2 This file is part of GNUnet.
3 (C) 2010, 2012 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file exit/gnunet-daemon-exit.c
23 * @brief tool to allow IP traffic exit from the GNUnet mesh to the Internet
24 * @author Philipp Toelke
25 * @author Christian Grothoff
31 * - which code should advertise services? the service model is right
32 * now a bit odd, especially as this code DOES the exit and knows
33 * the DNS "name", but OTOH this is clearly NOT the place to advertise
34 * the service's existence; maybe the daemon should turn into a
35 * service with an API to add local-exit services dynamically?
38 #include "gnunet_util_lib.h"
39 #include "gnunet_protocols.h"
40 #include "gnunet_applications.h"
41 #include "gnunet_mesh_service.h"
42 #include "gnunet_statistics_service.h"
43 #include "gnunet_constants.h"
44 #include "gnunet_tun_lib.h"
48 * Information about an address.
53 * AF_INET or AF_INET6.
58 * Remote address information.
63 * Address, if af is AF_INET.
68 * Address, if af is AF_INET6.
74 * IPPROTO_TCP or IPPROTO_UDP;
79 * Remote port, in host byte order!
86 * This struct is saved into the services-hashmap to represent
87 * a service this peer is specifically offering an exit for
88 * (for a specific domain name).
94 * Remote address to use for the service.
96 struct SocketAddress address;
99 * DNS name of the service.
104 * Port I am listening on within GNUnet for this service, in host
105 * byte order. (as we may redirect ports).
112 * Information we use to track a connection (the classical 6-tuple of
113 * IP-version, protocol, source-IP, destination-IP, source-port and
116 struct RedirectInformation
120 * Address information for the other party (equivalent of the
121 * arguments one would give to "connect").
123 struct SocketAddress remote_address;
126 * Address information we used locally (AF and proto must match
127 * "remote_address"). Equivalent of the arguments one would give to
130 struct SocketAddress local_address;
133 Note 1: additional information might be added here in the
134 future to support protocols that require special handling,
137 Note 2: we might also sometimes not match on all components
138 of the tuple, to support protocols where things do not always
145 * Queue of messages to a tunnel.
147 struct TunnelMessageQueue
150 * This is a doubly-linked list.
152 struct TunnelMessageQueue *next;
155 * This is a doubly-linked list.
157 struct TunnelMessageQueue *prev;
160 * Payload to send via the tunnel.
165 * Number of bytes in 'payload'.
172 * This struct is saved into connections_map to allow finding the
173 * right tunnel given an IP packet from TUN. It is also associated
174 * with the tunnel's closure so we can find it again for the next
175 * message from the tunnel.
180 * Mesh tunnel that is used for this connection.
182 struct GNUNET_MESH_Tunnel *tunnel;
185 * Heap node for this state in the connections_heap.
187 struct GNUNET_CONTAINER_HeapNode *heap_node;
190 * Key this state has in the connections_map.
192 GNUNET_HashCode state_key;
195 * Associated service record, or NULL for no service.
197 struct LocalService *serv;
200 * Head of DLL of messages for this tunnel.
202 struct TunnelMessageQueue *head;
205 * Tail of DLL of messages for this tunnel.
207 struct TunnelMessageQueue *tail;
210 * Active tunnel transmission request (or NULL).
212 struct GNUNET_MESH_TransmitHandle *th;
215 * Primary redirection information for this connection.
217 struct RedirectInformation ri;
223 * The handle to the configuration used throughout the process
225 static const struct GNUNET_CONFIGURATION_Handle *cfg;
228 * The handle to the helper
230 static struct GNUNET_HELPER_Handle *helper_handle;
233 * Arguments to the exit helper.
235 static char *exit_argv[7];
238 * IPv6 address of our TUN interface.
240 static struct in6_addr exit_ipv6addr;
243 * IPv6 prefix (0..127) from configuration file.
245 static unsigned long long ipv6prefix;
248 * IPv4 address of our TUN interface.
250 static struct in_addr exit_ipv4addr;
253 * IPv4 netmask of our TUN interface.
255 static struct in_addr exit_ipv4mask;
261 static struct GNUNET_STATISTICS_Handle *stats;
266 static struct GNUNET_MESH_Handle *mesh_handle;
269 * This hashmaps contains the mapping from peer, service-descriptor,
270 * source-port and destination-port to a struct TunnelState
272 static struct GNUNET_CONTAINER_MultiHashMap *connections_map;
275 * Heap so we can quickly find "old" connections.
277 static struct GNUNET_CONTAINER_Heap *connections_heap;
280 * If there are at least this many connections, old ones will be removed
282 static long long unsigned int max_connections;
285 * This hashmaps saves interesting things about the configured UDP services
287 static struct GNUNET_CONTAINER_MultiHashMap *udp_services;
290 * This hashmaps saves interesting things about the configured TCP services
292 static struct GNUNET_CONTAINER_MultiHashMap *tcp_services;
295 * Are we an IPv4-exit?
297 static int ipv4_exit;
300 * Are we an IPv6-exit?
302 static int ipv6_exit;
305 * Do we support IPv4 at all on the TUN interface?
307 static int ipv4_enabled;
310 * Do we support IPv6 at all on the TUN interface?
312 static int ipv6_enabled;
316 * Given IP information about a connection, calculate the respective
317 * hash we would use for the 'connections_map'.
319 * @param hash resulting hash
320 * @param ri information about the connection
323 hash_redirect_info (GNUNET_HashCode *hash,
324 const struct RedirectInformation *ri)
328 memset (hash, 0, sizeof (GNUNET_HashCode));
329 /* the GNUnet hashmap only uses the first sizeof(unsigned int) of the hash,
330 so we put the IP address in there (and hope for few collisions) */
332 switch (ri->remote_address.af)
335 memcpy (off, &ri->remote_address.address.ipv4, sizeof (struct in_addr));
336 off += sizeof (struct in_addr);
339 memcpy (off, &ri->remote_address.address.ipv6, sizeof (struct in6_addr));
340 off += sizeof (struct in_addr);
345 memcpy (off, &ri->remote_address.port, sizeof (uint16_t));
346 off += sizeof (uint16_t);
347 switch (ri->local_address.af)
350 memcpy (off, &ri->local_address.address.ipv4, sizeof (struct in_addr));
351 off += sizeof (struct in_addr);
354 memcpy (off, &ri->local_address.address.ipv6, sizeof (struct in6_addr));
355 off += sizeof (struct in_addr);
360 memcpy (off, &ri->local_address.port, sizeof (uint16_t));
361 off += sizeof (uint16_t);
362 memcpy (off, &ri->remote_address.proto, sizeof (uint8_t));
363 off += sizeof (uint8_t);
368 * Get our connection tracking state. Warns if it does not exists,
369 * refreshes the timestamp if it does exist.
371 * @param af address family
372 * @param protocol IPPROTO_UDP or IPPROTO_TCP
373 * @param destination_ip target IP
374 * @param destination_port target port
375 * @param local_ip local IP
376 * @param local_port local port
377 * @param state_key set to hash's state if non-NULL
378 * @return NULL if we have no tracking information for this tuple
380 static struct TunnelState *
381 get_redirect_state (int af,
383 const void *destination_ip,
384 uint16_t destination_port,
385 const void *local_ip,
387 GNUNET_HashCode *state_key)
389 struct RedirectInformation ri;
391 struct TunnelState *state;
393 ri.remote_address.af = af;
395 ri.remote_address.address.ipv4 = *((struct in_addr*) destination_ip);
397 ri.remote_address.address.ipv6 = * ((struct in6_addr*) destination_ip);
398 ri.remote_address.port = destination_port;
399 ri.remote_address.proto = protocol;
400 ri.local_address.af = af;
402 ri.local_address.address.ipv4 = *((struct in_addr*) local_ip);
404 ri.local_address.address.ipv6 = * ((struct in6_addr*) local_ip);
405 ri.local_address.port = local_port;
406 ri.local_address.proto = protocol;
407 hash_redirect_info (&key, &ri);
408 if (NULL != state_key)
410 state = GNUNET_CONTAINER_multihashmap_get (connections_map, &key);
413 /* Mark this connection as freshly used */
414 if (NULL == state_key)
415 GNUNET_CONTAINER_heap_update_cost (connections_heap,
417 GNUNET_TIME_absolute_get ().abs_value);
423 * Given a service descriptor and a destination port, find the
424 * respective service entry.
426 * @param service_map map of services (TCP or UDP)
427 * @param desc service descriptor
428 * @param dpt destination port
429 * @return NULL if we are not aware of such a service
431 static struct LocalService *
432 find_service (struct GNUNET_CONTAINER_MultiHashMap *service_map,
433 const GNUNET_HashCode *desc,
436 char key[sizeof (GNUNET_HashCode) + sizeof (uint16_t)];
438 memcpy (&key[0], &dpt, sizeof (uint16_t));
439 memcpy (&key[sizeof(uint16_t)], desc, sizeof (GNUNET_HashCode));
440 return GNUNET_CONTAINER_multihashmap_get (service_map,
441 (GNUNET_HashCode *) key);
446 * Free memory associated with a service record.
449 * @param key service descriptor
450 * @param value service record to free
454 free_service_record (void *cls,
455 const GNUNET_HashCode *key,
458 struct LocalService *service = value;
460 GNUNET_free_non_null (service->name);
461 GNUNET_free (service);
467 * Given a service descriptor and a destination port, find the
468 * respective service entry.
