2 This file is part of GNUnet.
3 Copyright (C) 2010-2013, 2017 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
22 * @file exit/gnunet-daemon-exit.c
23 * @brief tool to allow IP traffic exit from the GNUnet cadet to the Internet
24 * @author Philipp Toelke
25 * @author Christian Grothoff
31 * - which code should advertise services? the service model is right
32 * now a bit odd, especially as this code DOES the exit and knows
33 * the DNS "name", but OTOH this is clearly NOT the place to advertise
34 * the service's existence; maybe the daemon should turn into a
35 * service with an API to add local-exit services dynamically?
38 #include "gnunet_util_lib.h"
39 #include "gnunet_protocols.h"
40 #include "gnunet_applications.h"
41 #include "gnunet_dht_service.h"
42 #include "gnunet_cadet_service.h"
43 #include "gnunet_dnsparser_lib.h"
44 #include "gnunet_dnsstub_lib.h"
45 #include "gnunet_statistics_service.h"
46 #include "gnunet_constants.h"
47 #include "gnunet_signatures.h"
48 #include "gnunet_tun_lib.h"
49 #include "gnunet_regex_service.h"
51 #include "block_dns.h"
55 * Maximum path compression length for cadet regex announcing for IPv4 address
58 #define REGEX_MAX_PATH_LEN_IPV4 4
61 * Maximum path compression length for cadet regex announcing for IPv6 address
64 #define REGEX_MAX_PATH_LEN_IPV6 8
67 * How frequently do we re-announce the regex for the exit?
69 #define REGEX_REFRESH_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 30)
72 * How frequently do we re-announce the DNS exit in the DHT?
74 #define DHT_PUT_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 15)
77 * How long do we typically sign the DNS exit advertisement for?
79 #define DNS_ADVERTISEMENT_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 3)
83 * Generic logging shorthand
85 #define LOG(kind, ...) \
86 GNUNET_log_from (kind, "exit", __VA_ARGS__);
90 * Information about an address.
95 * AF_INET or AF_INET6.
100 * Remote address information.
105 * Address, if af is AF_INET.
110 * Address, if af is AF_INET6.
112 struct in6_addr ipv6;
116 * IPPROTO_TCP or IPPROTO_UDP;
121 * Remote port, in host byte order!
129 * This struct is saved into the services-hashmap to represent
130 * a service this peer is specifically offering an exit for
131 * (for a specific domain name).
137 * Remote address to use for the service.
139 struct SocketAddress address;
142 * Descriptor for the service (CADET port).
144 struct GNUNET_HashCode descriptor;
147 * DNS name of the service.
152 * Open port with CADET.
154 struct GNUNET_CADET_Port *port;
157 * #GNUNET_YES if this is a UDP service, otherwise TCP.
165 * Information we use to track a connection (the classical 6-tuple of
166 * IP-version, protocol, source-IP, destination-IP, source-port and
169 struct RedirectInformation
173 * Address information for the other party (equivalent of the
174 * arguments one would give to "connect").
176 struct SocketAddress remote_address;
179 * Address information we used locally (AF and proto must match
180 * "remote_address"). Equivalent of the arguments one would give to
183 struct SocketAddress local_address;
186 Note 1: additional information might be added here in the
187 future to support protocols that require special handling,
190 Note 2: we might also sometimes not match on all components
191 of the tuple, to support protocols where things do not always
198 * This struct is saved into #connections_map to allow finding the
199 * right channel given an IP packet from TUN. It is also associated
200 * with the channel's closure so we can find it again for the next
201 * message from the channel.
206 * Cadet channel that is used for this connection.
208 struct GNUNET_CADET_Channel *channel;
211 * Who is the other end of this channel.
212 * FIXME is this needed? Only used for debugging messages
214 struct GNUNET_PeerIdentity peer;
217 * #GNUNET_NO if this is a channel for TCP/UDP,
218 * #GNUNET_YES if this is a channel for DNS,
219 * #GNUNET_SYSERR if the channel is not yet initialized.
229 * Heap node for this state in the connections_heap.
231 struct GNUNET_CONTAINER_HeapNode *heap_node;
234 * Key this state has in the #connections_map.
236 struct GNUNET_HashCode state_key;
239 * Associated service record, or NULL for no service.
241 struct LocalService *serv;
244 * Primary redirection information for this connection.
246 struct RedirectInformation ri;
253 * Socket we are using to transmit this request (must match if we receive
256 struct GNUNET_DNSSTUB_RequestSocket *rs;
259 * Original DNS request ID as used by the client.
261 uint16_t original_id;
264 * DNS request ID that we used for forwarding.
276 * Return value from 'main'.
278 static int global_ret;
281 * Handle to our regex announcement for IPv4.
283 static struct GNUNET_REGEX_Announcement *regex4;
286 * Handle to our regex announcement for IPv4.
288 static struct GNUNET_REGEX_Announcement *regex6;
291 * The handle to the configuration used throughout the process
293 static const struct GNUNET_CONFIGURATION_Handle *cfg;
296 * The handle to the helper
298 static struct GNUNET_HELPER_Handle *helper_handle;
301 * Arguments to the exit helper.
303 static char *exit_argv[8];
306 * IPv6 address of our TUN interface.
308 static struct in6_addr exit_ipv6addr;
311 * IPv6 prefix (0..127) from configuration file.
313 static unsigned long long ipv6prefix;
316 * IPv4 address of our TUN interface.
318 static struct in_addr exit_ipv4addr;
321 * IPv4 netmask of our TUN interface.
323 static struct in_addr exit_ipv4mask;
328 static struct GNUNET_STATISTICS_Handle *stats;
331 * The handle to cadet
333 static struct GNUNET_CADET_Handle *cadet_handle;
336 * This hashmaps contains the mapping from peer, service-descriptor,
337 * source-port and destination-port to a struct ChannelState
339 static struct GNUNET_CONTAINER_MultiHashMap *connections_map;
342 * Heap so we can quickly find "old" connections.
344 static struct GNUNET_CONTAINER_Heap *connections_heap;
347 * If there are at least this many connections, old ones will be removed
349 static unsigned long long max_connections;
352 * This hashmaps saves interesting things about the configured services
354 static struct GNUNET_CONTAINER_MultiHashMap *services;
357 * Array of all open DNS requests from channels.
359 static struct ChannelState *channels[UINT16_MAX + 1];
362 * Handle to the DNS Stub resolver.
364 static struct GNUNET_DNSSTUB_Context *dnsstub;
367 * Handle for ongoing DHT PUT operations to advertise exit service.
369 static struct GNUNET_DHT_PutHandle *dht_put;
374 static struct GNUNET_DHT_Handle *dht;
377 * Task for doing DHT PUTs to advertise exit service.
379 static struct GNUNET_SCHEDULER_Task *dht_task;
382 * Advertisement message we put into the DHT to advertise us
385 static struct GNUNET_DNS_Advertisement dns_advertisement;
388 * Key we store the DNS advertismenet under.
390 static struct GNUNET_HashCode dht_put_key;
393 * Private key for this peer.
395 static struct GNUNET_CRYPTO_EddsaPrivateKey *peer_key;
400 static struct GNUNET_CADET_Port *dns_port;
403 * Port for IPv4 exit.
405 static struct GNUNET_CADET_Port *cadet_port4;
408 * Port for IPv6 exit.
410 static struct GNUNET_CADET_Port *cadet_port6;
413 * Are we an IPv4-exit?
415 static int ipv4_exit;
418 * Are we an IPv6-exit?
420 static int ipv6_exit;
423 * Do we support IPv4 at all on the TUN interface?
425 static int ipv4_enabled;
428 * Do we support IPv6 at all on the TUN interface?
430 static int ipv6_enabled;
433 GNUNET_NETWORK_STRUCT_BEGIN
436 * Message with a DNS response.
438 struct DnsResponseMessage
441 * GNUnet header, of type #GNUNET_MESSAGE_TYPE_VPN_DNS_FROM_INTERNET
443 struct GNUNET_MessageHeader header;
448 struct GNUNET_TUN_DnsHeader dns;
450 /* Followed by more DNS payload */
453 GNUNET_NETWORK_STRUCT_END
457 * Callback called from DNSSTUB resolver when a resolution
461 * @param rs the socket that received the response
462 * @param dns the response itself
463 * @param r number of bytes in @a dns
466 process_dns_result (void *cls,
467 struct GNUNET_DNSSTUB_RequestSocket *rs,
468 const struct GNUNET_TUN_DnsHeader *dns,
471 struct ChannelState *ts;
472 struct GNUNET_MQ_Envelope *env;
473 struct DnsResponseMessage *resp;
475 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
476 "Processing DNS result from stub resolver\n");
477 GNUNET_assert (NULL == cls);
478 /* Handle case that this is a reply to a request from a CADET DNS channel */
479 ts = channels[dns->id];
481 (ts->specifics.dns.rs != rs) )
483 LOG (GNUNET_ERROR_TYPE_DEBUG,
484 "Got a response from the stub resolver for DNS request received via CADET!\n");
485 channels[dns->id] = NULL;
486 env = GNUNET_MQ_msg_extra (resp,
487 r - sizeof (struct GNUNET_TUN_DnsHeader),
488 GNUNET_MESSAGE_TYPE_VPN_DNS_FROM_INTERNET);
489 GNUNET_memcpy (&resp->dns,
492 resp->dns.id = ts->specifics.dns.original_id;
493 GNUNET_MQ_send (GNUNET_CADET_get_mq (ts->channel),
499 * Check a request via cadet to perform a DNS query.
501 * @param cls our `struct ChannelState *`
502 * @param msg the actual message
503 * @return #GNUNET_OK to keep the connection open,
504 * #GNUNET_SYSERR to close it (signal serious error)
507 check_dns_request (void *cls,
508 const struct DnsResponseMessage *msg)
510 struct ChannelState *ts = cls;
515 return GNUNET_SYSERR;
517 if (GNUNET_NO == ts->is_dns)
520 return GNUNET_SYSERR;
527 * Process a request via cadet to perform a DNS query.
529 * @param cls our `struct ChannelState *`
530 * @param msg the actual message
533 handle_dns_request (void *cls,
534 const struct DnsResponseMessage *msg)
536 struct ChannelState *ts = cls;
537 size_t mlen = ntohs (msg->header.size);
538 size_t dlen = mlen - sizeof (struct GNUNET_MessageHeader);
539 char buf[dlen] GNUNET_ALIGN;
540 struct GNUNET_TUN_DnsHeader *dout;
542 if (GNUNET_SYSERR == ts->is_dns)
544 /* channel is DNS from now on */
545 ts->is_dns = GNUNET_YES;
547 ts->specifics.dns.original_id = msg->dns.id;
548 if (channels[ts->specifics.dns.my_id] == ts)
549 channels[ts->specifics.dns.my_id] = NULL;
550 ts->specifics.dns.my_id = (uint16_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
552 channels[ts->specifics.dns.my_id] = ts;
556 dout = (struct GNUNET_TUN_DnsHeader *) buf;
557 dout->id = ts->specifics.dns.my_id;
558 ts->specifics.dns.rs = GNUNET_DNSSTUB_resolve2 (dnsstub,
563 if (NULL == ts->specifics.dns.rs)
568 GNUNET_CADET_receive_done (ts->channel);
573 * Given IP information about a connection, calculate the respective
574 * hash we would use for the #connections_map.
576 * @param hash resulting hash
577 * @param ri information about the connection
580 hash_redirect_info (struct GNUNET_HashCode *hash,
581 const struct RedirectInformation *ri)
587 sizeof (struct GNUNET_HashCode));
588 /* the GNUnet hashmap only uses the first sizeof(unsigned int) of the hash,
589 so we put the IP address in there (and hope for few collisions) */
591 switch (ri->remote_address.af)
595 &ri->remote_address.address.ipv4,
596 sizeof (struct in_addr));
597 off += sizeof (struct in_addr);
601 &ri->remote_address.address.ipv6,
602 sizeof (struct in6_addr));
603 off += sizeof (struct in_addr);
609 &ri->remote_address.port,
611 off += sizeof (uint16_t);
612 switch (ri->local_address.af)
616 &ri->local_address.address.ipv4,
617 sizeof (struct in_addr));
618 off += sizeof (struct in_addr);
622 &ri->local_address.address.ipv6,
623 sizeof (struct in6_addr));
624 off += sizeof (struct in_addr);
630 &ri->local_address.port,
632 off += sizeof (uint16_t);
634 &ri->remote_address.proto,
636 /* off += sizeof (uint8_t); */
641 * Get our connection tracking state. Warns if it does not exists,
642 * refreshes the timestamp if it does exist.
