2 This file is part of GNUnet.
3 (C) 2010, 2012 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file exit/gnunet-daemon-exit.c
23 * @brief tool to allow IP traffic exit from the GNUnet mesh to the Internet
24 * @author Philipp Toelke
25 * @author Christian Grothoff
31 * - which code should advertise services? the service model is right
32 * now a bit odd, especially as this code DOES the exit and knows
33 * the DNS "name", but OTOH this is clearly NOT the place to advertise
34 * the service's existence; maybe the daemon should turn into a
35 * service with an API to add local-exit services dynamically?
38 #include "gnunet_util_lib.h"
39 #include "gnunet_protocols.h"
40 #include "gnunet_applications.h"
41 #include "gnunet_mesh_service.h"
42 #include "gnunet_statistics_service.h"
43 #include "gnunet_constants.h"
44 #include "gnunet_tun_lib.h"
48 * Information about an address.
53 * AF_INET or AF_INET6.
58 * Remote address information.
63 * Address, if af is AF_INET.
68 * Address, if af is AF_INET6.
74 * IPPROTO_TCP or IPPROTO_UDP;
79 * Remote port, in host byte order!
86 * This struct is saved into the services-hashmap to represent
87 * a service this peer is specifically offering an exit for
88 * (for a specific domain name).
94 * Remote address to use for the service.
96 struct SocketAddress address;
99 * DNS name of the service.
104 * Port I am listening on within GNUnet for this service, in host
105 * byte order. (as we may redirect ports).
112 * Information we use to track a connection (the classical 6-tuple of
113 * IP-version, protocol, source-IP, destination-IP, source-port and
116 struct RedirectInformation
120 * Address information for the other party (equivalent of the
121 * arguments one would give to "connect").
123 struct SocketAddress remote_address;
126 * Address information we used locally (AF and proto must match
127 * "remote_address"). Equivalent of the arguments one would give to
130 struct SocketAddress local_address;
133 Note 1: additional information might be added here in the
134 future to support protocols that require special handling,
137 Note 2: we might also sometimes not match on all components
138 of the tuple, to support protocols where things do not always
145 * Queue of messages to a tunnel.
147 struct TunnelMessageQueue
150 * This is a doubly-linked list.
152 struct TunnelMessageQueue *next;
155 * This is a doubly-linked list.
157 struct TunnelMessageQueue *prev;
160 * Payload to send via the tunnel.
165 * Number of bytes in 'payload'.
172 * This struct is saved into connections_map to allow finding the
173 * right tunnel given an IP packet from TUN. It is also associated
174 * with the tunnel's closure so we can find it again for the next
175 * message from the tunnel.
180 * Mesh tunnel that is used for this connection.
182 struct GNUNET_MESH_Tunnel *tunnel;
185 * Heap node for this state in the connections_heap.
187 struct GNUNET_CONTAINER_HeapNode *heap_node;
190 * Key this state has in the connections_map.
192 GNUNET_HashCode state_key;
195 * Associated service record, or NULL for no service.
197 struct LocalService *serv;
200 * Head of DLL of messages for this tunnel.
202 struct TunnelMessageQueue *head;
205 * Tail of DLL of messages for this tunnel.
207 struct TunnelMessageQueue *tail;
210 * Active tunnel transmission request (or NULL).
212 struct GNUNET_MESH_TransmitHandle *th;
215 * Primary redirection information for this connection.
217 struct RedirectInformation ri;
223 * The handle to the configuration used throughout the process
225 static const struct GNUNET_CONFIGURATION_Handle *cfg;
228 * The handle to the helper
230 static struct GNUNET_HELPER_Handle *helper_handle;
233 * Arguments to the exit helper.
235 static char *exit_argv[7];
238 * IPv6 address of our TUN interface.
240 static struct in6_addr exit_ipv6addr;
243 * IPv6 prefix (0..127) from configuration file.
245 static unsigned long long ipv6prefix;
248 * IPv4 address of our TUN interface.
250 static struct in_addr exit_ipv4addr;
253 * IPv4 netmask of our TUN interface.
255 static struct in_addr exit_ipv4mask;
261 static struct GNUNET_STATISTICS_Handle *stats;
266 static struct GNUNET_MESH_Handle *mesh_handle;
269 * This hashmaps contains the mapping from peer, service-descriptor,
270 * source-port and destination-port to a struct TunnelState
272 static struct GNUNET_CONTAINER_MultiHashMap *connections_map;
275 * Heap so we can quickly find "old" connections.
277 static struct GNUNET_CONTAINER_Heap *connections_heap;
280 * If there are at least this many connections, old ones will be removed
282 static long long unsigned int max_connections;
285 * This hashmaps saves interesting things about the configured UDP services
287 static struct GNUNET_CONTAINER_MultiHashMap *udp_services;
290 * This hashmaps saves interesting things about the configured TCP services
292 static struct GNUNET_CONTAINER_MultiHashMap *tcp_services;
295 * Are we an IPv4-exit?
297 static int ipv4_exit;
300 * Are we an IPv6-exit?
302 static int ipv6_exit;
305 * Do we support IPv4 at all on the TUN interface?
307 static int ipv4_enabled;
310 * Do we support IPv6 at all on the TUN interface?
312 static int ipv6_enabled;
316 * Given IP information about a connection, calculate the respective
317 * hash we would use for the 'connections_map'.
319 * @param hash resulting hash
320 * @param ri information about the connection
323 hash_redirect_info (GNUNET_HashCode *hash,
324 const struct RedirectInformation *ri)
328 memset (hash, 0, sizeof (GNUNET_HashCode));
329 /* the GNUnet hashmap only uses the first sizeof(unsigned int) of the hash,
330 so we put the IP address in there (and hope for few collisions) */
332 switch (ri->remote_address.af)
335 memcpy (off, &ri->remote_address.address.ipv4, sizeof (struct in_addr));
336 off += sizeof (struct in_addr);
339 memcpy (off, &ri->remote_address.address.ipv6, sizeof (struct in6_addr));
340 off += sizeof (struct in_addr);
345 memcpy (off, &ri->remote_address.port, sizeof (uint16_t));
346 off += sizeof (uint16_t);
347 switch (ri->local_address.af)
350 memcpy (off, &ri->local_address.address.ipv4, sizeof (struct in_addr));
351 off += sizeof (struct in_addr);
354 memcpy (off, &ri->local_address.address.ipv6, sizeof (struct in6_addr));
355 off += sizeof (struct in_addr);
360 memcpy (off, &ri->local_address.port, sizeof (uint16_t));
361 off += sizeof (uint16_t);
362 memcpy (off, &ri->remote_address.proto, sizeof (uint8_t));
363 off += sizeof (uint8_t);
368 * Get our connection tracking state. Warns if it does not exists,
369 * refreshes the timestamp if it does exist.