470 * @param service_map map of services (TCP or UDP)
471 * @param name name of the service
472 * @param dpt destination port
473 * @param service service information record to store (service->name will be set).
476 store_service (struct GNUNET_CONTAINER_MultiHashMap *service_map,
479 struct LocalService *service)
481 char key[sizeof (GNUNET_HashCode) + sizeof (uint16_t)];
482 GNUNET_HashCode desc;
484 GNUNET_CRYPTO_hash (name, strlen (name) + 1, &desc);
485 service->name = GNUNET_strdup (name);
486 memcpy (&key[0], &dpt, sizeof (uint16_t));
487 memcpy (&key[sizeof(uint16_t)], &desc, sizeof (GNUNET_HashCode));
489 GNUNET_CONTAINER_multihashmap_put (service_map,
490 (GNUNET_HashCode *) key,
492 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
494 free_service_record (NULL, (GNUNET_HashCode *) key, service);
495 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
496 _("Got duplicate service records for `%s:%u'\n"),
504 * MESH is ready to receive a message for the tunnel. Transmit it.
506 * @param cls the 'struct TunnelState'.
507 * @param size number of bytes available in buf
508 * @param buf where to copy the message
509 * @return number of bytes copied to buf
512 send_to_peer_notify_callback (void *cls, size_t size, void *buf)
514 struct TunnelState *s = cls;
515 struct GNUNET_MESH_Tunnel *tunnel = s->tunnel;
516 struct TunnelMessageQueue *tnq;
520 GNUNET_assert (size >= tnq->len);
521 memcpy (buf, tnq->payload, tnq->len);
523 GNUNET_CONTAINER_DLL_remove (s->head,
527 if (NULL != (tnq = s->head))
528 s->th = GNUNET_MESH_notify_transmit_ready (tunnel,
529 GNUNET_NO /* corking */,
531 GNUNET_TIME_UNIT_FOREVER_REL,
534 &send_to_peer_notify_callback,
536 GNUNET_STATISTICS_update (stats,
537 gettext_noop ("# Bytes transmitted via mesh tunnels"),
544 * Send the given packet via the mesh tunnel.
546 * @param mesh_tunnel destination
547 * @param tnq message to queue
550 send_packet_to_mesh_tunnel (struct GNUNET_MESH_Tunnel *mesh_tunnel,
551 struct TunnelMessageQueue *tnq)
553 struct TunnelState *s;
555 s = GNUNET_MESH_tunnel_get_data (mesh_tunnel);
556 GNUNET_assert (NULL != s);
557 GNUNET_CONTAINER_DLL_insert_tail (s->head, s->tail, tnq);
559 s->th = GNUNET_MESH_notify_transmit_ready (mesh_tunnel, GNUNET_NO /* cork */, 0 /* priority */,
560 GNUNET_TIME_UNIT_FOREVER_REL,
562 &send_to_peer_notify_callback,
568 * @brief Handles an ICMP packet received from the helper.
570 * @param icmp A pointer to the Packet
571 * @param pktlen number of bytes in 'icmp'
572 * @param af address family (AFINET or AF_INET6)
573 * @param destination_ip destination IP-address of the IP packet (should
574 * be our local address)
575 * @param source_ip original source IP-address of the IP packet (should
576 * be the original destination address)
579 icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp,
582 const void *destination_ip,
583 const void *source_ip)
585 struct TunnelState *state;
586 struct TunnelMessageQueue *tnq;
587 struct GNUNET_EXIT_IcmpToVPNMessage *i2v;
588 const struct GNUNET_TUN_IPv4Header *ipv4;
589 const struct GNUNET_TUN_IPv6Header *ipv6;
590 const struct GNUNET_TUN_UdpHeader *udp;
597 char sbuf[INET6_ADDRSTRLEN];
598 char dbuf[INET6_ADDRSTRLEN];
599 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
600 "Received ICMP packet going from %s to %s\n",
603 sbuf, sizeof (sbuf)),
606 dbuf, sizeof (dbuf)));
608 if (pktlen < sizeof (struct GNUNET_TUN_IcmpHeader))
615 /* Find out if this is an ICMP packet in response to an existing
616 TCP/UDP packet and if so, figure out ports / protocol of the
617 existing session from the IP data in the ICMP payload */
620 protocol = IPPROTO_ICMP;
626 case GNUNET_TUN_ICMPTYPE_ECHO_REPLY:
627 case GNUNET_TUN_ICMPTYPE_ECHO_REQUEST:
629 case GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE:
630 case GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH:
631 case GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED:
633 sizeof (struct GNUNET_TUN_IcmpHeader) +
634 sizeof (struct GNUNET_TUN_IPv4Header) + 8)
640 ipv4 = (const struct GNUNET_TUN_IPv4Header *) &icmp[1];
641 protocol = ipv4->protocol;
642 /* could be TCP or UDP, but both have the ports in the right
643 place, so that doesn't matter here */
644 udp = (const struct GNUNET_TUN_UdpHeader *) &ipv4[1];
645 spt = ntohs (udp->spt);
646 dpt = ntohs (udp->dpt);
647 /* throw away ICMP payload, won't be useful for the other side anyway */
648 pktlen = sizeof (struct GNUNET_TUN_IcmpHeader);
651 GNUNET_STATISTICS_update (stats,
652 gettext_noop ("# ICMPv4 packets dropped (not allowed)"),
660 case GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE:
661 case GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG:
662 case GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED:
663 case GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM:
665 sizeof (struct GNUNET_TUN_IcmpHeader) +
666 sizeof (struct GNUNET_TUN_IPv6Header) + 8)
672 ipv6 = (const struct GNUNET_TUN_IPv6Header *) &icmp[1];
673 protocol = ipv6->next_header;
674 /* could be TCP or UDP, but both have the ports in the right
675 place, so that doesn't matter here */
676 udp = (const struct GNUNET_TUN_UdpHeader *) &ipv6[1];
677 spt = ntohs (udp->spt);
678 dpt = ntohs (udp->dpt);
679 /* throw away ICMP payload, won't be useful for the other side anyway */
680 pktlen = sizeof (struct GNUNET_TUN_IcmpHeader);
682 case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST:
683 case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY:
686 GNUNET_STATISTICS_update (stats,
687 gettext_noop ("# ICMPv6 packets dropped (not allowed)"),
698 state = get_redirect_state (af, IPPROTO_ICMP,
704 state = get_redirect_state (af, IPPROTO_UDP,
712 state = get_redirect_state (af, IPPROTO_TCP,
720 GNUNET_STATISTICS_update (stats,
721 gettext_noop ("# ICMP packets dropped (not allowed)"),
727 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
728 _("ICMP Packet dropped, have no matching connection information\n"));
731 mlen = sizeof (struct GNUNET_EXIT_IcmpToVPNMessage) + pktlen - sizeof (struct GNUNET_TUN_IcmpHeader);
732 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueue) + mlen);
733 tnq->payload = &tnq[1];
735 i2v = (struct GNUNET_EXIT_IcmpToVPNMessage *) &tnq[1];
736 i2v->header.size = htons ((uint16_t) mlen);
737 i2v->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_VPN);
738 i2v->af = htonl (af);
739 memcpy (&i2v->icmp_header,
742 send_packet_to_mesh_tunnel (state->tunnel,
748 * @brief Handles an UDP packet received from the helper.
750 * @param udp A pointer to the Packet
751 * @param pktlen number of bytes in 'udp'
752 * @param af address family (AFINET or AF_INET6)
753 * @param destination_ip destination IP-address of the IP packet (should
754 * be our local address)
755 * @param source_ip original source IP-address of the IP packet (should
756 * be the original destination address)
759 udp_from_helper (const struct GNUNET_TUN_UdpHeader *udp,
762 const void *destination_ip,
763 const void *source_ip)
765 struct TunnelState *state;
766 struct TunnelMessageQueue *tnq;
767 struct GNUNET_EXIT_UdpReplyMessage *urm;
771 char sbuf[INET6_ADDRSTRLEN];
772 char dbuf[INET6_ADDRSTRLEN];
773 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
774 "Received UDP packet going from %s:%u to %s:%u\n",
777 sbuf, sizeof (sbuf)),
778 (unsigned int) ntohs (udp->spt),
781 dbuf, sizeof (dbuf)),
782 (unsigned int) ntohs (udp->dpt));
784 if (pktlen < sizeof (struct GNUNET_TUN_UdpHeader))
790 if (pktlen != ntohs (udp->len))
796 state = get_redirect_state (af, IPPROTO_UDP,
804 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
805 _("UDP Packet dropped, have no matching connection information\n"));
808 mlen = sizeof (struct GNUNET_EXIT_UdpReplyMessage) + pktlen - sizeof (struct GNUNET_TUN_UdpHeader);
809 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueue) + mlen);
810 tnq->payload = &tnq[1];
812 urm = (struct GNUNET_EXIT_UdpReplyMessage *) &tnq[1];
813 urm->header.size = htons ((uint16_t) mlen);
814 urm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_UDP_REPLY);
815 urm->source_port = htons (0);
816 urm->destination_port = htons (0);
819 pktlen - sizeof (struct GNUNET_TUN_UdpHeader));
820 send_packet_to_mesh_tunnel (state->tunnel,
826 * @brief Handles a TCP packet received from the helper.
