This hashmaps contains the mapping from peer, service-descriptor,
378 * source-port and destination-port to a struct ChannelState
380 static struct GNUNET_CONTAINER_MultiHashMap *connections_map;
383 * Heap so we can quickly find "old" connections.
385 static struct GNUNET_CONTAINER_Heap *connections_heap;
388 * If there are at least this many connections, old ones will be removed
390 static unsigned long long max_connections;
393 * This hashmaps saves interesting things about the configured UDP services
395 static struct GNUNET_CONTAINER_MultiHashMap *udp_services;
398 * This hashmaps saves interesting things about the configured TCP services
400 static struct GNUNET_CONTAINER_MultiHashMap *tcp_services;
403 * Array of all open DNS requests from channels.
405 static struct ChannelState *channels[UINT16_MAX + 1];
408 * Handle to the DNS Stub resolver.
410 static struct GNUNET_DNSSTUB_Context *dnsstub;
413 * Handle for ongoing DHT PUT operations to advertise exit service.
415 static struct GNUNET_DHT_PutHandle *dht_put;
420 static struct GNUNET_DHT_Handle *dht;
423 * Task for doing DHT PUTs to advertise exit service.
425 static GNUNET_SCHEDULER_TaskIdentifier dht_task;
428 * Advertisement message we put into the DHT to advertise us
431 static struct GNUNET_DNS_Advertisement dns_advertisement;
434 * Key we store the DNS advertismenet under.
436 static struct GNUNET_HashCode dht_put_key;
439 * Private key for this peer.
441 static struct GNUNET_CRYPTO_EddsaPrivateKey *peer_key;
444 * Are we an IPv4-exit?
446 static int ipv4_exit;
449 * Are we an IPv6-exit?
451 static int ipv6_exit;
454 * Do we support IPv4 at all on the TUN interface?
456 static int ipv4_enabled;
459 * Do we support IPv6 at all on the TUN interface?
461 static int ipv6_enabled;
465 * We got a reply from DNS for a request of a CADET channel. Send it
466 * via the channel (after changing the request ID back).
468 * @param cls the 'struct ChannelState'
469 * @param size number of bytes available in buf
470 * @param buf where to copy the reply
471 * @return number of bytes written to buf
474 transmit_reply_to_cadet (void *cls,
478 struct ChannelState *ts = cls;
482 struct GNUNET_MessageHeader hdr;
483 struct GNUNET_TUN_DnsHeader dns;
485 GNUNET_assert (GNUNET_YES == ts->is_dns);
487 GNUNET_assert (ts->specifics.dns.reply != NULL);
490 ret = sizeof (struct GNUNET_MessageHeader) + ts->specifics.dns.reply_length;
491 GNUNET_assert (ret <= size);
492 hdr.size = htons (ret);
493 hdr.type = htons (GNUNET_MESSAGE_TYPE_VPN_DNS_FROM_INTERNET);
494 memcpy (&dns, ts->specifics.dns.reply, sizeof (dns));
495 dns.id = ts->specifics.dns.original_id;
497 memcpy (&cbuf[off], &hdr, sizeof (hdr));
499 memcpy (&cbuf[off], &dns, sizeof (dns));
501 memcpy (&cbuf[off], &ts->specifics.dns.reply[sizeof (dns)], ts->specifics.dns.reply_length - sizeof (dns));
502 off += ts->specifics.dns.reply_length - sizeof (dns);
503 GNUNET_free (ts->specifics.dns.reply);
504 ts->specifics.dns.reply = NULL;
505 ts->specifics.dns.reply_length = 0;
506 GNUNET_assert (ret == off);
512 * Callback called from DNSSTUB resolver when a resolution
516 * @param rs the socket that received the response
517 * @param dns the response itself
518 * @param r number of bytes in dns
521 process_dns_result (void *cls,
522 struct GNUNET_DNSSTUB_RequestSocket *rs,
523 const struct GNUNET_TUN_DnsHeader *dns,
526 struct ChannelState *ts;
528 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
529 "Processing DNS result from stub resolver\n");
530 GNUNET_assert (NULL == cls);
531 /* Handle case that this is a reply to a request from a CADET DNS channel */
532 ts = channels[dns->id];
534 (ts->specifics.dns.rs != rs) )
536 LOG (GNUNET_ERROR_TYPE_DEBUG,
537 "Got a response from the stub resolver for DNS request received via CADET!\n");
538 channels[dns->id] = NULL;
539 GNUNET_free_non_null (ts->specifics.dns.reply);
540 ts->specifics.dns.reply = GNUNET_malloc (r);
541 ts->specifics.dns.reply_length = r;
542 memcpy (ts->specifics.dns.reply, dns, r);
544 GNUNET_CADET_notify_transmit_ready_cancel (ts->th);
545 ts->th = GNUNET_CADET_notify_transmit_ready (ts->channel,
547 GNUNET_TIME_UNIT_FOREVER_REL,
548 sizeof (struct GNUNET_MessageHeader) + r,
549 &transmit_reply_to_cadet,
555 * Process a request via cadet to perform a DNS query.
557 * @param cls closure, NULL
558 * @param channel connection to the other end
559 * @param channel_ctx pointer to our `struct ChannelState *`
560 * @param message the actual message
562 * @return #GNUNET_OK to keep the connection open,
563 * #GNUNET_SYSERR to close it (signal serious error)
566 receive_dns_request (void *cls GNUNET_UNUSED, struct GNUNET_CADET_Channel *channel,
568 const struct GNUNET_MessageHeader *message)
570 struct ChannelState *ts = *channel_ctx;
571 const struct GNUNET_TUN_DnsHeader *dns;
572 size_t mlen = ntohs (message->size);
573 size_t dlen = mlen - sizeof (struct GNUNET_MessageHeader);
574 char buf[dlen] GNUNET_ALIGN;
575 struct GNUNET_TUN_DnsHeader *dout;
578 return GNUNET_SYSERR;
579 if (GNUNET_NO == ts->is_dns)
582 return GNUNET_SYSERR;
584 if (GNUNET_SYSERR == ts->is_dns)
586 /* channel is DNS from now on */
587 ts->is_dns = GNUNET_YES;
589 if (dlen < sizeof (struct GNUNET_TUN_DnsHeader))
592 return GNUNET_SYSERR;
594 dns = (const struct GNUNET_TUN_DnsHeader *) &message[1];
595 ts->specifics.dns.original_id = dns->id;
596 if (channels[ts->specifics.dns.my_id] == ts)
597 channels[ts->specifics.dns.my_id] = NULL;
598 ts->specifics.dns.my_id = (uint16_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
600 channels[ts->specifics.dns.my_id] = ts;
601 memcpy (buf, dns, dlen);
602 dout = (struct GNUNET_TUN_DnsHeader *) buf;
603 dout->id = ts->specifics.dns.my_id;
604 ts->specifics.dns.rs = GNUNET_DNSSTUB_resolve2 (dnsstub,
608 if (NULL == ts->specifics.dns.rs)
609 return GNUNET_SYSERR;
615 * Given IP information about a connection, calculate the respective
616 * hash we would use for the 'connections_map'.
618 * @param hash resulting hash
619 * @param ri information about the connection
622 hash_redirect_info (struct GNUNET_HashCode *hash,
623 const struct RedirectInformation *ri)
627 memset (hash, 0, sizeof (struct GNUNET_HashCode));
628 /* the GNUnet hashmap only uses the first sizeof(unsigned int) of the hash,
629 so we put the IP address in there (and hope for few collisions) */
631 switch (ri->remote_address.af)
634 memcpy (off, &ri->remote_address.address.ipv4, sizeof (struct in_addr));
635 off += sizeof (struct in_addr);
638 memcpy (off, &ri->remote_address.address.ipv6, sizeof (struct in6_addr));
639 off += sizeof (struct in_addr);
644 memcpy (off, &ri->remote_address.port, sizeof (uint16_t));
645 off += sizeof (uint16_t);
646 switch (ri->local_address.af)
649 memcpy (off, &ri->local_address.address.ipv4, sizeof (struct in_addr));
650 off += sizeof (struct in_addr);
653 memcpy (off, &ri->local_address.address.ipv6, sizeof (struct in6_addr));
654 off += sizeof (struct in_addr);
659 memcpy (off, &ri->local_address.port, sizeof (uint16_t));
660 off += sizeof (uint16_t);
661 memcpy (off, &ri->remote_address.proto, sizeof (uint8_t));
662 /* off += sizeof (uint8_t); */
667 * Get our connection tracking state. Warns if it does not exists,
668 * refreshes the timestamp if it does exist.
670 * @param af address family
671 * @param protocol IPPROTO_UDP or IPPROTO_TCP
672 * @param destination_ip target IP
673 * @param destination_port target port
674 * @param local_ip local IP
675 * @param local_port local port
676 * @param state_key set to hash's state if non-NULL
677 * @return NULL if we have no tracking information for this tuple
679 static struct ChannelState *
680 get_redirect_state (int af,
682 const void *destination_ip,
683 uint16_t destination_port,
684 const void *local_ip,
686 struct GNUNET_HashCode *state_key)
688 struct RedirectInformation ri;
689 struct GNUNET_HashCode key;
690 struct ChannelState *state;
692 if ( ( (af == AF_INET) && (protocol == IPPROTO_ICMP) ) ||
693 ( (af == AF_INET6) && (protocol == IPPROTO_ICMPV6) ) )
696 destination_port = 0;
699 ri.remote_address.af = af;
701 ri.remote_address.address.ipv4 = *((struct in_addr*) destination_ip);
703 ri.remote_address.address.ipv6 = * ((struct in6_addr*) destination_ip);
704 ri.remote_address.port = destination_port;
705 ri.remote_address.proto = protocol;
706 ri.local_address.af = af;
708 ri.local_address.address.ipv4 = *((struct in_addr*) local_ip);
710 ri.local_address.address.ipv6 = * ((struct in6_addr*) local_ip);
711 ri.local_address.port = local_port;
712 ri.local_address.proto = protocol;
713 hash_redirect_info (&key, &ri);
714 if (NULL != state_key)
716 state = GNUNET_CONTAINER_multihashmap_get (connections_map, &key);
719 /* Mark this connection as freshly used */
720 if (NULL == state_key)
721 GNUNET_CONTAINER_heap_update_cost (connections_heap,
722 state->specifics.tcp_udp.heap_node,
723 GNUNET_TIME_absolute_get ().abs_value_us);
729 * Given a service descriptor and a destination port, find the
730 * respective service entry.
732 * @param service_map map of services (TCP or UDP)
733 * @param desc service descriptor
734 * @param destination_port destination port
735 * @return NULL if we are not aware of such a service
737 static struct LocalService *
738 find_service (struct GNUNET_CONTAINER_MultiHashMap *service_map,
739 const struct GNUNET_HashCode *desc,
740 uint16_t destination_port)
742 char key[sizeof (struct GNUNET_HashCode) + sizeof (uint16_t)];
744 memcpy (&key[0], &destination_port, sizeof (uint16_t));
745 memcpy (&key[sizeof(uint16_t)], desc, sizeof (struct GNUNET_HashCode));
746 return GNUNET_CONTAINER_multihashmap_get (service_map,
747 (struct GNUNET_HashCode *) key);
752 * Free memory associated with a service record.
755 * @param key service descriptor
756 * @param value service record to free
760 free_service_record (void *cls,
761 const struct GNUNET_HashCode *key,
764 struct LocalService *service = value;
766 GNUNET_free_non_null (service->name);
767 GNUNET_free (service);
773 * Given a service descriptor and a destination port, find the
774 * respective service entry.
776 * @param service_map map of services (TCP or UDP)
777 * @param name name of the service
778 * @param destination_port destination port
779 * @param service service information record to store (service->name will be set).
782 store_service (struct GNUNET_CONTAINER_MultiHashMap *service_map,
784 uint16_t destination_port,
785 struct LocalService *service)
787 char key[sizeof (struct GNUNET_HashCode) + sizeof (uint16_t)];
788 struct GNUNET_HashCode desc;
790 GNUNET_TUN_service_name_to_hash (name, &desc);
791 service->name = GNUNET_strdup (name);
792 memcpy (&key[0], &destination_port, sizeof (uint16_t));
793 memcpy (&key[sizeof(uint16_t)], &desc, sizeof (struct GNUNET_HashCode));
795 GNUNET_CONTAINER_multihashmap_put (service_map,
796 (struct GNUNET_HashCode *) key,
798 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
800 free_service_record (NULL, (struct GNUNET_HashCode *) key, service);
801 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
802 _("Got duplicate service records for `%s:%u'\n"),
804 (unsigned int) destination_port);
810 * CADET is ready to receive a message for the channel. Transmit it.
