2 This file is part of GNUnet.
3 (C) 2010, 2012 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file exit/gnunet-daemon-exit.c
23 * @brief tool to allow IP traffic exit from the GNUnet mesh to the Internet
24 * @author Philipp Toelke
25 * @author Christian Grothoff
28 * - factor out crc computations from DNS/EXIT/VPN into shared library?
29 * - which code should advertise services? the service model is right
30 * now a bit odd, especially as this code DOES the exit and knows
31 * the DNS "name", but OTOH this is clearly NOT the place to advertise
32 * the service's existence; maybe the daemon should turn into a
33 * service with an API to add local-exit services dynamically?
36 #include "gnunet_util_lib.h"
37 #include "gnunet_protocols.h"
38 #include "gnunet_applications.h"
39 #include "gnunet_mesh_service.h"
40 #include "gnunet_constants.h"
41 #include "tcpip_tun.h"
45 * Information about an address.
50 * AF_INET or AF_INET6.
55 * Remote address information.
60 * Address, if af is AF_INET.
65 * Address, if af is AF_INET6.
71 * IPPROTO_TCP or IPPROTO_UDP;
76 * Remote port, in host byte order!
83 * This struct is saved into the services-hashmap to represent
84 * a service this peer is specifically offering an exit for
85 * (for a specific domain name).
91 * Remote address to use for the service.
93 struct SocketAddress address;
96 * DNS name of the service.
101 * Port I am listening on within GNUnet for this service, in host
102 * byte order. (as we may redirect ports).
109 * Information we use to track a connection (the classical 6-tuple of
110 * IP-version, protocol, source-IP, destination-IP, source-port and
113 struct RedirectInformation
117 * Address information for the other party (equivalent of the
118 * arguments one would give to "connect").
120 struct SocketAddress remote_address;
123 * Address information we used locally (AF and proto must match
124 * "remote_address"). Equivalent of the arguments one would give to
127 struct SocketAddress local_address;
130 Note 1: additional information might be added here in the
131 future to support protocols that require special handling,
134 Note 2: we might also sometimes not match on all components
135 of the tuple, to support protocols where things do not always
142 * Queue of messages to a tunnel.
144 struct TunnelMessageQueue
147 * This is a doubly-linked list.
149 struct TunnelMessageQueue *next;
152 * This is a doubly-linked list.
154 struct TunnelMessageQueue *prev;
157 * Payload to send via the tunnel.
162 * Number of bytes in 'payload'.
169 * This struct is saved into connections_map to allow finding the
170 * right tunnel given an IP packet from TUN. It is also associated
171 * with the tunnel's closure so we can find it again for the next
172 * message from the tunnel.
177 * Mesh tunnel that is used for this connection.
179 struct GNUNET_MESH_Tunnel *tunnel;
182 * Heap node for this state in the connections_heap.
184 struct GNUNET_CONTAINER_HeapNode *heap_node;
187 * Key this state has in the connections_map.
189 GNUNET_HashCode state_key;
192 * Associated service record, or NULL for no service.
194 struct LocalService *serv;
197 * Head of DLL of messages for this tunnel.
199 struct TunnelMessageQueue *head;
202 * Tail of DLL of messages for this tunnel.
204 struct TunnelMessageQueue *tail;
207 * Active tunnel transmission request (or NULL).
209 struct GNUNET_MESH_TransmitHandle *th;
212 * Primary redirection information for this connection.
214 struct RedirectInformation ri;
220 * The handle to the configuration used throughout the process
222 static const struct GNUNET_CONFIGURATION_Handle *cfg;
225 * The handle to the helper
227 static struct GNUNET_HELPER_Handle *helper_handle;
230 * Arguments to the exit helper.
232 static char *exit_argv[7];
235 * IPv6 prefix (0..127) from configuration file.
237 static unsigned long long ipv6prefix;
242 static struct GNUNET_MESH_Handle *mesh_handle;
245 * This hashmaps contains the mapping from peer, service-descriptor,
246 * source-port and destination-port to a struct TunnelState
248 static struct GNUNET_CONTAINER_MultiHashMap *connections_map;
251 * Heap so we can quickly find "old" connections.
253 static struct GNUNET_CONTAINER_Heap *connections_heap;
256 * If there are at least this many connections, old ones will be removed
258 static long long unsigned int max_connections = 200;
261 * This hashmaps saves interesting things about the configured UDP services
263 static struct GNUNET_CONTAINER_MultiHashMap *udp_services;
266 * This hashmaps saves interesting things about the configured TCP services
268 static struct GNUNET_CONTAINER_MultiHashMap *tcp_services;
271 * Are we an IPv4-exit?
273 static int ipv4_exit;
276 * Are we an IPv6-exit?
278 static int ipv6_exit;
281 * Do we support IPv4 at all on the TUN interface?
283 static int ipv4_enabled;
286 * Do we support IPv6 at all on the TUN interface?
288 static int ipv6_enabled;
292 * Given IP information about a connection, calculate the respective
293 * hash we would use for the 'connections_map'.
295 * @param hash resulting hash
296 * @param ri information about the connection
299 hash_redirect_info (GNUNET_HashCode *hash,
300 const struct RedirectInformation *ri)
304 memset (hash, 0, sizeof (GNUNET_HashCode));
305 /* the GNUnet hashmap only uses the first sizeof(unsigned int) of the hash,
306 so we put the IP address in there (and hope for few collisions) */
308 switch (ri->remote_address.af)
311 memcpy (off, &ri->remote_address.address.ipv4, sizeof (struct in_addr));
312 off += sizeof (struct in_addr);
315 memcpy (off, &ri->remote_address.address.ipv6, sizeof (struct in6_addr));
316 off += sizeof (struct in_addr);
321 memcpy (off, &ri->remote_address.port, sizeof (uint16_t));
322 off += sizeof (uint16_t);
323 switch (ri->local_address.af)
326 memcpy (off, &ri->local_address.address.ipv4, sizeof (struct in_addr));
327 off += sizeof (struct in_addr);
330 memcpy (off, &ri->local_address.address.ipv6, sizeof (struct in6_addr));
331 off += sizeof (struct in_addr);
336 memcpy (off, &ri->local_address.port, sizeof (uint16_t));
337 off += sizeof (uint16_t);
338 memcpy (off, &ri->remote_address.proto, sizeof (uint8_t));
339 off += sizeof (uint8_t);
344 * Get our connection tracking state. Warns if it does not exists,
345 * refreshes the timestamp if it does exist.