828 * @param tcp A pointer to the Packet
829 * @param pktlen the length of the packet, including its TCP header
830 * @param af address family (AFINET or AF_INET6)
831 * @param destination_ip destination IP-address of the IP packet (should
832 * be our local address)
833 * @param source_ip original source IP-address of the IP packet (should
834 * be the original destination address)
837 tcp_from_helper (const struct GNUNET_TUN_TcpHeader *tcp,
840 const void *destination_ip,
841 const void *source_ip)
843 struct TunnelState *state;
845 struct GNUNET_TUN_TcpHeader *mtcp;
846 struct GNUNET_EXIT_TcpDataMessage *tdm;
847 struct TunnelMessageQueue *tnq;
851 char sbuf[INET6_ADDRSTRLEN];
852 char dbuf[INET6_ADDRSTRLEN];
853 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
854 "Received TCP packet with %u bytes going from %s:%u to %s:%u\n",
855 pktlen - sizeof (struct GNUNET_TUN_TcpHeader),
858 sbuf, sizeof (sbuf)),
859 (unsigned int) ntohs (tcp->spt),
862 dbuf, sizeof (dbuf)),
863 (unsigned int) ntohs (tcp->dpt));
865 if (pktlen < sizeof (struct GNUNET_TUN_TcpHeader))
871 state = get_redirect_state (af, IPPROTO_TCP,
879 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
880 _("TCP Packet dropped, have no matching connection information\n"));
884 /* mug port numbers and crc to avoid information leakage;
885 sender will need to lookup the correct values anyway */
886 memcpy (buf, tcp, pktlen);
887 mtcp = (struct GNUNET_TUN_TcpHeader *) buf;
892 mlen = sizeof (struct GNUNET_EXIT_TcpDataMessage) + (pktlen - sizeof (struct GNUNET_TUN_TcpHeader));
893 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
899 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueue) + mlen);
900 tnq->payload = &tnq[1];
902 tdm = (struct GNUNET_EXIT_TcpDataMessage *) &tnq[1];
903 tdm->header.size = htons ((uint16_t) mlen);
904 tdm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_VPN);
905 tdm->reserved = htonl (0);
906 memcpy (&tdm->tcp_header,
909 send_packet_to_mesh_tunnel (state->tunnel,
915 * Receive packets from the helper-process
918 * @param client unsued
919 * @param message message received from helper
922 message_token (void *cls GNUNET_UNUSED, void *client GNUNET_UNUSED,
923 const struct GNUNET_MessageHeader *message)
925 const struct GNUNET_TUN_Layer2PacketHeader *pkt_tun;
928 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
929 "Got %u-byte message of type %u from gnunet-helper-exit\n",
930 ntohs (message->size),
931 ntohs (message->type));
932 GNUNET_STATISTICS_update (stats,
933 gettext_noop ("# Packets received from TUN"),
935 if (ntohs (message->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER)
940 size = ntohs (message->size);
941 if (size < sizeof (struct GNUNET_TUN_Layer2PacketHeader) + sizeof (struct GNUNET_MessageHeader))
946 GNUNET_STATISTICS_update (stats,
947 gettext_noop ("# Bytes received from TUN"),
949 pkt_tun = (const struct GNUNET_TUN_Layer2PacketHeader *) &message[1];
950 size -= sizeof (struct GNUNET_TUN_Layer2PacketHeader) + sizeof (struct GNUNET_MessageHeader);
951 switch (ntohs (pkt_tun->proto))
955 const struct GNUNET_TUN_IPv4Header *pkt4;
957 if (size < sizeof (struct GNUNET_TUN_IPv4Header))
959 /* Kernel to blame? */
963 pkt4 = (const struct GNUNET_TUN_IPv4Header *) &pkt_tun[1];
964 if (size != ntohs (pkt4->total_length))
966 /* Kernel to blame? */
970 if (pkt4->header_length * 4 != sizeof (struct GNUNET_TUN_IPv4Header))
972 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
973 _("IPv4 packet options received. Ignored.\n"));
977 size -= sizeof (struct GNUNET_TUN_IPv4Header);
978 switch (pkt4->protocol)
981 udp_from_helper ((const struct GNUNET_TUN_UdpHeader *) &pkt4[1], size,
983 &pkt4->destination_address,
984 &pkt4->source_address);
986 tcp_from_helper ((const struct GNUNET_TUN_TcpHeader *) &pkt4[1], size,
988 &pkt4->destination_address,
989 &pkt4->source_address);
992 icmp_from_helper ((const struct GNUNET_TUN_IcmpHeader *) &pkt4[1], size,
994 &pkt4->destination_address,
995 &pkt4->source_address);
998 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
999 _("IPv4 packet with unsupported next header received. Ignored.\n"));
1006 const struct GNUNET_TUN_IPv6Header *pkt6;
1008 if (size < sizeof (struct GNUNET_TUN_IPv6Header))
1010 /* Kernel to blame? */
1014 pkt6 = (struct GNUNET_TUN_IPv6Header *) &pkt_tun[1];
1015 if (size != ntohs (pkt6->payload_length))
1017 /* Kernel to blame? */
1021 size -= sizeof (struct GNUNET_TUN_IPv6Header);
1022 switch (pkt6->next_header)
1025 udp_from_helper ((const struct GNUNET_TUN_UdpHeader *) &pkt6[1], size,
1027 &pkt6->destination_address,
1028 &pkt6->source_address);
1031 tcp_from_helper ((const struct GNUNET_TUN_TcpHeader *) &pkt6[1], size,
1033 &pkt6->destination_address,
1034 &pkt6->source_address);
1037 icmp_from_helper ((const struct GNUNET_TUN_IcmpHeader *) &pkt6[1], size,
1039 &pkt6->destination_address,
1040 &pkt6->source_address);
1043 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1044 _("IPv6 packet with unsupported next header received. Ignored.\n"));
1050 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1051 _("Packet from unknown protocol %u received. Ignored.\n"),
1052 ntohs (pkt_tun->proto));
1059 * We need to create a (unique) fresh local address (IP+port).
1062 * @param af desired address family
1063 * @param proto desired protocol (IPPROTO_UDP or IPPROTO_TCP)
1064 * @param local_address address to initialize
1067 setup_fresh_address (int af,
1069 struct SocketAddress *local_address)
1071 local_address->af = af;
1072 local_address->proto = (uint8_t) proto;
1073 /* default "local" port range is often 32768--61000,
1074 so we pick a random value in that range */
1075 if (proto == IPPROTO_ICMP)
1076 local_address->port = 0;
1079 = (uint16_t) 32768 + GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1085 struct in_addr addr;
1086 struct in_addr mask;
1089 addr = exit_ipv4addr;
1090 mask = exit_ipv4mask;
1091 if (0 == ~mask.s_addr)
1093 /* only one valid IP anyway */
1094 local_address->address.ipv4 = addr;
1097 /* Given 192.168.0.1/255.255.0.0, we want a mask
1098 of '192.168.255.255', thus: */
1099 mask.s_addr = addr.s_addr | ~mask.s_addr;
1100 /* Pick random IPv4 address within the subnet, except 'addr' or 'mask' itself */
1103 rnd.s_addr = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1105 local_address->address.ipv4.s_addr = (addr.s_addr | rnd.s_addr) & mask.s_addr;
1107 while ( (local_address->address.ipv4.s_addr == addr.s_addr) ||
1108 (local_address->address.ipv4.s_addr == mask.s_addr) );
1113 struct in6_addr addr;
1114 struct in6_addr mask;
1115 struct in6_addr rnd;
1118 addr = exit_ipv6addr;
1119 GNUNET_assert (ipv6prefix < 128);
1120 if (ipv6prefix == 127)
1122 /* only one valid IP anyway */
1123 local_address->address.ipv6 = addr;
1126 /* Given ABCD::/96, we want a mask of 'ABCD::FFFF:FFFF,
1129 for (i=127;i>=128-ipv6prefix;i--)
1130 mask.s6_addr[i / 8] |= (1 << (i % 8));
1132 /* Pick random IPv6 address within the subnet, except 'addr' or 'mask' itself */
1137 rnd.s6_addr[i] = (unsigned char) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1139 local_address->address.ipv6.s6_addr[i]
1140 = (addr.s6_addr[i] | rnd.s6_addr[i]) & mask.s6_addr[i];
1143 while ( (0 == memcmp (&local_address->address.ipv6,
1145 sizeof (struct in6_addr))) ||
1146 (0 == memcmp (&local_address->address.ipv6,
1148 sizeof (struct in6_addr))) );
1158 * We are starting a fresh connection (TCP or UDP) and need
1159 * to pick a source port and IP address (within the correct
1160 * range and address family) to associate replies with the
1161 * connection / correct mesh tunnel. This function generates
1162 * a "fresh" source IP and source port number for a connection
1163 * After picking a good source address, this function sets up
1164 * the state in the 'connections_map' and 'connections_heap'
1165 * to allow finding the state when needed later. The function
1166 * also makes sure that we remain within memory limits by
1167 * cleaning up 'old' states.
1169 * @param state skeleton state to setup a record for; should
1170 * 'state->ri.remote_address' filled in so that
1171 * this code can determine which AF/protocol is
1172 * going to be used (the 'tunnel' should also
1173 * already be set); after calling this function,
1174 * heap_node and the local_address will be
1175 * also initialized (heap_node != NULL can be
1176 * used to test if a state has been fully setup).