371 * @param af address family
372 * @param protocol IPPROTO_UDP or IPPROTO_TCP
373 * @param destination_ip target IP
374 * @param destination_port target port
375 * @param local_ip local IP
376 * @param local_port local port
377 * @param state_key set to hash's state if non-NULL
378 * @return NULL if we have no tracking information for this tuple
380 static struct TunnelState *
381 get_redirect_state (int af,
383 const void *destination_ip,
384 uint16_t destination_port,
385 const void *local_ip,
387 GNUNET_HashCode *state_key)
389 struct RedirectInformation ri;
391 struct TunnelState *state;
393 ri.remote_address.af = af;
395 ri.remote_address.address.ipv4 = *((struct in_addr*) destination_ip);
397 ri.remote_address.address.ipv6 = * ((struct in6_addr*) destination_ip);
398 ri.remote_address.port = destination_port;
399 ri.remote_address.proto = protocol;
400 ri.local_address.af = af;
402 ri.local_address.address.ipv4 = *((struct in_addr*) local_ip);
404 ri.local_address.address.ipv6 = * ((struct in6_addr*) local_ip);
405 ri.local_address.port = local_port;
406 ri.local_address.proto = protocol;
407 hash_redirect_info (&key, &ri);
408 if (NULL != state_key)
410 state = GNUNET_CONTAINER_multihashmap_get (connections_map, &key);
413 /* Mark this connection as freshly used */
414 if (NULL == state_key)
415 GNUNET_CONTAINER_heap_update_cost (connections_heap,
417 GNUNET_TIME_absolute_get ().abs_value);
423 * Given a service descriptor and a destination port, find the
424 * respective service entry.
426 * @param service_map map of services (TCP or UDP)
427 * @param desc service descriptor
428 * @param dpt destination port
429 * @return NULL if we are not aware of such a service
431 static struct LocalService *
432 find_service (struct GNUNET_CONTAINER_MultiHashMap *service_map,
433 const GNUNET_HashCode *desc,
436 char key[sizeof (GNUNET_HashCode) + sizeof (uint16_t)];
438 memcpy (&key[0], &dpt, sizeof (uint16_t));
439 memcpy (&key[sizeof(uint16_t)], desc, sizeof (GNUNET_HashCode));
440 return GNUNET_CONTAINER_multihashmap_get (service_map,
441 (GNUNET_HashCode *) key);
446 * Free memory associated with a service record.
449 * @param key service descriptor
450 * @param value service record to free
454 free_service_record (void *cls,
455 const GNUNET_HashCode *key,
458 struct LocalService *service = value;
460 GNUNET_free_non_null (service->name);
461 GNUNET_free (service);
467 * Given a service descriptor and a destination port, find the
468 * respective service entry.
470 * @param service_map map of services (TCP or UDP)
471 * @param name name of the service
472 * @param dpt destination port
473 * @param service service information record to store (service->name will be set).
476 store_service (struct GNUNET_CONTAINER_MultiHashMap *service_map,
479 struct LocalService *service)
481 char key[sizeof (GNUNET_HashCode) + sizeof (uint16_t)];
482 GNUNET_HashCode desc;
484 GNUNET_CRYPTO_hash (name, strlen (name) + 1, &desc);
485 service->name = GNUNET_strdup (name);
486 memcpy (&key[0], &dpt, sizeof (uint16_t));
487 memcpy (&key[sizeof(uint16_t)], &desc, sizeof (GNUNET_HashCode));
489 GNUNET_CONTAINER_multihashmap_put (service_map,
490 (GNUNET_HashCode *) key,
492 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
494 free_service_record (NULL, (GNUNET_HashCode *) key, service);
495 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
496 _("Got duplicate service records for `%s:%u'\n"),
504 * MESH is ready to receive a message for the tunnel. Transmit it.
506 * @param cls the 'struct TunnelState'.
507 * @param size number of bytes available in buf
508 * @param buf where to copy the message
509 * @return number of bytes copied to buf
512 send_to_peer_notify_callback (void *cls, size_t size, void *buf)
514 struct TunnelState *s = cls;
515 struct GNUNET_MESH_Tunnel *tunnel = s->tunnel;
516 struct TunnelMessageQueue *tnq;
520 GNUNET_assert (size >= tnq->len);
521 memcpy (buf, tnq->payload, tnq->len);
523 GNUNET_CONTAINER_DLL_remove (s->head,
527 if (NULL != (tnq = s->head))
528 s->th = GNUNET_MESH_notify_transmit_ready (tunnel,
529 GNUNET_NO /* corking */,
531 GNUNET_TIME_UNIT_FOREVER_REL,
534 &send_to_peer_notify_callback,
536 GNUNET_STATISTICS_update (stats,
537 gettext_noop ("# Bytes transmitted via mesh tunnels"),
544 * Send the given packet via the mesh tunnel.
546 * @param mesh_tunnel destination
547 * @param payload message to transmit
548 * @param payload_length number of bytes in payload
549 * @param desc descriptor to add before payload (optional)
550 * @param mtype message type to use
553 send_packet_to_mesh_tunnel (struct GNUNET_MESH_Tunnel *mesh_tunnel,
555 size_t payload_length,
556 const GNUNET_HashCode *desc,
559 struct TunnelState *s;
560 struct TunnelMessageQueue *tnq;
561 struct GNUNET_MessageHeader *msg;
565 len = sizeof (struct GNUNET_MessageHeader) + sizeof (GNUNET_HashCode) + payload_length;
566 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
571 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueue) + len);
572 tnq->payload = &tnq[1];
574 msg = (struct GNUNET_MessageHeader *) &tnq[1];
575 msg->size = htons ((uint16_t) len);
576 msg->type = htons (mtype);
579 dp = (GNUNET_HashCode *) &msg[1];
581 memcpy (&dp[1], payload, payload_length);
585 memcpy (&msg[1], payload, payload_length);
587 s = GNUNET_MESH_tunnel_get_data (mesh_tunnel);
588 GNUNET_assert (NULL != s);
589 GNUNET_CONTAINER_DLL_insert_tail (s->head, s->tail, tnq);
591 s->th = GNUNET_MESH_notify_transmit_ready (mesh_tunnel, GNUNET_NO /* cork */, 0 /* priority */,
592 GNUNET_TIME_UNIT_FOREVER_REL,
594 &send_to_peer_notify_callback,
600 * @brief Handles an UDP packet received from the helper.
602 * @param udp A pointer to the Packet
603 * @param pktlen number of bytes in 'udp'
604 * @param af address family (AFINET or AF_INET6)
605 * @param destination_ip destination IP-address of the IP packet (should
606 * be our local address)
607 * @param source_ip original source IP-address of the IP packet (should
608 * be the original destination address)
611 udp_from_helper (const struct GNUNET_TUN_UdpHeader *udp,
614 const void *destination_ip,
615 const void *source_ip)
617 struct TunnelState *state;
620 char sbuf[INET6_ADDRSTRLEN];
621 char dbuf[INET6_ADDRSTRLEN];
622 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
623 "Received UDP packet going from %s:%u to %s:%u\n",
626 sbuf, sizeof (sbuf)),
627 (unsigned int) ntohs (udp->spt),
630 dbuf, sizeof (dbuf)),
631 (unsigned int) ntohs (udp->dpt));
633 if (pktlen < sizeof (struct GNUNET_TUN_UdpHeader))
639 if (pktlen != ntohs (udp->len))
645 state = get_redirect_state (af, IPPROTO_UDP,
653 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
654 _("Packet dropped, have no matching connection information\n"));
657 send_packet_to_mesh_tunnel (state->tunnel,
658 &udp[1], pktlen - sizeof (struct GNUNET_TUN_UdpHeader),
660 GNUNET_MESSAGE_TYPE_VPN_UDP_REPLY);
665 * @brief Handles a TCP packet received from the helper.