347 * @param af address family
348 * @param protocol IPPROTO_UDP or IPPROTO_TCP
349 * @param destination_ip target IP
350 * @param destination_port target port
351 * @param local_ip local IP
352 * @param local_port local port
353 * @param state_key set to hash's state if non-NULL
354 * @return NULL if we have no tracking information for this tuple
356 static struct TunnelState *
357 get_redirect_state (int af,
359 const void *destination_ip,
360 uint16_t destination_port,
361 const void *local_ip,
363 GNUNET_HashCode *state_key)
365 struct RedirectInformation ri;
367 struct TunnelState *state;
369 ri.remote_address.af = af;
371 ri.remote_address.address.ipv4 = *((struct in_addr*) destination_ip);
373 ri.remote_address.address.ipv6 = * ((struct in6_addr*) destination_ip);
374 ri.remote_address.port = destination_port;
375 ri.remote_address.proto = protocol;
376 ri.local_address.af = af;
378 ri.local_address.address.ipv4 = *((struct in_addr*) local_ip);
380 ri.local_address.address.ipv6 = * ((struct in6_addr*) local_ip);
381 ri.local_address.port = local_port;
382 ri.local_address.proto = protocol;
383 hash_redirect_info (&key, &ri);
384 if (NULL != state_key)
386 state = GNUNET_CONTAINER_multihashmap_get (connections_map, &key);
389 /* Mark this connection as freshly used */
390 if (NULL == state_key)
391 GNUNET_CONTAINER_heap_update_cost (connections_heap,
393 GNUNET_TIME_absolute_get ().abs_value);
399 * Given a service descriptor and a destination port, find the
400 * respective service entry.
402 * @param service_map map of services (TCP or UDP)
403 * @param desc service descriptor
404 * @param dpt destination port
405 * @return NULL if we are not aware of such a service
407 static struct LocalService *
408 find_service (struct GNUNET_CONTAINER_MultiHashMap *service_map,
409 const GNUNET_HashCode *desc,
412 char key[sizeof (GNUNET_HashCode) + sizeof (uint16_t)];
414 memcpy (&key[0], &dpt, sizeof (uint16_t));
415 memcpy (&key[sizeof(uint16_t)], desc, sizeof (GNUNET_HashCode));
416 return GNUNET_CONTAINER_multihashmap_get (service_map,
417 (GNUNET_HashCode *) key);
422 * Free memory associated with a service record.
425 * @param key service descriptor
426 * @param value service record to free
430 free_service_record (void *cls,
431 const GNUNET_HashCode *key,
434 struct LocalService *service = value;
436 GNUNET_free_non_null (service->name);
437 GNUNET_free (service);
443 * Given a service descriptor and a destination port, find the
444 * respective service entry.
446 * @param service_map map of services (TCP or UDP)
447 * @param name name of the service
448 * @param dpt destination port
449 * @param service service information record to store (service->name will be set).
452 store_service (struct GNUNET_CONTAINER_MultiHashMap *service_map,
455 struct LocalService *service)
457 char key[sizeof (GNUNET_HashCode) + sizeof (uint16_t)];
458 GNUNET_HashCode desc;
460 GNUNET_CRYPTO_hash (name, strlen (name) + 1, &desc);
461 service->name = GNUNET_strdup (name);
462 memcpy (&key[0], &dpt, sizeof (uint16_t));
463 memcpy (&key[sizeof(uint16_t)], &desc, sizeof (GNUNET_HashCode));
465 GNUNET_CONTAINER_multihashmap_put (service_map,
466 (GNUNET_HashCode *) key,
468 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
470 free_service_record (NULL, (GNUNET_HashCode *) key, service);
471 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
472 _("Got duplicate service records for `%s:%u'\n"),
480 * MESH is ready to receive a message for the tunnel. Transmit it.
482 * @param cls the 'struct TunnelState'.
483 * @param size number of bytes available in buf
484 * @param buf where to copy the message
485 * @return number of bytes copied to buf
488 send_to_peer_notify_callback (void *cls, size_t size, void *buf)
490 struct TunnelState *s = cls;
491 struct GNUNET_MESH_Tunnel *tunnel = s->tunnel;
492 struct TunnelMessageQueue *tnq;
496 GNUNET_assert (size >= tnq->len);
497 memcpy (buf, tnq->payload, tnq->len);
499 GNUNET_CONTAINER_DLL_remove (s->head,
503 if (NULL != (tnq = s->head))
504 s->th = GNUNET_MESH_notify_transmit_ready (tunnel,
505 GNUNET_NO /* corking */,
507 GNUNET_TIME_UNIT_FOREVER_REL,
510 &send_to_peer_notify_callback,
517 * Send the given packet via the mesh tunnel.
519 * @param mesh_tunnel destination
520 * @param payload message to transmit
521 * @param payload_length number of bytes in payload
522 * @param desc descriptor to add before payload (optional)
523 * @param mtype message type to use
526 send_packet_to_mesh_tunnel (struct GNUNET_MESH_Tunnel *mesh_tunnel,
528 size_t payload_length,
529 const GNUNET_HashCode *desc,
532 struct TunnelState *s;
533 struct TunnelMessageQueue *tnq;
534 struct GNUNET_MessageHeader *msg;
538 len = sizeof (struct GNUNET_MessageHeader) + sizeof (GNUNET_HashCode) + payload_length;
539 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
544 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueue) + len);
545 tnq->payload = &tnq[1];
547 msg = (struct GNUNET_MessageHeader *) &tnq[1];
548 msg->size = htons ((uint16_t) len);
549 msg->type = htons (mtype);
552 dp = (GNUNET_HashCode *) &msg[1];
554 memcpy (&dp[1], payload, payload_length);
558 memcpy (&msg[1], payload, payload_length);
560 s = GNUNET_MESH_tunnel_get_data (mesh_tunnel);
561 GNUNET_assert (NULL != s);
562 GNUNET_CONTAINER_DLL_insert_tail (s->head, s->tail, tnq);
564 s->th = GNUNET_MESH_notify_transmit_ready (mesh_tunnel, GNUNET_NO /* cork */, 0 /* priority */,
565 GNUNET_TIME_UNIT_FOREVER_REL,
567 &send_to_peer_notify_callback,
573 * @brief Handles an UDP packet received from the helper.
575 * @param udp A pointer to the Packet
576 * @param pktlen number of bytes in 'udp'
577 * @param af address family (AFINET or AF_INET6)
578 * @param destination_ip destination IP-address of the IP packet (should
579 * be our local address)
580 * @param source_ip original source IP-address of the IP packet (should
581 * be the original destination address)
584 udp_from_helper (const struct udp_packet *udp,
587 const void *destination_ip,
588 const void *source_ip)
590 struct TunnelState *state;
592 if (pktlen < sizeof (struct udp_packet))
598 if (pktlen != ntohs (udp->len))
604 state = get_redirect_state (af, IPPROTO_UDP,
612 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
613 _("Packet dropped, have no matching connection information\n"));
616 send_packet_to_mesh_tunnel (state->tunnel,
617 &udp[1], pktlen - sizeof (struct udp_packet),
620 ? GNUNET_MESSAGE_TYPE_VPN_SERVICE_UDP_BACK
621 : GNUNET_MESSAGE_TYPE_VPN_REMOTE_UDP_BACK);
626 * @brief Handles a TCP packet received from the helper.