1179 setup_state_record (struct TunnelState *state)
1181 GNUNET_HashCode key;
1182 struct TunnelState *s;
1184 /* generate fresh, unique address */
1187 if (NULL == state->serv)
1188 setup_fresh_address (state->ri.remote_address.af,
1189 state->ri.remote_address.proto,
1190 &state->ri.local_address);
1192 setup_fresh_address (state->serv->address.af,
1193 state->serv->address.proto,
1194 &state->ri.local_address);
1195 } while (NULL != get_redirect_state (state->ri.remote_address.af,
1196 state->ri.remote_address.proto,
1197 &state->ri.remote_address.address,
1198 state->ri.remote_address.port,
1199 &state->ri.local_address.address,
1200 state->ri.local_address.port,
1203 char buf[INET6_ADDRSTRLEN];
1204 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1205 "Picked local address %s:%u for new connection\n",
1206 inet_ntop (state->ri.local_address.af,
1207 &state->ri.local_address.address,
1209 (unsigned int) state->ri.local_address.port);
1211 state->state_key = key;
1212 GNUNET_assert (GNUNET_OK ==
1213 GNUNET_CONTAINER_multihashmap_put (connections_map,
1215 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
1216 state->heap_node = GNUNET_CONTAINER_heap_insert (connections_heap,
1218 GNUNET_TIME_absolute_get ().abs_value);
1219 while (GNUNET_CONTAINER_heap_get_size (connections_heap) > max_connections)
1221 s = GNUNET_CONTAINER_heap_remove_root (connections_heap);
1222 GNUNET_assert (state != s);
1223 s->heap_node = NULL;
1224 GNUNET_MESH_tunnel_destroy (s->tunnel);
1225 GNUNET_assert (GNUNET_OK ==
1226 GNUNET_CONTAINER_multihashmap_remove (connections_map,
1235 * Prepare an IPv4 packet for transmission via the TUN interface.
1236 * Initializes the IP header and calculates checksums (IP+UDP/TCP).
1237 * For UDP, the UDP header will be fully created, whereas for TCP
1238 * only the ports and checksum will be filled in. So for TCP,
1239 * a skeleton TCP header must be part of the provided payload.
1241 * @param payload payload of the packet (starting with UDP payload or
1242 * TCP header, depending on protocol)
1243 * @param payload_length number of bytes in 'payload'
1244 * @param protocol IPPROTO_UDP or IPPROTO_TCP
1245 * @param src_address source address to use (IP and port)
1246 * @param dst_address destination address to use (IP and port)
1247 * @param pkt6 where to write the assembled packet; must
1248 * contain enough space for the IP header, UDP/TCP header
1252 prepare_ipv4_packet (const void *payload, size_t payload_length,
1254 const struct GNUNET_TUN_TcpHeader *tcp_header,
1255 const struct SocketAddress *src_address,
1256 const struct SocketAddress *dst_address,
1257 struct GNUNET_TUN_IPv4Header *pkt4)
1261 len = payload_length;
1265 len += sizeof (struct GNUNET_TUN_UdpHeader);
1268 len += sizeof (struct GNUNET_TUN_TcpHeader);
1269 GNUNET_assert (NULL != tcp_header);
1275 if (len + sizeof (struct GNUNET_TUN_IPv4Header) > UINT16_MAX)
1281 GNUNET_TUN_initialize_ipv4_header (pkt4,
1284 &src_address->address.ipv4,
1285 &dst_address->address.ipv4);
1290 struct GNUNET_TUN_UdpHeader *pkt4_udp = (struct GNUNET_TUN_UdpHeader *) &pkt4[1];
1292 pkt4_udp->spt = htons (src_address->port);
1293 pkt4_udp->dpt = htons (dst_address->port);
1294 pkt4_udp->len = htons ((uint16_t) payload_length);
1295 GNUNET_TUN_calculate_udp4_checksum (pkt4,
1297 payload, payload_length);
1298 memcpy (&pkt4_udp[1], payload, payload_length);
1303 struct GNUNET_TUN_TcpHeader *pkt4_tcp = (struct GNUNET_TUN_TcpHeader *) &pkt4[1];
1305 memcpy (pkt4_tcp, tcp_header, sizeof (struct GNUNET_TUN_TcpHeader));
1306 pkt4_tcp->spt = htons (src_address->port);
1307 pkt4_tcp->dpt = htons (dst_address->port);
1308 GNUNET_TUN_calculate_tcp4_checksum (pkt4,
1312 memcpy (&pkt4_tcp[1], payload, payload_length);
1322 * Prepare an IPv6 packet for transmission via the TUN interface.
1323 * Initializes the IP header and calculates checksums (IP+UDP/TCP).
1324 * For UDP, the UDP header will be fully created, whereas for TCP
1325 * only the ports and checksum will be filled in. So for TCP,
1326 * a skeleton TCP header must be part of the provided payload.
1328 * @param payload payload of the packet (starting with UDP payload or
1329 * TCP header, depending on protocol)
1330 * @param payload_length number of bytes in 'payload'
1331 * @param protocol IPPROTO_UDP or IPPROTO_TCP
1332 * @param src_address source address to use (IP and port)
1333 * @param dst_address destination address to use (IP and port)
1334 * @param pkt6 where to write the assembled packet; must
1335 * contain enough space for the IP header, UDP/TCP header
1339 prepare_ipv6_packet (const void *payload, size_t payload_length,
1341 const struct GNUNET_TUN_TcpHeader *tcp_header,
1342 const struct SocketAddress *src_address,
1343 const struct SocketAddress *dst_address,
1344 struct GNUNET_TUN_IPv6Header *pkt6)
1348 len = payload_length;
1352 len += sizeof (struct GNUNET_TUN_UdpHeader);
1355 /* tcp_header (with port/crc not set) must be part of payload! */
1356 if (len < sizeof (struct GNUNET_TUN_TcpHeader))
1366 if (len > UINT16_MAX)
1372 GNUNET_TUN_initialize_ipv6_header (pkt6,
1375 &dst_address->address.ipv6,
1376 &src_address->address.ipv6);
1382 struct GNUNET_TUN_UdpHeader *pkt6_udp = (struct GNUNET_TUN_UdpHeader *) &pkt6[1];
1384 pkt6_udp->spt = htons (src_address->port);
1385 pkt6_udp->dpt = htons (dst_address->port);
1386 pkt6_udp->len = htons ((uint16_t) payload_length);
1388 GNUNET_TUN_calculate_udp6_checksum (pkt6,
1392 memcpy (&pkt6[1], payload, payload_length);
1397 struct GNUNET_TUN_TcpHeader *pkt6_tcp = (struct GNUNET_TUN_TcpHeader *) pkt6;
1399 /* memcpy first here as some TCP header fields are initialized this way! */
1400 memcpy (pkt6_tcp, payload, payload_length);
1401 pkt6_tcp->spt = htons (src_address->port);
1402 pkt6_tcp->dpt = htons (dst_address->port);
1403 GNUNET_TUN_calculate_tcp6_checksum (pkt6,
1417 * Send a TCP packet via the TUN interface.
1419 * @param destination_address IP and port to use for the TCP packet's destination
1420 * @param source_address IP and port to use for the TCP packet's source
1421 * @param tcp header template to use
1422 * @param payload payload of the TCP packet
1423 * @param payload_length number of bytes in 'payload'
1426 send_tcp_packet_via_tun (const struct SocketAddress *destination_address,
1427 const struct SocketAddress *source_address,
1428 const struct GNUNET_TUN_TcpHeader *tcp_header,
1429 const void *payload, size_t payload_length)
1433 GNUNET_STATISTICS_update (stats,
1434 gettext_noop ("# TCP packets sent via TUN"),
1436 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1437 "Sending packet with %u bytes TCP payload via TUN\n",
1438 (unsigned int) payload_length);
1439 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
1440 switch (source_address->af)
1443 len += sizeof (struct GNUNET_TUN_IPv4Header);
1446 len += sizeof (struct GNUNET_TUN_IPv6Header);
1452 len += sizeof (struct GNUNET_TUN_TcpHeader);
1453 len += payload_length;
1454 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1461 struct GNUNET_MessageHeader *hdr;
1462 struct GNUNET_TUN_Layer2PacketHeader *tun;
1464 hdr = (struct GNUNET_MessageHeader *) buf;
1465 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1466 hdr->size = htons (len);
1467 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
1468 tun->flags = htons (0);
1469 switch (source_address->af)
1473 struct GNUNET_TUN_IPv4Header * ipv4 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
1475 tun->proto = htons (ETH_P_IPV4);
1476 prepare_ipv4_packet (payload, payload_length,
1480 destination_address,
1486 struct GNUNET_TUN_IPv6Header * ipv6 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
1488 tun->proto = htons (ETH_P_IPV6);
1489 prepare_ipv6_packet (payload, payload_length,
1493 destination_address,
1501 (void) GNUNET_HELPER_send (helper_handle,
1502 (const struct GNUNET_MessageHeader*) buf,
1510 * Process a request via mesh to send a request to a TCP service
1511 * offered by this system.