667 * @param tcp A pointer to the Packet
668 * @param pktlen the length of the packet, including its header
669 * @param af address family (AFINET or AF_INET6)
670 * @param destination_ip destination IP-address of the IP packet (should
671 * be our local address)
672 * @param source_ip original source IP-address of the IP packet (should
673 * be the original destination address)
676 tcp_from_helper (const struct GNUNET_TUN_TcpHeader *tcp,
679 const void *destination_ip,
680 const void *source_ip)
682 struct TunnelState *state;
684 struct GNUNET_TUN_TcpHeader *mtcp;
687 char sbuf[INET6_ADDRSTRLEN];
688 char dbuf[INET6_ADDRSTRLEN];
689 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
690 "Received TCP packet going from %s:%u to %s:%u\n",
693 sbuf, sizeof (sbuf)),
694 (unsigned int) ntohs (tcp->spt),
697 dbuf, sizeof (dbuf)),
698 (unsigned int) ntohs (tcp->dpt));
700 if (pktlen < sizeof (struct GNUNET_TUN_TcpHeader))
706 state = get_redirect_state (af, IPPROTO_TCP,
714 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
715 _("Packet dropped, have no matching connection information\n"));
719 /* mug port numbers and crc to avoid information leakage;
720 sender will need to lookup the correct values anyway */
721 memcpy (buf, tcp, pktlen);
722 mtcp = (struct GNUNET_TUN_TcpHeader *) buf;
726 send_packet_to_mesh_tunnel (state->tunnel,
729 GNUNET_MESSAGE_TYPE_VPN_TCP_DATA);
734 * Receive packets from the helper-process
737 * @param client unsued
738 * @param message message received from helper
741 message_token (void *cls GNUNET_UNUSED, void *client GNUNET_UNUSED,
742 const struct GNUNET_MessageHeader *message)
744 const struct GNUNET_TUN_Layer2PacketHeader *pkt_tun;
747 GNUNET_STATISTICS_update (stats,
748 gettext_noop ("# Packets received from TUN"),
750 if (ntohs (message->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER)
755 size = ntohs (message->size);
756 if (size < sizeof (struct GNUNET_TUN_Layer2PacketHeader) + sizeof (struct GNUNET_MessageHeader))
761 GNUNET_STATISTICS_update (stats,
762 gettext_noop ("# Bytes received from TUN"),
764 pkt_tun = (const struct GNUNET_TUN_Layer2PacketHeader *) &message[1];
765 size -= sizeof (struct GNUNET_TUN_Layer2PacketHeader) + sizeof (struct GNUNET_MessageHeader);
766 switch (ntohs (pkt_tun->proto))
770 const struct GNUNET_TUN_IPv6Header *pkt6;
772 if (size < sizeof (struct GNUNET_TUN_IPv6Header))
774 /* Kernel to blame? */
778 pkt6 = (struct GNUNET_TUN_IPv6Header *) &pkt_tun[1];
779 if (size != ntohs (pkt6->payload_length))
781 /* Kernel to blame? */
785 size -= sizeof (struct GNUNET_TUN_IPv6Header);
786 switch (pkt6->next_header)
789 udp_from_helper ((const struct GNUNET_TUN_UdpHeader *) &pkt6[1], size,
791 &pkt6->destination_address,
792 &pkt6->source_address);
795 tcp_from_helper ((const struct GNUNET_TUN_TcpHeader *) &pkt6[1], size,
797 &pkt6->destination_address,
798 &pkt6->source_address);
801 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
802 _("IPv6 packet with unsupported next header received. Ignored.\n"));
809 const struct GNUNET_TUN_IPv4Header *pkt4;
811 if (size < sizeof (struct GNUNET_TUN_IPv4Header))
813 /* Kernel to blame? */
817 pkt4 = (const struct GNUNET_TUN_IPv4Header *) &pkt_tun[1];
818 if (size != ntohs (pkt4->total_length))
820 /* Kernel to blame? */
824 if (pkt4->header_length * 4 != sizeof (struct GNUNET_TUN_IPv4Header))
826 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
827 _("IPv4 packet options received. Ignored.\n"));
830 size -= sizeof (struct GNUNET_TUN_IPv4Header);
831 switch (pkt4->protocol)
834 udp_from_helper ((const struct GNUNET_TUN_UdpHeader *) &pkt4[1], size,
836 &pkt4->destination_address,
837 &pkt4->source_address);
839 tcp_from_helper ((const struct GNUNET_TUN_TcpHeader *) &pkt4[1], size,
841 &pkt4->destination_address,
842 &pkt4->source_address);
845 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
846 _("IPv4 packet with unsupported next header received. Ignored.\n"));
852 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
853 _("Packet from unknown protocol %u received. Ignored.\n"),
854 ntohs (pkt_tun->proto));
861 * We need to create a (unique) fresh local address (IP+port).
864 * @param af desired address family
865 * @param proto desired protocol (IPPROTO_UDP or IPPROTO_TCP)
866 * @param local_address address to initialize
869 setup_fresh_address (int af,
871 struct SocketAddress *local_address)
873 local_address->af = af;
874 local_address->proto = (uint8_t) proto;
875 /* default "local" port range is often 32768--61000,
876 so we pick a random value in that range */
878 = (uint16_t) 32768 + GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
888 addr = exit_ipv4addr;
889 mask = exit_ipv4mask;
890 if (0 == ~mask.s_addr)
892 /* only one valid IP anyway */
893 local_address->address.ipv4 = addr;
896 /* Given 192.168.0.1/255.255.0.0, we want a mask
897 of '192.168.255.255', thus: */
898 mask.s_addr = addr.s_addr | ~mask.s_addr;
899 /* Pick random IPv4 address within the subnet, except 'addr' or 'mask' itself */
902 rnd.s_addr = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
904 local_address->address.ipv4.s_addr = (addr.s_addr | rnd.s_addr) & mask.s_addr;
906 while ( (local_address->address.ipv4.s_addr == addr.s_addr) ||
907 (local_address->address.ipv4.s_addr == mask.s_addr) );
912 struct in6_addr addr;
913 struct in6_addr mask;
917 addr = exit_ipv6addr;
918 GNUNET_assert (ipv6prefix < 128);
919 if (ipv6prefix == 127)
921 /* only one valid IP anyway */
922 local_address->address.ipv6 = addr;
925 /* Given ABCD::/96, we want a mask of 'ABCD::FFFF:FFFF,
928 for (i=127;i>=128-ipv6prefix;i--)
929 mask.s6_addr[i / 8] |= (1 << (i % 8));
931 /* Pick random IPv6 address within the subnet, except 'addr' or 'mask' itself */
936 rnd.s6_addr[i] = (unsigned char) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
938 local_address->address.ipv6.s6_addr[i]
939 = (addr.s6_addr[i] | rnd.s6_addr[i]) & mask.s6_addr[i];
942 while ( (0 == memcmp (&local_address->address.ipv6,
944 sizeof (struct in6_addr))) ||
945 (0 == memcmp (&local_address->address.ipv6,
947 sizeof (struct in6_addr))) );
957 * We are starting a fresh connection (TCP or UDP) and need
958 * to pick a source port and IP address (within the correct
959 * range and address family) to associate replies with the
960 * connection / correct mesh tunnel. This function generates
961 * a "fresh" source IP and source port number for a connection
962 * After picking a good source address, this function sets up
963 * the state in the 'connections_map' and 'connections_heap'
964 * to allow finding the state when needed later. The function
965 * also makes sure that we remain within memory limits by
966 * cleaning up 'old' states.
968 * @param state skeleton state to setup a record for; should
969 * 'state->ri.remote_address' filled in so that
970 * this code can determine which AF/protocol is
971 * going to be used (the 'tunnel' should also
972 * already be set); after calling this function,
973 * heap_node and the local_address will be
974 * also initialized (heap_node != NULL can be
975 * used to test if a state has been fully setup).