644 * @param af address family
645 * @param protocol IPPROTO_UDP or IPPROTO_TCP
646 * @param destination_ip target IP
647 * @param destination_port target port
648 * @param local_ip local IP
649 * @param local_port local port
650 * @param state_key set to hash's state if non-NULL
651 * @return NULL if we have no tracking information for this tuple
653 static struct ChannelState *
654 get_redirect_state (int af,
656 const void *destination_ip,
657 uint16_t destination_port,
658 const void *local_ip,
660 struct GNUNET_HashCode *state_key)
662 struct RedirectInformation ri;
663 struct GNUNET_HashCode key;
664 struct ChannelState *state;
666 if ( ( (af == AF_INET) && (protocol == IPPROTO_ICMP) ) ||
667 ( (af == AF_INET6) && (protocol == IPPROTO_ICMPV6) ) )
670 destination_port = 0;
673 ri.remote_address.af = af;
675 ri.remote_address.address.ipv4 = *((struct in_addr*) destination_ip);
677 ri.remote_address.address.ipv6 = * ((struct in6_addr*) destination_ip);
678 ri.remote_address.port = destination_port;
679 ri.remote_address.proto = protocol;
680 ri.local_address.af = af;
682 ri.local_address.address.ipv4 = *((struct in_addr*) local_ip);
684 ri.local_address.address.ipv6 = * ((struct in6_addr*) local_ip);
685 ri.local_address.port = local_port;
686 ri.local_address.proto = protocol;
687 hash_redirect_info (&key,
689 if (NULL != state_key)
691 state = GNUNET_CONTAINER_multihashmap_get (connections_map,
695 /* Mark this connection as freshly used */
696 if (NULL == state_key)
697 GNUNET_CONTAINER_heap_update_cost (state->specifics.tcp_udp.heap_node,
698 GNUNET_TIME_absolute_get ().abs_value_us);
705 * Check a request via cadet to send a request to a TCP service
706 * offered by this system.
708 * @param cls our `struct ChannelState *`
709 * @param start the actual message
710 * @return #GNUNET_OK to keep the connection open,
711 * #GNUNET_SYSERR to close it (signal serious error)
714 check_tcp_service (void *cls,
715 const struct GNUNET_EXIT_TcpServiceStartMessage *start)
717 struct ChannelState *state = cls;
722 return GNUNET_SYSERR;
724 if (GNUNET_YES == state->is_dns)
727 return GNUNET_SYSERR;
729 if (NULL == state->specifics.tcp_udp.serv)
732 return GNUNET_SYSERR;
734 if (NULL != state->specifics.tcp_udp.heap_node)
737 return GNUNET_SYSERR;
739 if (start->tcp_header.off * 4 < sizeof (struct GNUNET_TUN_TcpHeader))
742 return GNUNET_SYSERR;
749 * Prepare an IPv4 packet for transmission via the TUN interface.
750 * Initializes the IP header and calculates checksums (IP+UDP/TCP).
751 * For UDP, the UDP header will be fully created, whereas for TCP
752 * only the ports and checksum will be filled in. So for TCP,
753 * a skeleton TCP header must be part of the provided payload.
755 * @param payload payload of the packet (starting with UDP payload or
756 * TCP header, depending on protocol)
757 * @param payload_length number of bytes in @a payload
758 * @param protocol IPPROTO_UDP or IPPROTO_TCP
759 * @param tcp_header skeleton of the TCP header, NULL for UDP
760 * @param src_address source address to use (IP and port)
761 * @param dst_address destination address to use (IP and port)
762 * @param pkt4 where to write the assembled packet; must
763 * contain enough space for the IP header, UDP/TCP header
767 prepare_ipv4_packet (const void *payload,
768 size_t payload_length,
770 const struct GNUNET_TUN_TcpHeader *tcp_header,
771 const struct SocketAddress *src_address,
772 const struct SocketAddress *dst_address,
773 struct GNUNET_TUN_IPv4Header *pkt4)
777 len = payload_length;
781 len += sizeof (struct GNUNET_TUN_UdpHeader);
784 len += sizeof (struct GNUNET_TUN_TcpHeader);
785 GNUNET_assert (NULL != tcp_header);
791 if (len + sizeof (struct GNUNET_TUN_IPv4Header) > UINT16_MAX)
797 GNUNET_TUN_initialize_ipv4_header (pkt4,
800 &src_address->address.ipv4,
801 &dst_address->address.ipv4);
806 struct GNUNET_TUN_UdpHeader *pkt4_udp = (struct GNUNET_TUN_UdpHeader *) &pkt4[1];
808 pkt4_udp->source_port = htons (src_address->port);
809 pkt4_udp->destination_port = htons (dst_address->port);
810 pkt4_udp->len = htons ((uint16_t) payload_length);
811 GNUNET_TUN_calculate_udp4_checksum (pkt4,
815 GNUNET_memcpy (&pkt4_udp[1],
822 struct GNUNET_TUN_TcpHeader *pkt4_tcp = (struct GNUNET_TUN_TcpHeader *) &pkt4[1];
824 *pkt4_tcp = *tcp_header;
825 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
826 "Sending TCP packet from port %u to port %u\n",
829 pkt4_tcp->source_port = htons (src_address->port);
830 pkt4_tcp->destination_port = htons (dst_address->port);
831 GNUNET_TUN_calculate_tcp4_checksum (pkt4,
835 GNUNET_memcpy (&pkt4_tcp[1],
847 * Prepare an IPv6 packet for transmission via the TUN interface.
848 * Initializes the IP header and calculates checksums (IP+UDP/TCP).
849 * For UDP, the UDP header will be fully created, whereas for TCP
850 * only the ports and checksum will be filled in. So for TCP,
851 * a skeleton TCP header must be part of the provided payload.
853 * @param payload payload of the packet (starting with UDP payload or
854 * TCP header, depending on protocol)
855 * @param payload_length number of bytes in @a payload
856 * @param protocol IPPROTO_UDP or IPPROTO_TCP
857 * @param tcp_header skeleton TCP header data to send, NULL for UDP
858 * @param src_address source address to use (IP and port)
859 * @param dst_address destination address to use (IP and port)
860 * @param pkt6 where to write the assembled packet; must
861 * contain enough space for the IP header, UDP/TCP header
865 prepare_ipv6_packet (const void *payload,
866 size_t payload_length,
868 const struct GNUNET_TUN_TcpHeader *tcp_header,
869 const struct SocketAddress *src_address,
870 const struct SocketAddress *dst_address,
871 struct GNUNET_TUN_IPv6Header *pkt6)
875 len = payload_length;
879 len += sizeof (struct GNUNET_TUN_UdpHeader);
882 len += sizeof (struct GNUNET_TUN_TcpHeader);
888 if (len > UINT16_MAX)
894 GNUNET_TUN_initialize_ipv6_header (pkt6,
897 &src_address->address.ipv6,
898 &dst_address->address.ipv6);
904 struct GNUNET_TUN_UdpHeader *pkt6_udp = (struct GNUNET_TUN_UdpHeader *) &pkt6[1];
906 pkt6_udp->source_port = htons (src_address->port);
907 pkt6_udp->destination_port = htons (dst_address->port);
908 pkt6_udp->len = htons ((uint16_t) payload_length);
909 GNUNET_TUN_calculate_udp6_checksum (pkt6,
913 GNUNET_memcpy (&pkt6_udp[1],
920 struct GNUNET_TUN_TcpHeader *pkt6_tcp = (struct GNUNET_TUN_TcpHeader *) &pkt6[1];
922 /* GNUNET_memcpy first here as some TCP header fields are initialized this way! */
923 *pkt6_tcp = *tcp_header;
924 pkt6_tcp->source_port = htons (src_address->port);
925 pkt6_tcp->destination_port = htons (dst_address->port);
926 GNUNET_TUN_calculate_tcp6_checksum (pkt6,
930 GNUNET_memcpy (&pkt6_tcp[1],
943 * Send a TCP packet via the TUN interface.
945 * @param destination_address IP and port to use for the TCP packet's destination
946 * @param source_address IP and port to use for the TCP packet's source
947 * @param tcp_header header template to use
948 * @param payload payload of the TCP packet
949 * @param payload_length number of bytes in @a payload
952 send_tcp_packet_via_tun (const struct SocketAddress *destination_address,
953 const struct SocketAddress *source_address,
954 const struct GNUNET_TUN_TcpHeader *tcp_header,
956 size_t payload_length)
960 GNUNET_STATISTICS_update (stats,
961 gettext_noop ("# TCP packets sent via TUN"),
964 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
965 "Sending packet with %u bytes TCP payload via TUN\n",
966 (unsigned int) payload_length);
967 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
968 switch (source_address->af)
971 len += sizeof (struct GNUNET_TUN_IPv4Header);
974 len += sizeof (struct GNUNET_TUN_IPv6Header);
980 len += sizeof (struct GNUNET_TUN_TcpHeader);
981 len += payload_length;
982 if (len >= GNUNET_MAX_MESSAGE_SIZE)
988 char buf[len] GNUNET_ALIGN;
989 struct GNUNET_MessageHeader *hdr;
990 struct GNUNET_TUN_Layer2PacketHeader *tun;
992 hdr = (struct GNUNET_MessageHeader *) buf;
993 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
994 hdr->size = htons (len);
995 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
996 tun->flags = htons (0);
997 switch (source_address->af)
1001 struct GNUNET_TUN_IPv4Header *ipv4
1002 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
1004 tun->proto = htons (ETH_P_IPV4);
1005 prepare_ipv4_packet (payload,
1010 destination_address,
1016 struct GNUNET_TUN_IPv6Header *ipv6
1017 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
1019 tun->proto = htons (ETH_P_IPV6);
1020 prepare_ipv6_packet (payload,
1025 destination_address,
1033 if (NULL != helper_handle)
1034 (void) GNUNET_HELPER_send (helper_handle,
1035 (const struct GNUNET_MessageHeader*) buf,
1044 * Send an ICMP packet via the TUN interface.
1046 * @param destination_address IP to use for the ICMP packet's destination
1047 * @param source_address IP to use for the ICMP packet's source
1048 * @param icmp_header ICMP header to send
1049 * @param payload payload of the ICMP packet (does NOT include ICMP header)
1050 * @param payload_length number of bytes of data in @a payload
1053 send_icmp_packet_via_tun (const struct SocketAddress *destination_address,
1054 const struct SocketAddress *source_address,
1055 const struct GNUNET_TUN_IcmpHeader *icmp_header,
1056 const void *payload, size_t payload_length)
1059 struct GNUNET_TUN_IcmpHeader *icmp;
1061 GNUNET_STATISTICS_update (stats,
1062 gettext_noop ("# ICMP packets sent via TUN"),
1064 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1065 "Sending packet with %u bytes ICMP payload via TUN\n",
1066 (unsigned int) payload_length);
1067 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
1068 switch (destination_address->af)
1071 len += sizeof (struct GNUNET_TUN_IPv4Header);
1074 len += sizeof (struct GNUNET_TUN_IPv6Header);
1080 len += sizeof (struct GNUNET_TUN_IcmpHeader);
1081 len += payload_length;
1082 if (len >= GNUNET_MAX_MESSAGE_SIZE)
1088 char buf[len] GNUNET_ALIGN;
1089 struct GNUNET_MessageHeader *hdr;
1090 struct GNUNET_TUN_Layer2PacketHeader *tun;
1092 hdr= (struct GNUNET_MessageHeader *) buf;
1093 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1094 hdr->size = htons (len);
1095 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
1096 tun->flags = htons (0);
1097 switch (source_address->af)
1101 struct GNUNET_TUN_IPv4Header * ipv4 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
1103 tun->proto = htons (ETH_P_IPV4);
1104 GNUNET_TUN_initialize_ipv4_header (ipv4,
1106 sizeof (struct GNUNET_TUN_IcmpHeader) + payload_length,
1107 &source_address->address.ipv4,
1108 &destination_address->address.ipv4);
1109 icmp = (struct GNUNET_TUN_IcmpHeader*) &ipv4[1];
1114 struct GNUNET_TUN_IPv6Header * ipv6 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
1116 tun->proto = htons (ETH_P_IPV6);
1117 GNUNET_TUN_initialize_ipv6_header (ipv6,
1119 sizeof (struct GNUNET_TUN_IcmpHeader) + payload_length,
1120 &source_address->address.ipv6,
1121 &destination_address->address.ipv6);
1122 icmp = (struct GNUNET_TUN_IcmpHeader*) &ipv6[1];
1129 *icmp = *icmp_header;
1130 GNUNET_memcpy (&icmp[1],
1133 GNUNET_TUN_calculate_icmp_checksum (icmp,
1136 if (NULL != helper_handle)
1137 (void) GNUNET_HELPER_send (helper_handle,
1138 (const struct GNUNET_MessageHeader*) buf,
1146 * We need to create a (unique) fresh local address (IP+port).