1513 * @param cls closure, NULL
1514 * @param tunnel connection to the other end
1515 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1516 * @param sender who sent the message
1517 * @param message the actual message
1518 * @param atsi performance data for the connection
1519 * @return GNUNET_OK to keep the connection open,
1520 * GNUNET_SYSERR to close it (signal serious error)
1523 receive_tcp_service (void *unused GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1524 void **tunnel_ctx GNUNET_UNUSED,
1525 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1526 const struct GNUNET_MessageHeader *message,
1527 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1529 struct TunnelState *state = *tunnel_ctx;
1530 const struct GNUNET_EXIT_TcpServiceStartMessage *start;
1531 uint16_t pkt_len = ntohs (message->size);
1533 GNUNET_STATISTICS_update (stats,
1534 gettext_noop ("# TCP service creation requests received via mesh"),
1536 GNUNET_STATISTICS_update (stats,
1537 gettext_noop ("# Bytes received from MESH"),
1538 pkt_len, GNUNET_NO);
1539 /* check that we got at least a valid header */
1540 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpServiceStartMessage))
1542 GNUNET_break_op (0);
1543 return GNUNET_SYSERR;
1545 start = (const struct GNUNET_EXIT_TcpServiceStartMessage*) message;
1546 pkt_len -= sizeof (struct GNUNET_EXIT_TcpServiceStartMessage);
1547 if ( (NULL == state) ||
1548 (NULL != state->serv) ||
1549 (NULL != state->heap_node) )
1551 GNUNET_break_op (0);
1552 return GNUNET_SYSERR;
1554 GNUNET_break_op (ntohl (start->reserved) == 0);
1555 /* setup fresh connection */
1556 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1557 "Received data from %s for forwarding to TCP service %s on port %u\n",
1558 GNUNET_i2s (sender),
1559 GNUNET_h2s (&start->service_descriptor),
1560 (unsigned int) ntohs (start->tcp_header.dpt));
1561 if (NULL == (state->serv = find_service (tcp_services, &start->service_descriptor,
1562 ntohs (start->tcp_header.dpt))))
1564 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1565 _("No service found for %s on port %d!\n"),
1567 ntohs (start->tcp_header.dpt));
1568 GNUNET_STATISTICS_update (stats,
1569 gettext_noop ("# TCP requests dropped (no such service)"),
1571 return GNUNET_SYSERR;
1573 state->ri.remote_address = state->serv->address;
1574 setup_state_record (state);
1575 send_tcp_packet_via_tun (&state->ri.remote_address,
1576 &state->ri.local_address,
1578 &start[1], pkt_len);
1584 * Process a request to forward TCP data to the Internet via this peer.
1586 * @param cls closure, NULL
1587 * @param tunnel connection to the other end
1588 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1589 * @param sender who sent the message
1590 * @param message the actual message
1591 * @param atsi performance data for the connection
1592 * @return GNUNET_OK to keep the connection open,
1593 * GNUNET_SYSERR to close it (signal serious error)
1596 receive_tcp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1597 void **tunnel_ctx GNUNET_UNUSED,
1598 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1599 const struct GNUNET_MessageHeader *message,
1600 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1602 struct TunnelState *state = *tunnel_ctx;
1603 const struct GNUNET_EXIT_TcpInternetStartMessage *start;
1604 uint16_t pkt_len = ntohs (message->size);
1605 const struct in_addr *v4;
1606 const struct in6_addr *v6;
1607 const void *payload;
1610 GNUNET_STATISTICS_update (stats,
1611 gettext_noop ("# Bytes received from MESH"),
1612 pkt_len, GNUNET_NO);
1613 GNUNET_STATISTICS_update (stats,
1614 gettext_noop ("# TCP IP-exit creation requests received via mesh"),
1616 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpInternetStartMessage))
1618 GNUNET_break_op (0);
1619 return GNUNET_SYSERR;
1621 start = (const struct GNUNET_EXIT_TcpInternetStartMessage*) message;
1622 pkt_len -= sizeof (struct GNUNET_EXIT_TcpInternetStartMessage);
1623 if ( (NULL == state) ||
1624 (NULL != state->serv) ||
1625 (NULL != state->heap_node) )
1627 GNUNET_break_op (0);
1628 return GNUNET_SYSERR;
1630 af = (int) ntohl (start->af);
1631 state->ri.remote_address.af = af;
1635 if (pkt_len < sizeof (struct in_addr))
1637 GNUNET_break_op (0);
1638 return GNUNET_SYSERR;
1642 GNUNET_break_op (0);
1643 return GNUNET_SYSERR;
1645 v4 = (const struct in_addr*) &start[1];
1647 pkt_len -= sizeof (struct in_addr);
1648 state->ri.remote_address.address.ipv4 = *v4;
1651 if (pkt_len < sizeof (struct in6_addr))
1653 GNUNET_break_op (0);
1654 return GNUNET_SYSERR;
1658 GNUNET_break_op (0);
1659 return GNUNET_SYSERR;
1661 v6 = (const struct in6_addr*) &start[1];
1663 pkt_len -= sizeof (struct in6_addr);
1664 state->ri.remote_address.address.ipv6 = *v6;
1667 GNUNET_break_op (0);
1668 return GNUNET_SYSERR;
1671 char buf[INET6_ADDRSTRLEN];
1672 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1673 "Received data from %s for starting TCP stream to %s:%u\n",
1674 GNUNET_i2s (sender),
1676 &state->ri.remote_address.address,
1678 (unsigned int) ntohs (start->tcp_header.dpt));
1681 state->ri.remote_address.proto = IPPROTO_TCP;
1682 state->ri.remote_address.port = ntohs (start->tcp_header.dpt);
1683 setup_state_record (state);
1684 send_tcp_packet_via_tun (&state->ri.remote_address,
1685 &state->ri.local_address,
1693 * Process a request to forward TCP data on an established
1694 * connection via this peer.
1696 * @param cls closure, NULL
1697 * @param tunnel connection to the other end
1698 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1699 * @param sender who sent the message
1700 * @param message the actual message
1701 * @param atsi performance data for the connection
1702 * @return GNUNET_OK to keep the connection open,
1703 * GNUNET_SYSERR to close it (signal serious error)
1706 receive_tcp_data (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1707 void **tunnel_ctx GNUNET_UNUSED,
1708 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1709 const struct GNUNET_MessageHeader *message,
1710 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1712 struct TunnelState *state = *tunnel_ctx;
1713 const struct GNUNET_EXIT_TcpDataMessage *data;
1714 uint16_t pkt_len = ntohs (message->size);
1716 GNUNET_STATISTICS_update (stats,
1717 gettext_noop ("# Bytes received from MESH"),
1718 pkt_len, GNUNET_NO);
1719 GNUNET_STATISTICS_update (stats,
1720 gettext_noop ("# TCP data requests received via mesh"),
1722 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpDataMessage))
1724 GNUNET_break_op (0);
1725 return GNUNET_SYSERR;
1727 data = (const struct GNUNET_EXIT_TcpDataMessage*) message;
1728 pkt_len -= sizeof (struct GNUNET_EXIT_TcpDataMessage);
1729 if ( (NULL == state) ||
1730 (NULL == state->heap_node) )
1732 /* connection should have been up! */
1733 GNUNET_STATISTICS_update (stats,
1734 gettext_noop ("# TCP DATA requests dropped (no session)"),
1736 return GNUNET_SYSERR;
1738 GNUNET_break_op (ntohl (data->reserved) == 0);
1740 char buf[INET6_ADDRSTRLEN];
1741 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1742 "Received additional %u bytes of data from %s for TCP stream to %s:%u\n",
1744 GNUNET_i2s (sender),
1745 inet_ntop (state->ri.remote_address.af,
1746 &state->ri.remote_address.address,
1748 (unsigned int) state->ri.remote_address.port);
1751 send_tcp_packet_via_tun (&state->ri.remote_address,
1752 &state->ri.local_address,
1760 * Send an ICMP packet via the TUN interface.
1762 * @param destination_address IP to use for the ICMP packet's destination
1763 * @param source_address IP to use for the ICMP packet's source
1764 * @param icmp_header ICMP header to send
1765 * @param payload payload of the ICMP packet (does NOT include ICMP header)
1766 * @param payload_length number of bytes of data in payload
1769 send_icmp_packet_via_tun (const struct SocketAddress *destination_address,
1770 const struct SocketAddress *source_address,
1771 const struct GNUNET_TUN_IcmpHeader *icmp_header,
1772 const void *payload, size_t payload_length)
1775 struct GNUNET_TUN_IcmpHeader *icmp;
1777 GNUNET_STATISTICS_update (stats,
1778 gettext_noop ("# ICMP packets sent via TUN"),
1780 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1781 "Sending packet with %u bytes ICMP payload via TUN\n",
1782 (unsigned int) payload_length);
1783 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
1784 switch (destination_address->af)
1787 len += sizeof (struct GNUNET_TUN_IPv4Header);
1790 len += sizeof (struct GNUNET_TUN_IPv6Header);
1796 len += sizeof (struct GNUNET_TUN_IcmpHeader);
1797 len += payload_length;
1798 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1805 struct GNUNET_MessageHeader *hdr;
1806 struct GNUNET_TUN_Layer2PacketHeader *tun;
1808 hdr= (struct GNUNET_MessageHeader *) buf;
1809 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1810 hdr->size = htons (len);
1811 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
1812 tun->flags = htons (0);
1813 switch (source_address->af)
1817 struct GNUNET_TUN_IPv4Header * ipv4 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
1819 tun->proto = htons (ETH_P_IPV4);
1820 GNUNET_TUN_initialize_ipv4_header (ipv4,
1822 sizeof (struct GNUNET_TUN_IcmpHeader) + payload_length,
1823 &source_address->address.ipv4,
1824 &destination_address->address.ipv4);
1825 icmp = (struct GNUNET_TUN_IcmpHeader*) &ipv4[1];
1830 struct GNUNET_TUN_IPv6Header * ipv6 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
1832 tun->proto = htons (ETH_P_IPV6);
1833 GNUNET_TUN_initialize_ipv6_header (ipv6,
1835 sizeof (struct GNUNET_TUN_IcmpHeader) + payload_length,
1836 &source_address->address.ipv6,
1837 &destination_address->address.ipv6);
1838 icmp = (struct GNUNET_TUN_IcmpHeader*) &ipv6[1];
1845 *icmp = *icmp_header;
1849 GNUNET_TUN_calculate_icmp_checksum (icmp,
1852 (void) GNUNET_HELPER_send (helper_handle,
1853 (const struct GNUNET_MessageHeader*) buf,
1861 * Process a request to forward ICMP data to the Internet via this peer.