812 * @param cls the 'struct ChannelState'.
813 * @param size number of bytes available in buf
814 * @param buf where to copy the message
815 * @return number of bytes copied to buf
818 send_to_peer_notify_callback (void *cls, size_t size, void *buf)
820 struct ChannelState *s = cls;
821 struct GNUNET_CADET_Channel *channel = s->channel;
822 struct ChannelMessageQueue *tnq;
825 tnq = s->specifics.tcp_udp.head;
830 s->th = GNUNET_CADET_notify_transmit_ready (channel,
831 GNUNET_NO /* corking */,
832 GNUNET_TIME_UNIT_FOREVER_REL,
834 &send_to_peer_notify_callback,
838 GNUNET_assert (size >= tnq->len);
839 memcpy (buf, tnq->payload, tnq->len);
841 GNUNET_CONTAINER_DLL_remove (s->specifics.tcp_udp.head,
842 s->specifics.tcp_udp.tail,
845 if (NULL != (tnq = s->specifics.tcp_udp.head))
846 s->th = GNUNET_CADET_notify_transmit_ready (channel,
847 GNUNET_NO /* corking */,
848 GNUNET_TIME_UNIT_FOREVER_REL,
850 &send_to_peer_notify_callback,
852 GNUNET_STATISTICS_update (stats,
853 gettext_noop ("# Bytes transmitted via cadet channels"),
860 * Send the given packet via the cadet channel.
862 * @param s channel destination
863 * @param tnq message to queue
866 send_packet_to_cadet_channel (struct ChannelState *s,
867 struct ChannelMessageQueue *tnq)
869 struct GNUNET_CADET_Channel *cadet_channel;
871 cadet_channel = s->channel;
872 GNUNET_assert (NULL != s);
873 GNUNET_CONTAINER_DLL_insert_tail (s->specifics.tcp_udp.head, s->specifics.tcp_udp.tail, tnq);
875 s->th = GNUNET_CADET_notify_transmit_ready (cadet_channel,
876 GNUNET_NO /* cork */,
877 GNUNET_TIME_UNIT_FOREVER_REL,
879 &send_to_peer_notify_callback,
885 * @brief Handles an ICMP packet received from the helper.
887 * @param icmp A pointer to the Packet
888 * @param pktlen number of bytes in 'icmp'
889 * @param af address family (AFINET or AF_INET6)
890 * @param destination_ip destination IP-address of the IP packet (should
891 * be our local address)
892 * @param source_ip original source IP-address of the IP packet (should
893 * be the original destination address)
896 icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp,
899 const void *destination_ip,
900 const void *source_ip)
902 struct ChannelState *state;
903 struct ChannelMessageQueue *tnq;
904 struct GNUNET_EXIT_IcmpToVPNMessage *i2v;
905 const struct GNUNET_TUN_IPv4Header *ipv4;
906 const struct GNUNET_TUN_IPv6Header *ipv6;
907 const struct GNUNET_TUN_UdpHeader *udp;
909 uint16_t source_port;
910 uint16_t destination_port;
914 char sbuf[INET6_ADDRSTRLEN];
915 char dbuf[INET6_ADDRSTRLEN];
916 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
917 "Received ICMP packet going from %s to %s\n",
920 sbuf, sizeof (sbuf)),
923 dbuf, sizeof (dbuf)));
925 if (pktlen < sizeof (struct GNUNET_TUN_IcmpHeader))
932 /* Find out if this is an ICMP packet in response to an existing
933 TCP/UDP packet and if so, figure out ports / protocol of the
934 existing session from the IP data in the ICMP payload */
936 destination_port = 0;
940 protocol = IPPROTO_ICMP;
943 case GNUNET_TUN_ICMPTYPE_ECHO_REPLY:
944 case GNUNET_TUN_ICMPTYPE_ECHO_REQUEST:
946 case GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE:
947 case GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH:
948 case GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED:
950 sizeof (struct GNUNET_TUN_IcmpHeader) +
951 sizeof (struct GNUNET_TUN_IPv4Header) + 8)
957 ipv4 = (const struct GNUNET_TUN_IPv4Header *) &icmp[1];
958 protocol = ipv4->protocol;
959 /* could be TCP or UDP, but both have the ports in the right
960 place, so that doesn't matter here */
961 udp = (const struct GNUNET_TUN_UdpHeader *) &ipv4[1];
962 /* swap ports, as they are from the original message */
963 destination_port = ntohs (udp->source_port);
964 source_port = ntohs (udp->destination_port);
965 /* throw away ICMP payload, won't be useful for the other side anyway */
966 pktlen = sizeof (struct GNUNET_TUN_IcmpHeader);
969 GNUNET_STATISTICS_update (stats,
970 gettext_noop ("# ICMPv4 packets dropped (type not allowed)"),
976 protocol = IPPROTO_ICMPV6;
979 case GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE:
980 case GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG:
981 case GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED:
982 case GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM:
984 sizeof (struct GNUNET_TUN_IcmpHeader) +
985 sizeof (struct GNUNET_TUN_IPv6Header) + 8)
991 ipv6 = (const struct GNUNET_TUN_IPv6Header *) &icmp[1];
992 protocol = ipv6->next_header;
993 /* could be TCP or UDP, but both have the ports in the right
994 place, so that doesn't matter here */
995 udp = (const struct GNUNET_TUN_UdpHeader *) &ipv6[1];
996 /* swap ports, as they are from the original message */
997 destination_port = ntohs (udp->source_port);
998 source_port = ntohs (udp->destination_port);
999 /* throw away ICMP payload, won't be useful for the other side anyway */
1000 pktlen = sizeof (struct GNUNET_TUN_IcmpHeader);
1002 case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST:
1003 case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY:
1006 GNUNET_STATISTICS_update (stats,
1007 gettext_noop ("# ICMPv6 packets dropped (type not allowed)"),
1018 state = get_redirect_state (af, IPPROTO_ICMP,
1023 case IPPROTO_ICMPV6:
1024 state = get_redirect_state (af, IPPROTO_ICMPV6,
1030 state = get_redirect_state (af, IPPROTO_UDP,
1038 state = get_redirect_state (af, IPPROTO_TCP,
1046 GNUNET_STATISTICS_update (stats,
1047 gettext_noop ("# ICMP packets dropped (not allowed)"),
1053 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1054 _("ICMP Packet dropped, have no matching connection information\n"));
1057 mlen = sizeof (struct GNUNET_EXIT_IcmpToVPNMessage) + pktlen - sizeof (struct GNUNET_TUN_IcmpHeader);
1058 tnq = GNUNET_malloc (sizeof (struct ChannelMessageQueue) + mlen);
1059 tnq->payload = &tnq[1];
1061 i2v = (struct GNUNET_EXIT_IcmpToVPNMessage *) &tnq[1];
1062 i2v->header.size = htons ((uint16_t) mlen);
1063 i2v->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_VPN);
1064 i2v->af = htonl (af);
1065 memcpy (&i2v->icmp_header,
1068 send_packet_to_cadet_channel (state, tnq);
1073 * @brief Handles an UDP packet received from the helper.
1075 * @param udp A pointer to the Packet
1076 * @param pktlen number of bytes in 'udp'
1077 * @param af address family (AFINET or AF_INET6)
1078 * @param destination_ip destination IP-address of the IP packet (should
1079 * be our local address)
1080 * @param source_ip original source IP-address of the IP packet (should
1081 * be the original destination address)
1084 udp_from_helper (const struct GNUNET_TUN_UdpHeader *udp,
1087 const void *destination_ip,
1088 const void *source_ip)
1090 struct ChannelState *state;
1091 struct ChannelMessageQueue *tnq;
1092 struct GNUNET_EXIT_UdpReplyMessage *urm;
1096 char sbuf[INET6_ADDRSTRLEN];
1097 char dbuf[INET6_ADDRSTRLEN];
1098 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1099 "Received UDP packet going from %s:%u to %s:%u\n",
1102 sbuf, sizeof (sbuf)),
1103 (unsigned int) ntohs (udp->source_port),
1106 dbuf, sizeof (dbuf)),
1107 (unsigned int) ntohs (udp->destination_port));
1109 if (pktlen < sizeof (struct GNUNET_TUN_UdpHeader))
1115 if (pktlen != ntohs (udp->len))
1121 state = get_redirect_state (af, IPPROTO_UDP,
1123 ntohs (udp->source_port),
1125 ntohs (udp->destination_port),
1129 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1130 _("UDP Packet dropped, have no matching connection information\n"));
1133 mlen = sizeof (struct GNUNET_EXIT_UdpReplyMessage) + pktlen - sizeof (struct GNUNET_TUN_UdpHeader);
1134 tnq = GNUNET_malloc (sizeof (struct ChannelMessageQueue) + mlen);
1135 tnq->payload = &tnq[1];
1137 urm = (struct GNUNET_EXIT_UdpReplyMessage *) &tnq[1];
1138 urm->header.size = htons ((uint16_t) mlen);
1139 urm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_UDP_REPLY);
1140 urm->source_port = htons (0);
1141 urm->destination_port = htons (0);
1144 pktlen - sizeof (struct GNUNET_TUN_UdpHeader));
1145 send_packet_to_cadet_channel (state, tnq);
1150 * @brief Handles a TCP packet received from the helper.
1152 * @param tcp A pointer to the Packet
1153 * @param pktlen the length of the packet, including its TCP header
1154 * @param af address family (AFINET or AF_INET6)
1155 * @param destination_ip destination IP-address of the IP packet (should
1156 * be our local address)
1157 * @param source_ip original source IP-address of the IP packet (should
1158 * be the original destination address)
1161 tcp_from_helper (const struct GNUNET_TUN_TcpHeader *tcp,
1164 const void *destination_ip,
1165 const void *source_ip)
1167 struct ChannelState *state;
1168 char buf[pktlen] GNUNET_ALIGN;
1169 struct GNUNET_TUN_TcpHeader *mtcp;
1170 struct GNUNET_EXIT_TcpDataMessage *tdm;
1171 struct ChannelMessageQueue *tnq;
1175 char sbuf[INET6_ADDRSTRLEN];
1176 char dbuf[INET6_ADDRSTRLEN];
1177 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1178 "Received TCP packet with %u bytes going from %s:%u to %s:%u\n",
1179 pktlen - sizeof (struct GNUNET_TUN_TcpHeader),
1182 sbuf, sizeof (sbuf)),
1183 (unsigned int) ntohs (tcp->source_port),
1186 dbuf, sizeof (dbuf)),
1187 (unsigned int) ntohs (tcp->destination_port));
1189 if (pktlen < sizeof (struct GNUNET_TUN_TcpHeader))
1195 state = get_redirect_state (af, IPPROTO_TCP,
1197 ntohs (tcp->source_port),
1199 ntohs (tcp->destination_port),
1203 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1204 _("TCP Packet dropped, have no matching connection information\n"));
1208 /* mug port numbers and crc to avoid information leakage;
1209 sender will need to lookup the correct values anyway */
1210 memcpy (buf, tcp, pktlen);
1211 mtcp = (struct GNUNET_TUN_TcpHeader *) buf;
1212 mtcp->source_port = 0;
1213 mtcp->destination_port = 0;
1216 mlen = sizeof (struct GNUNET_EXIT_TcpDataMessage) + (pktlen - sizeof (struct GNUNET_TUN_TcpHeader));
1217 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1223 tnq = GNUNET_malloc (sizeof (struct ChannelMessageQueue) + mlen);
1224 tnq->payload = &tnq[1];
1226 tdm = (struct GNUNET_EXIT_TcpDataMessage *) &tnq[1];
1227 tdm->header.size = htons ((uint16_t) mlen);
1228 tdm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_VPN);
1229 tdm->reserved = htonl (0);
1230 memcpy (&tdm->tcp_header,
1233 send_packet_to_cadet_channel (state, tnq);
1238 * Receive packets from the helper-process
1241 * @param client unsued
1242 * @param message message received from helper
1245 message_token (void *cls GNUNET_UNUSED, void *client GNUNET_UNUSED,
1246 const struct GNUNET_MessageHeader *message)
1248 const struct GNUNET_TUN_Layer2PacketHeader *pkt_tun;
1251 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1252 "Got %u-byte message of type %u from gnunet-helper-exit\n",
1253 ntohs (message->size),
1254 ntohs (message->type));
1255 GNUNET_STATISTICS_update (stats,
1256 gettext_noop ("# Packets received from TUN"),
1258 if (ntohs (message->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER)
1263 size = ntohs (message->size);
1264 if (size < sizeof (struct GNUNET_TUN_Layer2PacketHeader) + sizeof (struct GNUNET_MessageHeader))
1269 GNUNET_STATISTICS_update (stats,
1270 gettext_noop ("# Bytes received from TUN"),
1272 pkt_tun = (const struct GNUNET_TUN_Layer2PacketHeader *) &message[1];
1273 size -= sizeof (struct GNUNET_TUN_Layer2PacketHeader) + sizeof (struct GNUNET_MessageHeader);
1274 switch (ntohs (pkt_tun->proto))
1278 const struct GNUNET_TUN_IPv4Header *pkt4;
1280 if (size < sizeof (struct GNUNET_TUN_IPv4Header))
1282 /* Kernel to blame? */
1286 pkt4 = (const struct GNUNET_TUN_IPv4Header *) &pkt_tun[1];
1287 if (size != ntohs (pkt4->total_length))
1289 /* Kernel to blame? */
1293 if (pkt4->header_length * 4 != sizeof (struct GNUNET_TUN_IPv4Header))
1295 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1296 _("IPv4 packet options received. Ignored.\n"));
1300 size -= sizeof (struct GNUNET_TUN_IPv4Header);
1301 switch (pkt4->protocol)
1304 udp_from_helper ((const struct GNUNET_TUN_UdpHeader *) &pkt4[1], size,
1306 &pkt4->destination_address,
1307 &pkt4->source_address);
1310 tcp_from_helper ((const struct GNUNET_TUN_TcpHeader *) &pkt4[1], size,
1312 &pkt4->destination_address,
1313 &pkt4->source_address);
1316 icmp_from_helper ((const struct GNUNET_TUN_IcmpHeader *) &pkt4[1], size,
1318 &pkt4->destination_address,
1319 &pkt4->source_address);
1322 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1323 _("IPv4 packet with unsupported next header %u received. Ignored.\n"),
1324 (int) pkt4->protocol);
1331 const struct GNUNET_TUN_IPv6Header *pkt6;
1333 if (size < sizeof (struct GNUNET_TUN_IPv6Header))
1335 /* Kernel to blame? */
1339 pkt6 = (struct GNUNET_TUN_IPv6Header *) &pkt_tun[1];
1340 if (size != ntohs (pkt6->payload_length) + sizeof (struct GNUNET_TUN_IPv6Header))
1342 /* Kernel to blame? */
1346 size -= sizeof (struct GNUNET_TUN_IPv6Header);
1347 switch (pkt6->next_header)
1350 udp_from_helper ((const struct GNUNET_TUN_UdpHeader *) &pkt6[1], size,
1352 &pkt6->destination_address,
1353 &pkt6->source_address);
1356 tcp_from_helper ((const struct GNUNET_TUN_TcpHeader *) &pkt6[1], size,
1358 &pkt6->destination_address,
1359 &pkt6->source_address);
1361 case IPPROTO_ICMPV6:
1362 icmp_from_helper ((const struct GNUNET_TUN_IcmpHeader *) &pkt6[1], size,
1364 &pkt6->destination_address,
1365 &pkt6->source_address);
1368 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1369 _("IPv6 packet with unsupported next header %d received. Ignored.\n"),
1376 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1377 _("Packet from unknown protocol %u received. Ignored.\n"),
1378 ntohs (pkt_tun->proto));
1386 * We need to create a (unique) fresh local address (IP+port).