978 setup_state_record (struct TunnelState *state)
981 struct TunnelState *s;
983 /* generate fresh, unique address */
986 if (NULL == state->serv)
987 setup_fresh_address (state->ri.remote_address.af,
988 state->ri.remote_address.proto,
989 &state->ri.local_address);
991 setup_fresh_address (state->serv->address.af,
992 state->serv->address.proto,
993 &state->ri.local_address);
994 } while (NULL != get_redirect_state (state->ri.remote_address.af,
995 state->ri.remote_address.proto,
996 &state->ri.remote_address.address,
997 state->ri.remote_address.port,
998 &state->ri.local_address.address,
999 state->ri.local_address.port,
1002 char buf[INET6_ADDRSTRLEN];
1003 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1004 "Picked local address %s:%u for new connection\n",
1005 inet_ntop (state->ri.local_address.af,
1006 &state->ri.local_address.address,
1008 (unsigned int) state->ri.local_address.port);
1010 GNUNET_assert (GNUNET_OK ==
1011 GNUNET_CONTAINER_multihashmap_put (connections_map,
1013 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
1014 state->heap_node = GNUNET_CONTAINER_heap_insert (connections_heap,
1016 GNUNET_TIME_absolute_get ().abs_value);
1017 while (GNUNET_CONTAINER_heap_get_size (connections_heap) > max_connections)
1019 s = GNUNET_CONTAINER_heap_remove_root (connections_heap);
1020 GNUNET_assert (state != s);
1021 s->heap_node = NULL;
1022 GNUNET_MESH_tunnel_destroy (s->tunnel);
1023 GNUNET_assert (GNUNET_OK ==
1024 GNUNET_CONTAINER_multihashmap_remove (connections_map,
1033 * Prepare an IPv4 packet for transmission via the TUN interface.
1034 * Initializes the IP header and calculates checksums (IP+UDP/TCP).
1035 * For UDP, the UDP header will be fully created, whereas for TCP
1036 * only the ports and checksum will be filled in. So for TCP,
1037 * a skeleton TCP header must be part of the provided payload.
1039 * @param payload payload of the packet (starting with UDP payload or
1040 * TCP header, depending on protocol)
1041 * @param payload_length number of bytes in 'payload'
1042 * @param protocol IPPROTO_UDP or IPPROTO_TCP
1043 * @param src_address source address to use (IP and port)
1044 * @param dst_address destination address to use (IP and port)
1045 * @param pkt6 where to write the assembled packet; must
1046 * contain enough space for the IP header, UDP/TCP header
1050 prepare_ipv4_packet (const void *payload, size_t payload_length,
1052 const struct GNUNET_TUN_TcpHeader *tcp_header,
1053 const struct SocketAddress *src_address,
1054 const struct SocketAddress *dst_address,
1055 struct GNUNET_TUN_IPv4Header *pkt4)
1059 len = payload_length;
1063 len += sizeof (struct GNUNET_TUN_UdpHeader);
1066 len += sizeof (struct GNUNET_TUN_TcpHeader);
1067 GNUNET_assert (NULL != tcp_header);
1073 if (len + sizeof (struct GNUNET_TUN_IPv4Header) > UINT16_MAX)
1079 GNUNET_TUN_initialize_ipv4_header (pkt4,
1082 &src_address->address.ipv4,
1083 &dst_address->address.ipv4);
1088 struct GNUNET_TUN_UdpHeader *pkt4_udp = (struct GNUNET_TUN_UdpHeader *) &pkt4[1];
1090 pkt4_udp->spt = htons (src_address->port);
1091 pkt4_udp->dpt = htons (dst_address->port);
1092 pkt4_udp->len = htons ((uint16_t) payload_length);
1093 GNUNET_TUN_calculate_udp4_checksum (pkt4,
1095 payload, payload_length);
1096 memcpy (&pkt4_udp[1], payload, payload_length);
1101 struct GNUNET_TUN_TcpHeader *pkt4_tcp = (struct GNUNET_TUN_TcpHeader *) &pkt4[1];
1103 memcpy (pkt4_tcp, tcp_header, sizeof (struct GNUNET_TUN_TcpHeader));
1104 pkt4_tcp->spt = htons (src_address->port);
1105 pkt4_tcp->dpt = htons (dst_address->port);
1106 GNUNET_TUN_calculate_tcp4_checksum (pkt4,
1110 memcpy (&pkt4_tcp[1], payload, payload_length);
1120 * Prepare an IPv6 packet for transmission via the TUN interface.
1121 * Initializes the IP header and calculates checksums (IP+UDP/TCP).
1122 * For UDP, the UDP header will be fully created, whereas for TCP
1123 * only the ports and checksum will be filled in. So for TCP,
1124 * a skeleton TCP header must be part of the provided payload.
1126 * @param payload payload of the packet (starting with UDP payload or
1127 * TCP header, depending on protocol)
1128 * @param payload_length number of bytes in 'payload'
1129 * @param protocol IPPROTO_UDP or IPPROTO_TCP
1130 * @param src_address source address to use (IP and port)
1131 * @param dst_address destination address to use (IP and port)
1132 * @param pkt6 where to write the assembled packet; must
1133 * contain enough space for the IP header, UDP/TCP header
1137 prepare_ipv6_packet (const void *payload, size_t payload_length,
1139 const struct GNUNET_TUN_TcpHeader *tcp_header,
1140 const struct SocketAddress *src_address,
1141 const struct SocketAddress *dst_address,
1142 struct GNUNET_TUN_IPv6Header *pkt6)
1146 len = payload_length;
1150 len += sizeof (struct GNUNET_TUN_UdpHeader);
1153 /* tcp_header (with port/crc not set) must be part of payload! */
1154 if (len < sizeof (struct GNUNET_TUN_TcpHeader))
1164 if (len > UINT16_MAX)
1170 GNUNET_TUN_initialize_ipv6_header (pkt6,
1173 &dst_address->address.ipv6,
1174 &src_address->address.ipv6);
1180 struct GNUNET_TUN_UdpHeader *pkt6_udp = (struct GNUNET_TUN_UdpHeader *) &pkt6[1];
1182 pkt6_udp->spt = htons (src_address->port);
1183 pkt6_udp->dpt = htons (dst_address->port);
1184 pkt6_udp->len = htons ((uint16_t) payload_length);
1186 GNUNET_TUN_calculate_udp6_checksum (pkt6,
1190 memcpy (&pkt6[1], payload, payload_length);
1195 struct GNUNET_TUN_TcpHeader *pkt6_tcp = (struct GNUNET_TUN_TcpHeader *) pkt6;
1197 /* memcpy first here as some TCP header fields are initialized this way! */
1198 memcpy (pkt6_tcp, payload, payload_length);
1199 pkt6_tcp->spt = htons (src_address->port);
1200 pkt6_tcp->dpt = htons (dst_address->port);
1201 GNUNET_TUN_calculate_tcp6_checksum (pkt6,
1215 * Send a TCP packet via the TUN interface.