628 * @param tcp A pointer to the Packet
629 * @param pktlen the length of the packet, including its header
630 * @param af address family (AFINET or AF_INET6)
631 * @param destination_ip destination IP-address of the IP packet (should
632 * be our local address)
633 * @param source_ip original source IP-address of the IP packet (should
634 * be the original destination address)
637 tcp_from_helper (const struct tcp_packet *tcp,
640 const void *destination_ip,
641 const void *source_ip)
643 struct TunnelState *state;
645 struct tcp_packet *mtcp;
647 if (pktlen < sizeof (struct tcp_packet))
653 state = get_redirect_state (af, IPPROTO_TCP,
661 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
662 _("Packet dropped, have no matching connection information\n"));
666 /* mug port numbers and crc to avoid information leakage;
667 sender will need to lookup the correct values anyway */
668 memcpy (buf, tcp, pktlen);
669 mtcp = (struct tcp_packet *) buf;
673 send_packet_to_mesh_tunnel (state->tunnel,
677 ? GNUNET_MESSAGE_TYPE_VPN_SERVICE_TCP_BACK
678 : GNUNET_MESSAGE_TYPE_VPN_REMOTE_TCP_BACK);
683 * Receive packets from the helper-process
686 * @param client unsued
687 * @param message message received from helper
690 message_token (void *cls GNUNET_UNUSED, void *client GNUNET_UNUSED,
691 const struct GNUNET_MessageHeader *message)
693 const struct tun_header *pkt_tun;
696 if (ntohs (message->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER)
701 size = ntohs (message->size);
702 if (size < sizeof (struct tun_header) + sizeof (struct GNUNET_MessageHeader))
707 pkt_tun = (const struct tun_header *) &message[1];
708 size -= sizeof (struct tun_header) + sizeof (struct GNUNET_MessageHeader);
709 switch (ntohs (pkt_tun->proto))
713 const struct ip6_header *pkt6;
715 if (size < sizeof (struct ip6_header))
717 /* Kernel to blame? */
721 pkt6 = (struct ip6_header *) &pkt_tun[1];
722 if (size != ntohs (pkt6->payload_length))
724 /* Kernel to blame? */
728 size -= sizeof (struct ip6_header);
729 switch (pkt6->next_header)
732 udp_from_helper ((const struct udp_packet *) &pkt6[1], size,
734 &pkt6->destination_address,
735 &pkt6->source_address);
738 tcp_from_helper ((const struct tcp_packet *) &pkt6[1], size,
740 &pkt6->destination_address,
741 &pkt6->source_address);
744 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
745 _("IPv6 packet with unsupported next header received. Ignored.\n"));
752 const struct ip4_header *pkt4;
754 if (size < sizeof (struct ip4_header))
756 /* Kernel to blame? */
760 pkt4 = (const struct ip4_header *) &pkt_tun[1];
761 if (size != ntohs (pkt4->total_length))
763 /* Kernel to blame? */
767 if (pkt4->header_length * 4 != sizeof (struct ip4_header))
769 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
770 _("IPv4 packet options received. Ignored.\n"));
773 size -= sizeof (struct ip4_header);
774 switch (pkt4->protocol)
777 udp_from_helper ((const struct udp_packet *) &pkt4[1], size,
779 &pkt4->destination_address,
780 &pkt4->source_address);
782 tcp_from_helper ((const struct tcp_packet *) &pkt4[1], size,
784 &pkt4->destination_address,
785 &pkt4->source_address);
788 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
789 _("IPv4 packet with unsupported next header received. Ignored.\n"));
795 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
796 _("Packet from unknown protocol %u received. Ignored.\n"),
797 ntohs (pkt_tun->proto));
804 * We need to create a (unique) fresh local address (IP+port).
807 * @param af desired address family
808 * @param proto desired protocol (IPPROTO_UDP or IPPROTO_TCP)
809 * @param local_address address to initialize
812 setup_fresh_address (int af,
814 struct SocketAddress *local_address)
816 local_address->af = af;
817 local_address->proto = (uint8_t) proto;
818 /* default "local" port range is often 32768--61000,
819 so we pick a random value in that range */
821 = (uint16_t) 32768 + GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
827 const char *ipv4addr = exit_argv[4];
828 const char *ipv4mask = exit_argv[5];
833 GNUNET_assert (1 == inet_pton (AF_INET, ipv4addr, &addr));
834 GNUNET_assert (1 == inet_pton (AF_INET, ipv4mask, &mask));
835 if (0 == ~mask.s_addr)
837 /* only one valid IP anyway */
838 local_address->address.ipv4 = addr;
841 /* Given 192.168.0.1/255.255.0.0, we want a mask
842 of '192.168.255.255', thus: */
843 mask.s_addr = addr.s_addr | ~mask.s_addr;
844 /* Pick random IPv4 address within the subnet, except 'addr' or 'mask' itself */
847 rnd.s_addr = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
849 local_address->address.ipv4.s_addr = (addr.s_addr | rnd.s_addr) & mask.s_addr;
851 while ( (local_address->address.ipv4.s_addr == addr.s_addr) ||
852 (local_address->address.ipv4.s_addr == mask.s_addr) );
857 const char *ipv6addr = exit_argv[2];
858 struct in6_addr addr;
859 struct in6_addr mask;
863 GNUNET_assert (1 == inet_pton (AF_INET6, ipv6addr, &addr));
864 GNUNET_assert (ipv6prefix < 128);
865 if (ipv6prefix == 127)
867 /* only one valid IP anyway */
868 local_address->address.ipv6 = addr;
871 /* Given ABCD::/96, we want a mask of 'ABCD::FFFF:FFFF,
874 for (i=127;i>=128-ipv6prefix;i--)
875 mask.s6_addr[i / 8] |= (1 << (i % 8));
877 /* Pick random IPv6 address within the subnet, except 'addr' or 'mask' itself */
882 rnd.s6_addr[i] = (unsigned char) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
884 local_address->address.ipv6.s6_addr[i]
885 = (addr.s6_addr[i] | rnd.s6_addr[i]) & mask.s6_addr[i];
888 while ( (0 == memcmp (&local_address->address.ipv6,
890 sizeof (struct in6_addr))) ||
891 (0 == memcmp (&local_address->address.ipv6,
893 sizeof (struct in6_addr))) );
903 * We are starting a fresh connection (TCP or UDP) and need
904 * to pick a source port and IP address (within the correct
905 * range and address family) to associate replies with the
906 * connection / correct mesh tunnel. This function generates
907 * a "fresh" source IP and source port number for a connection
908 * After picking a good source address, this function sets up
909 * the state in the 'connections_map' and 'connections_heap'
910 * to allow finding the state when needed later. The function
911 * also makes sure that we remain within memory limits by
912 * cleaning up 'old' states.