1389 * @param af desired address family
1390 * @param proto desired protocol (IPPROTO_UDP or IPPROTO_TCP)
1391 * @param local_address address to initialize
1394 setup_fresh_address (int af,
1396 struct SocketAddress *local_address)
1398 local_address->af = af;
1399 local_address->proto = (uint8_t) proto;
1400 /* default "local" port range is often 32768--61000,
1401 so we pick a random value in that range */
1402 if ( ( (af == AF_INET) && (proto == IPPROTO_ICMP) ) ||
1403 ( (af == AF_INET6) && (proto == IPPROTO_ICMPV6) ) )
1404 local_address->port = 0;
1407 = (uint16_t) 32768 + GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1413 struct in_addr addr;
1414 struct in_addr mask;
1417 addr = exit_ipv4addr;
1418 mask = exit_ipv4mask;
1419 if (0 == ~mask.s_addr)
1421 /* only one valid IP anyway */
1422 local_address->address.ipv4 = addr;
1425 /* Given 192.168.0.1/255.255.0.0, we want a mask
1426 of '192.168.255.255', thus: */
1427 mask.s_addr = addr.s_addr | ~mask.s_addr;
1428 /* Pick random IPv4 address within the subnet, except 'addr' or 'mask' itself */
1431 rnd.s_addr = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1433 local_address->address.ipv4.s_addr = (addr.s_addr | rnd.s_addr) & mask.s_addr;
1435 while ( (local_address->address.ipv4.s_addr == addr.s_addr) ||
1436 (local_address->address.ipv4.s_addr == mask.s_addr) );
1441 struct in6_addr addr;
1442 struct in6_addr mask;
1443 struct in6_addr rnd;
1446 addr = exit_ipv6addr;
1447 GNUNET_assert (ipv6prefix < 128);
1448 if (ipv6prefix == 127)
1450 /* only one valid IP anyway */
1451 local_address->address.ipv6 = addr;
1454 /* Given ABCD::/96, we want a mask of 'ABCD::FFFF:FFFF,
1457 for (i=127;i>=ipv6prefix;i--)
1458 mask.s6_addr[i / 8] |= (1 << (i % 8));
1460 /* Pick random IPv6 address within the subnet, except 'addr' or 'mask' itself */
1465 rnd.s6_addr[i] = (unsigned char) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1467 local_address->address.ipv6.s6_addr[i]
1468 = (addr.s6_addr[i] | rnd.s6_addr[i]) & mask.s6_addr[i];
1471 while ( (0 == memcmp (&local_address->address.ipv6,
1473 sizeof (struct in6_addr))) ||
1474 (0 == memcmp (&local_address->address.ipv6,
1476 sizeof (struct in6_addr))) );
1486 * We are starting a fresh connection (TCP or UDP) and need
1487 * to pick a source port and IP address (within the correct
1488 * range and address family) to associate replies with the
1489 * connection / correct cadet channel. This function generates
1490 * a "fresh" source IP and source port number for a connection
1491 * After picking a good source address, this function sets up
1492 * the state in the 'connections_map' and 'connections_heap'
1493 * to allow finding the state when needed later. The function
1494 * also makes sure that we remain within memory limits by
1495 * cleaning up 'old' states.
1497 * @param state skeleton state to setup a record for; should
1498 * 'state->specifics.tcp_udp.ri.remote_address' filled in so that
1499 * this code can determine which AF/protocol is
1500 * going to be used (the 'channel' should also
1501 * already be set); after calling this function,
1502 * heap_node and the local_address will be
1503 * also initialized (heap_node != NULL can be
1504 * used to test if a state has been fully setup).
1507 setup_state_record (struct ChannelState *state)
1509 struct GNUNET_HashCode key;
1510 struct ChannelState *s;
1512 /* generate fresh, unique address */
1515 if (NULL == state->specifics.tcp_udp.serv)
1516 setup_fresh_address (state->specifics.tcp_udp.ri.remote_address.af,
1517 state->specifics.tcp_udp.ri.remote_address.proto,
1518 &state->specifics.tcp_udp.ri.local_address);
1520 setup_fresh_address (state->specifics.tcp_udp.serv->address.af,
1521 state->specifics.tcp_udp.serv->address.proto,
1522 &state->specifics.tcp_udp.ri.local_address);
1523 } while (NULL != get_redirect_state (state->specifics.tcp_udp.ri.remote_address.af,
1524 state->specifics.tcp_udp.ri.remote_address.proto,
1525 &state->specifics.tcp_udp.ri.remote_address.address,
1526 state->specifics.tcp_udp.ri.remote_address.port,
1527 &state->specifics.tcp_udp.ri.local_address.address,
1528 state->specifics.tcp_udp.ri.local_address.port,
1531 char buf[INET6_ADDRSTRLEN];
1532 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1533 "Picked local address %s:%u for new connection\n",
1534 inet_ntop (state->specifics.tcp_udp.ri.local_address.af,
1535 &state->specifics.tcp_udp.ri.local_address.address,
1537 (unsigned int) state->specifics.tcp_udp.ri.local_address.port);
1539 state->specifics.tcp_udp.state_key = key;
1540 GNUNET_assert (GNUNET_OK ==
1541 GNUNET_CONTAINER_multihashmap_put (connections_map,
1543 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
1544 state->specifics.tcp_udp.heap_node = GNUNET_CONTAINER_heap_insert (connections_heap,
1546 GNUNET_TIME_absolute_get ().abs_value_us);
1547 while (GNUNET_CONTAINER_heap_get_size (connections_heap) > max_connections)
1549 s = GNUNET_CONTAINER_heap_remove_root (connections_heap);
1550 GNUNET_assert (state != s);
1551 s->specifics.tcp_udp.heap_node = NULL;
1552 GNUNET_CADET_channel_destroy (s->channel);
1553 GNUNET_assert (GNUNET_OK ==
1554 GNUNET_CONTAINER_multihashmap_remove (connections_map,
1555 &s->specifics.tcp_udp.state_key,
1563 * Prepare an IPv4 packet for transmission via the TUN interface.
1564 * Initializes the IP header and calculates checksums (IP+UDP/TCP).
1565 * For UDP, the UDP header will be fully created, whereas for TCP
1566 * only the ports and checksum will be filled in. So for TCP,
1567 * a skeleton TCP header must be part of the provided payload.
1569 * @param payload payload of the packet (starting with UDP payload or
1570 * TCP header, depending on protocol)
1571 * @param payload_length number of bytes in 'payload'
1572 * @param protocol IPPROTO_UDP or IPPROTO_TCP
1573 * @param tcp_header skeleton of the TCP header, NULL for UDP
1574 * @param src_address source address to use (IP and port)
1575 * @param dst_address destination address to use (IP and port)
1576 * @param pkt4 where to write the assembled packet; must
1577 * contain enough space for the IP header, UDP/TCP header
1581 prepare_ipv4_packet (const void *payload, size_t payload_length,
1583 const struct GNUNET_TUN_TcpHeader *tcp_header,
1584 const struct SocketAddress *src_address,
1585 const struct SocketAddress *dst_address,
1586 struct GNUNET_TUN_IPv4Header *pkt4)
1590 len = payload_length;
1594 len += sizeof (struct GNUNET_TUN_UdpHeader);
1597 len += sizeof (struct GNUNET_TUN_TcpHeader);
1598 GNUNET_assert (NULL != tcp_header);
1604 if (len + sizeof (struct GNUNET_TUN_IPv4Header) > UINT16_MAX)
1610 GNUNET_TUN_initialize_ipv4_header (pkt4,
1613 &src_address->address.ipv4,
1614 &dst_address->address.ipv4);
1619 struct GNUNET_TUN_UdpHeader *pkt4_udp = (struct GNUNET_TUN_UdpHeader *) &pkt4[1];
1621 pkt4_udp->source_port = htons (src_address->port);
1622 pkt4_udp->destination_port = htons (dst_address->port);
1623 pkt4_udp->len = htons ((uint16_t) payload_length);
1624 GNUNET_TUN_calculate_udp4_checksum (pkt4,
1626 payload, payload_length);
1627 memcpy (&pkt4_udp[1], payload, payload_length);
1632 struct GNUNET_TUN_TcpHeader *pkt4_tcp = (struct GNUNET_TUN_TcpHeader *) &pkt4[1];
1634 *pkt4_tcp = *tcp_header;
1635 pkt4_tcp->source_port = htons (src_address->port);
1636 pkt4_tcp->destination_port = htons (dst_address->port);
1637 GNUNET_TUN_calculate_tcp4_checksum (pkt4,
1641 memcpy (&pkt4_tcp[1], payload, payload_length);
1651 * Prepare an IPv6 packet for transmission via the TUN interface.
1652 * Initializes the IP header and calculates checksums (IP+UDP/TCP).
1653 * For UDP, the UDP header will be fully created, whereas for TCP
1654 * only the ports and checksum will be filled in. So for TCP,
1655 * a skeleton TCP header must be part of the provided payload.