1863 * @param cls closure, NULL
1864 * @param tunnel connection to the other end
1865 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1866 * @param sender who sent the message
1867 * @param message the actual message
1868 * @param atsi performance data for the connection
1869 * @return GNUNET_OK to keep the connection open,
1870 * GNUNET_SYSERR to close it (signal serious error)
1873 receive_icmp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1874 void **tunnel_ctx GNUNET_UNUSED,
1875 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1876 const struct GNUNET_MessageHeader *message,
1877 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1879 struct TunnelState *state = *tunnel_ctx;
1880 const struct GNUNET_EXIT_IcmpInternetMessage *msg;
1881 uint16_t pkt_len = ntohs (message->size);
1882 const struct in_addr *v4;
1883 const struct in6_addr *v6;
1884 const void *payload;
1887 GNUNET_STATISTICS_update (stats,
1888 gettext_noop ("# Bytes received from MESH"),
1889 pkt_len, GNUNET_NO);
1890 GNUNET_STATISTICS_update (stats,
1891 gettext_noop ("# ICMP IP-exit requests received via mesh"),
1893 if (pkt_len < sizeof (struct GNUNET_EXIT_IcmpInternetMessage))
1895 GNUNET_break_op (0);
1896 return GNUNET_SYSERR;
1898 msg = (const struct GNUNET_EXIT_IcmpInternetMessage*) message;
1899 pkt_len -= sizeof (struct GNUNET_EXIT_IcmpInternetMessage);
1901 af = (int) ntohl (msg->af);
1902 state->ri.remote_address.af = af;
1906 if (pkt_len < sizeof (struct in_addr))
1908 GNUNET_break_op (0);
1909 return GNUNET_SYSERR;
1913 GNUNET_break_op (0);
1914 return GNUNET_SYSERR;
1916 v4 = (const struct in_addr*) &msg[1];
1918 pkt_len -= sizeof (struct in_addr);
1919 state->ri.remote_address.address.ipv4 = *v4;
1922 if (pkt_len < sizeof (struct in6_addr))
1924 GNUNET_break_op (0);
1925 return GNUNET_SYSERR;
1929 GNUNET_break_op (0);
1930 return GNUNET_SYSERR;
1932 v6 = (const struct in6_addr*) &msg[1];
1934 pkt_len -= sizeof (struct in6_addr);
1935 state->ri.remote_address.address.ipv6 = *v6;
1938 GNUNET_break_op (0);
1939 return GNUNET_SYSERR;
1943 char buf[INET6_ADDRSTRLEN];
1944 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1945 "Received ICMP data from %s for forwarding to %s\n",
1946 GNUNET_i2s (sender),
1948 &state->ri.remote_address.address,
1949 buf, sizeof (buf)));
1952 /* FIXME: check that ICMP type is something we want to support */
1954 state->ri.remote_address.proto = IPPROTO_ICMP;
1955 state->ri.remote_address.port = 0;
1956 state->ri.local_address.port = 0;
1957 if (NULL == state->heap_node)
1958 setup_state_record (state);
1960 send_icmp_packet_via_tun (&state->ri.remote_address,
1961 &state->ri.local_address,
1969 * Process a request via mesh to send ICMP data to a service
1970 * offered by this system.
1972 * @param cls closure, NULL
1973 * @param tunnel connection to the other end
1974 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1975 * @param sender who sent the message
1976 * @param message the actual message
1977 * @param atsi performance data for the connection
1978 * @return GNUNET_OK to keep the connection open,
1979 * GNUNET_SYSERR to close it (signal serious error)
1982 receive_icmp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1984 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1985 const struct GNUNET_MessageHeader *message,
1986 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1988 struct TunnelState *state = *tunnel_ctx;
1989 const struct GNUNET_EXIT_IcmpServiceMessage *msg;
1990 uint16_t pkt_len = ntohs (message->size);
1992 GNUNET_STATISTICS_update (stats,
1993 gettext_noop ("# Bytes received from MESH"),
1994 pkt_len, GNUNET_NO);
1995 GNUNET_STATISTICS_update (stats,
1996 gettext_noop ("# ICMP service requests received via mesh"),
1998 /* check that we got at least a valid header */
1999 if (pkt_len < sizeof (struct GNUNET_EXIT_IcmpServiceMessage))
2001 GNUNET_break_op (0);
2002 return GNUNET_SYSERR;
2004 msg = (const struct GNUNET_EXIT_IcmpServiceMessage*) message;
2005 pkt_len -= sizeof (struct GNUNET_EXIT_IcmpServiceMessage);
2006 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2007 "Received data from %s for forwarding to ICMP service %s\n",
2008 GNUNET_i2s (sender),
2009 GNUNET_h2s (&msg->service_descriptor));
2010 if (NULL == state->serv)
2012 /* first packet to service must not be ICMP (cannot determine service!) */
2013 GNUNET_break_op (0);
2014 return GNUNET_SYSERR;
2016 if (state->serv->address.af != ntohl (msg->af))
2018 GNUNET_STATISTICS_update (stats,
2019 gettext_noop ("# ICMP service requests discarded (incompatible af)"),
2021 return GNUNET_SYSERR;
2024 /* FIXME: check that ICMP type is something we want to support */
2026 state->ri.remote_address = state->serv->address;
2027 setup_state_record (state);
2029 send_icmp_packet_via_tun (&state->ri.remote_address,
2030 &state->ri.local_address,
2038 * Send a UDP packet via the TUN interface.
2040 * @param destination_address IP and port to use for the UDP packet's destination
2041 * @param source_address IP and port to use for the UDP packet's source
2042 * @param payload payload of the UDP packet (does NOT include UDP header)
2043 * @param payload_length number of bytes of data in payload
2046 send_udp_packet_via_tun (const struct SocketAddress *destination_address,
2047 const struct SocketAddress *source_address,
2048 const void *payload, size_t payload_length)
2052 GNUNET_STATISTICS_update (stats,
2053 gettext_noop ("# UDP packets sent via TUN"),
2055 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2056 "Sending packet with %u bytes UDP payload via TUN\n",
2057 (unsigned int) payload_length);
2058 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
2059 switch (source_address->af)
2062 len += sizeof (struct GNUNET_TUN_IPv4Header);
2065 len += sizeof (struct GNUNET_TUN_IPv6Header);
2071 len += sizeof (struct GNUNET_TUN_UdpHeader);
2072 len += payload_length;
2073 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
2080 struct GNUNET_MessageHeader *hdr;
2081 struct GNUNET_TUN_Layer2PacketHeader *tun;
2083 hdr= (struct GNUNET_MessageHeader *) buf;
2084 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
2085 hdr->size = htons (len);
2086 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
2087 tun->flags = htons (0);
2088 switch (source_address->af)
2092 struct GNUNET_TUN_IPv4Header * ipv4 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
2094 tun->proto = htons (ETH_P_IPV4);
2095 prepare_ipv4_packet (payload, payload_length,
2099 destination_address,
2105 struct GNUNET_TUN_IPv6Header * ipv6 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
2107 tun->proto = htons (ETH_P_IPV6);
2108 prepare_ipv6_packet (payload, payload_length,
2112 destination_address,
2120 (void) GNUNET_HELPER_send (helper_handle,
2121 (const struct GNUNET_MessageHeader*) buf,
2129 * Process a request to forward UDP data to the Internet via this peer.