914 * @param state skeleton state to setup a record for; should
915 * 'state->ri.remote_address' filled in so that
916 * this code can determine which AF/protocol is
917 * going to be used (the 'tunnel' should also
918 * already be set); after calling this function,
919 * heap_node and the local_address will be
920 * also initialized (heap_node != NULL can be
921 * used to test if a state has been fully setup).
924 setup_state_record (struct TunnelState *state)
927 struct TunnelState *s;
929 /* generate fresh, unique address */
932 setup_fresh_address (state->serv->address.af,
933 state->serv->address.proto,
934 &state->ri.local_address);
935 } while (NULL != get_redirect_state (state->ri.remote_address.af,
937 &state->ri.remote_address.address,
938 state->ri.remote_address.port,
939 &state->ri.local_address.address,
940 state->ri.local_address.port,
942 GNUNET_assert (GNUNET_OK ==
943 GNUNET_CONTAINER_multihashmap_put (connections_map,
945 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
946 state->heap_node = GNUNET_CONTAINER_heap_insert (connections_heap,
948 GNUNET_TIME_absolute_get ().abs_value);
949 while (GNUNET_CONTAINER_heap_get_size (connections_heap) > max_connections)
951 s = GNUNET_CONTAINER_heap_remove_root (connections_heap);
952 GNUNET_assert (state != s);
954 GNUNET_MESH_tunnel_destroy (s->tunnel);
955 GNUNET_assert (GNUNET_OK ==
956 GNUNET_CONTAINER_multihashmap_remove (connections_map,
965 * Prepare an IPv4 packet for transmission via the TUN interface.
966 * Initializes the IP header and calculates checksums (IP+UDP/TCP).
967 * For UDP, the UDP header will be fully created, whereas for TCP
968 * only the ports and checksum will be filled in. So for TCP,
969 * a skeleton TCP header must be part of the provided payload.
971 * @param payload payload of the packet (starting with UDP payload or
972 * TCP header, depending on protocol)
973 * @param payload_length number of bytes in 'payload'
974 * @param protocol IPPROTO_UDP or IPPROTO_TCP
975 * @param src_address source address to use (IP and port)
976 * @param dst_address destination address to use (IP and port)
977 * @param pkt6 where to write the assembled packet; must
978 * contain enough space for the IP header, UDP/TCP header
982 prepare_ipv4_packet (const void *payload, size_t payload_length,
984 const struct tcp_packet *tcp_header,
985 const struct SocketAddress *src_address,
986 const struct SocketAddress *dst_address,
987 struct ip4_header *pkt4)
991 len = payload_length;
995 len += sizeof (struct udp_packet);
998 len += sizeof (struct tcp_packet);
999 GNUNET_assert (NULL != tcp_header);
1005 if (len + sizeof (struct ip4_header) > UINT16_MAX)
1012 pkt4->header_length = sizeof (struct ip4_header) / 4;
1013 pkt4->diff_serv = 0;
1014 pkt4->total_length = htons ((uint16_t) (sizeof (struct ip4_header) + len));
1015 pkt4->identification = (uint16_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1018 pkt4->fragmentation_offset = 0;
1020 pkt4->protocol = protocol;
1022 pkt4->destination_address = dst_address->address.ipv4;
1023 pkt4->source_address = src_address->address.ipv4;
1024 pkt4->checksum = GNUNET_CRYPTO_crc16_n (pkt4, sizeof (struct ip4_header));
1030 struct udp_packet *pkt4_udp = (struct udp_packet *) &pkt4[1];
1032 pkt4_udp->spt = htons (src_address->port);
1033 pkt4_udp->dpt = htons (dst_address->port);
1034 pkt4_udp->crc = 0; /* Optional for IPv4 */
1035 pkt4_udp->len = htons ((uint16_t) payload_length);
1036 memcpy (&pkt4_udp[1], payload, payload_length);
1041 struct tcp_packet *pkt4_tcp = (struct tcp_packet *) &pkt4[1];
1043 memcpy (pkt4_tcp, tcp_header, sizeof (struct tcp_packet));
1044 memcpy (&pkt4_tcp[1], payload, payload_length);
1045 pkt4_tcp->spt = htons (src_address->port);
1046 pkt4_tcp->dpt = htons (dst_address->port);
1049 sum = GNUNET_CRYPTO_crc16_step (sum,
1050 &pkt4->source_address,
1051 sizeof (struct in_addr) * 2);
1052 uint32_t tmp = htonl ((protocol << 16) | (0xffff & len));
1053 sum = GNUNET_CRYPTO_crc16_step (sum, & tmp, sizeof (uint32_t));
1054 sum = GNUNET_CRYPTO_crc16_step (sum, & pkt4_tcp, len);
1055 pkt4_tcp->crc = GNUNET_CRYPTO_crc16_finish (sum);
1065 * Prepare an IPv6 packet for transmission via the TUN interface.
1066 * Initializes the IP header and calculates checksums (IP+UDP/TCP).
1067 * For UDP, the UDP header will be fully created, whereas for TCP
1068 * only the ports and checksum will be filled in. So for TCP,
1069 * a skeleton TCP header must be part of the provided payload.
1071 * @param payload payload of the packet (starting with UDP payload or
1072 * TCP header, depending on protocol)
1073 * @param payload_length number of bytes in 'payload'
1074 * @param protocol IPPROTO_UDP or IPPROTO_TCP
1075 * @param src_address source address to use (IP and port)
1076 * @param dst_address destination address to use (IP and port)
1077 * @param pkt6 where to write the assembled packet; must
1078 * contain enough space for the IP header, UDP/TCP header
1082 prepare_ipv6_packet (const void *payload, size_t payload_length,
1084 const struct tcp_packet *tcp_header,
1085 const struct SocketAddress *src_address,
1086 const struct SocketAddress *dst_address,
1087 struct ip6_header *pkt6)
1091 len = payload_length;
1095 len += sizeof (struct udp_packet);
1098 /* tcp_header (with port/crc not set) must be part of payload! */
1099 if (len < sizeof (struct tcp_packet))
1109 if (len > UINT16_MAX)
1116 pkt6->next_header = protocol;
1117 pkt6->payload_length = htons ((uint16_t) (len + sizeof (struct ip6_header)));
1118 pkt6->hop_limit = 255;
1119 pkt6->destination_address = dst_address->address.ipv6;
1120 pkt6->source_address = src_address->address.ipv6;
1126 struct udp_packet *pkt6_udp = (struct udp_packet *) &pkt6[1];
1128 memcpy (&pkt6[1], payload, payload_length);
1130 pkt6_udp->spt = htons (src_address->port);
1131 pkt6_udp->dpt = htons (dst_address->port);
1132 pkt6_udp->len = htons ((uint16_t) payload_length);
1135 sum = GNUNET_CRYPTO_crc16_step (sum,
1136 &pkt6->source_address,
1137 sizeof (struct in6_addr) * 2);
1138 uint32_t tmp = htons (len);
1139 sum = GNUNET_CRYPTO_crc16_step (sum, &tmp, sizeof (uint32_t));
1140 tmp = htonl (pkt6->next_header);
1141 sum = GNUNET_CRYPTO_crc16_step (sum, &tmp, sizeof (uint32_t));
1142 sum = GNUNET_CRYPTO_crc16_step (sum, pkt6_udp, len);
1143 pkt6_udp->crc = GNUNET_CRYPTO_crc16_finish (sum);
1148 struct tcp_packet *pkt6_tcp = (struct tcp_packet *) pkt6;
1150 memcpy (pkt6_tcp, payload, payload_length);
1152 pkt6_tcp->spt = htons (src_address->port);
1153 pkt6_tcp->dpt = htons (dst_address->port);
1156 sum = GNUNET_CRYPTO_crc16_step (sum, &pkt6->source_address,
1157 sizeof (struct in6_addr) * 2);
1158 uint32_t tmp = htonl (len);
1159 sum = GNUNET_CRYPTO_crc16_step (sum, &tmp, sizeof (uint32_t));
1160 tmp = htonl (pkt6->next_header);
1161 sum = GNUNET_CRYPTO_crc16_step (sum, &tmp, sizeof (uint32_t));
1162 sum = GNUNET_CRYPTO_crc16_step (sum, pkt6_tcp, len);
1163 pkt6_tcp->crc = GNUNET_CRYPTO_crc16_finish (sum);
1174 * Send a TCP packet via the TUN interface.