1657 * @param payload payload of the packet (starting with UDP payload or
1658 * TCP header, depending on protocol)
1659 * @param payload_length number of bytes in 'payload'
1660 * @param protocol IPPROTO_UDP or IPPROTO_TCP
1661 * @param tcp_header skeleton TCP header data to send, NULL for UDP
1662 * @param src_address source address to use (IP and port)
1663 * @param dst_address destination address to use (IP and port)
1664 * @param pkt6 where to write the assembled packet; must
1665 * contain enough space for the IP header, UDP/TCP header
1669 prepare_ipv6_packet (const void *payload, size_t payload_length,
1671 const struct GNUNET_TUN_TcpHeader *tcp_header,
1672 const struct SocketAddress *src_address,
1673 const struct SocketAddress *dst_address,
1674 struct GNUNET_TUN_IPv6Header *pkt6)
1678 len = payload_length;
1682 len += sizeof (struct GNUNET_TUN_UdpHeader);
1685 len += sizeof (struct GNUNET_TUN_TcpHeader);
1691 if (len > UINT16_MAX)
1697 GNUNET_TUN_initialize_ipv6_header (pkt6,
1700 &src_address->address.ipv6,
1701 &dst_address->address.ipv6);
1707 struct GNUNET_TUN_UdpHeader *pkt6_udp = (struct GNUNET_TUN_UdpHeader *) &pkt6[1];
1709 pkt6_udp->source_port = htons (src_address->port);
1710 pkt6_udp->destination_port = htons (dst_address->port);
1711 pkt6_udp->len = htons ((uint16_t) payload_length);
1712 GNUNET_TUN_calculate_udp6_checksum (pkt6,
1716 memcpy (&pkt6_udp[1], payload, payload_length);
1721 struct GNUNET_TUN_TcpHeader *pkt6_tcp = (struct GNUNET_TUN_TcpHeader *) &pkt6[1];
1723 /* memcpy first here as some TCP header fields are initialized this way! */
1724 *pkt6_tcp = *tcp_header;
1725 pkt6_tcp->source_port = htons (src_address->port);
1726 pkt6_tcp->destination_port = htons (dst_address->port);
1727 GNUNET_TUN_calculate_tcp6_checksum (pkt6,
1731 memcpy (&pkt6_tcp[1], payload, payload_length);
1742 * Send a TCP packet via the TUN interface.
1744 * @param destination_address IP and port to use for the TCP packet's destination
1745 * @param source_address IP and port to use for the TCP packet's source
1746 * @param tcp_header header template to use
1747 * @param payload payload of the TCP packet
1748 * @param payload_length number of bytes in @a payload
1751 send_tcp_packet_via_tun (const struct SocketAddress *destination_address,
1752 const struct SocketAddress *source_address,
1753 const struct GNUNET_TUN_TcpHeader *tcp_header,
1754 const void *payload, size_t payload_length)
1758 GNUNET_STATISTICS_update (stats,
1759 gettext_noop ("# TCP packets sent via TUN"),
1761 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1762 "Sending packet with %u bytes TCP payload via TUN\n",
1763 (unsigned int) payload_length);
1764 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
1765 switch (source_address->af)
1768 len += sizeof (struct GNUNET_TUN_IPv4Header);
1771 len += sizeof (struct GNUNET_TUN_IPv6Header);
1777 len += sizeof (struct GNUNET_TUN_TcpHeader);
1778 len += payload_length;
1779 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1785 char buf[len] GNUNET_ALIGN;
1786 struct GNUNET_MessageHeader *hdr;
1787 struct GNUNET_TUN_Layer2PacketHeader *tun;
1789 hdr = (struct GNUNET_MessageHeader *) buf;
1790 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1791 hdr->size = htons (len);
1792 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
1793 tun->flags = htons (0);
1794 switch (source_address->af)
1798 struct GNUNET_TUN_IPv4Header * ipv4 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
1800 tun->proto = htons (ETH_P_IPV4);
1801 prepare_ipv4_packet (payload, payload_length,
1805 destination_address,
1811 struct GNUNET_TUN_IPv6Header * ipv6 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
1813 tun->proto = htons (ETH_P_IPV6);
1814 prepare_ipv6_packet (payload, payload_length,
1818 destination_address,
1826 if (NULL != helper_handle)
1827 (void) GNUNET_HELPER_send (helper_handle,
1828 (const struct GNUNET_MessageHeader*) buf,
1836 * Process a request via cadet to send a request to a TCP service
1837 * offered by this system.
1839 * @param cls closure, NULL
1840 * @param channel connection to the other end
1841 * @param channel_ctx pointer to our `struct ChannelState *`
1842 * @param message the actual message
1843 * @return #GNUNET_OK to keep the connection open,
1844 * #GNUNET_SYSERR to close it (signal serious error)
1847 receive_tcp_service (void *cls,
1848 struct GNUNET_CADET_Channel *channel,
1850 const struct GNUNET_MessageHeader *message)
1852 struct ChannelState *state = *channel_ctx;
1853 const struct GNUNET_EXIT_TcpServiceStartMessage *start;
1854 uint16_t pkt_len = ntohs (message->size);
1858 GNUNET_break_op (0);
1859 return GNUNET_SYSERR;
1861 if (GNUNET_YES == state->is_dns)
1863 GNUNET_break_op (0);
1864 return GNUNET_SYSERR;
1866 if (GNUNET_SYSERR == state->is_dns)
1868 /* channel is UDP/TCP from now on */
1869 state->is_dns = GNUNET_NO;
1871 GNUNET_STATISTICS_update (stats,
1872 gettext_noop ("# TCP service creation requests received via cadet"),
1874 GNUNET_STATISTICS_update (stats,
1875 gettext_noop ("# Bytes received from CADET"),
1876 pkt_len, GNUNET_NO);
1877 /* check that we got at least a valid header */
1878 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpServiceStartMessage))
1880 GNUNET_break_op (0);
1881 return GNUNET_SYSERR;
1883 start = (const struct GNUNET_EXIT_TcpServiceStartMessage*) message;
1884 pkt_len -= sizeof (struct GNUNET_EXIT_TcpServiceStartMessage);
1885 if ( (NULL != state->specifics.tcp_udp.serv) ||
1886 (NULL != state->specifics.tcp_udp.heap_node) )
1888 GNUNET_break_op (0);
1889 return GNUNET_SYSERR;
1891 if (start->tcp_header.off * 4 < sizeof (struct GNUNET_TUN_TcpHeader))
1893 GNUNET_break_op (0);
1894 return GNUNET_SYSERR;
1896 GNUNET_break_op (ntohl (start->reserved) == 0);
1897 /* setup fresh connection */
1898 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1899 "Received data from %s for forwarding to TCP service %s on port %u\n",
1900 GNUNET_i2s (&state->peer),
1901 GNUNET_h2s (&start->service_descriptor),
1902 (unsigned int) ntohs (start->tcp_header.destination_port));
1903 if (NULL == (state->specifics.tcp_udp.serv =
1904 find_service (tcp_services,
1905 &start->service_descriptor,
1906 ntohs (start->tcp_header.destination_port))))
1908 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1909 _("No service %s found for %s on port %d!\n"),
1910 GNUNET_h2s (&start->service_descriptor),
1912 ntohs (start->tcp_header.destination_port));
1913 GNUNET_STATISTICS_update (stats,
1914 gettext_noop ("# TCP requests dropped (no such service)"),
1916 return GNUNET_SYSERR;
1918 state->specifics.tcp_udp.ri.remote_address = state->specifics.tcp_udp.serv->address;
1919 setup_state_record (state);
1920 send_tcp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address,
1921 &state->specifics.tcp_udp.ri.local_address,
1923 &start[1], pkt_len);
1929 * Process a request to forward TCP data to the Internet via this peer.
1931 * @param cls closure, NULL
1932 * @param channel connection to the other end
1933 * @param channel_ctx pointer to our 'struct ChannelState *'
1934 * @param message the actual message
1936 * @return GNUNET_OK to keep the connection open,
1937 * GNUNET_SYSERR to close it (signal serious error)
1940 receive_tcp_remote (void *cls GNUNET_UNUSED, struct GNUNET_CADET_Channel *channel,
1941 void **channel_ctx GNUNET_UNUSED,
1942 const struct GNUNET_MessageHeader *message)
1944 struct ChannelState *state = *channel_ctx;
1945 const struct GNUNET_EXIT_TcpInternetStartMessage *start;
1946 uint16_t pkt_len = ntohs (message->size);
1947 const struct in_addr *v4;
1948 const struct in6_addr *v6;
1949 const void *payload;
1954 GNUNET_break_op (0);
1955 return GNUNET_SYSERR;
1957 if (GNUNET_YES == state->is_dns)
1959 GNUNET_break_op (0);
1960 return GNUNET_SYSERR;
1962 if (GNUNET_SYSERR == state->is_dns)
1964 /* channel is UDP/TCP from now on */
1965 state->is_dns = GNUNET_NO;
1967 GNUNET_STATISTICS_update (stats,
1968 gettext_noop ("# Bytes received from CADET"),
1969 pkt_len, GNUNET_NO);
1970 GNUNET_STATISTICS_update (stats,
1971 gettext_noop ("# TCP IP-exit creation requests received via cadet"),
1973 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpInternetStartMessage))
1975 GNUNET_break_op (0);
1976 return GNUNET_SYSERR;
1978 start = (const struct GNUNET_EXIT_TcpInternetStartMessage*) message;
1979 pkt_len -= sizeof (struct GNUNET_EXIT_TcpInternetStartMessage);
1980 if ( (NULL != state->specifics.tcp_udp.serv) ||
1981 (NULL != state->specifics.tcp_udp.heap_node) )
1983 GNUNET_break_op (0);
1984 return GNUNET_SYSERR;
1986 if (start->tcp_header.off * 4 < sizeof (struct GNUNET_TUN_TcpHeader))
1988 GNUNET_break_op (0);
1989 return GNUNET_SYSERR;
1991 af = (int) ntohl (start->af);
1992 state->specifics.tcp_udp.ri.remote_address.af = af;
1996 if (pkt_len < sizeof (struct in_addr))
1998 GNUNET_break_op (0);
1999 return GNUNET_SYSERR;
2003 GNUNET_break_op (0);
2004 return GNUNET_SYSERR;
2006 v4 = (const struct in_addr*) &start[1];
2008 pkt_len -= sizeof (struct in_addr);
2009 state->specifics.tcp_udp.ri.remote_address.address.ipv4 = *v4;
2012 if (pkt_len < sizeof (struct in6_addr))
2014 GNUNET_break_op (0);
2015 return GNUNET_SYSERR;
2019 GNUNET_break_op (0);
2020 return GNUNET_SYSERR;
2022 v6 = (const struct in6_addr*) &start[1];
2024 pkt_len -= sizeof (struct in6_addr);
2025 state->specifics.tcp_udp.ri.remote_address.address.ipv6 = *v6;
2028 GNUNET_break_op (0);
2029 return GNUNET_SYSERR;
2032 char buf[INET6_ADDRSTRLEN];
2033 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2034 "Received data from %s for starting TCP stream to %s:%u\n",
2035 GNUNET_i2s (&state->peer),
2037 &state->specifics.tcp_udp.ri.remote_address.address,
2039 (unsigned int) ntohs (start->tcp_header.destination_port));
2041 state->specifics.tcp_udp.ri.remote_address.proto = IPPROTO_TCP;
2042 state->specifics.tcp_udp.ri.remote_address.port = ntohs (start->tcp_header.destination_port);
2043 setup_state_record (state);
2044 send_tcp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address,
2045 &state->specifics.tcp_udp.ri.local_address,
2053 * Process a request to forward TCP data on an established
2054 * connection via this peer.
2056 * @param cls closure, NULL
2057 * @param channel connection to the other end
2058 * @param channel_ctx pointer to our 'struct ChannelState *'
2059 * @param message the actual message
2060 * @return #GNUNET_OK to keep the connection open,
2061 * #GNUNET_SYSERR to close it (signal serious error)
2064 receive_tcp_data (void *cls GNUNET_UNUSED, struct GNUNET_CADET_Channel *channel,
2065 void **channel_ctx GNUNET_UNUSED,
2066 const struct GNUNET_MessageHeader *message)
2068 struct ChannelState *state = *channel_ctx;
2069 const struct GNUNET_EXIT_TcpDataMessage *data;
2070 uint16_t pkt_len = ntohs (message->size);
2072 GNUNET_STATISTICS_update (stats,
2073 gettext_noop ("# Bytes received from CADET"),
2074 pkt_len, GNUNET_NO);
2075 GNUNET_STATISTICS_update (stats,
2076 gettext_noop ("# TCP data requests received via cadet"),
2078 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpDataMessage))
2080 GNUNET_break_op (0);
2081 return GNUNET_SYSERR;
2083 data = (const struct GNUNET_EXIT_TcpDataMessage*) message;
2084 pkt_len -= sizeof (struct GNUNET_EXIT_TcpDataMessage);
2085 if ( (NULL == state) ||
2086 (NULL == state->specifics.tcp_udp.heap_node) )
2088 /* connection should have been up! */
2089 GNUNET_STATISTICS_update (stats,
2090 gettext_noop ("# TCP DATA requests dropped (no session)"),
2092 return GNUNET_SYSERR;
2094 if (data->tcp_header.off * 4 < sizeof (struct GNUNET_TUN_TcpHeader))
2096 GNUNET_break_op (0);
2097 return GNUNET_SYSERR;
2099 if (GNUNET_YES == state->is_dns)
2101 GNUNET_break_op (0);
2102 return GNUNET_SYSERR;
2104 if (GNUNET_SYSERR == state->is_dns)
2106 /* channel is UDP/TCP from now on */
2107 state->is_dns = GNUNET_NO;
2110 GNUNET_break_op (ntohl (data->reserved) == 0);
2112 char buf[INET6_ADDRSTRLEN];
2113 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2114 "Received additional %u bytes of data from %s for TCP stream to %s:%u\n",
2116 GNUNET_i2s (&state->peer),
2117 inet_ntop (state->specifics.tcp_udp.ri.remote_address.af,
2118 &state->specifics.tcp_udp.ri.remote_address.address,
2120 (unsigned int) state->specifics.tcp_udp.ri.remote_address.port);
2123 send_tcp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address,
2124 &state->specifics.tcp_udp.ri.local_address,
2132 * Send an ICMP packet via the TUN interface.