1217 * @param destination_address IP and port to use for the TCP packet's destination
1218 * @param source_address IP and port to use for the TCP packet's source
1219 * @param tcp header template to use
1220 * @param payload payload of the TCP packet
1221 * @param payload_length number of bytes in 'payload'
1224 send_tcp_packet_via_tun (const struct SocketAddress *destination_address,
1225 const struct SocketAddress *source_address,
1226 const struct GNUNET_TUN_TcpHeader *tcp_header,
1227 const void *payload, size_t payload_length)
1231 GNUNET_STATISTICS_update (stats,
1232 gettext_noop ("# TCP packets sent via TUN"),
1234 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1235 "Sending packet with %u bytes TCP payload via TUN\n",
1236 (unsigned int) payload_length);
1237 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
1238 switch (source_address->af)
1241 len += sizeof (struct GNUNET_TUN_IPv4Header);
1244 len += sizeof (struct GNUNET_TUN_IPv6Header);
1250 len += payload_length;
1251 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1258 struct GNUNET_MessageHeader *hdr;
1259 struct GNUNET_TUN_Layer2PacketHeader *tun;
1261 hdr= (struct GNUNET_MessageHeader *) buf;
1262 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1263 hdr->size = htons (len);
1264 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
1265 tun->flags = htons (0);
1266 switch (source_address->af)
1270 struct GNUNET_TUN_IPv4Header * ipv4 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
1272 tun->proto = htons (ETH_P_IPV4);
1273 prepare_ipv4_packet (payload, payload_length,
1277 destination_address,
1283 struct GNUNET_TUN_IPv6Header * ipv6 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
1285 tun->proto = htons (ETH_P_IPV6);
1286 prepare_ipv6_packet (payload, payload_length,
1290 destination_address,
1298 (void) GNUNET_HELPER_send (helper_handle,
1299 (const struct GNUNET_MessageHeader*) buf,
1307 * Process a request via mesh to send a request to a TCP service
1308 * offered by this system.
1310 * @param cls closure, NULL
1311 * @param tunnel connection to the other end
1312 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1313 * @param sender who sent the message
1314 * @param message the actual message
1315 * @param atsi performance data for the connection
1316 * @return GNUNET_OK to keep the connection open,
1317 * GNUNET_SYSERR to close it (signal serious error)
1320 receive_tcp_service (void *unused GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1321 void **tunnel_ctx GNUNET_UNUSED,
1322 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1323 const struct GNUNET_MessageHeader *message,
1324 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1326 struct TunnelState *state = *tunnel_ctx;
1327 const struct GNUNET_EXIT_TcpServiceStartMessage *start;
1328 uint16_t pkt_len = ntohs (message->size);
1330 GNUNET_STATISTICS_update (stats,
1331 gettext_noop ("# TCP service creation requests received via mesh"),
1333 GNUNET_STATISTICS_update (stats,
1334 gettext_noop ("# Bytes received from MESH"),
1335 pkt_len, GNUNET_NO);
1336 /* check that we got at least a valid header */
1337 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpServiceStartMessage))
1339 GNUNET_break_op (0);
1340 return GNUNET_SYSERR;
1342 start = (const struct GNUNET_EXIT_TcpServiceStartMessage*) message;
1343 pkt_len -= sizeof (struct GNUNET_EXIT_TcpServiceStartMessage);
1344 if ( (NULL == state) ||
1345 (NULL != state->serv) ||
1346 (NULL != state->heap_node) )
1348 GNUNET_break_op (0);
1349 return GNUNET_SYSERR;
1351 GNUNET_break_op (ntohl (start->reserved) == 0);
1352 /* setup fresh connection */
1353 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1354 "Received data from %s for forwarding to TCP service %s on port %u\n",
1355 GNUNET_i2s (sender),
1356 GNUNET_h2s (&start->service_descriptor),
1357 (unsigned int) ntohs (start->tcp_header.dpt));
1358 if (NULL == (state->serv = find_service (tcp_services, &start->service_descriptor,
1359 ntohs (start->tcp_header.dpt))))
1361 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1362 _("No service found for %s on port %d!\n"),
1364 ntohs (start->tcp_header.dpt));
1365 GNUNET_STATISTICS_update (stats,
1366 gettext_noop ("# TCP requests dropped (no such service)"),
1368 return GNUNET_SYSERR;
1370 state->ri.remote_address = state->serv->address;
1371 setup_state_record (state);
1372 send_tcp_packet_via_tun (&state->ri.remote_address,
1373 &state->ri.local_address,
1375 &start[1], pkt_len);
1381 * Process a request to forward TCP data to the Internet via this peer.
1383 * @param cls closure, NULL
1384 * @param tunnel connection to the other end
1385 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1386 * @param sender who sent the message
1387 * @param message the actual message
1388 * @param atsi performance data for the connection
1389 * @return GNUNET_OK to keep the connection open,
1390 * GNUNET_SYSERR to close it (signal serious error)
1393 receive_tcp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1394 void **tunnel_ctx GNUNET_UNUSED,
1395 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1396 const struct GNUNET_MessageHeader *message,
1397 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1399 struct TunnelState *state = *tunnel_ctx;
1400 const struct GNUNET_EXIT_TcpInternetStartMessage *start;
1401 uint16_t pkt_len = ntohs (message->size);
1402 const struct in_addr *v4;
1403 const struct in6_addr *v6;
1404 const void *payload;
1407 GNUNET_STATISTICS_update (stats,
1408 gettext_noop ("# Bytes received from MESH"),
1409 pkt_len, GNUNET_NO);
1410 GNUNET_STATISTICS_update (stats,
1411 gettext_noop ("# TCP IP-exit creation requests received via mesh"),
1413 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpInternetStartMessage))
1415 GNUNET_break_op (0);
1416 return GNUNET_SYSERR;
1418 start = (const struct GNUNET_EXIT_TcpInternetStartMessage*) message;
1419 pkt_len -= sizeof (struct GNUNET_EXIT_TcpInternetStartMessage);
1420 if ( (NULL == state) ||
1421 (NULL != state->serv) ||
1422 (NULL != state->heap_node) )
1424 GNUNET_break_op (0);
1425 return GNUNET_SYSERR;
1427 af = (int) ntohl (start->af);
1428 state->ri.remote_address.af = af;
1432 if (pkt_len < sizeof (struct in_addr))
1434 GNUNET_break_op (0);
1435 return GNUNET_SYSERR;
1439 GNUNET_break_op (0);
1440 return GNUNET_SYSERR;
1442 v4 = (const struct in_addr*) &start[1];
1444 pkt_len -= sizeof (struct in_addr);
1445 state->ri.remote_address.address.ipv4 = *v4;
1448 if (pkt_len < sizeof (struct in6_addr))
1450 GNUNET_break_op (0);
1451 return GNUNET_SYSERR;
1455 GNUNET_break_op (0);
1456 return GNUNET_SYSERR;
1458 v6 = (const struct in6_addr*) &start[1];
1460 pkt_len -= sizeof (struct in_addr);
1461 state->ri.remote_address.address.ipv6 = *v6;
1464 GNUNET_break_op (0);
1465 return GNUNET_SYSERR;
1468 char buf[INET6_ADDRSTRLEN];
1469 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1470 "Received data from %s for starting TCP stream to %s:%u\n",
1471 GNUNET_i2s (sender),
1473 &state->ri.remote_address.address,
1475 (unsigned int) ntohs (start->tcp_header.dpt));
1478 state->ri.remote_address.proto = IPPROTO_TCP;
1479 state->ri.remote_address.port = ntohs (start->tcp_header.dpt);
1480 setup_state_record (state);
1481 send_tcp_packet_via_tun (&state->ri.remote_address,
1482 &state->ri.local_address,
1490 * Process a request to forward TCP data on an established
1491 * connection via this peer.