1149 * @param af desired address family
1150 * @param proto desired protocol (IPPROTO_UDP or IPPROTO_TCP)
1151 * @param local_address address to initialize
1154 setup_fresh_address (int af,
1156 struct SocketAddress *local_address)
1158 local_address->af = af;
1159 local_address->proto = (uint8_t) proto;
1160 /* default "local" port range is often 32768--61000,
1161 so we pick a random value in that range */
1162 if ( ( (af == AF_INET) && (proto == IPPROTO_ICMP) ) ||
1163 ( (af == AF_INET6) && (proto == IPPROTO_ICMPV6) ) )
1164 local_address->port = 0;
1167 = (uint16_t) 32768 + GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1173 struct in_addr addr;
1174 struct in_addr mask;
1177 addr = exit_ipv4addr;
1178 mask = exit_ipv4mask;
1179 if (0 == ~mask.s_addr)
1181 /* only one valid IP anyway */
1182 local_address->address.ipv4 = addr;
1185 /* Given 192.168.0.1/255.255.0.0, we want a mask
1186 of '192.168.255.255', thus: */
1187 mask.s_addr = addr.s_addr | ~mask.s_addr;
1188 /* Pick random IPv4 address within the subnet, except 'addr' or 'mask' itself */
1191 rnd.s_addr = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1193 local_address->address.ipv4.s_addr = (addr.s_addr | rnd.s_addr) & mask.s_addr;
1195 while ( (local_address->address.ipv4.s_addr == addr.s_addr) ||
1196 (local_address->address.ipv4.s_addr == mask.s_addr) );
1201 struct in6_addr addr;
1202 struct in6_addr mask;
1203 struct in6_addr rnd;
1206 addr = exit_ipv6addr;
1207 GNUNET_assert (ipv6prefix < 128);
1208 if (ipv6prefix == 127)
1210 /* only one valid IP anyway */
1211 local_address->address.ipv6 = addr;
1214 /* Given ABCD::/96, we want a mask of 'ABCD::FFFF:FFFF,
1217 for (i=127;i>=ipv6prefix;i--)
1218 mask.s6_addr[i / 8] |= (1 << (i % 8));
1220 /* Pick random IPv6 address within the subnet, except 'addr' or 'mask' itself */
1225 rnd.s6_addr[i] = (unsigned char) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1227 local_address->address.ipv6.s6_addr[i]
1228 = (addr.s6_addr[i] | rnd.s6_addr[i]) & mask.s6_addr[i];
1231 while ( (0 == memcmp (&local_address->address.ipv6,
1233 sizeof (struct in6_addr))) ||
1234 (0 == memcmp (&local_address->address.ipv6,
1236 sizeof (struct in6_addr))) );
1246 * We are starting a fresh connection (TCP or UDP) and need
1247 * to pick a source port and IP address (within the correct
1248 * range and address family) to associate replies with the
1249 * connection / correct cadet channel. This function generates
1250 * a "fresh" source IP and source port number for a connection
1251 * After picking a good source address, this function sets up
1252 * the state in the 'connections_map' and 'connections_heap'
1253 * to allow finding the state when needed later. The function
1254 * also makes sure that we remain within memory limits by
1255 * cleaning up 'old' states.
1257 * @param state skeleton state to setup a record for; should
1258 * 'state->specifics.tcp_udp.ri.remote_address' filled in so that
1259 * this code can determine which AF/protocol is
1260 * going to be used (the 'channel' should also
1261 * already be set); after calling this function,
1262 * heap_node and the local_address will be
1263 * also initialized (heap_node != NULL can be
1264 * used to test if a state has been fully setup).
1267 setup_state_record (struct ChannelState *state)
1269 struct GNUNET_HashCode key;
1270 struct ChannelState *s;
1272 /* generate fresh, unique address */
1275 if (NULL == state->specifics.tcp_udp.serv)
1276 setup_fresh_address (state->specifics.tcp_udp.ri.remote_address.af,
1277 state->specifics.tcp_udp.ri.remote_address.proto,
1278 &state->specifics.tcp_udp.ri.local_address);
1280 setup_fresh_address (state->specifics.tcp_udp.serv->address.af,
1281 state->specifics.tcp_udp.serv->address.proto,
1282 &state->specifics.tcp_udp.ri.local_address);
1284 get_redirect_state (state->specifics.tcp_udp.ri.remote_address.af,
1285 state->specifics.tcp_udp.ri.remote_address.proto,
1286 &state->specifics.tcp_udp.ri.remote_address.address,
1287 state->specifics.tcp_udp.ri.remote_address.port,
1288 &state->specifics.tcp_udp.ri.local_address.address,
1289 state->specifics.tcp_udp.ri.local_address.port,
1292 char buf[INET6_ADDRSTRLEN];
1293 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1294 "Picked local address %s:%u for new connection\n",
1295 inet_ntop (state->specifics.tcp_udp.ri.local_address.af,
1296 &state->specifics.tcp_udp.ri.local_address.address,
1299 (unsigned int) state->specifics.tcp_udp.ri.local_address.port);
1301 state->specifics.tcp_udp.state_key = key;
1302 GNUNET_assert (GNUNET_OK ==
1303 GNUNET_CONTAINER_multihashmap_put (connections_map,
1305 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
1306 state->specifics.tcp_udp.heap_node
1307 = GNUNET_CONTAINER_heap_insert (connections_heap,
1309 GNUNET_TIME_absolute_get ().abs_value_us);
1310 while (GNUNET_CONTAINER_heap_get_size (connections_heap) > max_connections)
1312 s = GNUNET_CONTAINER_heap_remove_root (connections_heap);
1313 GNUNET_assert (state != s);
1314 s->specifics.tcp_udp.heap_node = NULL;
1315 GNUNET_CADET_channel_destroy (s->channel);
1316 GNUNET_assert (GNUNET_OK ==
1317 GNUNET_CONTAINER_multihashmap_remove (connections_map,
1318 &s->specifics.tcp_udp.state_key,
1326 * Send a UDP packet via the TUN interface.
1328 * @param destination_address IP and port to use for the UDP packet's destination
1329 * @param source_address IP and port to use for the UDP packet's source
1330 * @param payload payload of the UDP packet (does NOT include UDP header)
1331 * @param payload_length number of bytes of data in @a payload
1334 send_udp_packet_via_tun (const struct SocketAddress *destination_address,
1335 const struct SocketAddress *source_address,
1336 const void *payload, size_t payload_length)
1340 GNUNET_STATISTICS_update (stats,
1341 gettext_noop ("# UDP packets sent via TUN"),
1343 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1344 "Sending packet with %u bytes UDP payload via TUN\n",
1345 (unsigned int) payload_length);
1346 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
1347 switch (source_address->af)
1350 len += sizeof (struct GNUNET_TUN_IPv4Header);
1353 len += sizeof (struct GNUNET_TUN_IPv6Header);
1359 len += sizeof (struct GNUNET_TUN_UdpHeader);
1360 len += payload_length;
1361 if (len >= GNUNET_MAX_MESSAGE_SIZE)
1367 char buf[len] GNUNET_ALIGN;
1368 struct GNUNET_MessageHeader *hdr;
1369 struct GNUNET_TUN_Layer2PacketHeader *tun;
1371 hdr= (struct GNUNET_MessageHeader *) buf;
1372 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1373 hdr->size = htons (len);
1374 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
1375 tun->flags = htons (0);
1376 switch (source_address->af)
1380 struct GNUNET_TUN_IPv4Header * ipv4 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
1382 tun->proto = htons (ETH_P_IPV4);
1383 prepare_ipv4_packet (payload,
1388 destination_address,
1394 struct GNUNET_TUN_IPv6Header * ipv6 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
1396 tun->proto = htons (ETH_P_IPV6);
1397 prepare_ipv6_packet (payload,
1402 destination_address,
1410 if (NULL != helper_handle)
1411 (void) GNUNET_HELPER_send (helper_handle,
1412 (const struct GNUNET_MessageHeader*) buf,
1420 * Check a request to forward UDP data to the Internet via this peer.
1422 * @param cls our `struct ChannelState *`
1423 * @param msg the actual message
1424 * @return #GNUNET_OK to keep the connection open,
1425 * #GNUNET_SYSERR to close it (signal serious error)
1428 check_udp_remote (void *cls,
1429 const struct GNUNET_EXIT_UdpInternetMessage *msg)
1431 struct ChannelState *state = cls;
1433 if (GNUNET_YES == state->is_dns)
1435 GNUNET_break_op (0);
1436 return GNUNET_SYSERR;
1443 * Process a request to forward UDP data to the Internet via this peer.
1445 * @param cls our `struct ChannelState *`
1446 * @param msg the actual message
1449 handle_udp_remote (void *cls,
1450 const struct GNUNET_EXIT_UdpInternetMessage *msg)
1452 struct ChannelState *state = cls;
1453 uint16_t pkt_len = ntohs (msg->header.size) - sizeof (struct GNUNET_EXIT_UdpInternetMessage);
1454 const struct in_addr *v4;
1455 const struct in6_addr *v6;
1456 const void *payload;
1459 if (GNUNET_SYSERR == state->is_dns)
1461 /* channel is UDP/TCP from now on */
1462 state->is_dns = GNUNET_NO;
1464 GNUNET_STATISTICS_update (stats,
1465 gettext_noop ("# Bytes received from CADET"),
1466 pkt_len, GNUNET_NO);
1467 GNUNET_STATISTICS_update (stats,
1468 gettext_noop ("# UDP IP-exit requests received via cadet"),
1470 af = (int) ntohl (msg->af);
1471 state->specifics.tcp_udp.ri.remote_address.af = af;
1475 if (pkt_len < sizeof (struct in_addr))
1477 GNUNET_break_op (0);
1482 GNUNET_break_op (0);
1485 v4 = (const struct in_addr*) &msg[1];
1487 pkt_len -= sizeof (struct in_addr);
1488 state->specifics.tcp_udp.ri.remote_address.address.ipv4 = *v4;
1491 if (pkt_len < sizeof (struct in6_addr))
1493 GNUNET_break_op (0);
1498 GNUNET_break_op (0);
1501 v6 = (const struct in6_addr*) &msg[1];
1503 pkt_len -= sizeof (struct in6_addr);
1504 state->specifics.tcp_udp.ri.remote_address.address.ipv6 = *v6;
1507 GNUNET_break_op (0);
1511 char buf[INET6_ADDRSTRLEN];
1512 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1513 "Received data from %s for forwarding to UDP %s:%u\n",
1514 GNUNET_i2s (&state->peer),
1516 &state->specifics.tcp_udp.ri.remote_address.address,
1518 (unsigned int) ntohs (msg->destination_port));
1520 state->specifics.tcp_udp.ri.remote_address.proto = IPPROTO_UDP;
1521 state->specifics.tcp_udp.ri.remote_address.port = msg->destination_port;
1522 if (NULL == state->specifics.tcp_udp.heap_node)
1523 setup_state_record (state);
1524 if (0 != ntohs (msg->source_port))
1525 state->specifics.tcp_udp.ri.local_address.port = msg->source_port;
1526 send_udp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address,
1527 &state->specifics.tcp_udp.ri.local_address,
1530 GNUNET_CADET_receive_done (state->channel);
1535 * Check a request via cadet to send a request to a UDP service
1536 * offered by this system.
1538 * @param cls our `struct ChannelState *`
1539 * @param msg the actual message
1540 * @return #GNUNET_OK to keep the connection open,
1541 * #GNUNET_SYSERR to close it (signal serious error)
1544 check_udp_service (void *cls,
1545 const struct GNUNET_EXIT_UdpServiceMessage *msg)
1547 struct ChannelState *state = cls;
1549 if (NULL == state->specifics.tcp_udp.serv)
1551 GNUNET_break_op (0);
1552 return GNUNET_SYSERR;
1559 * Process a request via cadet to send a request to a UDP service
1560 * offered by this system.