1176 * @param destination_address IP and port to use for the TCP packet's destination
1177 * @param source_address IP and port to use for the TCP packet's source
1178 * @param tcp header template to use
1179 * @param payload payload of the TCP packet
1180 * @param payload_length number of bytes in 'payload'
1183 send_tcp_packet_via_tun (const struct SocketAddress *destination_address,
1184 const struct SocketAddress *source_address,
1185 const struct tcp_packet *tcp_header,
1186 const void *payload, size_t payload_length)
1190 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct tun_header);
1191 switch (source_address->af)
1194 len += sizeof (struct ip4_header);
1197 len += sizeof (struct ip6_header);
1203 len += payload_length;
1204 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1211 struct GNUNET_MessageHeader *hdr;
1212 struct tun_header *tun;
1214 hdr= (struct GNUNET_MessageHeader *) buf;
1215 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1216 hdr->size = htons (len);
1217 tun = (struct tun_header*) &hdr[1];
1218 tun->flags = htons (0);
1219 switch (source_address->af)
1223 struct ip4_header * ipv4 = (struct ip4_header*) &tun[1];
1225 tun->proto = htons (ETH_P_IPV4);
1226 prepare_ipv4_packet (payload, payload_length,
1230 destination_address,
1236 struct ip6_header * ipv6 = (struct ip6_header*) &tun[1];
1238 tun->proto = htons (ETH_P_IPV6);
1239 prepare_ipv6_packet (payload, payload_length,
1243 destination_address,
1251 (void) GNUNET_HELPER_send (helper_handle,
1252 (const struct GNUNET_MessageHeader*) buf,
1260 * Process a request via mesh to send a request to a TCP service
1261 * offered by this system.
1263 * @param cls closure, NULL
1264 * @param tunnel connection to the other end
1265 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1266 * @param sender who sent the message
1267 * @param message the actual message
1268 * @param atsi performance data for the connection
1269 * @return GNUNET_OK to keep the connection open,
1270 * GNUNET_SYSERR to close it (signal serious error)
1273 receive_tcp_service (void *unused GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1274 void **tunnel_ctx GNUNET_UNUSED,
1275 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1276 const struct GNUNET_MessageHeader *message,
1277 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1279 struct TunnelState *state = *tunnel_ctx;
1280 const struct GNUNET_EXIT_TcpServiceStartMessage *start;
1281 uint16_t pkt_len = ntohs (message->size);
1283 /* check that we got at least a valid header */
1284 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpServiceStartMessage))
1286 GNUNET_break_op (0);
1287 return GNUNET_SYSERR;
1289 start = (const struct GNUNET_EXIT_TcpServiceStartMessage*) message;
1290 pkt_len -= sizeof (struct GNUNET_EXIT_TcpServiceStartMessage);
1291 if ( (NULL == state) ||
1292 (NULL != state->serv) ||
1293 (NULL != state->heap_node) )
1295 GNUNET_break_op (0);
1296 return GNUNET_SYSERR;
1298 GNUNET_break_op (ntohl (start->reserved) == 0);
1299 /* setup fresh connection */
1300 if (NULL == (state->serv = find_service (tcp_services, &start->service_descriptor,
1301 ntohs (start->tcp_header.dpt))))
1303 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1304 _("No service found for %s on port %d!\n"),
1306 ntohs (start->tcp_header.dpt));
1307 return GNUNET_SYSERR;
1309 state->ri.remote_address = state->serv->address;
1310 setup_state_record (state);
1311 send_tcp_packet_via_tun (&state->ri.remote_address,
1312 &state->ri.local_address,
1314 &start[1], pkt_len);
1320 * Process a request to forward TCP data to the Internet via this peer.
1322 * @param cls closure, NULL
1323 * @param tunnel connection to the other end
1324 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1325 * @param sender who sent the message
1326 * @param message the actual message
1327 * @param atsi performance data for the connection
1328 * @return GNUNET_OK to keep the connection open,
1329 * GNUNET_SYSERR to close it (signal serious error)
1332 receive_tcp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1333 void **tunnel_ctx GNUNET_UNUSED,
1334 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1335 const struct GNUNET_MessageHeader *message,
1336 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1338 struct TunnelState *state = *tunnel_ctx;
1339 const struct GNUNET_EXIT_TcpInternetStartMessage *start;
1340 uint16_t pkt_len = ntohs (message->size);
1341 const struct in_addr *v4;
1342 const struct in6_addr *v6;
1343 const void *payload;
1346 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpInternetStartMessage))
1348 GNUNET_break_op (0);
1349 return GNUNET_SYSERR;
1351 start = (const struct GNUNET_EXIT_TcpInternetStartMessage*) message;
1352 pkt_len -= sizeof (struct GNUNET_EXIT_TcpInternetStartMessage);
1353 if ( (NULL == state) ||
1354 (NULL != state->serv) ||
1355 (NULL != state->heap_node) )
1357 GNUNET_break_op (0);
1358 return GNUNET_SYSERR;
1360 af = (int) ntohl (start->af);
1361 state->ri.remote_address.af = af;
1365 if (pkt_len < sizeof (struct in_addr))
1367 GNUNET_break_op (0);
1368 return GNUNET_SYSERR;
1370 v4 = (const struct in_addr*) &start[1];
1372 pkt_len -= sizeof (struct in_addr);
1373 state->ri.remote_address.address.ipv4 = *v4;
1376 if (pkt_len < sizeof (struct in6_addr))
1378 GNUNET_break_op (0);
1379 return GNUNET_SYSERR;
1381 v6 = (const struct in6_addr*) &start[1];
1383 pkt_len -= sizeof (struct in_addr);
1384 state->ri.remote_address.address.ipv6 = *v6;
1387 GNUNET_break_op (0);
1388 return GNUNET_SYSERR;
1390 state->ri.remote_address.proto = IPPROTO_TCP;
1391 state->ri.remote_address.port = ntohs (start->tcp_header.dpt);
1392 setup_state_record (state);
1393 send_tcp_packet_via_tun (&state->ri.remote_address,
1394 &state->ri.local_address,
1402 * Process a request to forward TCP data on an established
1403 * connection via this peer.