1493 * @param cls closure, NULL
1494 * @param tunnel connection to the other end
1495 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1496 * @param sender who sent the message
1497 * @param message the actual message
1498 * @param atsi performance data for the connection
1499 * @return GNUNET_OK to keep the connection open,
1500 * GNUNET_SYSERR to close it (signal serious error)
1503 receive_tcp_data (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1504 void **tunnel_ctx GNUNET_UNUSED,
1505 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1506 const struct GNUNET_MessageHeader *message,
1507 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1509 struct TunnelState *state = *tunnel_ctx;
1510 const struct GNUNET_EXIT_TcpDataMessage *data;
1511 uint16_t pkt_len = ntohs (message->size);
1513 GNUNET_STATISTICS_update (stats,
1514 gettext_noop ("# Bytes received from MESH"),
1515 pkt_len, GNUNET_NO);
1516 GNUNET_STATISTICS_update (stats,
1517 gettext_noop ("# TCP data requests received via mesh"),
1519 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpDataMessage))
1521 GNUNET_break_op (0);
1522 return GNUNET_SYSERR;
1524 data = (const struct GNUNET_EXIT_TcpDataMessage*) message;
1525 pkt_len -= sizeof (struct GNUNET_EXIT_TcpDataMessage);
1526 if ( (NULL == state) ||
1527 (NULL == state->heap_node) )
1529 /* connection should have been up! */
1530 GNUNET_STATISTICS_update (stats,
1531 gettext_noop ("# TCP DATA requests dropped (no session)"),
1533 return GNUNET_SYSERR;
1535 GNUNET_break_op (ntohl (data->reserved) == 0);
1537 char buf[INET6_ADDRSTRLEN];
1538 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1539 "Received additional data from %s for TCP stream to %s:%u\n",
1540 GNUNET_i2s (sender),
1541 inet_ntop (state->ri.remote_address.af,
1542 &state->ri.remote_address.address,
1544 (unsigned int) state->ri.remote_address.port);
1547 send_tcp_packet_via_tun (&state->ri.remote_address,
1548 &state->ri.local_address,
1556 * Send a UDP packet via the TUN interface.
1558 * @param destination_address IP and port to use for the UDP packet's destination
1559 * @param source_address IP and port to use for the UDP packet's source
1560 * @param payload payload of the UDP packet (does NOT include UDP header)
1561 * @param payload_length number of bytes of data in payload
1564 send_udp_packet_via_tun (const struct SocketAddress *destination_address,
1565 const struct SocketAddress *source_address,
1566 const void *payload, size_t payload_length)
1570 GNUNET_STATISTICS_update (stats,
1571 gettext_noop ("# UDP packets sent via TUN"),
1573 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1574 "Sending packet with %u bytes UDP payload via TUN\n",
1575 (unsigned int) payload_length);
1576 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
1577 switch (source_address->af)
1580 len += sizeof (struct GNUNET_TUN_IPv4Header);
1583 len += sizeof (struct GNUNET_TUN_IPv6Header);
1589 len += sizeof (struct GNUNET_TUN_UdpHeader);
1590 len += payload_length;
1591 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1598 struct GNUNET_MessageHeader *hdr;
1599 struct GNUNET_TUN_Layer2PacketHeader *tun;
1601 hdr= (struct GNUNET_MessageHeader *) buf;
1602 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1603 hdr->size = htons (len);
1604 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
1605 tun->flags = htons (0);
1606 switch (source_address->af)
1610 struct GNUNET_TUN_IPv4Header * ipv4 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
1612 tun->proto = htons (ETH_P_IPV4);
1613 prepare_ipv4_packet (payload, payload_length,
1617 destination_address,
1623 struct GNUNET_TUN_IPv6Header * ipv6 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
1625 tun->proto = htons (ETH_P_IPV6);
1626 prepare_ipv6_packet (payload, payload_length,
1630 destination_address,
1638 (void) GNUNET_HELPER_send (helper_handle,
1639 (const struct GNUNET_MessageHeader*) buf,
1647 * Process a request to forward UDP data to the Internet via this peer.
1649 * @param cls closure, NULL
1650 * @param tunnel connection to the other end
1651 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1652 * @param sender who sent the message
1653 * @param message the actual message
1654 * @param atsi performance data for the connection
1655 * @return GNUNET_OK to keep the connection open,
1656 * GNUNET_SYSERR to close it (signal serious error)
1659 receive_udp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1660 void **tunnel_ctx GNUNET_UNUSED,
1661 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1662 const struct GNUNET_MessageHeader *message,
1663 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1665 struct TunnelState *state = *tunnel_ctx;
1666 const struct GNUNET_EXIT_UdpInternetMessage *msg;
1667 uint16_t pkt_len = ntohs (message->size);
1668 const struct in_addr *v4;
1669 const struct in6_addr *v6;
1670 const void *payload;
1673 GNUNET_STATISTICS_update (stats,
1674 gettext_noop ("# Bytes received from MESH"),
1675 pkt_len, GNUNET_NO);
1676 GNUNET_STATISTICS_update (stats,
1677 gettext_noop ("# UDP IP-exit requests received via mesh"),
1679 if (pkt_len < sizeof (struct GNUNET_EXIT_UdpInternetMessage))
1681 GNUNET_break_op (0);
1682 return GNUNET_SYSERR;
1684 msg = (const struct GNUNET_EXIT_UdpInternetMessage*) message;
1685 pkt_len -= sizeof (struct GNUNET_EXIT_UdpInternetMessage);
1686 af = (int) ntohl (msg->af);
1687 state->ri.remote_address.af = af;
1691 if (pkt_len < sizeof (struct in_addr))
1693 GNUNET_break_op (0);
1694 return GNUNET_SYSERR;
1698 GNUNET_break_op (0);
1699 return GNUNET_SYSERR;
1701 v4 = (const struct in_addr*) &msg[1];
1703 pkt_len -= sizeof (struct in_addr);
1704 state->ri.remote_address.address.ipv4 = *v4;
1707 if (pkt_len < sizeof (struct in6_addr))
1709 GNUNET_break_op (0);
1710 return GNUNET_SYSERR;
1714 GNUNET_break_op (0);
1715 return GNUNET_SYSERR;
1717 v6 = (const struct in6_addr*) &msg[1];
1719 pkt_len -= sizeof (struct in_addr);
1720 state->ri.remote_address.address.ipv6 = *v6;
1723 GNUNET_break_op (0);
1724 return GNUNET_SYSERR;
1727 char buf[INET6_ADDRSTRLEN];
1728 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1729 "Received data from %s for forwarding to UDP %s:%u\n",
1730 GNUNET_i2s (sender),
1732 &state->ri.remote_address.address,
1734 (unsigned int) ntohs (msg->destination_port));
1736 state->ri.remote_address.proto = IPPROTO_UDP;
1737 state->ri.remote_address.port = msg->destination_port;
1738 if (NULL == state->heap_node)
1739 setup_state_record (state);
1740 if (0 != ntohs (msg->source_port))
1741 state->ri.local_address.port = msg->source_port;
1742 send_udp_packet_via_tun (&state->ri.remote_address,
1743 &state->ri.local_address,
1750 * Process a request via mesh to send a request to a UDP service
1751 * offered by this system.