2134 * @param destination_address IP to use for the ICMP packet's destination
2135 * @param source_address IP to use for the ICMP packet's source
2136 * @param icmp_header ICMP header to send
2137 * @param payload payload of the ICMP packet (does NOT include ICMP header)
2138 * @param payload_length number of bytes of data in @a payload
2141 send_icmp_packet_via_tun (const struct SocketAddress *destination_address,
2142 const struct SocketAddress *source_address,
2143 const struct GNUNET_TUN_IcmpHeader *icmp_header,
2144 const void *payload, size_t payload_length)
2147 struct GNUNET_TUN_IcmpHeader *icmp;
2149 GNUNET_STATISTICS_update (stats,
2150 gettext_noop ("# ICMP packets sent via TUN"),
2152 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2153 "Sending packet with %u bytes ICMP payload via TUN\n",
2154 (unsigned int) payload_length);
2155 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
2156 switch (destination_address->af)
2159 len += sizeof (struct GNUNET_TUN_IPv4Header);
2162 len += sizeof (struct GNUNET_TUN_IPv6Header);
2168 len += sizeof (struct GNUNET_TUN_IcmpHeader);
2169 len += payload_length;
2170 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
2176 char buf[len] GNUNET_ALIGN;
2177 struct GNUNET_MessageHeader *hdr;
2178 struct GNUNET_TUN_Layer2PacketHeader *tun;
2180 hdr= (struct GNUNET_MessageHeader *) buf;
2181 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
2182 hdr->size = htons (len);
2183 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
2184 tun->flags = htons (0);
2185 switch (source_address->af)
2189 struct GNUNET_TUN_IPv4Header * ipv4 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
2191 tun->proto = htons (ETH_P_IPV4);
2192 GNUNET_TUN_initialize_ipv4_header (ipv4,
2194 sizeof (struct GNUNET_TUN_IcmpHeader) + payload_length,
2195 &source_address->address.ipv4,
2196 &destination_address->address.ipv4);
2197 icmp = (struct GNUNET_TUN_IcmpHeader*) &ipv4[1];
2202 struct GNUNET_TUN_IPv6Header * ipv6 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
2204 tun->proto = htons (ETH_P_IPV6);
2205 GNUNET_TUN_initialize_ipv6_header (ipv6,
2207 sizeof (struct GNUNET_TUN_IcmpHeader) + payload_length,
2208 &source_address->address.ipv6,
2209 &destination_address->address.ipv6);
2210 icmp = (struct GNUNET_TUN_IcmpHeader*) &ipv6[1];
2217 *icmp = *icmp_header;
2221 GNUNET_TUN_calculate_icmp_checksum (icmp,
2224 if (NULL != helper_handle)
2225 (void) GNUNET_HELPER_send (helper_handle,
2226 (const struct GNUNET_MessageHeader*) buf,
2234 * Synthesize a plausible ICMP payload for an ICMPv4 error
2235 * response on the given channel.
2237 * @param state channel information
2238 * @param ipp IPv6 header to fill in (ICMP payload)
2239 * @param udp "UDP" header to fill in (ICMP payload); might actually
2240 * also be the first 8 bytes of the TCP header
2243 make_up_icmpv4_payload (struct ChannelState *state,
2244 struct GNUNET_TUN_IPv4Header *ipp,
2245 struct GNUNET_TUN_UdpHeader *udp)
2247 GNUNET_TUN_initialize_ipv4_header (ipp,
2248 state->specifics.tcp_udp.ri.remote_address.proto,
2249 sizeof (struct GNUNET_TUN_TcpHeader),
2250 &state->specifics.tcp_udp.ri.remote_address.address.ipv4,
2251 &state->specifics.tcp_udp.ri.local_address.address.ipv4);
2252 udp->source_port = htons (state->specifics.tcp_udp.ri.remote_address.port);
2253 udp->destination_port = htons (state->specifics.tcp_udp.ri.local_address.port);
2254 udp->len = htons (0);
2255 udp->crc = htons (0);
2260 * Synthesize a plausible ICMP payload for an ICMPv6 error
2261 * response on the given channel.
2263 * @param state channel information
2264 * @param ipp IPv6 header to fill in (ICMP payload)
2265 * @param udp "UDP" header to fill in (ICMP payload); might actually
2266 * also be the first 8 bytes of the TCP header
2269 make_up_icmpv6_payload (struct ChannelState *state,
2270 struct GNUNET_TUN_IPv6Header *ipp,
2271 struct GNUNET_TUN_UdpHeader *udp)
2273 GNUNET_TUN_initialize_ipv6_header (ipp,
2274 state->specifics.tcp_udp.ri.remote_address.proto,
2275 sizeof (struct GNUNET_TUN_TcpHeader),
2276 &state->specifics.tcp_udp.ri.remote_address.address.ipv6,
2277 &state->specifics.tcp_udp.ri.local_address.address.ipv6);
2278 udp->source_port = htons (state->specifics.tcp_udp.ri.remote_address.port);
2279 udp->destination_port = htons (state->specifics.tcp_udp.ri.local_address.port);
2280 udp->len = htons (0);
2281 udp->crc = htons (0);
2286 * Process a request to forward ICMP data to the Internet via this peer.
2288 * @param cls closure, NULL
2289 * @param channel connection to the other end
2290 * @param channel_ctx pointer to our 'struct ChannelState *'
2291 * @param message the actual message
2292 * @return #GNUNET_OK to keep the connection open,
2293 * #GNUNET_SYSERR to close it (signal serious error)
2296 receive_icmp_remote (void *cls,
2297 struct GNUNET_CADET_Channel *channel,
2299 const struct GNUNET_MessageHeader *message)
2301 struct ChannelState *state = *channel_ctx;
2302 const struct GNUNET_EXIT_IcmpInternetMessage *msg;
2303 uint16_t pkt_len = ntohs (message->size);
2304 const struct in_addr *v4;
2305 const struct in6_addr *v6;
2306 const void *payload;
2307 char buf[sizeof (struct GNUNET_TUN_IPv6Header) + 8] GNUNET_ALIGN;
2310 if (GNUNET_YES == state->is_dns)
2312 GNUNET_break_op (0);
2313 return GNUNET_SYSERR;
2315 if (GNUNET_SYSERR == state->is_dns)
2317 /* channel is UDP/TCP from now on */
2318 state->is_dns = GNUNET_NO;
2320 GNUNET_STATISTICS_update (stats,
2321 gettext_noop ("# Bytes received from CADET"),
2322 pkt_len, GNUNET_NO);
2323 GNUNET_STATISTICS_update (stats,
2324 gettext_noop ("# ICMP IP-exit requests received via cadet"),
2326 if (pkt_len < sizeof (struct GNUNET_EXIT_IcmpInternetMessage))
2328 GNUNET_break_op (0);
2329 return GNUNET_SYSERR;
2331 msg = (const struct GNUNET_EXIT_IcmpInternetMessage*) message;
2332 pkt_len -= sizeof (struct GNUNET_EXIT_IcmpInternetMessage);
2334 af = (int) ntohl (msg->af);
2335 if ( (NULL != state->specifics.tcp_udp.heap_node) &&
2336 (af != state->specifics.tcp_udp.ri.remote_address.af) )
2338 /* other peer switched AF on this channel; not allowed */
2339 GNUNET_break_op (0);
2340 return GNUNET_SYSERR;
2346 if (pkt_len < sizeof (struct in_addr))
2348 GNUNET_break_op (0);
2349 return GNUNET_SYSERR;
2353 GNUNET_break_op (0);
2354 return GNUNET_SYSERR;
2356 v4 = (const struct in_addr*) &msg[1];
2358 pkt_len -= sizeof (struct in_addr);
2359 state->specifics.tcp_udp.ri.remote_address.address.ipv4 = *v4;
2360 if (NULL == state->specifics.tcp_udp.heap_node)
2362 state->specifics.tcp_udp.ri.remote_address.af = af;
2363 state->specifics.tcp_udp.ri.remote_address.proto = IPPROTO_ICMP;
2364 setup_state_record (state);
2366 /* check that ICMP type is something we want to support
2367 and possibly make up payload! */
2368 switch (msg->icmp_header.type)
2370 case GNUNET_TUN_ICMPTYPE_ECHO_REPLY:
2371 case GNUNET_TUN_ICMPTYPE_ECHO_REQUEST:
2373 case GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE:
2374 case GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH:
2375 case GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED:
2378 GNUNET_break_op (0);
2379 return GNUNET_SYSERR;
2381 /* make up payload */
2383 struct GNUNET_TUN_IPv4Header *ipp = (struct GNUNET_TUN_IPv4Header *) buf;
2384 struct GNUNET_TUN_UdpHeader *udp = (struct GNUNET_TUN_UdpHeader *) &ipp[1];
2386 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2387 pkt_len = sizeof (struct GNUNET_TUN_IPv4Header) + 8;
2388 make_up_icmpv4_payload (state,
2395 GNUNET_break_op (0);
2396 GNUNET_STATISTICS_update (stats,
2397 gettext_noop ("# ICMPv4 packets dropped (type not allowed)"),
2399 return GNUNET_SYSERR;
2404 if (pkt_len < sizeof (struct in6_addr))
2406 GNUNET_break_op (0);
2407 return GNUNET_SYSERR;
2411 GNUNET_break_op (0);
2412 return GNUNET_SYSERR;
2414 v6 = (const struct in6_addr*) &msg[1];
2416 pkt_len -= sizeof (struct in6_addr);
2417 state->specifics.tcp_udp.ri.remote_address.address.ipv6 = *v6;
2418 if (NULL == state->specifics.tcp_udp.heap_node)
2420 state->specifics.tcp_udp.ri.remote_address.af = af;
2421 state->specifics.tcp_udp.ri.remote_address.proto = IPPROTO_ICMPV6;
2422 setup_state_record (state);
2424 /* check that ICMP type is something we want to support
2425 and possibly make up payload! */
2426 switch (msg->icmp_header.type)
2428 case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY:
2429 case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST:
2431 case GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE:
2432 case GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG:
2433 case GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED:
2434 case GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM:
2437 GNUNET_break_op (0);
2438 return GNUNET_SYSERR;
2440 /* make up payload */
2442 struct GNUNET_TUN_IPv6Header *ipp = (struct GNUNET_TUN_IPv6Header *) buf;
2443 struct GNUNET_TUN_UdpHeader *udp = (struct GNUNET_TUN_UdpHeader *) &ipp[1];
2445 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2446 pkt_len = sizeof (struct GNUNET_TUN_IPv6Header) + 8;
2447 make_up_icmpv6_payload (state,
2454 GNUNET_break_op (0);
2455 GNUNET_STATISTICS_update (stats,
2456 gettext_noop ("# ICMPv6 packets dropped (type not allowed)"),
2458 return GNUNET_SYSERR;
2464 GNUNET_break_op (0);
2465 return GNUNET_SYSERR;
2469 char buf[INET6_ADDRSTRLEN];
2470 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2471 "Received ICMP data from %s for forwarding to %s\n",
2472 GNUNET_i2s (&state->peer),
2474 &state->specifics.tcp_udp.ri.remote_address.address,
2475 buf, sizeof (buf)));
2477 send_icmp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address,
2478 &state->specifics.tcp_udp.ri.local_address,
2486 * Setup ICMP payload for ICMP error messages. Called
2487 * for both IPv4 and IPv6 addresses.