1405 * @param cls closure, NULL
1406 * @param tunnel connection to the other end
1407 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1408 * @param sender who sent the message
1409 * @param message the actual message
1410 * @param atsi performance data for the connection
1411 * @return GNUNET_OK to keep the connection open,
1412 * GNUNET_SYSERR to close it (signal serious error)
1415 receive_tcp_data (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1416 void **tunnel_ctx GNUNET_UNUSED,
1417 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1418 const struct GNUNET_MessageHeader *message,
1419 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1421 struct TunnelState *state = *tunnel_ctx;
1422 const struct GNUNET_EXIT_TcpDataMessage *data;
1423 uint16_t pkt_len = ntohs (message->size);
1425 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpDataMessage))
1427 GNUNET_break_op (0);
1428 return GNUNET_SYSERR;
1430 data = (const struct GNUNET_EXIT_TcpDataMessage*) message;
1431 pkt_len -= sizeof (struct GNUNET_EXIT_TcpDataMessage);
1432 if ( (NULL == state) ||
1433 (NULL == state->heap_node) )
1435 /* connection should have been up! */
1436 GNUNET_break_op (0);
1437 /* FIXME: call statistics */
1438 return GNUNET_SYSERR;
1440 GNUNET_break_op (ntohl (data->reserved) == 0);
1441 send_tcp_packet_via_tun (&state->ri.remote_address,
1442 &state->ri.local_address,
1450 * Send a UDP packet via the TUN interface.
1452 * @param destination_address IP and port to use for the UDP packet's destination
1453 * @param source_address IP and port to use for the UDP packet's source
1454 * @param payload payload of the UDP packet (does NOT include UDP header)
1455 * @param payload_length number of bytes of data in payload
1458 send_udp_packet_via_tun (const struct SocketAddress *destination_address,
1459 const struct SocketAddress *source_address,
1460 const void *payload, size_t payload_length)
1464 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct tun_header);
1465 switch (source_address->af)
1468 len += sizeof (struct ip4_header);
1471 len += sizeof (struct ip6_header);
1477 len += sizeof (struct udp_packet);
1478 len += payload_length;
1479 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1486 struct GNUNET_MessageHeader *hdr;
1487 struct tun_header *tun;
1489 hdr= (struct GNUNET_MessageHeader *) buf;
1490 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1491 hdr->size = htons (len);
1492 tun = (struct tun_header*) &hdr[1];
1493 tun->flags = htons (0);
1494 switch (source_address->af)
1498 struct ip4_header * ipv4 = (struct ip4_header*) &tun[1];
1500 tun->proto = htons (ETH_P_IPV4);
1501 prepare_ipv4_packet (payload, payload_length,
1505 destination_address,
1511 struct ip6_header * ipv6 = (struct ip6_header*) &tun[1];
1513 tun->proto = htons (ETH_P_IPV6);
1514 prepare_ipv6_packet (payload, payload_length,
1518 destination_address,
1526 (void) GNUNET_HELPER_send (helper_handle,
1527 (const struct GNUNET_MessageHeader*) buf,
1535 * Process a request to forward UDP data to the Internet via this peer.
1537 * @param cls closure, NULL
1538 * @param tunnel connection to the other end
1539 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1540 * @param sender who sent the message
1541 * @param message the actual message
1542 * @param atsi performance data for the connection
1543 * @return GNUNET_OK to keep the connection open,
1544 * GNUNET_SYSERR to close it (signal serious error)
1547 receive_udp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1548 void **tunnel_ctx GNUNET_UNUSED,
1549 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1550 const struct GNUNET_MessageHeader *message,
1551 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1553 struct TunnelState *state = *tunnel_ctx;
1554 const struct GNUNET_EXIT_UdpInternetMessage *msg;
1555 uint16_t pkt_len = ntohs (message->size);
1556 const struct in_addr *v4;
1557 const struct in6_addr *v6;
1558 const void *payload;
1561 if (pkt_len < sizeof (struct GNUNET_EXIT_UdpInternetMessage))
1563 GNUNET_break_op (0);
1564 return GNUNET_SYSERR;
1566 msg = (const struct GNUNET_EXIT_UdpInternetMessage*) message;
1567 pkt_len -= sizeof (struct GNUNET_EXIT_UdpInternetMessage);
1568 af = (int) ntohl (msg->af);
1569 state->ri.remote_address.af = af;
1573 if (pkt_len < sizeof (struct in_addr))
1575 GNUNET_break_op (0);
1576 return GNUNET_SYSERR;
1578 v4 = (const struct in_addr*) &msg[1];
1580 pkt_len -= sizeof (struct in_addr);
1581 state->ri.remote_address.address.ipv4 = *v4;
1584 if (pkt_len < sizeof (struct in6_addr))
1586 GNUNET_break_op (0);
1587 return GNUNET_SYSERR;
1589 v6 = (const struct in6_addr*) &msg[1];
1591 pkt_len -= sizeof (struct in_addr);
1592 state->ri.remote_address.address.ipv6 = *v6;
1595 GNUNET_break_op (0);
1596 return GNUNET_SYSERR;
1598 state->ri.remote_address.proto = IPPROTO_UDP;
1599 state->ri.remote_address.port = msg->destination_port;
1600 if (NULL == state->heap_node)
1601 setup_state_record (state);
1602 if (0 != ntohs (msg->source_port))
1603 state->ri.local_address.port = msg->source_port;
1604 send_udp_packet_via_tun (&state->ri.remote_address,
1605 &state->ri.local_address,
1612 * Process a request via mesh to send a request to a UDP service
1613 * offered by this system.