2131 * @param cls closure, NULL
2132 * @param tunnel connection to the other end
2133 * @param tunnel_ctx pointer to our 'struct TunnelState *'
2134 * @param sender who sent the message
2135 * @param message the actual message
2136 * @param atsi performance data for the connection
2137 * @return GNUNET_OK to keep the connection open,
2138 * GNUNET_SYSERR to close it (signal serious error)
2141 receive_udp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
2142 void **tunnel_ctx GNUNET_UNUSED,
2143 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
2144 const struct GNUNET_MessageHeader *message,
2145 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
2147 struct TunnelState *state = *tunnel_ctx;
2148 const struct GNUNET_EXIT_UdpInternetMessage *msg;
2149 uint16_t pkt_len = ntohs (message->size);
2150 const struct in_addr *v4;
2151 const struct in6_addr *v6;
2152 const void *payload;
2155 GNUNET_STATISTICS_update (stats,
2156 gettext_noop ("# Bytes received from MESH"),
2157 pkt_len, GNUNET_NO);
2158 GNUNET_STATISTICS_update (stats,
2159 gettext_noop ("# UDP IP-exit requests received via mesh"),
2161 if (pkt_len < sizeof (struct GNUNET_EXIT_UdpInternetMessage))
2163 GNUNET_break_op (0);
2164 return GNUNET_SYSERR;
2166 msg = (const struct GNUNET_EXIT_UdpInternetMessage*) message;
2167 pkt_len -= sizeof (struct GNUNET_EXIT_UdpInternetMessage);
2168 af = (int) ntohl (msg->af);
2169 state->ri.remote_address.af = af;
2173 if (pkt_len < sizeof (struct in_addr))
2175 GNUNET_break_op (0);
2176 return GNUNET_SYSERR;
2180 GNUNET_break_op (0);
2181 return GNUNET_SYSERR;
2183 v4 = (const struct in_addr*) &msg[1];
2185 pkt_len -= sizeof (struct in_addr);
2186 state->ri.remote_address.address.ipv4 = *v4;
2189 if (pkt_len < sizeof (struct in6_addr))
2191 GNUNET_break_op (0);
2192 return GNUNET_SYSERR;
2196 GNUNET_break_op (0);
2197 return GNUNET_SYSERR;
2199 v6 = (const struct in6_addr*) &msg[1];
2201 pkt_len -= sizeof (struct in6_addr);
2202 state->ri.remote_address.address.ipv6 = *v6;
2205 GNUNET_break_op (0);
2206 return GNUNET_SYSERR;
2209 char buf[INET6_ADDRSTRLEN];
2210 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2211 "Received data from %s for forwarding to UDP %s:%u\n",
2212 GNUNET_i2s (sender),
2214 &state->ri.remote_address.address,
2216 (unsigned int) ntohs (msg->destination_port));
2218 state->ri.remote_address.proto = IPPROTO_UDP;
2219 state->ri.remote_address.port = msg->destination_port;
2220 if (NULL == state->heap_node)
2221 setup_state_record (state);
2222 if (0 != ntohs (msg->source_port))
2223 state->ri.local_address.port = msg->source_port;
2224 send_udp_packet_via_tun (&state->ri.remote_address,
2225 &state->ri.local_address,
2232 * Process a request via mesh to send a request to a UDP service
2233 * offered by this system.
2235 * @param cls closure, NULL
2236 * @param tunnel connection to the other end
2237 * @param tunnel_ctx pointer to our 'struct TunnelState *'
2238 * @param sender who sent the message
2239 * @param message the actual message
2240 * @param atsi performance data for the connection
2241 * @return GNUNET_OK to keep the connection open,
2242 * GNUNET_SYSERR to close it (signal serious error)
2245 receive_udp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
2247 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
2248 const struct GNUNET_MessageHeader *message,
2249 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
2251 struct TunnelState *state = *tunnel_ctx;
2252 const struct GNUNET_EXIT_UdpServiceMessage *msg;
2253 uint16_t pkt_len = ntohs (message->size);
2255 GNUNET_STATISTICS_update (stats,
2256 gettext_noop ("# Bytes received from MESH"),
2257 pkt_len, GNUNET_NO);
2258 GNUNET_STATISTICS_update (stats,
2259 gettext_noop ("# UDP service requests received via mesh"),
2261 /* check that we got at least a valid header */
2262 if (pkt_len < sizeof (struct GNUNET_EXIT_UdpServiceMessage))
2264 GNUNET_break_op (0);
2265 return GNUNET_SYSERR;
2267 msg = (const struct GNUNET_EXIT_UdpServiceMessage*) message;
2268 pkt_len -= sizeof (struct GNUNET_EXIT_UdpServiceMessage);
2269 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2270 "Received data from %s for forwarding to UDP service %s on port %u\n",
2271 GNUNET_i2s (sender),
2272 GNUNET_h2s (&msg->service_descriptor),
2273 (unsigned int) ntohs (msg->destination_port));
2274 if (NULL == (state->serv = find_service (udp_services, &msg->service_descriptor,
2275 ntohs (msg->destination_port))))
2277 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
2278 _("No service found for %s on port %d!\n"),
2280 ntohs (msg->destination_port));
2281 GNUNET_STATISTICS_update (stats,
2282 gettext_noop ("# UDP requests dropped (no such service)"),
2284 return GNUNET_SYSERR;
2286 state->ri.remote_address = state->serv->address;
2287 setup_state_record (state);
2288 if (0 != ntohs (msg->source_port))
2289 state->ri.local_address.port = msg->source_port;
2290 send_udp_packet_via_tun (&state->ri.remote_address,
2291 &state->ri.local_address,
2298 * Callback from GNUNET_MESH for new tunnels.
2300 * @param cls closure
2301 * @param tunnel new handle to the tunnel
2302 * @param initiator peer that started the tunnel
2303 * @param atsi performance information for the tunnel
2304 * @return initial tunnel context for the tunnel
2307 new_tunnel (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
2308 const struct GNUNET_PeerIdentity *initiator GNUNET_UNUSED,
2309 const struct GNUNET_ATS_Information *ats GNUNET_UNUSED)
2311 struct TunnelState *s = GNUNET_malloc (sizeof (struct TunnelState));
2313 GNUNET_STATISTICS_update (stats,
2314 gettext_noop ("# Inbound MESH tunnels created"),
2316 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2317 "Received inbound tunnel from `%s'\n",
2318 GNUNET_i2s (initiator));
2325 * Function called by mesh whenever an inbound tunnel is destroyed.
2326 * Should clean up any associated state.
2328 * @param cls closure (set from GNUNET_MESH_connect)
2329 * @param tunnel connection to the other end (henceforth invalid)
2330 * @param tunnel_ctx place where local state associated
2331 * with the tunnel is stored
2334 clean_tunnel (void *cls GNUNET_UNUSED, const struct GNUNET_MESH_Tunnel *tunnel,
2337 struct TunnelState *s = tunnel_ctx;
2338 struct TunnelMessageQueue *tnq;
2340 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2341 "Tunnel destroyed\n");
2342 while (NULL != (tnq = s->head))
2344 GNUNET_CONTAINER_DLL_remove (s->head,
2349 if (s->heap_node != NULL)
2351 GNUNET_assert (GNUNET_YES ==
2352 GNUNET_CONTAINER_multihashmap_remove (connections_map,
2355 GNUNET_CONTAINER_heap_remove_node (s->heap_node);
2356 s->heap_node = NULL;
2360 GNUNET_MESH_notify_transmit_ready_cancel (s->th);
2368 * Function that frees everything from a hashmap
2372 * @param value value to free
2375 free_iterate (void *cls GNUNET_UNUSED,
2376 const GNUNET_HashCode * hash GNUNET_UNUSED, void *value)
2378 GNUNET_free (value);
2384 * Function scheduled as very last function, cleans up after us
2387 cleanup (void *cls GNUNET_UNUSED,
2388 const struct GNUNET_SCHEDULER_TaskContext *tskctx)
2392 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2393 "Exit service is shutting down now\n");
2394 if (helper_handle != NULL)
2396 GNUNET_HELPER_stop (helper_handle);
2397 helper_handle = NULL;
2399 if (mesh_handle != NULL)
2401 GNUNET_MESH_disconnect (mesh_handle);
2404 if (NULL != connections_map)
2406 GNUNET_CONTAINER_multihashmap_iterate (connections_map, &free_iterate, NULL);
2407 GNUNET_CONTAINER_multihashmap_destroy (connections_map);
2408 connections_map = NULL;
2410 if (NULL != connections_heap)
2412 GNUNET_CONTAINER_heap_destroy (connections_heap);
2413 connections_heap = NULL;
2415 if (NULL != tcp_services)
2417 GNUNET_CONTAINER_multihashmap_iterate (tcp_services, &free_service_record, NULL);
2418 GNUNET_CONTAINER_multihashmap_destroy (tcp_services);
2419 tcp_services = NULL;
2421 if (NULL != udp_services)
2423 GNUNET_CONTAINER_multihashmap_iterate (udp_services, &free_service_record, NULL);
2424 GNUNET_CONTAINER_multihashmap_destroy (udp_services);
2425 udp_services = NULL;
2429 GNUNET_STATISTICS_destroy (stats, GNUNET_YES);
2433 GNUNET_free_non_null (exit_argv[i]);
2438 * Add services to the service map.