1562 * @param cls our `struct ChannelState *`
1563 * @param msg the actual message
1566 handle_udp_service (void *cls,
1567 const struct GNUNET_EXIT_UdpServiceMessage *msg)
1569 struct ChannelState *state = cls;
1570 uint16_t pkt_len = ntohs (msg->header.size) - sizeof (struct GNUNET_EXIT_UdpServiceMessage);
1572 GNUNET_STATISTICS_update (stats,
1573 gettext_noop ("# Bytes received from CADET"),
1574 pkt_len, GNUNET_NO);
1575 GNUNET_STATISTICS_update (stats,
1576 gettext_noop ("# UDP service requests received via cadet"),
1578 LOG (GNUNET_ERROR_TYPE_DEBUG,
1579 "Received data from %s for forwarding to UDP service %s on port %u\n",
1580 GNUNET_i2s (&state->peer),
1581 GNUNET_h2s (&state->specifics.tcp_udp.serv->descriptor),
1582 (unsigned int) ntohs (msg->destination_port));
1583 setup_state_record (state);
1584 if (0 != ntohs (msg->source_port))
1585 state->specifics.tcp_udp.ri.local_address.port = msg->source_port;
1586 send_udp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address,
1587 &state->specifics.tcp_udp.ri.local_address,
1590 GNUNET_CADET_receive_done (state->channel);
1595 * Process a request via cadet to send a request to a TCP service
1596 * offered by this system.
1598 * @param cls our `struct ChannelState *`
1599 * @param start the actual message
1600 * @return #GNUNET_OK to keep the connection open,
1601 * #GNUNET_SYSERR to close it (signal serious error)
1604 handle_tcp_service (void *cls,
1605 const struct GNUNET_EXIT_TcpServiceStartMessage *start)
1607 struct ChannelState *state = cls;
1608 uint16_t pkt_len = ntohs (start->header.size) - sizeof (struct GNUNET_EXIT_TcpServiceStartMessage);
1610 if (GNUNET_SYSERR == state->is_dns)
1612 /* channel is UDP/TCP from now on */
1613 state->is_dns = GNUNET_NO;
1615 GNUNET_STATISTICS_update (stats,
1616 gettext_noop ("# TCP service creation requests received via cadet"),
1619 GNUNET_STATISTICS_update (stats,
1620 gettext_noop ("# Bytes received from CADET"),
1623 GNUNET_break_op (ntohl (start->reserved) == 0);
1624 /* setup fresh connection */
1625 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1626 "Received data from %s for forwarding to TCP service %s on port %u\n",
1627 GNUNET_i2s (&state->peer),
1628 GNUNET_h2s (&state->specifics.tcp_udp.serv->descriptor),
1629 (unsigned int) ntohs (start->tcp_header.destination_port));
1630 setup_state_record (state);
1631 send_tcp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address,
1632 &state->specifics.tcp_udp.ri.local_address,
1636 GNUNET_CADET_receive_done (state->channel);
1641 * Check a request to forward TCP data to the Internet via this peer.
1643 * @param cls our `struct ChannelState *`
1644 * @param start the actual message
1645 * @return #GNUNET_OK to keep the connection open,
1646 * #GNUNET_SYSERR to close it (signal serious error)
1649 check_tcp_remote (void *cls,
1650 const struct GNUNET_EXIT_TcpInternetStartMessage *start)
1652 struct ChannelState *state = cls;
1656 GNUNET_break_op (0);
1657 return GNUNET_SYSERR;
1659 if (GNUNET_YES == state->is_dns)
1661 GNUNET_break_op (0);
1662 return GNUNET_SYSERR;
1664 if ( (NULL != state->specifics.tcp_udp.serv) ||
1665 (NULL != state->specifics.tcp_udp.heap_node) )
1667 GNUNET_break_op (0);
1668 return GNUNET_SYSERR;
1670 if (start->tcp_header.off * 4 < sizeof (struct GNUNET_TUN_TcpHeader))
1672 GNUNET_break_op (0);
1673 return GNUNET_SYSERR;
1680 * Process a request to forward TCP data to the Internet via this peer.
1682 * @param cls our `struct ChannelState *`
1683 * @param start the actual message
1686 handle_tcp_remote (void *cls,
1687 const struct GNUNET_EXIT_TcpInternetStartMessage *start)
1689 struct ChannelState *state = cls;
1690 uint16_t pkt_len = ntohs (start->header.size) - sizeof (struct GNUNET_EXIT_TcpInternetStartMessage);
1691 const struct in_addr *v4;
1692 const struct in6_addr *v6;
1693 const void *payload;
1696 if (GNUNET_SYSERR == state->is_dns)
1698 /* channel is UDP/TCP from now on */
1699 state->is_dns = GNUNET_NO;
1701 GNUNET_STATISTICS_update (stats,
1702 gettext_noop ("# Bytes received from CADET"),
1703 pkt_len, GNUNET_NO);
1704 GNUNET_STATISTICS_update (stats,
1705 gettext_noop ("# TCP IP-exit creation requests received via cadet"),
1707 af = (int) ntohl (start->af);
1708 state->specifics.tcp_udp.ri.remote_address.af = af;
1712 if (pkt_len < sizeof (struct in_addr))
1714 GNUNET_break_op (0);
1719 GNUNET_break_op (0);
1722 v4 = (const struct in_addr*) &start[1];
1724 pkt_len -= sizeof (struct in_addr);
1725 state->specifics.tcp_udp.ri.remote_address.address.ipv4 = *v4;
1728 if (pkt_len < sizeof (struct in6_addr))
1730 GNUNET_break_op (0);
1735 GNUNET_break_op (0);
1738 v6 = (const struct in6_addr*) &start[1];
1740 pkt_len -= sizeof (struct in6_addr);
1741 state->specifics.tcp_udp.ri.remote_address.address.ipv6 = *v6;
1744 GNUNET_break_op (0);
1748 char buf[INET6_ADDRSTRLEN];
1749 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1750 "Received payload from %s for existing TCP stream to %s:%u\n",
1751 GNUNET_i2s (&state->peer),
1753 &state->specifics.tcp_udp.ri.remote_address.address,
1755 (unsigned int) ntohs (start->tcp_header.destination_port));
1757 state->specifics.tcp_udp.ri.remote_address.proto = IPPROTO_TCP;
1758 state->specifics.tcp_udp.ri.remote_address.port = ntohs (start->tcp_header.destination_port);
1759 setup_state_record (state);
1760 send_tcp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address,
1761 &state->specifics.tcp_udp.ri.local_address,
1765 GNUNET_CADET_receive_done (state->channel);
1770 * Check a request to forward TCP data on an established
1771 * connection via this peer.
1773 * @param cls our `struct ChannelState *`
1774 * @param message the actual message
1775 * @return #GNUNET_OK to keep the connection open,
1776 * #GNUNET_SYSERR to close it (signal serious error)
1779 check_tcp_data (void *cls,
1780 const struct GNUNET_EXIT_TcpDataMessage *data)
1782 struct ChannelState *state = cls;
1784 if ( (NULL == state) ||
1785 (NULL == state->specifics.tcp_udp.heap_node) )
1787 /* connection should have been up! */
1788 GNUNET_STATISTICS_update (stats,
1789 gettext_noop ("# TCP DATA requests dropped (no session)"),
1791 GNUNET_break_op (0);
1792 return GNUNET_SYSERR;
1794 if (data->tcp_header.off * 4 < sizeof (struct GNUNET_TUN_TcpHeader))
1796 GNUNET_break_op (0);
1797 return GNUNET_SYSERR;
1799 if (GNUNET_YES == state->is_dns)
1801 GNUNET_break_op (0);
1802 return GNUNET_SYSERR;
1809 * Process a request to forward TCP data on an established
1810 * connection via this peer.
1812 * @param cls our `struct ChannelState *`
1813 * @param message the actual message
1816 handle_tcp_data (void *cls,
1817 const struct GNUNET_EXIT_TcpDataMessage *data)
1819 struct ChannelState *state = cls;
1820 uint16_t pkt_len = ntohs (data->header.size) - sizeof (struct GNUNET_EXIT_TcpDataMessage);
1822 GNUNET_STATISTICS_update (stats,
1823 gettext_noop ("# Bytes received from CADET"),
1824 pkt_len, GNUNET_NO);
1825 GNUNET_STATISTICS_update (stats,
1826 gettext_noop ("# TCP data requests received via cadet"),
1828 if (GNUNET_SYSERR == state->is_dns)
1830 /* channel is UDP/TCP from now on */
1831 state->is_dns = GNUNET_NO;
1834 GNUNET_break_op (ntohl (data->reserved) == 0);
1836 char buf[INET6_ADDRSTRLEN];
1837 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1838 "Received additional %u bytes of data from %s for TCP stream to %s:%u\n",
1840 GNUNET_i2s (&state->peer),
1841 inet_ntop (state->specifics.tcp_udp.ri.remote_address.af,
1842 &state->specifics.tcp_udp.ri.remote_address.address,
1844 (unsigned int) state->specifics.tcp_udp.ri.remote_address.port);
1847 send_tcp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address,
1848 &state->specifics.tcp_udp.ri.local_address,
1851 GNUNET_CADET_receive_done (state->channel);
1856 * Synthesize a plausible ICMP payload for an ICMPv4 error
1857 * response on the given channel.
1859 * @param state channel information
1860 * @param ipp IPv6 header to fill in (ICMP payload)
1861 * @param udp "UDP" header to fill in (ICMP payload); might actually
1862 * also be the first 8 bytes of the TCP header
1865 make_up_icmpv4_payload (struct ChannelState *state,
1866 struct GNUNET_TUN_IPv4Header *ipp,
1867 struct GNUNET_TUN_UdpHeader *udp)
1869 GNUNET_TUN_initialize_ipv4_header (ipp,
1870 state->specifics.tcp_udp.ri.remote_address.proto,
1871 sizeof (struct GNUNET_TUN_TcpHeader),
1872 &state->specifics.tcp_udp.ri.remote_address.address.ipv4,
1873 &state->specifics.tcp_udp.ri.local_address.address.ipv4);
1874 udp->source_port = htons (state->specifics.tcp_udp.ri.remote_address.port);
1875 udp->destination_port = htons (state->specifics.tcp_udp.ri.local_address.port);
1876 udp->len = htons (0);
1877 udp->crc = htons (0);
1882 * Synthesize a plausible ICMP payload for an ICMPv6 error
1883 * response on the given channel.
1885 * @param state channel information
1886 * @param ipp IPv6 header to fill in (ICMP payload)
1887 * @param udp "UDP" header to fill in (ICMP payload); might actually
1888 * also be the first 8 bytes of the TCP header
1891 make_up_icmpv6_payload (struct ChannelState *state,
1892 struct GNUNET_TUN_IPv6Header *ipp,
1893 struct GNUNET_TUN_UdpHeader *udp)
1895 GNUNET_TUN_initialize_ipv6_header (ipp,
1896 state->specifics.tcp_udp.ri.remote_address.proto,
1897 sizeof (struct GNUNET_TUN_TcpHeader),
1898 &state->specifics.tcp_udp.ri.remote_address.address.ipv6,
1899 &state->specifics.tcp_udp.ri.local_address.address.ipv6);
1900 udp->source_port = htons (state->specifics.tcp_udp.ri.remote_address.port);
1901 udp->destination_port = htons (state->specifics.tcp_udp.ri.local_address.port);
1902 udp->len = htons (0);
1903 udp->crc = htons (0);
1908 * Check a request to forward ICMP data to the Internet via this peer.
1910 * @param cls our `struct ChannelState *`
1911 * @param msg the actual message
1912 * @return #GNUNET_OK to keep the connection open,
1913 * #GNUNET_SYSERR to close it (signal serious error)
1916 check_icmp_remote (void *cls,
1917 const struct GNUNET_EXIT_IcmpInternetMessage *msg)
1919 struct ChannelState *state = cls;
1921 if (GNUNET_YES == state->is_dns)
1923 GNUNET_break_op (0);
1924 return GNUNET_SYSERR;
1931 * Process a request to forward ICMP data to the Internet via this peer.