1615 * @param cls closure, NULL
1616 * @param tunnel connection to the other end
1617 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1618 * @param sender who sent the message
1619 * @param message the actual message
1620 * @param atsi performance data for the connection
1621 * @return GNUNET_OK to keep the connection open,
1622 * GNUNET_SYSERR to close it (signal serious error)
1625 receive_udp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1627 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1628 const struct GNUNET_MessageHeader *message,
1629 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1631 struct TunnelState *state = *tunnel_ctx;
1632 const struct GNUNET_EXIT_UdpServiceMessage *msg;
1633 uint16_t pkt_len = ntohs (message->size);
1635 /* check that we got at least a valid header */
1636 if (pkt_len < sizeof (struct GNUNET_EXIT_UdpServiceMessage))
1638 GNUNET_break_op (0);
1639 return GNUNET_SYSERR;
1641 msg = (const struct GNUNET_EXIT_UdpServiceMessage*) message;
1642 pkt_len -= sizeof (struct GNUNET_EXIT_UdpServiceMessage);
1644 if (NULL == (state->serv = find_service (udp_services, &msg->service_descriptor,
1645 ntohs (msg->destination_port))))
1647 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1648 _("No service found for %s on port %d!\n"),
1650 ntohs (msg->destination_port));
1651 return GNUNET_SYSERR;
1653 state->ri.remote_address = state->serv->address;
1654 setup_state_record (state);
1655 if (0 != ntohs (msg->source_port))
1656 state->ri.local_address.port = msg->source_port;
1657 send_udp_packet_via_tun (&state->ri.remote_address,
1658 &state->ri.local_address,
1665 * Callback from GNUNET_MESH for new tunnels.
1667 * @param cls closure
1668 * @param tunnel new handle to the tunnel
1669 * @param initiator peer that started the tunnel
1670 * @param atsi performance information for the tunnel
1671 * @return initial tunnel context for the tunnel
1674 new_tunnel (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1675 const struct GNUNET_PeerIdentity *initiator GNUNET_UNUSED,
1676 const struct GNUNET_ATS_Information *ats GNUNET_UNUSED)
1678 struct TunnelState *s = GNUNET_malloc (sizeof (struct TunnelState));
1686 * Function called by mesh whenever an inbound tunnel is destroyed.
1687 * Should clean up any associated state.
1689 * @param cls closure (set from GNUNET_MESH_connect)
1690 * @param tunnel connection to the other end (henceforth invalid)
1691 * @param tunnel_ctx place where local state associated
1692 * with the tunnel is stored
1695 clean_tunnel (void *cls GNUNET_UNUSED, const struct GNUNET_MESH_Tunnel *tunnel,
1698 struct TunnelState *s = tunnel_ctx;
1699 struct TunnelMessageQueue *tnq;
1701 while (NULL != (tnq = s->head))
1703 GNUNET_CONTAINER_DLL_remove (s->head,
1708 if (s->heap_node != NULL)
1710 GNUNET_assert (GNUNET_YES ==
1711 GNUNET_CONTAINER_multihashmap_remove (connections_map,
1714 GNUNET_CONTAINER_heap_remove_node (s->heap_node);
1715 s->heap_node = NULL;
1719 GNUNET_MESH_notify_transmit_ready_cancel (s->th);
1727 * Function that frees everything from a hashmap
1731 * @param value value to free
1734 free_iterate (void *cls GNUNET_UNUSED,
1735 const GNUNET_HashCode * hash GNUNET_UNUSED, void *value)
1737 GNUNET_free (value);
1743 * Function scheduled as very last function, cleans up after us
1746 cleanup (void *cls GNUNET_UNUSED,
1747 const struct GNUNET_SCHEDULER_TaskContext *tskctx)
1751 if (helper_handle != NULL)
1753 GNUNET_HELPER_stop (helper_handle);
1754 helper_handle = NULL;
1756 if (mesh_handle != NULL)
1758 GNUNET_MESH_disconnect (mesh_handle);
1761 if (NULL != connections_map)
1763 GNUNET_CONTAINER_multihashmap_iterate (connections_map, &free_iterate, NULL);
1764 GNUNET_CONTAINER_multihashmap_destroy (connections_map);
1765 connections_map = NULL;
1767 if (NULL != connections_heap)
1769 GNUNET_CONTAINER_heap_destroy (connections_heap);
1770 connections_heap = NULL;
1772 if (NULL != tcp_services)
1774 GNUNET_CONTAINER_multihashmap_iterate (tcp_services, &free_service_record, NULL);
1775 GNUNET_CONTAINER_multihashmap_destroy (tcp_services);
1776 tcp_services = NULL;
1778 if (NULL != udp_services)
1780 GNUNET_CONTAINER_multihashmap_iterate (udp_services, &free_service_record, NULL);
1781 GNUNET_CONTAINER_multihashmap_destroy (udp_services);
1782 udp_services = NULL;
1785 GNUNET_free_non_null (exit_argv[i]);
1790 * Add services to the service map.
1792 * @param proto IPPROTO_TCP or IPPROTO_UDP
1793 * @param cpy copy of the service descriptor (can be mutilated)
1794 * @param name DNS name of the service
1797 add_services (int proto,
1804 struct LocalService *serv;
1806 for (redirect = strtok (cpy, " "); redirect != NULL;
1807 redirect = strtok (NULL, " "))
1809 if (NULL == (hostname = strstr (redirect, ":")))
1811 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1812 "option `%s' for domain `%s' is not formatted correctly!\n",
1819 if (NULL == (hostport = strstr (hostname, ":")))
1821 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1822 "option `%s' for domain `%s' is not formatted correctly!\n",
1830 int local_port = atoi (redirect);
1831 int remote_port = atoi (hostport);
1833 if (!((local_port > 0) && (local_port < 65536)))
1835 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1836 "`%s' is not a valid port number (for domain `%s')!", redirect,
1840 if (!((remote_port > 0) && (remote_port < 65536)))
1842 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1843 "`%s' is not a valid port number (for domain `%s')!", hostport,
1848 serv = GNUNET_malloc (sizeof (struct LocalService));
1849 serv->my_port = (uint16_t) local_port;
1850 serv->address.port = remote_port;
1851 if (0 == strcmp ("localhost4", hostname))
1853 const char *ip4addr = exit_argv[4];
1855 serv->address.af = AF_INET;
1856 GNUNET_assert (1 != inet_pton (AF_INET, ip4addr, &serv->address.address.ipv4));
1858 else if (0 == strcmp ("localhost6", hostname))
1860 const char *ip6addr = exit_argv[2];
1862 serv->address.af = AF_INET6;
1863 GNUNET_assert (1 == inet_pton (AF_INET6, ip6addr, &serv->address.address.ipv6));
1867 struct addrinfo *res;
1870 ret = getaddrinfo (hostname, NULL, NULL, &res);
1871 if ( (ret != 0) || (res == NULL) )
1873 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1874 _("No addresses found for hostname `%s' of service `%s'!\n"),
1881 serv->address.af = res->ai_family;
1882 switch (res->ai_family)
1885 serv->address.address.ipv4 = ((struct sockaddr_in *) res->ai_addr)->sin_addr;
1888 serv->address.address.ipv6 = ((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
1892 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1893 _("No IP addresses found for hostname `%s' of service `%s'!\n"),
1901 store_service ((IPPROTO_UDP == proto) ? udp_services : tcp_services,
1910 * Reads the configuration servicecfg and populates udp_services
1913 * @param section name of section in config, equal to hostname
1916 read_service_conf (void *cls GNUNET_UNUSED, const char *section)
1920 if ((strlen (section) < 8) ||
1921 (0 != strcmp (".gnunet.", section + (strlen (section) - 8))))
1924 GNUNET_CONFIGURATION_get_value_string (cfg, section, "UDP_REDIRECTS",
1927 add_services (IPPROTO_UDP, cpy, section);
1931 GNUNET_CONFIGURATION_get_value_string (cfg, section, "TCP_REDIRECTS",
1934 add_services (IPPROTO_TCP, cpy, section);
1941 * @brief Main function that will be run by the scheduler.