2489 * @param state context for creating the IP Packet
2490 * @param buf where to create the payload, has at least
2491 * sizeof (struct GNUNET_TUN_IPv6Header) + 8 bytes
2492 * @return number of bytes of payload we created in buf
2495 make_up_icmp_service_payload (struct ChannelState *state,
2498 switch (state->specifics.tcp_udp.serv->address.af)
2502 struct GNUNET_TUN_IPv4Header *ipv4;
2503 struct GNUNET_TUN_UdpHeader *udp;
2505 ipv4 = (struct GNUNET_TUN_IPv4Header *)buf;
2506 udp = (struct GNUNET_TUN_UdpHeader *) &ipv4[1];
2507 make_up_icmpv4_payload (state,
2510 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2511 return sizeof (struct GNUNET_TUN_IPv4Header) + 8;
2516 struct GNUNET_TUN_IPv6Header *ipv6;
2517 struct GNUNET_TUN_UdpHeader *udp;
2519 ipv6 = (struct GNUNET_TUN_IPv6Header *)buf;
2520 udp = (struct GNUNET_TUN_UdpHeader *) &ipv6[1];
2521 make_up_icmpv6_payload (state,
2524 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2525 return sizeof (struct GNUNET_TUN_IPv6Header) + 8;
2536 * Process a request via cadet to send ICMP data to a service
2537 * offered by this system.
2539 * @param cls closure, NULL
2540 * @param channel connection to the other end
2541 * @param channel_ctx pointer to our 'struct ChannelState *'
2542 * @param message the actual message
2543 * @return #GNUNET_OK to keep the connection open,
2544 * #GNUNET_SYSERR to close it (signal serious error)
2547 receive_icmp_service (void *cls,
2548 struct GNUNET_CADET_Channel *channel,
2550 const struct GNUNET_MessageHeader *message)
2552 struct ChannelState *state = *channel_ctx;
2553 const struct GNUNET_EXIT_IcmpServiceMessage *msg;
2554 uint16_t pkt_len = ntohs (message->size);
2555 struct GNUNET_TUN_IcmpHeader icmp;
2556 char buf[sizeof (struct GNUNET_TUN_IPv6Header) + 8] GNUNET_ALIGN;
2557 const void *payload;
2559 if (GNUNET_YES == state->is_dns)
2561 GNUNET_break_op (0);
2562 return GNUNET_SYSERR;
2564 if (GNUNET_SYSERR == state->is_dns)
2566 /* channel is UDP/TCP from now on */
2567 state->is_dns = GNUNET_NO;
2569 GNUNET_STATISTICS_update (stats,
2570 gettext_noop ("# Bytes received from CADET"),
2571 pkt_len, GNUNET_NO);
2572 GNUNET_STATISTICS_update (stats,
2573 gettext_noop ("# ICMP service requests received via cadet"),
2575 /* check that we got at least a valid header */
2576 if (pkt_len < sizeof (struct GNUNET_EXIT_IcmpServiceMessage))
2578 GNUNET_break_op (0);
2579 return GNUNET_SYSERR;
2581 msg = (const struct GNUNET_EXIT_IcmpServiceMessage*) message;
2582 pkt_len -= sizeof (struct GNUNET_EXIT_IcmpServiceMessage);
2583 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2584 "Received data from %s for forwarding to ICMP service %s\n",
2585 GNUNET_i2s (&state->peer),
2586 GNUNET_h2s (&msg->service_descriptor));
2587 if (NULL == state->specifics.tcp_udp.serv)
2589 /* first packet to service must not be ICMP (cannot determine service!) */
2590 GNUNET_break_op (0);
2591 return GNUNET_SYSERR;
2593 icmp = msg->icmp_header;
2595 state->specifics.tcp_udp.ri.remote_address = state->specifics.tcp_udp.serv->address;
2596 setup_state_record (state);
2598 /* check that ICMP type is something we want to support,
2599 perform ICMP PT if needed ans possibly make up payload */
2603 switch (msg->icmp_header.type)
2605 case GNUNET_TUN_ICMPTYPE_ECHO_REPLY:
2606 if (state->specifics.tcp_udp.serv->address.af == AF_INET6)
2607 icmp.type = GNUNET_TUN_ICMPTYPE6_ECHO_REPLY;
2609 case GNUNET_TUN_ICMPTYPE_ECHO_REQUEST:
2610 if (state->specifics.tcp_udp.serv->address.af == AF_INET6)
2611 icmp.type = GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST;
2613 case GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE:
2614 if (state->specifics.tcp_udp.serv->address.af == AF_INET6)
2615 icmp.type = GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE;
2618 GNUNET_break_op (0);
2619 return GNUNET_SYSERR;
2622 pkt_len = make_up_icmp_service_payload (state, buf);
2624 case GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED:
2625 if (state->specifics.tcp_udp.serv->address.af == AF_INET6)
2626 icmp.type = GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED;
2629 GNUNET_break_op (0);
2630 return GNUNET_SYSERR;
2633 pkt_len = make_up_icmp_service_payload (state, buf);
2635 case GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH:
2636 if (state->specifics.tcp_udp.serv->address.af == AF_INET6)
2638 GNUNET_STATISTICS_update (stats,
2639 gettext_noop ("# ICMPv4 packets dropped (impossible PT to v6)"),
2645 GNUNET_break_op (0);
2646 return GNUNET_SYSERR;
2649 pkt_len = make_up_icmp_service_payload (state, buf);
2652 GNUNET_break_op (0);
2653 GNUNET_STATISTICS_update (stats,
2654 gettext_noop ("# ICMPv4 packets dropped (type not allowed)"),
2656 return GNUNET_SYSERR;
2658 /* end of AF_INET */
2661 switch (msg->icmp_header.type)
2663 case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY:
2664 if (state->specifics.tcp_udp.serv->address.af == AF_INET)
2665 icmp.type = GNUNET_TUN_ICMPTYPE_ECHO_REPLY;
2667 case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST:
2668 if (state->specifics.tcp_udp.serv->address.af == AF_INET)
2669 icmp.type = GNUNET_TUN_ICMPTYPE_ECHO_REQUEST;
2671 case GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE:
2672 if (state->specifics.tcp_udp.serv->address.af == AF_INET)
2673 icmp.type = GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE;
2676 GNUNET_break_op (0);
2677 return GNUNET_SYSERR;
2680 pkt_len = make_up_icmp_service_payload (state, buf);
2682 case GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED:
2683 if (state->specifics.tcp_udp.serv->address.af == AF_INET)
2684 icmp.type = GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED;
2687 GNUNET_break_op (0);
2688 return GNUNET_SYSERR;
2691 pkt_len = make_up_icmp_service_payload (state, buf);
2693 case GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG:
2694 case GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM:
2695 if (state->specifics.tcp_udp.serv->address.af == AF_INET)
2697 GNUNET_STATISTICS_update (stats,
2698 gettext_noop ("# ICMPv6 packets dropped (impossible PT to v4)"),
2704 GNUNET_break_op (0);
2705 return GNUNET_SYSERR;
2708 pkt_len = make_up_icmp_service_payload (state, buf);
2711 GNUNET_break_op (0);
2712 GNUNET_STATISTICS_update (stats,
2713 gettext_noop ("# ICMPv6 packets dropped (type not allowed)"),
2715 return GNUNET_SYSERR;
2717 /* end of AF_INET6 */
2720 GNUNET_break_op (0);
2721 return GNUNET_SYSERR;
2724 send_icmp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address,
2725 &state->specifics.tcp_udp.ri.local_address,
2733 * Send a UDP packet via the TUN interface.
2735 * @param destination_address IP and port to use for the UDP packet's destination
2736 * @param source_address IP and port to use for the UDP packet's source
2737 * @param payload payload of the UDP packet (does NOT include UDP header)
2738 * @param payload_length number of bytes of data in @a payload
2741 send_udp_packet_via_tun (const struct SocketAddress *destination_address,
2742 const struct SocketAddress *source_address,
2743 const void *payload, size_t payload_length)
2747 GNUNET_STATISTICS_update (stats,
2748 gettext_noop ("# UDP packets sent via TUN"),
2750 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2751 "Sending packet with %u bytes UDP payload via TUN\n",
2752 (unsigned int) payload_length);
2753 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
2754 switch (source_address->af)
2757 len += sizeof (struct GNUNET_TUN_IPv4Header);
2760 len += sizeof (struct GNUNET_TUN_IPv6Header);
2766 len += sizeof (struct GNUNET_TUN_UdpHeader);
2767 len += payload_length;
2768 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
2774 char buf[len] GNUNET_ALIGN;
2775 struct GNUNET_MessageHeader *hdr;
2776 struct GNUNET_TUN_Layer2PacketHeader *tun;
2778 hdr= (struct GNUNET_MessageHeader *) buf;
2779 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
2780 hdr->size = htons (len);
2781 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
2782 tun->flags = htons (0);
2783 switch (source_address->af)
2787 struct GNUNET_TUN_IPv4Header * ipv4 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
2789 tun->proto = htons (ETH_P_IPV4);
2790 prepare_ipv4_packet (payload, payload_length,
2794 destination_address,
2800 struct GNUNET_TUN_IPv6Header * ipv6 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
2802 tun->proto = htons (ETH_P_IPV6);
2803 prepare_ipv6_packet (payload, payload_length,
2807 destination_address,
2815 if (NULL != helper_handle)
2816 (void) GNUNET_HELPER_send (helper_handle,
2817 (const struct GNUNET_MessageHeader*) buf,
2825 * Process a request to forward UDP data to the Internet via this peer.
2827 * @param cls closure, NULL
2828 * @param channel connection to the other end
2829 * @param channel_ctx pointer to our 'struct ChannelState *'
2830 * @param message the actual message
2831 * @return #GNUNET_OK to keep the connection open,
2832 * #GNUNET_SYSERR to close it (signal serious error)
2835 receive_udp_remote (void *cls,
2836 struct GNUNET_CADET_Channel *channel,
2838 const struct GNUNET_MessageHeader *message)
2840 struct ChannelState *state = *channel_ctx;
2841 const struct GNUNET_EXIT_UdpInternetMessage *msg;
2842 uint16_t pkt_len = ntohs (message->size);
2843 const struct in_addr *v4;
2844 const struct in6_addr *v6;
2845 const void *payload;
2848 if (GNUNET_YES == state->is_dns)
2850 GNUNET_break_op (0);
2851 return GNUNET_SYSERR;
2853 if (GNUNET_SYSERR == state->is_dns)
2855 /* channel is UDP/TCP from now on */
2856 state->is_dns = GNUNET_NO;
2858 GNUNET_STATISTICS_update (stats,
2859 gettext_noop ("# Bytes received from CADET"),
2860 pkt_len, GNUNET_NO);
2861 GNUNET_STATISTICS_update (stats,
2862 gettext_noop ("# UDP IP-exit requests received via cadet"),
2864 if (pkt_len < sizeof (struct GNUNET_EXIT_UdpInternetMessage))
2866 GNUNET_break_op (0);
2867 return GNUNET_SYSERR;
2869 msg = (const struct GNUNET_EXIT_UdpInternetMessage*) message;
2870 pkt_len -= sizeof (struct GNUNET_EXIT_UdpInternetMessage);
2871 af = (int) ntohl (msg->af);
2872 state->specifics.tcp_udp.ri.remote_address.af = af;
2876 if (pkt_len < sizeof (struct in_addr))
2878 GNUNET_break_op (0);
2879 return GNUNET_SYSERR;
2883 GNUNET_break_op (0);
2884 return GNUNET_SYSERR;
2886 v4 = (const struct in_addr*) &msg[1];
2888 pkt_len -= sizeof (struct in_addr);
2889 state->specifics.tcp_udp.ri.remote_address.address.ipv4 = *v4;
2892 if (pkt_len < sizeof (struct in6_addr))
2894 GNUNET_break_op (0);
2895 return GNUNET_SYSERR;
2899 GNUNET_break_op (0);
2900 return GNUNET_SYSERR;
2902 v6 = (const struct in6_addr*) &msg[1];
2904 pkt_len -= sizeof (struct in6_addr);
2905 state->specifics.tcp_udp.ri.remote_address.address.ipv6 = *v6;
2908 GNUNET_break_op (0);
2909 return GNUNET_SYSERR;
2912 char buf[INET6_ADDRSTRLEN];
2913 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2914 "Received data from %s for forwarding to UDP %s:%u\n",
2915 GNUNET_i2s (&state->peer),
2917 &state->specifics.tcp_udp.ri.remote_address.address,
2919 (unsigned int) ntohs (msg->destination_port));
2921 state->specifics.tcp_udp.ri.remote_address.proto = IPPROTO_UDP;
2922 state->specifics.tcp_udp.ri.remote_address.port = msg->destination_port;
2923 if (NULL == state->specifics.tcp_udp.heap_node)
2924 setup_state_record (state);
2925 if (0 != ntohs (msg->source_port))
2926 state->specifics.tcp_udp.ri.local_address.port = msg->source_port;
2927 send_udp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address,
2928 &state->specifics.tcp_udp.ri.local_address,
2935 * Process a request via cadet to send a request to a UDP service
2936 * offered by this system.