1933 * @param cls our `struct ChannelState *`
1934 * @param msg the actual message
1937 handle_icmp_remote (void *cls,
1938 const struct GNUNET_EXIT_IcmpInternetMessage *msg)
1940 struct ChannelState *state = cls;
1941 uint16_t pkt_len = ntohs (msg->header.size) - sizeof (struct GNUNET_EXIT_IcmpInternetMessage);
1942 const struct in_addr *v4;
1943 const struct in6_addr *v6;
1944 const void *payload;
1945 char buf[sizeof (struct GNUNET_TUN_IPv6Header) + 8] GNUNET_ALIGN;
1948 if (GNUNET_SYSERR == state->is_dns)
1950 /* channel is UDP/TCP from now on */
1951 state->is_dns = GNUNET_NO;
1953 GNUNET_STATISTICS_update (stats,
1954 gettext_noop ("# Bytes received from CADET"),
1955 pkt_len, GNUNET_NO);
1956 GNUNET_STATISTICS_update (stats,
1957 gettext_noop ("# ICMP IP-exit requests received via cadet"),
1960 af = (int) ntohl (msg->af);
1961 if ( (NULL != state->specifics.tcp_udp.heap_node) &&
1962 (af != state->specifics.tcp_udp.ri.remote_address.af) )
1964 /* other peer switched AF on this channel; not allowed */
1965 GNUNET_break_op (0);
1972 if (pkt_len < sizeof (struct in_addr))
1974 GNUNET_break_op (0);
1979 GNUNET_break_op (0);
1982 v4 = (const struct in_addr*) &msg[1];
1984 pkt_len -= sizeof (struct in_addr);
1985 state->specifics.tcp_udp.ri.remote_address.address.ipv4 = *v4;
1986 if (NULL == state->specifics.tcp_udp.heap_node)
1988 state->specifics.tcp_udp.ri.remote_address.af = af;
1989 state->specifics.tcp_udp.ri.remote_address.proto = IPPROTO_ICMP;
1990 setup_state_record (state);
1992 /* check that ICMP type is something we want to support
1993 and possibly make up payload! */
1994 switch (msg->icmp_header.type)
1996 case GNUNET_TUN_ICMPTYPE_ECHO_REPLY:
1997 case GNUNET_TUN_ICMPTYPE_ECHO_REQUEST:
1999 case GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE:
2000 case GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH:
2001 case GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED:
2004 GNUNET_break_op (0);
2007 /* make up payload */
2009 struct GNUNET_TUN_IPv4Header *ipp = (struct GNUNET_TUN_IPv4Header *) buf;
2010 struct GNUNET_TUN_UdpHeader *udp = (struct GNUNET_TUN_UdpHeader *) &ipp[1];
2012 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2013 pkt_len = sizeof (struct GNUNET_TUN_IPv4Header) + 8;
2014 make_up_icmpv4_payload (state,
2021 GNUNET_break_op (0);
2022 GNUNET_STATISTICS_update (stats,
2023 gettext_noop ("# ICMPv4 packets dropped (type not allowed)"),
2030 if (pkt_len < sizeof (struct in6_addr))
2032 GNUNET_break_op (0);
2037 GNUNET_break_op (0);
2040 v6 = (const struct in6_addr*) &msg[1];
2042 pkt_len -= sizeof (struct in6_addr);
2043 state->specifics.tcp_udp.ri.remote_address.address.ipv6 = *v6;
2044 if (NULL == state->specifics.tcp_udp.heap_node)
2046 state->specifics.tcp_udp.ri.remote_address.af = af;
2047 state->specifics.tcp_udp.ri.remote_address.proto = IPPROTO_ICMPV6;
2048 setup_state_record (state);
2050 /* check that ICMP type is something we want to support
2051 and possibly make up payload! */
2052 switch (msg->icmp_header.type)
2054 case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY:
2055 case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST:
2057 case GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE:
2058 case GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG:
2059 case GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED:
2060 case GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM:
2063 GNUNET_break_op (0);
2066 /* make up payload */
2068 struct GNUNET_TUN_IPv6Header *ipp = (struct GNUNET_TUN_IPv6Header *) buf;
2069 struct GNUNET_TUN_UdpHeader *udp = (struct GNUNET_TUN_UdpHeader *) &ipp[1];
2071 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2072 pkt_len = sizeof (struct GNUNET_TUN_IPv6Header) + 8;
2073 make_up_icmpv6_payload (state,
2080 GNUNET_break_op (0);
2081 GNUNET_STATISTICS_update (stats,
2082 gettext_noop ("# ICMPv6 packets dropped (type not allowed)"),
2090 GNUNET_break_op (0);
2095 char buf[INET6_ADDRSTRLEN];
2096 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2097 "Received ICMP data from %s for forwarding to %s\n",
2098 GNUNET_i2s (&state->peer),
2100 &state->specifics.tcp_udp.ri.remote_address.address,
2101 buf, sizeof (buf)));
2103 send_icmp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address,
2104 &state->specifics.tcp_udp.ri.local_address,
2107 GNUNET_CADET_receive_done (state->channel);
2112 * Setup ICMP payload for ICMP error messages. Called
2113 * for both IPv4 and IPv6 addresses.
2115 * @param state context for creating the IP Packet
2116 * @param buf where to create the payload, has at least
2117 * sizeof (struct GNUNET_TUN_IPv6Header) + 8 bytes
2118 * @return number of bytes of payload we created in buf
2121 make_up_icmp_service_payload (struct ChannelState *state,
2124 switch (state->specifics.tcp_udp.serv->address.af)
2128 struct GNUNET_TUN_IPv4Header *ipv4;
2129 struct GNUNET_TUN_UdpHeader *udp;
2131 ipv4 = (struct GNUNET_TUN_IPv4Header *)buf;
2132 udp = (struct GNUNET_TUN_UdpHeader *) &ipv4[1];
2133 make_up_icmpv4_payload (state,
2136 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2137 return sizeof (struct GNUNET_TUN_IPv4Header) + 8;
2142 struct GNUNET_TUN_IPv6Header *ipv6;
2143 struct GNUNET_TUN_UdpHeader *udp;
2145 ipv6 = (struct GNUNET_TUN_IPv6Header *)buf;
2146 udp = (struct GNUNET_TUN_UdpHeader *) &ipv6[1];
2147 make_up_icmpv6_payload (state,
2150 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2151 return sizeof (struct GNUNET_TUN_IPv6Header) + 8;
2162 * Check a request via cadet to send ICMP data to a service
2163 * offered by this system.
2165 * @param cls our `struct ChannelState *`
2166 * @param msg the actual message
2167 * @return #GNUNET_OK to keep the connection open,
2168 * #GNUNET_SYSERR to close it (signal serious error)
2171 check_icmp_service (void *cls,
2172 const struct GNUNET_EXIT_IcmpServiceMessage *msg)
2174 struct ChannelState *state = cls;
2176 if (GNUNET_YES == state->is_dns)
2178 GNUNET_break_op (0);
2179 return GNUNET_SYSERR;
2181 if (NULL == state->specifics.tcp_udp.serv)
2183 GNUNET_break_op (0);
2184 return GNUNET_SYSERR;
2191 * Process a request via cadet to send ICMP data to a service
2192 * offered by this system.
2194 * @param cls our `struct ChannelState *`
2195 * @param msg the actual message
2198 handle_icmp_service (void *cls,
2199 const struct GNUNET_EXIT_IcmpServiceMessage *msg)
2201 struct ChannelState *state = cls;
2202 uint16_t pkt_len = ntohs (msg->header.size) - sizeof (struct GNUNET_EXIT_IcmpServiceMessage);
2203 struct GNUNET_TUN_IcmpHeader icmp;
2204 char buf[sizeof (struct GNUNET_TUN_IPv6Header) + 8] GNUNET_ALIGN;
2205 const void *payload;
2207 GNUNET_STATISTICS_update (stats,
2208 gettext_noop ("# Bytes received from CADET"),
2209 pkt_len, GNUNET_NO);
2210 GNUNET_STATISTICS_update (stats,
2211 gettext_noop ("# ICMP service requests received via cadet"),
2213 /* check that we got at least a valid header */
2214 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2215 "Received data from %s for forwarding to ICMP service %s\n",
2216 GNUNET_i2s (&state->peer),
2217 GNUNET_h2s (&state->specifics.tcp_udp.serv->descriptor));
2218 icmp = msg->icmp_header;
2220 state->specifics.tcp_udp.ri.remote_address
2221 = state->specifics.tcp_udp.serv->address;
2222 setup_state_record (state);
2224 /* check that ICMP type is something we want to support,
2225 perform ICMP PT if needed ans possibly make up payload */
2229 switch (msg->icmp_header.type)
2231 case GNUNET_TUN_ICMPTYPE_ECHO_REPLY:
2232 if (state->specifics.tcp_udp.serv->address.af == AF_INET6)
2233 icmp.type = GNUNET_TUN_ICMPTYPE6_ECHO_REPLY;
2235 case GNUNET_TUN_ICMPTYPE_ECHO_REQUEST:
2236 if (state->specifics.tcp_udp.serv->address.af == AF_INET6)
2237 icmp.type = GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST;
2239 case GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE:
2240 if (state->specifics.tcp_udp.serv->address.af == AF_INET6)
2241 icmp.type = GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE;
2244 GNUNET_break_op (0);
2248 pkt_len = make_up_icmp_service_payload (state, buf);
2250 case GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED:
2251 if (state->specifics.tcp_udp.serv->address.af == AF_INET6)
2252 icmp.type = GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED;
2255 GNUNET_break_op (0);
2259 pkt_len = make_up_icmp_service_payload (state, buf);
2261 case GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH:
2262 if (state->specifics.tcp_udp.serv->address.af == AF_INET6)
2264 GNUNET_STATISTICS_update (stats,
2265 gettext_noop ("# ICMPv4 packets dropped (impossible PT to v6)"),
2271 GNUNET_break_op (0);
2275 pkt_len = make_up_icmp_service_payload (state, buf);
2278 GNUNET_break_op (0);
2279 GNUNET_STATISTICS_update (stats,
2280 gettext_noop ("# ICMPv4 packets dropped (type not allowed)"),
2284 /* end of AF_INET */
2287 switch (msg->icmp_header.type)
2289 case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY:
2290 if (state->specifics.tcp_udp.serv->address.af == AF_INET)
2291 icmp.type = GNUNET_TUN_ICMPTYPE_ECHO_REPLY;
2293 case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST:
2294 if (state->specifics.tcp_udp.serv->address.af == AF_INET)
2295 icmp.type = GNUNET_TUN_ICMPTYPE_ECHO_REQUEST;
2297 case GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE:
2298 if (state->specifics.tcp_udp.serv->address.af == AF_INET)
2299 icmp.type = GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE;
2302 GNUNET_break_op (0);
2306 pkt_len = make_up_icmp_service_payload (state, buf);
2308 case GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED:
2309 if (state->specifics.tcp_udp.serv->address.af == AF_INET)
2310 icmp.type = GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED;
2313 GNUNET_break_op (0);
2317 pkt_len = make_up_icmp_service_payload (state, buf);
2319 case GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG:
2320 case GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM:
2321 if (state->specifics.tcp_udp.serv->address.af == AF_INET)
2323 GNUNET_STATISTICS_update (stats,
2324 gettext_noop ("# ICMPv6 packets dropped (impossible PT to v4)"),
2330 GNUNET_break_op (0);
2334 pkt_len = make_up_icmp_service_payload (state, buf);
2337 GNUNET_break_op (0);
2338 GNUNET_STATISTICS_update (stats,
2339 gettext_noop ("# ICMPv6 packets dropped (type not allowed)"),
2343 /* end of AF_INET6 */
2346 GNUNET_break_op (0);
2350 send_icmp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address,
2351 &state->specifics.tcp_udp.ri.local_address,
2355 GNUNET_CADET_receive_done (state->channel);
2360 * Free memory associated with a service record.
2363 * @param key service descriptor
2364 * @param value service record to free
2365 * @return #GNUNET_OK
2368 free_service_record (void *cls,
2369 const struct GNUNET_HashCode *key,
2372 struct LocalService *service = value;
2374 GNUNET_assert (GNUNET_YES ==
2375 GNUNET_CONTAINER_multihashmap_remove (services,
2378 GNUNET_CADET_close_port (service->port);
2379 GNUNET_free_non_null (service->name);
2380 GNUNET_free (service);
2386 * Callback from CADET for new channels.
2388 * @param cls closure
2389 * @param channel new handle to the channel
2390 * @param initiator peer that started the channel
2391 * @return initial channel context for the channel
2394 new_service_channel (void *cls,
2395 struct GNUNET_CADET_Channel *channel,
2396 const struct GNUNET_PeerIdentity *initiator)
2398 struct LocalService *ls = cls;
2399 struct ChannelState *s = GNUNET_new (struct ChannelState);
2401 s->peer = *initiator;
2402 GNUNET_STATISTICS_update (stats,
2403 gettext_noop ("# Inbound CADET channels created"),
2406 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2407 "Received inbound channel from `%s'\n",
2408 GNUNET_i2s (initiator));
2409 s->channel = channel;
2410 s->specifics.tcp_udp.serv = ls;
2411 s->specifics.tcp_udp.ri.remote_address = ls->address;
2417 * Function called by cadet whenever an inbound channel is destroyed.