1753 * @param cls closure, NULL
1754 * @param tunnel connection to the other end
1755 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1756 * @param sender who sent the message
1757 * @param message the actual message
1758 * @param atsi performance data for the connection
1759 * @return GNUNET_OK to keep the connection open,
1760 * GNUNET_SYSERR to close it (signal serious error)
1763 receive_udp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1765 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1766 const struct GNUNET_MessageHeader *message,
1767 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1769 struct TunnelState *state = *tunnel_ctx;
1770 const struct GNUNET_EXIT_UdpServiceMessage *msg;
1771 uint16_t pkt_len = ntohs (message->size);
1773 GNUNET_STATISTICS_update (stats,
1774 gettext_noop ("# Bytes received from MESH"),
1775 pkt_len, GNUNET_NO);
1776 GNUNET_STATISTICS_update (stats,
1777 gettext_noop ("# UDP service requests received via mesh"),
1779 /* check that we got at least a valid header */
1780 if (pkt_len < sizeof (struct GNUNET_EXIT_UdpServiceMessage))
1782 GNUNET_break_op (0);
1783 return GNUNET_SYSERR;
1785 msg = (const struct GNUNET_EXIT_UdpServiceMessage*) message;
1786 pkt_len -= sizeof (struct GNUNET_EXIT_UdpServiceMessage);
1787 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1788 "Received data from %s for forwarding to UDP service %s on port %u\n",
1789 GNUNET_i2s (sender),
1790 GNUNET_h2s (&msg->service_descriptor),
1791 (unsigned int) ntohs (msg->destination_port));
1792 if (NULL == (state->serv = find_service (udp_services, &msg->service_descriptor,
1793 ntohs (msg->destination_port))))
1795 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1796 _("No service found for %s on port %d!\n"),
1798 ntohs (msg->destination_port));
1799 GNUNET_STATISTICS_update (stats,
1800 gettext_noop ("# UDP requests dropped (no such service)"),
1802 return GNUNET_SYSERR;
1804 state->ri.remote_address = state->serv->address;
1805 setup_state_record (state);
1806 if (0 != ntohs (msg->source_port))
1807 state->ri.local_address.port = msg->source_port;
1808 send_udp_packet_via_tun (&state->ri.remote_address,
1809 &state->ri.local_address,
1816 * Callback from GNUNET_MESH for new tunnels.
1818 * @param cls closure
1819 * @param tunnel new handle to the tunnel
1820 * @param initiator peer that started the tunnel
1821 * @param atsi performance information for the tunnel
1822 * @return initial tunnel context for the tunnel
1825 new_tunnel (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1826 const struct GNUNET_PeerIdentity *initiator GNUNET_UNUSED,
1827 const struct GNUNET_ATS_Information *ats GNUNET_UNUSED)
1829 struct TunnelState *s = GNUNET_malloc (sizeof (struct TunnelState));
1831 GNUNET_STATISTICS_update (stats,
1832 gettext_noop ("# Inbound MESH tunnels created"),
1834 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1835 "Received inbound tunnel from `%s'\n",
1836 GNUNET_i2s (initiator));
1843 * Function called by mesh whenever an inbound tunnel is destroyed.
1844 * Should clean up any associated state.
1846 * @param cls closure (set from GNUNET_MESH_connect)
1847 * @param tunnel connection to the other end (henceforth invalid)
1848 * @param tunnel_ctx place where local state associated
1849 * with the tunnel is stored
1852 clean_tunnel (void *cls GNUNET_UNUSED, const struct GNUNET_MESH_Tunnel *tunnel,
1855 struct TunnelState *s = tunnel_ctx;
1856 struct TunnelMessageQueue *tnq;
1858 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1859 "Tunnel destroyed\n");
1860 while (NULL != (tnq = s->head))
1862 GNUNET_CONTAINER_DLL_remove (s->head,
1867 if (s->heap_node != NULL)
1869 GNUNET_assert (GNUNET_YES ==
1870 GNUNET_CONTAINER_multihashmap_remove (connections_map,
1873 GNUNET_CONTAINER_heap_remove_node (s->heap_node);
1874 s->heap_node = NULL;
1878 GNUNET_MESH_notify_transmit_ready_cancel (s->th);
1886 * Function that frees everything from a hashmap
1890 * @param value value to free
1893 free_iterate (void *cls GNUNET_UNUSED,
1894 const GNUNET_HashCode * hash GNUNET_UNUSED, void *value)
1896 GNUNET_free (value);
1902 * Function scheduled as very last function, cleans up after us
1905 cleanup (void *cls GNUNET_UNUSED,
1906 const struct GNUNET_SCHEDULER_TaskContext *tskctx)
1910 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1911 "Exit service is shutting down now\n");
1912 if (helper_handle != NULL)
1914 GNUNET_HELPER_stop (helper_handle);
1915 helper_handle = NULL;
1917 if (mesh_handle != NULL)
1919 GNUNET_MESH_disconnect (mesh_handle);
1922 if (NULL != connections_map)
1924 GNUNET_CONTAINER_multihashmap_iterate (connections_map, &free_iterate, NULL);
1925 GNUNET_CONTAINER_multihashmap_destroy (connections_map);
1926 connections_map = NULL;
1928 if (NULL != connections_heap)
1930 GNUNET_CONTAINER_heap_destroy (connections_heap);
1931 connections_heap = NULL;
1933 if (NULL != tcp_services)
1935 GNUNET_CONTAINER_multihashmap_iterate (tcp_services, &free_service_record, NULL);
1936 GNUNET_CONTAINER_multihashmap_destroy (tcp_services);
1937 tcp_services = NULL;
1939 if (NULL != udp_services)
1941 GNUNET_CONTAINER_multihashmap_iterate (udp_services, &free_service_record, NULL);
1942 GNUNET_CONTAINER_multihashmap_destroy (udp_services);
1943 udp_services = NULL;
1947 GNUNET_STATISTICS_destroy (stats, GNUNET_YES);
1951 GNUNET_free_non_null (exit_argv[i]);
1956 * Add services to the service map.
1958 * @param proto IPPROTO_TCP or IPPROTO_UDP
1959 * @param cpy copy of the service descriptor (can be mutilated)
1960 * @param name DNS name of the service
1963 add_services (int proto,
1970 struct LocalService *serv;
1972 for (redirect = strtok (cpy, " "); redirect != NULL;
1973 redirect = strtok (NULL, " "))
1975 if (NULL == (hostname = strstr (redirect, ":")))
1977 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1978 "option `%s' for domain `%s' is not formatted correctly!\n",
1985 if (NULL == (hostport = strstr (hostname, ":")))
1987 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1988 "option `%s' for domain `%s' is not formatted correctly!\n",
1996 int local_port = atoi (redirect);
1997 int remote_port = atoi (hostport);
1999 if (!((local_port > 0) && (local_port < 65536)))
2001 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2002 "`%s' is not a valid port number (for domain `%s')!", redirect,
2006 if (!((remote_port > 0) && (remote_port < 65536)))
2008 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2009 "`%s' is not a valid port number (for domain `%s')!", hostport,
2014 serv = GNUNET_malloc (sizeof (struct LocalService));
2015 serv->my_port = (uint16_t) local_port;
2016 serv->address.port = remote_port;
2017 if (0 == strcmp ("localhost4", hostname))
2019 const char *ip4addr = exit_argv[4];
2021 serv->address.af = AF_INET;
2022 GNUNET_assert (1 != inet_pton (AF_INET, ip4addr, &serv->address.address.ipv4));
2024 else if (0 == strcmp ("localhost6", hostname))
2026 const char *ip6addr = exit_argv[2];
2028 serv->address.af = AF_INET6;
2029 GNUNET_assert (1 == inet_pton (AF_INET6, ip6addr, &serv->address.address.ipv6));
2033 struct addrinfo *res;
2036 ret = getaddrinfo (hostname, NULL, NULL, &res);
2037 if ( (ret != 0) || (res == NULL) )
2039 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2040 _("No addresses found for hostname `%s' of service `%s'!\n"),
2047 serv->address.af = res->ai_family;
2048 switch (res->ai_family)
2053 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2054 _("Service `%s' configured for IPv4, but IPv4 is disabled!\n"),
2060 serv->address.address.ipv4 = ((struct sockaddr_in *) res->ai_addr)->sin_addr;
2065 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2066 _("Service `%s' configured for IPv4, but IPv4 is disabled!\n"),
2072 serv->address.address.ipv6 = ((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
2076 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2077 _("No IP addresses found for hostname `%s' of service `%s'!\n"),
2085 store_service ((IPPROTO_UDP == proto) ? udp_services : tcp_services,
2094 * Reads the configuration servicecfg and populates udp_services
2097 * @param section name of section in config, equal to hostname
2100 read_service_conf (void *cls GNUNET_UNUSED, const char *section)
2104 if ((strlen (section) < 8) ||
2105 (0 != strcmp (".gnunet.", section + (strlen (section) - 8))))
2108 GNUNET_CONFIGURATION_get_value_string (cfg, section, "UDP_REDIRECTS",
2111 add_services (IPPROTO_UDP, cpy, section);
2115 GNUNET_CONFIGURATION_get_value_string (cfg, section, "TCP_REDIRECTS",
2118 add_services (IPPROTO_TCP, cpy, section);
2125 * @brief Main function that will be run by the scheduler.