2938 * @param cls closure, NULL
2939 * @param channel connection to the other end
2940 * @param channel_ctx pointer to our 'struct ChannelState *'
2941 * @param message the actual message
2942 * @return #GNUNET_OK to keep the connection open,
2943 * #GNUNET_SYSERR to close it (signal serious error)
2946 receive_udp_service (void *cls,
2947 struct GNUNET_CADET_Channel *channel,
2949 const struct GNUNET_MessageHeader *message)
2951 struct ChannelState *state = *channel_ctx;
2952 const struct GNUNET_EXIT_UdpServiceMessage *msg;
2953 uint16_t pkt_len = ntohs (message->size);
2955 if (GNUNET_YES == state->is_dns)
2957 GNUNET_break_op (0);
2958 return GNUNET_SYSERR;
2960 if (GNUNET_SYSERR == state->is_dns)
2962 /* channel is UDP/TCP from now on */
2963 state->is_dns = GNUNET_NO;
2965 GNUNET_STATISTICS_update (stats,
2966 gettext_noop ("# Bytes received from CADET"),
2967 pkt_len, GNUNET_NO);
2968 GNUNET_STATISTICS_update (stats,
2969 gettext_noop ("# UDP service requests received via cadet"),
2971 /* check that we got at least a valid header */
2972 if (pkt_len < sizeof (struct GNUNET_EXIT_UdpServiceMessage))
2974 GNUNET_break_op (0);
2975 return GNUNET_SYSERR;
2977 msg = (const struct GNUNET_EXIT_UdpServiceMessage*) message;
2978 pkt_len -= sizeof (struct GNUNET_EXIT_UdpServiceMessage);
2979 LOG (GNUNET_ERROR_TYPE_DEBUG,
2980 "Received data from %s for forwarding to UDP service %s on port %u\n",
2981 GNUNET_i2s (&state->peer),
2982 GNUNET_h2s (&msg->service_descriptor),
2983 (unsigned int) ntohs (msg->destination_port));
2984 if (NULL == (state->specifics.tcp_udp.serv =
2985 find_service (udp_services,
2986 &msg->service_descriptor,
2987 ntohs (msg->destination_port))))
2989 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
2990 _("No service %s found for %s on port %d!\n"),
2991 GNUNET_h2s (&msg->service_descriptor),
2993 ntohs (msg->destination_port));
2994 GNUNET_STATISTICS_update (stats,
2995 gettext_noop ("# UDP requests dropped (no such service)"),
2997 return GNUNET_SYSERR;
2999 state->specifics.tcp_udp.ri.remote_address = state->specifics.tcp_udp.serv->address;
3000 setup_state_record (state);
3001 if (0 != ntohs (msg->source_port))
3002 state->specifics.tcp_udp.ri.local_address.port = msg->source_port;
3003 send_udp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address,
3004 &state->specifics.tcp_udp.ri.local_address,
3011 * Callback from GNUNET_CADET for new channels.
3013 * @param cls closure
3014 * @param channel new handle to the channel
3015 * @param initiator peer that started the channel
3016 * @param port destination port
3017 * @param options channel options flags
3018 * @return initial channel context for the channel
3021 new_channel (void *cls,
3022 struct GNUNET_CADET_Channel *channel,
3023 const struct GNUNET_PeerIdentity *initiator,
3024 uint32_t port, enum GNUNET_CADET_ChannelOption options)
3026 struct ChannelState *s = GNUNET_new (struct ChannelState);
3028 s->is_dns = GNUNET_SYSERR;
3029 s->peer = *initiator;
3030 GNUNET_STATISTICS_update (stats,
3031 gettext_noop ("# Inbound CADET channels created"),
3033 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3034 "Received inbound channel from `%s'\n",
3035 GNUNET_i2s (initiator));
3036 s->channel = channel;
3042 * Function called by cadet whenever an inbound channel is destroyed.
3043 * Should clean up any associated state.
3045 * @param cls closure (set from #GNUNET_CADET_connect)
3046 * @param channel connection to the other end (henceforth invalid)
3047 * @param channel_ctx place where local state associated
3048 * with the channel is stored
3051 clean_channel (void *cls,
3052 const struct GNUNET_CADET_Channel *channel,
3055 struct ChannelState *s = channel_ctx;
3056 struct ChannelMessageQueue *tnq;
3058 LOG (GNUNET_ERROR_TYPE_DEBUG,
3059 "Channel destroyed\n");
3060 if (GNUNET_SYSERR == s->is_dns)
3065 if (GNUNET_YES == s->is_dns)
3067 if (channels[s->specifics.dns.my_id] == s)
3068 channels[s->specifics.dns.my_id] = NULL;
3069 GNUNET_free_non_null (s->specifics.dns.reply);
3073 while (NULL != (tnq = s->specifics.tcp_udp.head))
3075 GNUNET_CONTAINER_DLL_remove (s->specifics.tcp_udp.head,
3076 s->specifics.tcp_udp.tail,
3080 if (NULL != s->specifics.tcp_udp.heap_node)
3082 GNUNET_assert (GNUNET_YES ==
3083 GNUNET_CONTAINER_multihashmap_remove (connections_map,
3084 &s->specifics.tcp_udp.state_key,
3086 GNUNET_CONTAINER_heap_remove_node (s->specifics.tcp_udp.heap_node);
3087 s->specifics.tcp_udp.heap_node = NULL;
3092 GNUNET_CADET_notify_transmit_ready_cancel (s->th);
3100 * Function that frees everything from a hashmap
3104 * @param value value to free
3107 free_iterate (void *cls,
3108 const struct GNUNET_HashCode * hash,
3111 GNUNET_free (value);
3117 * Function scheduled as very last function if the service
3118 * disabled itself because the helper is not installed
3119 * properly. Does nothing, except for keeping the
3120 * service process alive by virtue of being scheduled.
3123 * @param tc scheduler context
3126 dummy_task (void *cls,
3127 const struct GNUNET_SCHEDULER_TaskContext *tc)
3129 /* just terminate */
3134 * Function scheduled as very last function, cleans up after us
3137 * @param tc scheduler context
3141 const struct GNUNET_SCHEDULER_TaskContext *tc)
3145 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3146 "Exit service is shutting down now\n");
3148 if (NULL != helper_handle)
3150 GNUNET_HELPER_stop (helper_handle, GNUNET_NO);
3151 helper_handle = NULL;
3155 GNUNET_REGEX_announce_cancel (regex4);
3160 GNUNET_REGEX_announce_cancel (regex6);
3163 if (NULL != cadet_handle)
3165 GNUNET_CADET_disconnect (cadet_handle);
3166 cadet_handle = NULL;
3168 if (NULL != connections_map)
3170 GNUNET_CONTAINER_multihashmap_iterate (connections_map, &free_iterate, NULL);
3171 GNUNET_CONTAINER_multihashmap_destroy (connections_map);
3172 connections_map = NULL;
3174 if (NULL != connections_heap)
3176 GNUNET_CONTAINER_heap_destroy (connections_heap);
3177 connections_heap = NULL;
3179 if (NULL != tcp_services)
3181 GNUNET_CONTAINER_multihashmap_iterate (tcp_services, &free_service_record, NULL);
3182 GNUNET_CONTAINER_multihashmap_destroy (tcp_services);
3183 tcp_services = NULL;
3185 if (NULL != udp_services)
3187 GNUNET_CONTAINER_multihashmap_iterate (udp_services, &free_service_record, NULL);
3188 GNUNET_CONTAINER_multihashmap_destroy (udp_services);
3189 udp_services = NULL;
3191 if (NULL != dnsstub)
3193 GNUNET_DNSSTUB_stop (dnsstub);
3196 if (NULL != peer_key)
3198 GNUNET_free (peer_key);
3201 if (GNUNET_SCHEDULER_NO_TASK != dht_task)
3203 GNUNET_SCHEDULER_cancel (dht_task);
3204 dht_task = GNUNET_SCHEDULER_NO_TASK;
3206 if (NULL != dht_put)
3208 GNUNET_DHT_put_cancel (dht_put);
3213 GNUNET_DHT_disconnect (dht);
3218 GNUNET_STATISTICS_destroy (stats, GNUNET_NO);
3222 GNUNET_free_non_null (exit_argv[i]);
3227 * Add services to the service map.
3229 * @param proto IPPROTO_TCP or IPPROTO_UDP
3230 * @param cpy copy of the service descriptor (can be mutilated)
3231 * @param name DNS name of the service
3234 add_services (int proto,
3241 struct LocalService *serv;
3245 slen = strlen (name);
3246 GNUNET_assert (slen >= 8);
3247 n = GNUNET_strndup (name, slen - 8 /* remove .gnunet. */);
3249 for (redirect = strtok (cpy, " "); redirect != NULL;
3250 redirect = strtok (NULL, " "))
3252 if (NULL == (hostname = strstr (redirect, ":")))
3254 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3255 _("Option `%s' for domain `%s' is not formatted correctly!\n"),
3262 if (NULL == (hostport = strstr (hostname, ":")))
3264 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3265 _("Option `%s' for domain `%s' is not formatted correctly!\n"),
3273 int local_port = atoi (redirect);
3274 int remote_port = atoi (hostport);
3276 if (!((local_port > 0) && (local_port < 65536)))
3278 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3279 _("`%s' is not a valid port number (for domain `%s')!"),
3284 if (!((remote_port > 0) && (remote_port < 65536)))
3286 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3287 _("`%s' is not a valid port number (for domain `%s')!"),
3293 serv = GNUNET_new (struct LocalService);
3294 serv->address.proto = proto;
3295 serv->my_port = (uint16_t) local_port;
3296 serv->address.port = remote_port;
3297 if (0 == strcmp ("localhost4", hostname))
3299 const char *ip4addr = exit_argv[5];
3301 serv->address.af = AF_INET;
3302 GNUNET_assert (1 == inet_pton (AF_INET, ip4addr, &serv->address.address.ipv4));
3304 else if (0 == strcmp ("localhost6", hostname))
3306 const char *ip6addr = exit_argv[3];
3308 serv->address.af = AF_INET6;
3309 GNUNET_assert (1 == inet_pton (AF_INET6, ip6addr, &serv->address.address.ipv6));
3313 struct addrinfo *res;
3316 ret = getaddrinfo (hostname, NULL, NULL, &res);
3317 if ( (ret != 0) || (res == NULL) )
3319 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3320 _("No addresses found for hostname `%s' of service `%s'!\n"),
3327 serv->address.af = res->ai_family;
3328 switch (res->ai_family)
3333 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3334 _("Service `%s' configured for IPv4, but IPv4 is disabled!\n"),
3340 serv->address.address.ipv4 = ((struct sockaddr_in *) res->ai_addr)->sin_addr;
3345 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3346 _("Service `%s' configured for IPv4, but IPv4 is disabled!\n"),
3352 serv->address.address.ipv6 = ((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
3356 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3357 _("No IP addresses found for hostname `%s' of service `%s'!\n"),
3365 store_service ((IPPROTO_UDP == proto) ? udp_services : tcp_services,
3375 * Reads the configuration servicecfg and populates udp_services
3378 * @param section name of section in config, equal to hostname
3381 read_service_conf (void *cls, const char *section)
3385 if ((strlen (section) < 8) ||
3386 (0 != strcmp (".gnunet.", section + (strlen (section) - 8))))
3389 GNUNET_CONFIGURATION_get_value_string (cfg, section, "UDP_REDIRECTS",
3392 add_services (IPPROTO_UDP, cpy, section);
3396 GNUNET_CONFIGURATION_get_value_string (cfg, section, "TCP_REDIRECTS",
3399 add_services (IPPROTO_TCP, cpy, section);
3406 * We are running a DNS exit service, advertise it in the
3407 * DHT. This task is run periodically to do the DHT PUT.
3409 * @param cls closure
3410 * @param tc scheduler context
3413 do_dht_put (void *cls,
3414 const struct GNUNET_SCHEDULER_TaskContext *tc);
3418 * Function called when the DHT PUT operation is complete.
3419 * Schedules the next PUT.
3421 * @param cls closure, NULL
3422 * @param success #GNUNET_OK if the operation worked (unused)
3425 dht_put_cont (void *cls,
3429 dht_task = GNUNET_SCHEDULER_add_delayed (DHT_PUT_FREQUENCY,
3436 * We are running a DNS exit service, advertise it in the
3437 * DHT. This task is run periodically to do the DHT PUT.