2418 * Should clean up any associated state.
2420 * @param cls our `struct ChannelState *`
2421 * @param channel connection to the other end (henceforth invalid)
2424 clean_channel (void *cls,
2425 const struct GNUNET_CADET_Channel *channel)
2427 struct ChannelState *s = cls;
2429 LOG (GNUNET_ERROR_TYPE_DEBUG,
2430 "Channel destroyed\n");
2431 if (GNUNET_SYSERR == s->is_dns)
2436 if (GNUNET_YES == s->is_dns)
2438 if (channels[s->specifics.dns.my_id] == s)
2439 channels[s->specifics.dns.my_id] = NULL;
2443 if (NULL != s->specifics.tcp_udp.heap_node)
2445 GNUNET_assert (GNUNET_YES ==
2446 GNUNET_CONTAINER_multihashmap_remove (connections_map,
2447 &s->specifics.tcp_udp.state_key,
2449 GNUNET_CONTAINER_heap_remove_node (s->specifics.tcp_udp.heap_node);
2450 s->specifics.tcp_udp.heap_node = NULL;
2458 * Given a service descriptor and a destination port, find the
2459 * respective service entry.
2461 * @param proto IPPROTO_TCP or IPPROTO_UDP
2462 * @param name name of the service
2463 * @param destination_port destination port
2464 * @param service service information record to store (service->name will be set).
2467 store_service (int proto,
2469 uint16_t destination_port,
2470 struct LocalService *service)
2472 struct GNUNET_MQ_MessageHandler handlers[] = {
2473 GNUNET_MQ_hd_var_size (icmp_service,
2474 GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_SERVICE,
2475 struct GNUNET_EXIT_IcmpServiceMessage,
2477 GNUNET_MQ_hd_var_size (udp_service,
2478 GNUNET_MESSAGE_TYPE_VPN_UDP_TO_SERVICE,
2479 struct GNUNET_EXIT_UdpServiceMessage,
2481 GNUNET_MQ_hd_var_size (tcp_service,
2482 GNUNET_MESSAGE_TYPE_VPN_TCP_TO_SERVICE_START,
2483 struct GNUNET_EXIT_TcpServiceStartMessage,
2485 GNUNET_MQ_hd_var_size (tcp_data,
2486 GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_EXIT,
2487 struct GNUNET_EXIT_TcpDataMessage,
2489 GNUNET_MQ_handler_end ()
2492 struct GNUNET_HashCode cadet_port;
2494 service->name = GNUNET_strdup (name);
2495 GNUNET_TUN_service_name_to_hash (name,
2496 &service->descriptor);
2497 GNUNET_TUN_compute_service_cadet_port (&service->descriptor,
2500 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2501 "Opening CADET port %s for SERVICE exit %s on port %u\n",
2502 GNUNET_h2s (&cadet_port),
2504 (unsigned int) destination_port);
2505 service->port = GNUNET_CADET_open_port (cadet_handle,
2507 &new_service_channel,
2512 service->is_udp = (IPPROTO_UDP == proto);
2514 GNUNET_CONTAINER_multihashmap_put (services,
2517 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
2519 GNUNET_CADET_close_port (service->port);
2520 GNUNET_free_non_null (service->name);
2521 GNUNET_free (service);
2522 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2523 _("Got duplicate service records for `%s:%u'\n"),
2525 (unsigned int) destination_port);
2531 * Send the given packet via the cadet channel.
2533 * @param s channel destination
2534 * @param env message to queue
2537 send_packet_to_cadet_channel (struct ChannelState *s,
2538 struct GNUNET_MQ_Envelope *env)
2540 GNUNET_assert (NULL != s);
2541 GNUNET_STATISTICS_update (stats,
2542 gettext_noop ("# Messages transmitted via cadet channels"),
2545 GNUNET_MQ_send (GNUNET_CADET_get_mq (s->channel),
2551 * @brief Handles an ICMP packet received from the helper.
2553 * @param icmp A pointer to the Packet
2554 * @param pktlen number of bytes in @a icmp
2555 * @param af address family (AFINET or AF_INET6)
2556 * @param destination_ip destination IP-address of the IP packet (should
2557 * be our local address)
2558 * @param source_ip original source IP-address of the IP packet (should
2559 * be the original destination address)
2562 icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp,
2565 const void *destination_ip,
2566 const void *source_ip)
2568 struct ChannelState *state;
2569 struct GNUNET_MQ_Envelope *env;
2570 struct GNUNET_EXIT_IcmpToVPNMessage *i2v;
2571 const struct GNUNET_TUN_IPv4Header *ipv4;
2572 const struct GNUNET_TUN_IPv6Header *ipv6;
2573 const struct GNUNET_TUN_UdpHeader *udp;
2574 uint16_t source_port;
2575 uint16_t destination_port;
2579 char sbuf[INET6_ADDRSTRLEN];
2580 char dbuf[INET6_ADDRSTRLEN];
2581 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2582 "Received ICMP packet going from %s to %s\n",
2585 sbuf, sizeof (sbuf)),
2588 dbuf, sizeof (dbuf)));
2590 if (pktlen < sizeof (struct GNUNET_TUN_IcmpHeader))
2597 /* Find out if this is an ICMP packet in response to an existing
2598 TCP/UDP packet and if so, figure out ports / protocol of the
2599 existing session from the IP data in the ICMP payload */
2601 destination_port = 0;
2605 protocol = IPPROTO_ICMP;
2608 case GNUNET_TUN_ICMPTYPE_ECHO_REPLY:
2609 case GNUNET_TUN_ICMPTYPE_ECHO_REQUEST:
2611 case GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE:
2612 case GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH:
2613 case GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED:
2615 sizeof (struct GNUNET_TUN_IcmpHeader) +
2616 sizeof (struct GNUNET_TUN_IPv4Header) + 8)
2622 ipv4 = (const struct GNUNET_TUN_IPv4Header *) &icmp[1];
2623 protocol = ipv4->protocol;
2624 /* could be TCP or UDP, but both have the ports in the right
2625 place, so that doesn't matter here */
2626 udp = (const struct GNUNET_TUN_UdpHeader *) &ipv4[1];
2627 /* swap ports, as they are from the original message */
2628 destination_port = ntohs (udp->source_port);
2629 source_port = ntohs (udp->destination_port);
2630 /* throw away ICMP payload, won't be useful for the other side anyway */
2631 pktlen = sizeof (struct GNUNET_TUN_IcmpHeader);
2634 GNUNET_STATISTICS_update (stats,
2635 gettext_noop ("# ICMPv4 packets dropped (type not allowed)"),
2641 protocol = IPPROTO_ICMPV6;
2644 case GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE:
2645 case GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG:
2646 case GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED:
2647 case GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM:
2649 sizeof (struct GNUNET_TUN_IcmpHeader) +
2650 sizeof (struct GNUNET_TUN_IPv6Header) + 8)
2656 ipv6 = (const struct GNUNET_TUN_IPv6Header *) &icmp[1];
2657 protocol = ipv6->next_header;
2658 /* could be TCP or UDP, but both have the ports in the right
2659 place, so that doesn't matter here */
2660 udp = (const struct GNUNET_TUN_UdpHeader *) &ipv6[1];
2661 /* swap ports, as they are from the original message */
2662 destination_port = ntohs (udp->source_port);
2663 source_port = ntohs (udp->destination_port);
2664 /* throw away ICMP payload, won't be useful for the other side anyway */
2665 pktlen = sizeof (struct GNUNET_TUN_IcmpHeader);
2667 case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST:
2668 case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY:
2671 GNUNET_STATISTICS_update (stats,
2672 gettext_noop ("# ICMPv6 packets dropped (type not allowed)"),
2683 state = get_redirect_state (af,
2691 case IPPROTO_ICMPV6:
2692 state = get_redirect_state (af,
2701 state = get_redirect_state (af,
2710 state = get_redirect_state (af,
2719 GNUNET_STATISTICS_update (stats,
2720 gettext_noop ("# ICMP packets dropped (not allowed)"),
2727 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
2728 _("ICMP Packet dropped, have no matching connection information\n"));
2731 env = GNUNET_MQ_msg_extra (i2v,
2732 pktlen - sizeof (struct GNUNET_TUN_IcmpHeader),
2733 GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_VPN);
2734 i2v->af = htonl (af);
2735 GNUNET_memcpy (&i2v->icmp_header,
2738 send_packet_to_cadet_channel (state,
2744 * @brief Handles an UDP packet received from the helper.
2746 * @param udp A pointer to the Packet
2747 * @param pktlen number of bytes in 'udp'
2748 * @param af address family (AFINET or AF_INET6)
2749 * @param destination_ip destination IP-address of the IP packet (should
2750 * be our local address)
2751 * @param source_ip original source IP-address of the IP packet (should
2752 * be the original destination address)
2755 udp_from_helper (const struct GNUNET_TUN_UdpHeader *udp,
2758 const void *destination_ip,
2759 const void *source_ip)
2761 struct ChannelState *state;
2762 struct GNUNET_MQ_Envelope *env;
2763 struct GNUNET_EXIT_UdpReplyMessage *urm;
2766 char sbuf[INET6_ADDRSTRLEN];
2767 char dbuf[INET6_ADDRSTRLEN];
2769 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2770 "Received UDP packet going from %s:%u to %s:%u\n",
2773 sbuf, sizeof (sbuf)),
2774 (unsigned int) ntohs (udp->source_port),
2777 dbuf, sizeof (dbuf)),
2778 (unsigned int) ntohs (udp->destination_port));
2780 if (pktlen < sizeof (struct GNUNET_TUN_UdpHeader))
2786 if (pktlen != ntohs (udp->len))
2792 state = get_redirect_state (af,
2795 ntohs (udp->source_port),
2797 ntohs (udp->destination_port),
2801 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
2802 _("UDP Packet dropped, have no matching connection information\n"));
2805 env = GNUNET_MQ_msg_extra (urm,
2806 pktlen - sizeof (struct GNUNET_TUN_UdpHeader),
2807 GNUNET_MESSAGE_TYPE_VPN_UDP_REPLY);
2808 urm->source_port = htons (0);
2809 urm->destination_port = htons (0);
2810 GNUNET_memcpy (&urm[1],
2812 pktlen - sizeof (struct GNUNET_TUN_UdpHeader));
2813 send_packet_to_cadet_channel (state,
2819 * @brief Handles a TCP packet received from the helper.