2127 * @param cls closure
2128 * @param args remaining command-line arguments
2129 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
2130 * @param cfg_ configuration
2133 run (void *cls, char *const *args GNUNET_UNUSED,
2134 const char *cfgfile GNUNET_UNUSED,
2135 const struct GNUNET_CONFIGURATION_Handle *cfg_)
2137 static struct GNUNET_MESH_MessageHandler handlers[] = {
2138 {&receive_udp_service, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_SERVICE, 0},
2139 {&receive_udp_remote, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_INTERNET, 0},
2140 {&receive_tcp_service, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_SERVICE_START, 0},
2141 {&receive_tcp_remote, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_INTERNET_START, 0},
2142 {&receive_tcp_data, GNUNET_MESSAGE_TYPE_VPN_TCP_DATA, 0},
2146 static GNUNET_MESH_ApplicationType apptypes[] = {
2147 GNUNET_APPLICATION_TYPE_END,
2148 GNUNET_APPLICATION_TYPE_END,
2149 GNUNET_APPLICATION_TYPE_END
2151 unsigned int app_idx;
2160 stats = GNUNET_STATISTICS_create ("exit", cfg);
2161 ipv4_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV4");
2162 ipv6_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV6");
2163 ipv4_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV4");
2164 ipv6_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV6");
2165 if (ipv4_exit && (! ipv4_enabled))
2167 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2168 _("Cannot enable IPv4 exit but disable IPv4 on TUN interface, will use ENABLE_IPv4=YES\n"));
2169 ipv4_enabled = GNUNET_YES;
2171 if (ipv6_exit && (! ipv6_enabled))
2173 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2174 _("Cannot enable IPv6 exit but disable IPv6 on TUN interface, will use ENABLE_IPv6=YES\n"));
2175 ipv6_enabled = GNUNET_YES;
2177 if (! (ipv4_enabled || ipv6_enabled))
2179 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2180 _("No useful service enabled. Exiting.\n"));
2181 GNUNET_SCHEDULER_shutdown ();
2185 if (GNUNET_YES == ipv4_exit)
2187 apptypes[app_idx] = GNUNET_APPLICATION_TYPE_IPV4_GATEWAY;
2190 if (GNUNET_YES == ipv6_exit)
2192 apptypes[app_idx] = GNUNET_APPLICATION_TYPE_IPV6_GATEWAY;
2196 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &cleanup, cls);
2199 GNUNET_CONFIGURATION_get_value_number (cfg, "exit", "MAX_CONNECTIONS",
2201 max_connections = 1024;
2202 exit_argv[0] = GNUNET_strdup ("exit-gnunet");
2203 if (GNUNET_SYSERR ==
2204 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "TUN_IFNAME", &tun_ifname))
2206 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2207 "No entry 'TUN_IFNAME' in configuration!\n");
2208 GNUNET_SCHEDULER_shutdown ();
2211 exit_argv[1] = tun_ifname;
2214 if (GNUNET_SYSERR ==
2215 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "EXIT_IFNAME", &exit_ifname))
2217 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2218 "No entry 'EXIT_IFNAME' in configuration!\n");
2219 GNUNET_SCHEDULER_shutdown ();
2222 exit_argv[2] = exit_ifname;
2226 exit_argv[2] = GNUNET_strdup ("%");
2228 if (GNUNET_YES == ipv6_enabled)
2230 if ( (GNUNET_SYSERR ==
2231 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6ADDR",
2233 (1 != inet_pton (AF_INET6, ipv6addr, &exit_ipv6addr))) )
2235 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2236 "No valid entry 'IPV6ADDR' in configuration!\n");
2237 GNUNET_SCHEDULER_shutdown ();
2240 exit_argv[3] = ipv6addr;
2241 if (GNUNET_SYSERR ==
2242 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6PREFIX",
2245 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2246 "No entry 'IPV6PREFIX' in configuration!\n");
2247 GNUNET_SCHEDULER_shutdown ();
2250 exit_argv[4] = ipv6prefix_s;
2252 GNUNET_CONFIGURATION_get_value_number (cfg, "exit",
2255 (ipv6prefix >= 127) )
2257 GNUNET_SCHEDULER_shutdown ();
2263 /* IPv6 explicitly disabled */
2264 exit_argv[3] = GNUNET_strdup ("-");
2265 exit_argv[4] = GNUNET_strdup ("-");
2267 if (GNUNET_YES == ipv4_enabled)
2269 if ( (GNUNET_SYSERR ==
2270 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4ADDR",
2272 (1 != inet_pton (AF_INET, ipv4addr, &exit_ipv4addr))) )
2274 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2275 "No valid entry for 'IPV4ADDR' in configuration!\n");
2276 GNUNET_SCHEDULER_shutdown ();
2279 exit_argv[5] = ipv4addr;
2280 if ( (GNUNET_SYSERR ==
2281 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4MASK",
2283 (1 != inet_pton (AF_INET, ipv4mask, &exit_ipv4mask))) )
2285 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2286 "No valid entry 'IPV4MASK' in configuration!\n");
2287 GNUNET_SCHEDULER_shutdown ();
2290 exit_argv[6] = ipv4mask;
2294 /* IPv4 explicitly disabled */
2295 exit_argv[5] = GNUNET_strdup ("-");
2296 exit_argv[6] = GNUNET_strdup ("-");
2298 exit_argv[7] = NULL;
2300 udp_services = GNUNET_CONTAINER_multihashmap_create (65536);
2301 tcp_services = GNUNET_CONTAINER_multihashmap_create (65536);
2302 GNUNET_CONFIGURATION_iterate_sections (cfg, &read_service_conf, NULL);
2304 connections_map = GNUNET_CONTAINER_multihashmap_create (65536);
2305 connections_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
2307 = GNUNET_MESH_connect (cfg, 42 /* queue size */, NULL,
2309 &clean_tunnel, handlers,
2311 if (NULL == mesh_handle)
2313 GNUNET_SCHEDULER_shutdown ();
2316 helper_handle = GNUNET_HELPER_start ("gnunet-helper-exit",
2318 &message_token, NULL);
2325 * @param argc number of arguments from the command line
2326 * @param argv command line arguments
2327 * @return 0 ok, 1 on error
2330 main (int argc, char *const *argv)
2332 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
2333 GNUNET_GETOPT_OPTION_END
2336 return (GNUNET_OK ==
2337 GNUNET_PROGRAM_run (argc, argv, "gnunet-daemon-exit",
2339 ("Daemon to run to provide an IP exit node for the VPN"),
2340 options, &run, NULL)) ? 0 : 1;
2344 /* end of gnunet-daemon-exit.c */