3439 * @param cls closure
3440 * @param tc scheduler context
3443 do_dht_put (void *cls,
3444 const struct GNUNET_SCHEDULER_TaskContext *tc)
3446 struct GNUNET_TIME_Absolute expiration;
3448 dht_task = GNUNET_SCHEDULER_NO_TASK;
3449 expiration = GNUNET_TIME_absolute_ntoh (dns_advertisement.expiration_time);
3450 if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value_us <
3451 GNUNET_TIME_UNIT_HOURS.rel_value_us)
3453 /* refresh advertisement */
3454 expiration = GNUNET_TIME_relative_to_absolute (DNS_ADVERTISEMENT_TIMEOUT);
3455 dns_advertisement.expiration_time = GNUNET_TIME_absolute_hton (expiration);
3456 GNUNET_assert (GNUNET_OK ==
3457 GNUNET_CRYPTO_eddsa_sign (peer_key,
3458 &dns_advertisement.purpose,
3459 &dns_advertisement.signature));
3461 dht_put = GNUNET_DHT_put (dht,
3463 1 /* replication */,
3465 GNUNET_BLOCK_TYPE_DNS,
3466 sizeof (struct GNUNET_DNS_Advertisement),
3469 GNUNET_TIME_UNIT_FOREVER_REL,
3470 &dht_put_cont, NULL);
3475 * @brief Main function that will be run by the scheduler.
3477 * @param cls closure
3478 * @param args remaining command-line arguments
3479 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
3480 * @param cfg_ configuration
3485 const char *cfgfile,
3486 const struct GNUNET_CONFIGURATION_Handle *cfg_)
3488 static struct GNUNET_CADET_MessageHandler handlers[] = {
3489 {&receive_icmp_service, GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_SERVICE, 0},
3490 {&receive_icmp_remote, GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_INTERNET, 0},
3491 {&receive_udp_service, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_SERVICE, 0},
3492 {&receive_udp_remote, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_INTERNET, 0},
3493 {&receive_tcp_service, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_SERVICE_START, 0},
3494 {&receive_tcp_remote, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_INTERNET_START, 0},
3495 {&receive_tcp_data, GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_EXIT, 0},
3496 {&receive_dns_request, GNUNET_MESSAGE_TYPE_VPN_DNS_TO_INTERNET, 0},
3500 static uint32_t apptypes[] = {
3501 GNUNET_APPLICATION_TYPE_END,
3502 GNUNET_APPLICATION_TYPE_END,
3503 GNUNET_APPLICATION_TYPE_END,
3504 GNUNET_APPLICATION_TYPE_END
3506 unsigned int app_idx;
3516 char *prefixed_regex;
3517 struct in_addr dns_exit4;
3518 struct in6_addr dns_exit6;
3522 ipv4_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV4");
3523 ipv6_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV6");
3524 ipv4_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV4");
3525 ipv6_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV6");
3526 if ( (ipv4_exit) || (ipv6_exit) )
3528 binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-exit");
3530 GNUNET_OS_check_helper_binary (binary, GNUNET_YES, "-d gnunet-vpn - - - 169.1.3.3.7 255.255.255.0")) //no nat, ipv4 only
3532 GNUNET_free (binary);
3533 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3534 _("`%s' must be installed SUID, EXIT will not work\n"),
3535 "gnunet-helper-exit");
3536 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL,
3542 GNUNET_free (binary);
3544 stats = GNUNET_STATISTICS_create ("exit", cfg);
3546 if ( (ipv4_exit || ipv4_enabled) &&
3547 GNUNET_OK != GNUNET_NETWORK_test_pf (PF_INET))
3549 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3550 _("This system does not support IPv4, will disable IPv4 functions despite them being enabled in the configuration\n"));
3551 ipv4_exit = GNUNET_NO;
3552 ipv4_enabled = GNUNET_NO;
3554 if ( (ipv6_exit || ipv6_enabled) &&
3555 GNUNET_OK != GNUNET_NETWORK_test_pf (PF_INET6))
3557 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3558 _("This system does not support IPv6, will disable IPv6 functions despite them being enabled in the configuration\n"));
3559 ipv6_exit = GNUNET_NO;
3560 ipv6_enabled = GNUNET_NO;
3562 if (ipv4_exit && (! ipv4_enabled))
3564 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3565 _("Cannot enable IPv4 exit but disable IPv4 on TUN interface, will use ENABLE_IPv4=YES\n"));
3566 ipv4_enabled = GNUNET_YES;
3568 if (ipv6_exit && (! ipv6_enabled))
3570 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3571 _("Cannot enable IPv6 exit but disable IPv6 on TUN interface, will use ENABLE_IPv6=YES\n"));
3572 ipv6_enabled = GNUNET_YES;
3574 if (! (ipv4_enabled || ipv6_enabled))
3576 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3577 _("No useful service enabled. Exiting.\n"));
3578 GNUNET_SCHEDULER_shutdown ();
3584 GNUNET_CONFIGURATION_get_value_yesno (cfg_, "exit", "EXIT_DNS")) &&
3586 GNUNET_CONFIGURATION_get_value_string (cfg, "exit",
3589 ( (1 != inet_pton (AF_INET, dns_exit, &dns_exit4)) &&
3590 (1 != inet_pton (AF_INET6, dns_exit, &dns_exit6)) ) ) )
3592 GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
3593 "dns", "DNS_RESOLVER",
3594 _("need a valid IPv4 or IPv6 address\n"));
3595 GNUNET_free_non_null (dns_exit);
3599 if (GNUNET_YES == ipv4_exit)
3601 apptypes[app_idx] = GNUNET_APPLICATION_TYPE_IPV4_GATEWAY;
3604 if (GNUNET_YES == ipv6_exit)
3606 apptypes[app_idx] = GNUNET_APPLICATION_TYPE_IPV6_GATEWAY;
3609 if (NULL != dns_exit)
3611 dht = GNUNET_DHT_connect (cfg, 1);
3612 peer_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg);
3613 GNUNET_CRYPTO_eddsa_key_get_public (peer_key,
3614 &dns_advertisement.peer.public_key);
3615 dns_advertisement.purpose.size = htonl (sizeof (struct GNUNET_DNS_Advertisement) -
3616 sizeof (struct GNUNET_CRYPTO_EddsaSignature));
3617 dns_advertisement.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DNS_RECORD);
3618 GNUNET_CRYPTO_hash ("dns",
3621 dht_task = GNUNET_SCHEDULER_add_now (&do_dht_put,
3623 apptypes[app_idx] = GNUNET_APPLICATION_TYPE_INTERNET_RESOLVER;
3626 GNUNET_free_non_null (dns_exit);
3627 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL,
3632 GNUNET_CONFIGURATION_get_value_number (cfg, "exit", "MAX_CONNECTIONS",
3634 max_connections = 1024;
3635 exit_argv[0] = GNUNET_strdup ("exit-gnunet");
3636 if (GNUNET_SYSERR ==
3637 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "TUN_IFNAME", &tun_ifname))
3639 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "EXIT", "TUN_IFNAME");
3640 GNUNET_SCHEDULER_shutdown ();
3643 exit_argv[1] = tun_ifname;
3646 if (GNUNET_SYSERR ==
3647 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "EXIT_IFNAME", &exit_ifname))
3649 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "EXIT", "EXIT_IFNAME");
3650 GNUNET_SCHEDULER_shutdown ();
3653 exit_argv[2] = exit_ifname;
3657 exit_argv[2] = GNUNET_strdup ("-");
3661 if (GNUNET_YES == ipv6_enabled)
3663 if ( (GNUNET_SYSERR ==
3664 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6ADDR",
3666 (1 != inet_pton (AF_INET6, ipv6addr, &exit_ipv6addr))) )
3668 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "EXIT", "IPV6ADDR");
3669 GNUNET_SCHEDULER_shutdown ();
3672 exit_argv[3] = ipv6addr;
3673 if (GNUNET_SYSERR ==
3674 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6PREFIX",
3677 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "EXIT", "IPV6PREFIX");
3678 GNUNET_SCHEDULER_shutdown ();
3681 exit_argv[4] = ipv6prefix_s;
3683 GNUNET_CONFIGURATION_get_value_number (cfg, "exit",
3686 (ipv6prefix >= 127) )
3688 GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, "EXIT", "IPV6PREFIX",
3689 _("Must be a number"));
3690 GNUNET_SCHEDULER_shutdown ();
3696 /* IPv6 explicitly disabled */
3697 exit_argv[3] = GNUNET_strdup ("-");
3698 exit_argv[4] = GNUNET_strdup ("-");
3700 if (GNUNET_YES == ipv4_enabled)
3702 if ( (GNUNET_SYSERR ==
3703 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4ADDR",
3705 (1 != inet_pton (AF_INET, ipv4addr, &exit_ipv4addr))) )
3707 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "EXIT", "IPV4ADDR");
3708 GNUNET_SCHEDULER_shutdown ();
3711 exit_argv[5] = ipv4addr;
3713 if ( (GNUNET_SYSERR ==
3714 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4MASK",
3716 (1 != inet_pton (AF_INET, ipv4mask, &exit_ipv4mask))) )
3718 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "EXIT", "IPV4MASK");
3719 GNUNET_SCHEDULER_shutdown ();
3720 GNUNET_free_non_null (ipv4mask);
3723 exit_argv[6] = ipv4mask;
3727 /* IPv4 explicitly disabled */
3728 exit_argv[5] = GNUNET_strdup ("-");
3729 exit_argv[6] = GNUNET_strdup ("-");
3731 exit_argv[7] = NULL;
3733 udp_services = GNUNET_CONTAINER_multihashmap_create (65536, GNUNET_NO);
3734 tcp_services = GNUNET_CONTAINER_multihashmap_create (65536, GNUNET_NO);
3735 GNUNET_CONFIGURATION_iterate_sections (cfg, &read_service_conf, NULL);
3737 connections_map = GNUNET_CONTAINER_multihashmap_create (65536, GNUNET_NO);
3738 connections_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
3741 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3742 _("No useful service enabled. Exiting.\n"));
3743 GNUNET_SCHEDULER_shutdown ();
3747 = GNUNET_CADET_connect (cfg, NULL,
3749 &clean_channel, handlers,
3751 if (NULL == cadet_handle)
3753 GNUNET_SCHEDULER_shutdown ();
3757 /* Cadet handle acquired, now announce regular expressions matching our exit */
3758 if ( (GNUNET_YES == ipv4_enabled) && (GNUNET_YES == ipv4_exit) )
3762 GNUNET_CONFIGURATION_get_value_string (cfg,
3764 "EXIT_RANGE_IPV4_POLICY",
3768 regex = GNUNET_TUN_ipv4policy2regex (policy);
3769 GNUNET_free_non_null (policy);
3772 (void) GNUNET_asprintf (&prefixed_regex, "%s%s%s",
3773 GNUNET_APPLICATION_TYPE_EXIT_REGEX_PREFIX,
3775 regex4 = GNUNET_REGEX_announce (cfg,
3777 REGEX_REFRESH_FREQUENCY,
3778 REGEX_MAX_PATH_LEN_IPV4);
3779 GNUNET_free (regex);
3780 GNUNET_free (prefixed_regex);
3784 if (GNUNET_YES == ipv6_enabled && GNUNET_YES == ipv6_exit)
3788 GNUNET_CONFIGURATION_get_value_string (cfg,
3790 "EXIT_RANGE_IPV6_POLICY",
3794 regex = GNUNET_TUN_ipv6policy2regex (policy);
3795 GNUNET_free_non_null (policy);
3798 (void) GNUNET_asprintf (&prefixed_regex, "%s%s%s",
3799 GNUNET_APPLICATION_TYPE_EXIT_REGEX_PREFIX,
3801 regex6 = GNUNET_REGEX_announce (cfg,
3803 REGEX_REFRESH_FREQUENCY,
3804 REGEX_MAX_PATH_LEN_IPV6);
3805 GNUNET_free (regex);
3806 GNUNET_free (prefixed_regex);
3809 if ((ipv4_exit) || (ipv6_exit))
3810 helper_handle = GNUNET_HELPER_start (GNUNET_NO,
3811 "gnunet-helper-exit",
3821 * @param argc number of arguments from the command line
3822 * @param argv command line arguments
3823 * @return 0 ok, 1 on error
3826 main (int argc, char *const *argv)
3828 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
3829 GNUNET_GETOPT_OPTION_END
3832 if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv))
3835 return (GNUNET_OK ==
3836 GNUNET_PROGRAM_run (argc, argv, "gnunet-daemon-exit",
3838 ("Daemon to run to provide an IP exit node for the VPN"),
3839 options, &run, NULL)) ? global_ret : 1;
3843 /* end of gnunet-daemon-exit.c */
projects / oweals / gnunet.git / blob