2821 * @param tcp A pointer to the Packet
2822 * @param pktlen the length of the packet, including its TCP header
2823 * @param af address family (AFINET or AF_INET6)
2824 * @param destination_ip destination IP-address of the IP packet (should
2825 * be our local address)
2826 * @param source_ip original source IP-address of the IP packet (should
2827 * be the original destination address)
2830 tcp_from_helper (const struct GNUNET_TUN_TcpHeader *tcp,
2833 const void *destination_ip,
2834 const void *source_ip)
2836 struct ChannelState *state;
2837 char buf[pktlen] GNUNET_ALIGN;
2838 struct GNUNET_TUN_TcpHeader *mtcp;
2839 struct GNUNET_EXIT_TcpDataMessage *tdm;
2840 struct GNUNET_MQ_Envelope *env;
2844 char sbuf[INET6_ADDRSTRLEN];
2845 char dbuf[INET6_ADDRSTRLEN];
2846 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2847 "Received TCP packet with %u bytes going from %s:%u to %s:%u\n",
2848 (unsigned int) (pktlen - sizeof (struct GNUNET_TUN_TcpHeader)),
2851 sbuf, sizeof (sbuf)),
2852 (unsigned int) ntohs (tcp->source_port),
2855 dbuf, sizeof (dbuf)),
2856 (unsigned int) ntohs (tcp->destination_port));
2858 if (pktlen < sizeof (struct GNUNET_TUN_TcpHeader))
2864 state = get_redirect_state (af,
2867 ntohs (tcp->source_port),
2869 ntohs (tcp->destination_port),
2873 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
2874 _("TCP Packet dropped, have no matching connection information\n"));
2878 /* mug port numbers and crc to avoid information leakage;
2879 sender will need to lookup the correct values anyway */
2880 GNUNET_memcpy (buf, tcp, pktlen);
2881 mtcp = (struct GNUNET_TUN_TcpHeader *) buf;
2882 mtcp->source_port = 0;
2883 mtcp->destination_port = 0;
2886 mlen = sizeof (struct GNUNET_EXIT_TcpDataMessage) + (pktlen - sizeof (struct GNUNET_TUN_TcpHeader));
2887 if (mlen >= GNUNET_MAX_MESSAGE_SIZE)
2892 env = GNUNET_MQ_msg_extra (tdm,
2893 pktlen - sizeof (struct GNUNET_TUN_TcpHeader),
2894 GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_VPN);
2895 tdm->reserved = htonl (0);
2896 GNUNET_memcpy (&tdm->tcp_header,
2899 send_packet_to_cadet_channel (state,
2905 * Receive packets from the helper-process
2908 * @param message message received from helper
2911 message_token (void *cls GNUNET_UNUSED,
2912 const struct GNUNET_MessageHeader *message)
2914 const struct GNUNET_TUN_Layer2PacketHeader *pkt_tun;
2917 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2918 "Got %u-byte message of type %u from gnunet-helper-exit\n",
2919 ntohs (message->size),
2920 ntohs (message->type));
2921 GNUNET_STATISTICS_update (stats,
2922 gettext_noop ("# Packets received from TUN"),
2924 if (ntohs (message->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER)
2929 size = ntohs (message->size);
2930 if (size < sizeof (struct GNUNET_TUN_Layer2PacketHeader) + sizeof (struct GNUNET_MessageHeader))
2935 GNUNET_STATISTICS_update (stats,
2936 gettext_noop ("# Bytes received from TUN"),
2938 pkt_tun = (const struct GNUNET_TUN_Layer2PacketHeader *) &message[1];
2939 size -= sizeof (struct GNUNET_TUN_Layer2PacketHeader) + sizeof (struct GNUNET_MessageHeader);
2940 switch (ntohs (pkt_tun->proto))
2944 const struct GNUNET_TUN_IPv4Header *pkt4;
2946 if (size < sizeof (struct GNUNET_TUN_IPv4Header))
2948 /* Kernel to blame? */
2952 pkt4 = (const struct GNUNET_TUN_IPv4Header *) &pkt_tun[1];
2953 if (size != ntohs (pkt4->total_length))
2955 /* Kernel to blame? */
2959 if (pkt4->header_length * 4 != sizeof (struct GNUNET_TUN_IPv4Header))
2961 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2962 _("IPv4 packet options received. Ignored.\n"));
2966 size -= sizeof (struct GNUNET_TUN_IPv4Header);
2967 switch (pkt4->protocol)
2970 udp_from_helper ((const struct GNUNET_TUN_UdpHeader *) &pkt4[1], size,
2972 &pkt4->destination_address,
2973 &pkt4->source_address);
2976 tcp_from_helper ((const struct GNUNET_TUN_TcpHeader *) &pkt4[1], size,
2978 &pkt4->destination_address,
2979 &pkt4->source_address);
2982 icmp_from_helper ((const struct GNUNET_TUN_IcmpHeader *) &pkt4[1], size,
2984 &pkt4->destination_address,
2985 &pkt4->source_address);
2988 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2989 _("IPv4 packet with unsupported next header %u received. Ignored.\n"),
2990 (int) pkt4->protocol);
2997 const struct GNUNET_TUN_IPv6Header *pkt6;
2999 if (size < sizeof (struct GNUNET_TUN_IPv6Header))
3001 /* Kernel to blame? */
3005 pkt6 = (struct GNUNET_TUN_IPv6Header *) &pkt_tun[1];
3006 if (size != ntohs (pkt6->payload_length) + sizeof (struct GNUNET_TUN_IPv6Header))
3008 /* Kernel to blame? */
3012 size -= sizeof (struct GNUNET_TUN_IPv6Header);
3013 switch (pkt6->next_header)
3016 udp_from_helper ((const struct GNUNET_TUN_UdpHeader *) &pkt6[1], size,
3018 &pkt6->destination_address,
3019 &pkt6->source_address);
3022 tcp_from_helper ((const struct GNUNET_TUN_TcpHeader *) &pkt6[1], size,
3024 &pkt6->destination_address,
3025 &pkt6->source_address);
3027 case IPPROTO_ICMPV6:
3028 icmp_from_helper ((const struct GNUNET_TUN_IcmpHeader *) &pkt6[1], size,
3030 &pkt6->destination_address,
3031 &pkt6->source_address);
3034 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3035 _("IPv6 packet with unsupported next header %d received. Ignored.\n"),
3042 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3043 _("Packet from unknown protocol %u received. Ignored.\n"),
3044 ntohs (pkt_tun->proto));
3052 * Callback from CADET for new channels.
3054 * @param cls closure
3055 * @param channel new handle to the channel
3056 * @param initiator peer that started the channel
3057 * @return initial channel context for the channel
3060 new_channel (void *cls,
3061 struct GNUNET_CADET_Channel *channel,
3062 const struct GNUNET_PeerIdentity *initiator)
3064 struct ChannelState *s = GNUNET_new (struct ChannelState);
3066 s->is_dns = GNUNET_SYSERR;
3067 s->peer = *initiator;
3068 GNUNET_STATISTICS_update (stats,
3069 gettext_noop ("# Inbound CADET channels created"),
3072 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3073 "Received inbound channel from `%s'\n",
3074 GNUNET_i2s (initiator));
3075 s->channel = channel;
3081 * Function that frees everything from a hashmap
3085 * @param value value to free
3088 free_iterate (void *cls,
3089 const struct GNUNET_HashCode * hash,
3092 GNUNET_free (value);
3098 * Function scheduled as very last function if the service
3099 * disabled itself because the helper is not installed
3100 * properly. Does nothing, except for keeping the
3101 * service process alive by virtue of being scheduled.
3104 * @param tc scheduler context
3107 dummy_task (void *cls)
3109 /* just terminate */
3114 * Function scheduled as very last function, cleans up after us
3123 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3124 "Exit service is shutting down now\n");
3126 if (NULL != helper_handle)
3128 GNUNET_HELPER_stop (helper_handle, GNUNET_NO);
3129 helper_handle = NULL;
3133 GNUNET_REGEX_announce_cancel (regex4);
3138 GNUNET_REGEX_announce_cancel (regex6);
3141 if (NULL != services)
3143 GNUNET_CONTAINER_multihashmap_iterate (services,
3144 &free_service_record,
3146 GNUNET_CONTAINER_multihashmap_destroy (services);
3148 if (NULL != dns_port)
3150 GNUNET_CADET_close_port (dns_port);
3153 if (NULL != cadet_port4)
3155 GNUNET_CADET_close_port (cadet_port4);
3158 if (NULL != cadet_port6)
3160 GNUNET_CADET_close_port (cadet_port6);
3163 if (NULL != cadet_handle)
3165 GNUNET_CADET_disconnect (cadet_handle);
3166 cadet_handle = NULL;
3168 if (NULL != connections_map)
3170 GNUNET_CONTAINER_multihashmap_iterate (connections_map,
3173 GNUNET_CONTAINER_multihashmap_destroy (connections_map);
3174 connections_map = NULL;
3176 if (NULL != connections_heap)
3178 GNUNET_CONTAINER_heap_destroy (connections_heap);
3179 connections_heap = NULL;
3181 if (NULL != dnsstub)
3183 GNUNET_DNSSTUB_stop (dnsstub);
3186 if (NULL != peer_key)
3188 GNUNET_free (peer_key);
3191 if (NULL != dht_task)
3193 GNUNET_SCHEDULER_cancel (dht_task);
3196 if (NULL != dht_put)
3198 GNUNET_DHT_put_cancel (dht_put);
3203 GNUNET_DHT_disconnect (dht);
3208 GNUNET_STATISTICS_destroy (stats,
3213 GNUNET_free_non_null (exit_argv[i]);
3218 * Add services to the service map.
3220 * @param proto IPPROTO_TCP or IPPROTO_UDP
3221 * @param cpy copy of the service descriptor (can be mutilated)
3222 * @param name DNS name of the service
3225 add_services (int proto,
3232 struct LocalService *serv;
3236 slen = strlen (name);
3237 GNUNET_assert (slen >= 8);
3238 n = GNUNET_strndup (name, slen - 8 /* remove .gnunet. */);
3240 for (redirect = strtok (cpy, " ;"); redirect != NULL;
3241 redirect = strtok (NULL, " ;"))
3243 if (NULL == (hostname = strstr (redirect, ":")))
3245 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3246 _("Option `%s' for domain `%s' is not formatted correctly!\n"),
3253 if (NULL == (hostport = strstr (hostname, ":")))
3255 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3256 _("Option `%s' for domain `%s' is not formatted correctly!\n"),
3264 int local_port = atoi (redirect);
3265 int remote_port = atoi (hostport);
3267 if (! ((local_port > 0) && (local_port < 65536)))
3269 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3270 _("`%s' is not a valid port number (for domain `%s')!"),
3275 if (! ((remote_port > 0) && (remote_port < 65536)))
3277 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3278 _("`%s' is not a valid port number (for domain `%s')!"),
3284 serv = GNUNET_new (struct LocalService);
3285 serv->address.proto = proto;
3286 serv->address.port = remote_port;
3287 if (0 == strcmp ("localhost4",
3290 const char *ip4addr = exit_argv[5];
3292 serv->address.af = AF_INET;
3293 GNUNET_assert (1 == inet_pton (AF_INET,
3295 &serv->address.address.ipv4));
3297 else if (0 == strcmp ("localhost6",
3300 const char *ip6addr = exit_argv[3];
3302 serv->address.af = AF_INET6;
3303 GNUNET_assert (1 == inet_pton (AF_INET6,
3305 &serv->address.address.ipv6));
3309 struct addrinfo *res;
3312 ret = getaddrinfo (hostname,
3316 if ( (0 != ret) || (NULL == res) )
3318 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3319 _("No addresses found for hostname `%s' of service `%s'!\n"),
3326 serv->address.af = res->ai_family;
3327 switch (res->ai_family)
3332 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3333 _("Service `%s' configured for IPv4, but IPv4 is disabled!\n"),
3339 serv->address.address.ipv4
3340 = ((struct sockaddr_in *) res->ai_addr)->sin_addr;
3345 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3346 _("Service `%s' configured for IPv4, but IPv4 is disabled!\n"),
3352 serv->address.address.ipv6
3353 = ((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
3357 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3358 _("No IP addresses found for hostname `%s' of service `%s'!\n"),
3366 store_service (proto,
3376 * Reads the configuration servicecfg and populates udp_services
3379 * @param section name of section in config, equal to hostname
3382 read_service_conf (void *cls,
3383 const char *section)
3387 if ((strlen (section) < 8) ||
3388 (0 != strcmp (".gnunet.", section + (strlen (section) - 8))))
3391 GNUNET_CONFIGURATION_get_value_string (cfg,
3396 add_services (IPPROTO_UDP,
3402 GNUNET_CONFIGURATION_get_value_string (cfg,
3407 add_services (IPPROTO_TCP,
3416 * We are running a DNS exit service, advertise it in the
3417 * DHT. This task is run periodically to do the DHT PUT.
3419 * @param cls closure
3422 do_dht_put (void *cls);
3426 * Function called when the DHT PUT operation is complete.
3427 * Schedules the next PUT.
3429 * @param cls closure, NULL
3430 * @param success #GNUNET_OK if the operation worked (unused)
3433 dht_put_cont (void *cls,
3437 dht_task = GNUNET_SCHEDULER_add_delayed (DHT_PUT_FREQUENCY,
3444 * We are running a DNS exit service, advertise it in the
3445 * DHT. This task is run periodically to do the DHT PUT.
3447 * @param cls closure
3450 do_dht_put (void *cls)
3452 struct GNUNET_TIME_Absolute expiration;
3455 expiration = GNUNET_TIME_absolute_ntoh (dns_advertisement.expiration_time);
3456 if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value_us <
3457 GNUNET_TIME_UNIT_HOURS.rel_value_us)
3459 /* refresh advertisement */
3460 expiration = GNUNET_TIME_relative_to_absolute (DNS_ADVERTISEMENT_TIMEOUT);
3461 dns_advertisement.expiration_time = GNUNET_TIME_absolute_hton (expiration);
3462 GNUNET_assert (GNUNET_OK ==
3463 GNUNET_CRYPTO_eddsa_sign (peer_key,
3464 &dns_advertisement.purpose,
3465 &dns_advertisement.signature));
3467 dht_put = GNUNET_DHT_put (dht,
3469 1 /* replication */,
3471 GNUNET_BLOCK_TYPE_DNS,
3472 sizeof (struct GNUNET_DNS_Advertisement),
3481 * Figure out which IP versions we should support (and which
3482 * are supported by the OS) according to our configuration.