1943 * @param cls closure
1944 * @param args remaining command-line arguments
1945 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
1946 * @param cfg_ configuration
1949 run (void *cls, char *const *args GNUNET_UNUSED,
1950 const char *cfgfile GNUNET_UNUSED,
1951 const struct GNUNET_CONFIGURATION_Handle *cfg_)
1953 static struct GNUNET_MESH_MessageHandler handlers[] = {
1954 {&receive_udp_service, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_SERVICE, 0},
1955 {&receive_udp_remote, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_INTERNET, 0},
1956 {&receive_tcp_service, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_SERVICE_START, 0},
1957 {&receive_tcp_remote, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_INTERNET_START, 0},
1958 {&receive_tcp_data, GNUNET_MESSAGE_TYPE_VPN_TCP_DATA, 0},
1962 static GNUNET_MESH_ApplicationType apptypes[] = {
1963 GNUNET_APPLICATION_TYPE_END,
1964 GNUNET_APPLICATION_TYPE_END,
1965 GNUNET_APPLICATION_TYPE_END
1967 unsigned int app_idx;
1978 ipv4_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV4");
1979 ipv6_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV6");
1980 ipv4_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV4");
1981 ipv6_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV6");
1982 if (ipv4_exit && (! ipv4_enabled))
1984 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1985 _("Cannot enable IPv4 exit but disable IPv4 on TUN interface, will use ENABLE_IPv4=YES\n"));
1986 ipv4_enabled = GNUNET_YES;
1988 if (ipv6_exit && (! ipv6_enabled))
1990 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1991 _("Cannot enable IPv6 exit but disable IPv6 on TUN interface, will use ENABLE_IPv6=YES\n"));
1992 ipv6_enabled = GNUNET_YES;
1994 if (! (ipv4_enabled || ipv6_enabled))
1996 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1997 _("No useful service enabled. Exiting.\n"));
1998 GNUNET_SCHEDULER_shutdown ();
2002 if (GNUNET_YES == ipv4_exit)
2004 apptypes[app_idx] = GNUNET_APPLICATION_TYPE_IPV4_GATEWAY;
2007 if (GNUNET_YES == ipv6_exit)
2009 apptypes[app_idx] = GNUNET_APPLICATION_TYPE_IPV6_GATEWAY;
2013 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &cleanup, cls);
2016 GNUNET_CONFIGURATION_get_value_number (cfg, "exit", "MAX_CONNECTIONS",
2018 max_connections = 1024;
2019 exit_argv[0] = GNUNET_strdup ("exit-gnunet");
2020 if (GNUNET_SYSERR ==
2021 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "TUN_IFNAME", &tun_ifname))
2023 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2024 "No entry 'TUN_IFNAME' in configuration!\n");
2025 GNUNET_SCHEDULER_shutdown ();
2028 exit_argv[1] = tun_ifname;
2031 if (GNUNET_SYSERR ==
2032 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "EXIT_IFNAME", &exit_ifname))
2034 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2035 "No entry 'EXIT_IFNAME' in configuration!\n");
2036 GNUNET_SCHEDULER_shutdown ();
2039 exit_argv[2] = exit_ifname;
2043 exit_argv[2] = GNUNET_strdup ("%");
2045 if (GNUNET_YES == ipv6_enabled)
2047 if ( (GNUNET_SYSERR ==
2048 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6ADDR",
2050 (1 != inet_pton (AF_INET6, ipv6addr, &v6))) )
2052 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2053 "No valid entry 'IPV6ADDR' in configuration!\n");
2054 GNUNET_SCHEDULER_shutdown ();
2057 exit_argv[3] = ipv6addr;
2058 if (GNUNET_SYSERR ==
2059 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6PREFIX",
2062 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2063 "No entry 'IPV6PREFIX' in configuration!\n");
2064 GNUNET_SCHEDULER_shutdown ();
2067 exit_argv[4] = ipv6prefix_s;
2069 GNUNET_CONFIGURATION_get_value_number (cfg, "exit",
2072 (ipv6prefix >= 127) )
2074 GNUNET_SCHEDULER_shutdown ();
2080 /* IPv6 explicitly disabled */
2081 exit_argv[3] = GNUNET_strdup ("-");
2082 exit_argv[4] = GNUNET_strdup ("-");
2084 if (GNUNET_YES == ipv4_enabled)
2086 if ( (GNUNET_SYSERR ==
2087 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4ADDR",
2089 (1 != inet_pton (AF_INET, ipv4addr, &v4))) )
2091 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2092 "No valid entry for 'IPV4ADDR' in configuration!\n");
2093 GNUNET_SCHEDULER_shutdown ();
2096 exit_argv[5] = ipv4addr;
2097 if ( (GNUNET_SYSERR ==
2098 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4MASK",
2100 (1 != inet_pton (AF_INET, ipv4mask, &v4))) )
2102 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2103 "No valid entry 'IPV4MASK' in configuration!\n");
2104 GNUNET_SCHEDULER_shutdown ();
2107 exit_argv[6] = ipv4mask;
2111 /* IPv4 explicitly disabled */
2112 exit_argv[5] = GNUNET_strdup ("-");
2113 exit_argv[6] = GNUNET_strdup ("-");
2115 exit_argv[7] = NULL;
2117 udp_services = GNUNET_CONTAINER_multihashmap_create (65536);
2118 tcp_services = GNUNET_CONTAINER_multihashmap_create (65536);
2119 GNUNET_CONFIGURATION_iterate_sections (cfg, &read_service_conf, NULL);
2121 connections_map = GNUNET_CONTAINER_multihashmap_create (65536);
2122 connections_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
2124 = GNUNET_MESH_connect (cfg, 42 /* queue size */, NULL,
2126 &clean_tunnel, handlers,
2128 if (NULL == mesh_handle)
2130 GNUNET_SCHEDULER_shutdown ();
2133 helper_handle = GNUNET_HELPER_start ("gnunet-helper-exit",
2135 &message_token, NULL);
2142 * @param argc number of arguments from the command line
2143 * @param argv command line arguments
2144 * @return 0 ok, 1 on error
2147 main (int argc, char *const *argv)
2149 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
2150 GNUNET_GETOPT_OPTION_END
2153 return (GNUNET_OK ==
2154 GNUNET_PROGRAM_run (argc, argv, "gnunet-daemon-exit",
2156 ("Daemon to run to provide an IP exit node for the VPN"),
2157 options, &run, NULL)) ? 0 : 1;
2161 /* end of gnunet-daemon-exit.c */
projects / oweals / gnunet.git / blob