2440 * @param proto IPPROTO_TCP or IPPROTO_UDP
2441 * @param cpy copy of the service descriptor (can be mutilated)
2442 * @param name DNS name of the service
2445 add_services (int proto,
2452 struct LocalService *serv;
2454 for (redirect = strtok (cpy, " "); redirect != NULL;
2455 redirect = strtok (NULL, " "))
2457 if (NULL == (hostname = strstr (redirect, ":")))
2459 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2460 "option `%s' for domain `%s' is not formatted correctly!\n",
2467 if (NULL == (hostport = strstr (hostname, ":")))
2469 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2470 "option `%s' for domain `%s' is not formatted correctly!\n",
2478 int local_port = atoi (redirect);
2479 int remote_port = atoi (hostport);
2481 if (!((local_port > 0) && (local_port < 65536)))
2483 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2484 "`%s' is not a valid port number (for domain `%s')!", redirect,
2488 if (!((remote_port > 0) && (remote_port < 65536)))
2490 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2491 "`%s' is not a valid port number (for domain `%s')!", hostport,
2496 serv = GNUNET_malloc (sizeof (struct LocalService));
2497 serv->my_port = (uint16_t) local_port;
2498 serv->address.port = remote_port;
2499 if (0 == strcmp ("localhost4", hostname))
2501 const char *ip4addr = exit_argv[4];
2503 serv->address.af = AF_INET;
2504 GNUNET_assert (1 != inet_pton (AF_INET, ip4addr, &serv->address.address.ipv4));
2506 else if (0 == strcmp ("localhost6", hostname))
2508 const char *ip6addr = exit_argv[2];
2510 serv->address.af = AF_INET6;
2511 GNUNET_assert (1 == inet_pton (AF_INET6, ip6addr, &serv->address.address.ipv6));
2515 struct addrinfo *res;
2518 ret = getaddrinfo (hostname, NULL, NULL, &res);
2519 if ( (ret != 0) || (res == NULL) )
2521 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2522 _("No addresses found for hostname `%s' of service `%s'!\n"),
2529 serv->address.af = res->ai_family;
2530 switch (res->ai_family)
2535 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2536 _("Service `%s' configured for IPv4, but IPv4 is disabled!\n"),
2542 serv->address.address.ipv4 = ((struct sockaddr_in *) res->ai_addr)->sin_addr;
2547 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2548 _("Service `%s' configured for IPv4, but IPv4 is disabled!\n"),
2554 serv->address.address.ipv6 = ((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
2558 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2559 _("No IP addresses found for hostname `%s' of service `%s'!\n"),
2567 store_service ((IPPROTO_UDP == proto) ? udp_services : tcp_services,
2576 * Reads the configuration servicecfg and populates udp_services
2579 * @param section name of section in config, equal to hostname
2582 read_service_conf (void *cls GNUNET_UNUSED, const char *section)
2586 if ((strlen (section) < 8) ||
2587 (0 != strcmp (".gnunet.", section + (strlen (section) - 8))))
2590 GNUNET_CONFIGURATION_get_value_string (cfg, section, "UDP_REDIRECTS",
2593 add_services (IPPROTO_UDP, cpy, section);
2597 GNUNET_CONFIGURATION_get_value_string (cfg, section, "TCP_REDIRECTS",
2600 add_services (IPPROTO_TCP, cpy, section);
2607 * @brief Main function that will be run by the scheduler.
2609 * @param cls closure
2610 * @param args remaining command-line arguments
2611 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
2612 * @param cfg_ configuration
2615 run (void *cls, char *const *args GNUNET_UNUSED,
2616 const char *cfgfile GNUNET_UNUSED,
2617 const struct GNUNET_CONFIGURATION_Handle *cfg_)
2619 static struct GNUNET_MESH_MessageHandler handlers[] = {
2620 {&receive_icmp_service, GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_SERVICE, 0},
2621 {&receive_icmp_remote, GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_INTERNET, 0},
2622 {&receive_udp_service, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_SERVICE, 0},
2623 {&receive_udp_remote, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_INTERNET, 0},
2624 {&receive_tcp_service, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_SERVICE_START, 0},
2625 {&receive_tcp_remote, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_INTERNET_START, 0},
2626 {&receive_tcp_data, GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_EXIT, 0},
2630 static GNUNET_MESH_ApplicationType apptypes[] = {
2631 GNUNET_APPLICATION_TYPE_END,
2632 GNUNET_APPLICATION_TYPE_END,
2633 GNUNET_APPLICATION_TYPE_END
2635 unsigned int app_idx;
2644 stats = GNUNET_STATISTICS_create ("exit", cfg);
2645 ipv4_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV4");
2646 ipv6_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV6");
2647 ipv4_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV4");
2648 ipv6_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV6");
2649 if (ipv4_exit && (! ipv4_enabled))
2651 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2652 _("Cannot enable IPv4 exit but disable IPv4 on TUN interface, will use ENABLE_IPv4=YES\n"));
2653 ipv4_enabled = GNUNET_YES;
2655 if (ipv6_exit && (! ipv6_enabled))
2657 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2658 _("Cannot enable IPv6 exit but disable IPv6 on TUN interface, will use ENABLE_IPv6=YES\n"));
2659 ipv6_enabled = GNUNET_YES;
2661 if (! (ipv4_enabled || ipv6_enabled))
2663 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2664 _("No useful service enabled. Exiting.\n"));
2665 GNUNET_SCHEDULER_shutdown ();
2669 if (GNUNET_YES == ipv4_exit)
2671 apptypes[app_idx] = GNUNET_APPLICATION_TYPE_IPV4_GATEWAY;
2674 if (GNUNET_YES == ipv6_exit)
2676 apptypes[app_idx] = GNUNET_APPLICATION_TYPE_IPV6_GATEWAY;
2680 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &cleanup, cls);
2683 GNUNET_CONFIGURATION_get_value_number (cfg, "exit", "MAX_CONNECTIONS",
2685 max_connections = 1024;
2686 exit_argv[0] = GNUNET_strdup ("exit-gnunet");
2687 if (GNUNET_SYSERR ==
2688 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "TUN_IFNAME", &tun_ifname))
2690 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2691 "No entry 'TUN_IFNAME' in configuration!\n");
2692 GNUNET_SCHEDULER_shutdown ();
2695 exit_argv[1] = tun_ifname;
2698 if (GNUNET_SYSERR ==
2699 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "EXIT_IFNAME", &exit_ifname))
2701 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2702 "No entry 'EXIT_IFNAME' in configuration!\n");
2703 GNUNET_SCHEDULER_shutdown ();
2706 exit_argv[2] = exit_ifname;
2710 exit_argv[2] = GNUNET_strdup ("%");
2712 if (GNUNET_YES == ipv6_enabled)
2714 if ( (GNUNET_SYSERR ==
2715 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6ADDR",
2717 (1 != inet_pton (AF_INET6, ipv6addr, &exit_ipv6addr))) )
2719 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2720 "No valid entry 'IPV6ADDR' in configuration!\n");
2721 GNUNET_SCHEDULER_shutdown ();
2724 exit_argv[3] = ipv6addr;
2725 if (GNUNET_SYSERR ==
2726 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6PREFIX",
2729 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2730 "No entry 'IPV6PREFIX' in configuration!\n");
2731 GNUNET_SCHEDULER_shutdown ();
2734 exit_argv[4] = ipv6prefix_s;
2736 GNUNET_CONFIGURATION_get_value_number (cfg, "exit",
2739 (ipv6prefix >= 127) )
2741 GNUNET_SCHEDULER_shutdown ();
2747 /* IPv6 explicitly disabled */
2748 exit_argv[3] = GNUNET_strdup ("-");
2749 exit_argv[4] = GNUNET_strdup ("-");
2751 if (GNUNET_YES == ipv4_enabled)
2753 if ( (GNUNET_SYSERR ==
2754 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4ADDR",
2756 (1 != inet_pton (AF_INET, ipv4addr, &exit_ipv4addr))) )
2758 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2759 "No valid entry for 'IPV4ADDR' in configuration!\n");
2760 GNUNET_SCHEDULER_shutdown ();
2763 exit_argv[5] = ipv4addr;
2764 if ( (GNUNET_SYSERR ==
2765 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4MASK",
2767 (1 != inet_pton (AF_INET, ipv4mask, &exit_ipv4mask))) )
2769 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2770 "No valid entry 'IPV4MASK' in configuration!\n");
2771 GNUNET_SCHEDULER_shutdown ();
2774 exit_argv[6] = ipv4mask;
2778 /* IPv4 explicitly disabled */
2779 exit_argv[5] = GNUNET_strdup ("-");
2780 exit_argv[6] = GNUNET_strdup ("-");
2782 exit_argv[7] = NULL;
2784 udp_services = GNUNET_CONTAINER_multihashmap_create (65536);
2785 tcp_services = GNUNET_CONTAINER_multihashmap_create (65536);
2786 GNUNET_CONFIGURATION_iterate_sections (cfg, &read_service_conf, NULL);
2788 connections_map = GNUNET_CONTAINER_multihashmap_create (65536);
2789 connections_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
2791 = GNUNET_MESH_connect (cfg, 42 /* queue size */, NULL,
2793 &clean_tunnel, handlers,
2795 if (NULL == mesh_handle)
2797 GNUNET_SCHEDULER_shutdown ();
2800 helper_handle = GNUNET_HELPER_start ("gnunet-helper-exit",
2802 &message_token, NULL);
2809 * @param argc number of arguments from the command line
2810 * @param argv command line arguments
2811 * @return 0 ok, 1 on error
2814 main (int argc, char *const *argv)
2816 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
2817 GNUNET_GETOPT_OPTION_END
2820 return (GNUNET_OK ==
2821 GNUNET_PROGRAM_run (argc, argv, "gnunet-daemon-exit",
2823 ("Daemon to run to provide an IP exit node for the VPN"),
2824 options, &run, NULL)) ? 0 : 1;
2828 /* end of gnunet-daemon-exit.c */
projects / oweals / gnunet.git / blob