3487 ipv4_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg,
3490 ipv6_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg,
3493 ipv4_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg,
3496 ipv6_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg,
3499 if ( (ipv4_exit || ipv4_enabled) &&
3500 GNUNET_OK != GNUNET_NETWORK_test_pf (PF_INET))
3502 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3503 _("This system does not support IPv4, will disable IPv4 functions despite them being enabled in the configuration\n"));
3504 ipv4_exit = GNUNET_NO;
3505 ipv4_enabled = GNUNET_NO;
3507 if ( (ipv6_exit || ipv6_enabled) &&
3508 GNUNET_OK != GNUNET_NETWORK_test_pf (PF_INET6))
3510 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3511 _("This system does not support IPv6, will disable IPv6 functions despite them being enabled in the configuration\n"));
3512 ipv6_exit = GNUNET_NO;
3513 ipv6_enabled = GNUNET_NO;
3515 if (ipv4_exit && (! ipv4_enabled))
3517 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3518 _("Cannot enable IPv4 exit but disable IPv4 on TUN interface, will use ENABLE_IPv4=YES\n"));
3519 ipv4_enabled = GNUNET_YES;
3521 if (ipv6_exit && (! ipv6_enabled))
3523 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3524 _("Cannot enable IPv6 exit but disable IPv6 on TUN interface, will use ENABLE_IPv6=YES\n"));
3525 ipv6_enabled = GNUNET_YES;
3531 * Helper function to open the CADET port for DNS exits and to
3532 * advertise the DNS exit (if applicable).
3535 advertise_dns_exit ()
3537 struct GNUNET_MQ_MessageHandler handlers[] = {
3538 GNUNET_MQ_hd_var_size (dns_request,
3539 GNUNET_MESSAGE_TYPE_VPN_DNS_TO_INTERNET,
3540 struct DnsResponseMessage,
3542 GNUNET_MQ_handler_end ()
3545 struct GNUNET_HashCode port;
3546 struct in_addr dns_exit4;
3547 struct in6_addr dns_exit6;
3550 GNUNET_CONFIGURATION_get_value_yesno (cfg,
3555 GNUNET_CONFIGURATION_get_value_string (cfg,
3559 ( (1 != inet_pton (AF_INET,
3562 (1 != inet_pton (AF_INET6,
3566 GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
3569 _("need a valid IPv4 or IPv6 address\n"));
3570 GNUNET_free_non_null (dns_exit);
3574 GNUNET_CRYPTO_hash (GNUNET_APPLICATION_PORT_INTERNET_RESOLVER,
3575 strlen (GNUNET_APPLICATION_PORT_INTERNET_RESOLVER),
3577 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3578 "Opening CADET port %s for DNS exit service\n",
3579 GNUNET_h2s (&port));
3580 dns_port = GNUNET_CADET_open_port (cadet_handle,
3587 /* advertise exit */
3588 dht = GNUNET_DHT_connect (cfg,
3590 peer_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg);
3591 GNUNET_CRYPTO_eddsa_key_get_public (peer_key,
3592 &dns_advertisement.peer.public_key);
3593 dns_advertisement.purpose.size = htonl (sizeof (struct GNUNET_DNS_Advertisement) -
3594 sizeof (struct GNUNET_CRYPTO_EddsaSignature));
3595 dns_advertisement.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DNS_RECORD);
3596 GNUNET_CRYPTO_hash ("dns",
3599 dht_task = GNUNET_SCHEDULER_add_now (&do_dht_put,
3601 GNUNET_free (dns_exit);
3606 * Initialize #exit_argv.
3608 * @return #GNUNET_OK on success, #GNUNET_SYSERR if we should shutdown
3611 setup_exit_helper_args ()
3620 exit_argv[0] = GNUNET_strdup ("exit-gnunet");
3621 if (GNUNET_SYSERR ==
3622 GNUNET_CONFIGURATION_get_value_string (cfg,
3627 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
3630 return GNUNET_SYSERR;
3632 exit_argv[1] = tun_ifname;
3635 if (GNUNET_SYSERR ==
3636 GNUNET_CONFIGURATION_get_value_string (cfg,
3641 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
3644 return GNUNET_SYSERR;
3646 exit_argv[2] = exit_ifname;
3650 exit_argv[2] = GNUNET_strdup ("-");
3653 if (GNUNET_YES == ipv6_enabled)
3656 if ( (GNUNET_SYSERR ==
3657 GNUNET_CONFIGURATION_get_value_string (cfg,
3661 (1 != inet_pton (AF_INET6,
3665 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
3668 GNUNET_free_non_null (ipv6addr);
3669 return GNUNET_SYSERR;
3671 exit_argv[3] = ipv6addr;
3672 if (GNUNET_SYSERR ==
3673 GNUNET_CONFIGURATION_get_value_string (cfg,
3678 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
3681 return GNUNET_SYSERR;
3683 exit_argv[4] = ipv6prefix_s;
3685 GNUNET_CONFIGURATION_get_value_number (cfg,
3689 (ipv6prefix >= 127) )
3691 GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
3694 _("Must be a number"));
3695 return GNUNET_SYSERR;
3700 /* IPv6 explicitly disabled */
3701 exit_argv[3] = GNUNET_strdup ("-");
3702 exit_argv[4] = GNUNET_strdup ("-");
3704 if (GNUNET_YES == ipv4_enabled)
3707 if ( (GNUNET_SYSERR ==
3708 GNUNET_CONFIGURATION_get_value_string (cfg,
3712 (1 != inet_pton (AF_INET,
3716 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
3719 GNUNET_free_non_null (ipv4addr);
3720 return GNUNET_SYSERR;
3722 exit_argv[5] = ipv4addr;
3724 if ( (GNUNET_SYSERR ==
3725 GNUNET_CONFIGURATION_get_value_string (cfg,
3729 (1 != inet_pton (AF_INET,
3733 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
3736 GNUNET_free_non_null (ipv4mask);
3737 return GNUNET_SYSERR;
3739 exit_argv[6] = ipv4mask;
3743 /* IPv4 explicitly disabled */
3744 exit_argv[5] = GNUNET_strdup ("-");
3745 exit_argv[6] = GNUNET_strdup ("-");
3747 exit_argv[7] = NULL;
3753 * @brief Main function that will be run by the scheduler.
3755 * @param cls closure
3756 * @param args remaining command-line arguments
3757 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
3758 * @param cfg_ configuration
3763 const char *cfgfile,
3764 const struct GNUNET_CONFIGURATION_Handle *cfg_)
3766 struct GNUNET_MQ_MessageHandler handlers[] = {
3767 GNUNET_MQ_hd_var_size (icmp_remote,
3768 GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_INTERNET,
3769 struct GNUNET_EXIT_IcmpInternetMessage,
3771 GNUNET_MQ_hd_var_size (udp_remote,
3772 GNUNET_MESSAGE_TYPE_VPN_UDP_TO_INTERNET,
3773 struct GNUNET_EXIT_UdpInternetMessage,
3775 GNUNET_MQ_hd_var_size (tcp_remote,
3776 GNUNET_MESSAGE_TYPE_VPN_TCP_TO_INTERNET_START,
3777 struct GNUNET_EXIT_TcpInternetStartMessage,
3779 GNUNET_MQ_hd_var_size (tcp_data,
3780 GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_EXIT,
3781 struct GNUNET_EXIT_TcpDataMessage,
3783 GNUNET_MQ_handler_end ()
3785 struct GNUNET_HashCode port;
3789 char *prefixed_regex;
3793 GNUNET_CONFIGURATION_get_value_number (cfg,
3797 max_connections = 1024;
3798 parse_ip_options ();
3799 if ( (ipv4_exit) || (ipv6_exit) )
3801 binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-exit");
3803 GNUNET_OS_check_helper_binary (binary,
3805 "gnunet-vpn - - - 169.1.3.7 255.255.255.0")) //no nat, ipv4 only
3807 GNUNET_free (binary);
3808 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3809 _("`%s' must be installed SUID, EXIT will not work\n"),
3810 "gnunet-helper-exit");
3811 GNUNET_SCHEDULER_add_shutdown (&dummy_task,
3816 GNUNET_free (binary);
3818 if (! (ipv4_enabled || ipv6_enabled))
3820 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3821 _("No useful service enabled. Exiting.\n"));
3822 GNUNET_SCHEDULER_shutdown ();
3826 GNUNET_SCHEDULER_add_shutdown (&cleanup,
3828 stats = GNUNET_STATISTICS_create ("exit",
3830 cadet_handle = GNUNET_CADET_connect (cfg);
3831 if (NULL == cadet_handle)
3833 GNUNET_SCHEDULER_shutdown ();
3836 advertise_dns_exit ();
3838 setup_exit_helper_args ())
3840 GNUNET_SCHEDULER_shutdown ();
3844 services = GNUNET_CONTAINER_multihashmap_create (65536,
3846 connections_map = GNUNET_CONTAINER_multihashmap_create (65536,
3848 connections_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
3849 GNUNET_CONFIGURATION_iterate_sections (cfg,
3853 /* Cadet handle acquired, now open ports and announce regular
3854 expressions matching our exit */
3855 if ( (GNUNET_YES == ipv4_enabled) &&
3856 (GNUNET_YES == ipv4_exit) )
3858 GNUNET_CRYPTO_hash (GNUNET_APPLICATION_PORT_IPV4_GATEWAY,
3859 strlen (GNUNET_APPLICATION_PORT_IPV4_GATEWAY),
3861 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3862 "Opening CADET port %s for IPv4 gateway service\n",
3863 GNUNET_h2s (&port));
3864 cadet_port4 = GNUNET_CADET_open_port (cadet_handle,
3873 GNUNET_CONFIGURATION_get_value_string (cfg,
3875 "EXIT_RANGE_IPV4_POLICY",
3879 regex = GNUNET_TUN_ipv4policy2regex (policy);
3880 GNUNET_free_non_null (policy);
3883 (void) GNUNET_asprintf (&prefixed_regex,
3885 GNUNET_APPLICATION_TYPE_EXIT_REGEX_PREFIX,
3887 regex4 = GNUNET_REGEX_announce (cfg,
3889 REGEX_REFRESH_FREQUENCY,
3890 REGEX_MAX_PATH_LEN_IPV4);
3891 GNUNET_free (regex);
3892 GNUNET_free (prefixed_regex);
3896 if ( (GNUNET_YES == ipv6_enabled) && (GNUNET_YES == ipv6_exit) )
3898 GNUNET_CRYPTO_hash (GNUNET_APPLICATION_PORT_IPV6_GATEWAY,
3899 strlen (GNUNET_APPLICATION_PORT_IPV6_GATEWAY),
3901 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3902 "Opening CADET port %s for IPv6 gateway service\n",
3903 GNUNET_h2s (&port));
3904 cadet_port6 = GNUNET_CADET_open_port (cadet_handle,
3913 GNUNET_CONFIGURATION_get_value_string (cfg,
3915 "EXIT_RANGE_IPV6_POLICY",
3919 regex = GNUNET_TUN_ipv6policy2regex (policy);
3920 GNUNET_free_non_null (policy);
3923 (void) GNUNET_asprintf (&prefixed_regex,
3925 GNUNET_APPLICATION_TYPE_EXIT_REGEX_PREFIX,
3927 regex6 = GNUNET_REGEX_announce (cfg,
3929 REGEX_REFRESH_FREQUENCY,
3930 REGEX_MAX_PATH_LEN_IPV6);
3931 GNUNET_free (regex);
3932 GNUNET_free (prefixed_regex);
3935 helper_handle = GNUNET_HELPER_start (GNUNET_NO,
3936 "gnunet-helper-exit",
3947 * @param argc number of arguments from the command line
3948 * @param argv command line arguments
3949 * @return 0 ok, 1 on error
3955 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
3956 GNUNET_GETOPT_OPTION_END
3960 GNUNET_STRINGS_get_utf8_args (argc,
3966 return (GNUNET_OK ==
3967 GNUNET_PROGRAM_run (argc,
3969 "gnunet-daemon-exit",
3970 gettext_noop ("Daemon to run to provide an IP exit node for the VPN"),
3973 NULL)) ? global_ret : 1;
3977 /* end of gnunet-daemon-exit.c */
projects / oweals / gnunet.git / blob