2 This file is part of GNUnet.
3 (C) 2010, 2012 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file exit/gnunet-daemon-exit.c
23 * @brief tool to allow IP traffic exit from the GNUnet mesh to the Internet
24 * @author Philipp Toelke
25 * @author Christian Grothoff
31 * - which code should advertise services? the service model is right
32 * now a bit odd, especially as this code DOES the exit and knows
33 * the DNS "name", but OTOH this is clearly NOT the place to advertise
34 * the service's existence; maybe the daemon should turn into a
35 * service with an API to add local-exit services dynamically?
38 #include "gnunet_util_lib.h"
39 #include "gnunet_protocols.h"
40 #include "gnunet_applications.h"
41 #include "gnunet_mesh_service.h"
42 #include "gnunet_statistics_service.h"
43 #include "gnunet_constants.h"
44 #include "gnunet_tun_lib.h"
48 * Information about an address.
53 * AF_INET or AF_INET6.
58 * Remote address information.
63 * Address, if af is AF_INET.
68 * Address, if af is AF_INET6.
74 * IPPROTO_TCP or IPPROTO_UDP;
79 * Remote port, in host byte order!
86 * This struct is saved into the services-hashmap to represent
87 * a service this peer is specifically offering an exit for
88 * (for a specific domain name).
94 * Remote address to use for the service.
96 struct SocketAddress address;
99 * DNS name of the service.
104 * Port I am listening on within GNUnet for this service, in host
105 * byte order. (as we may redirect ports).
112 * Information we use to track a connection (the classical 6-tuple of
113 * IP-version, protocol, source-IP, destination-IP, source-port and
116 struct RedirectInformation
120 * Address information for the other party (equivalent of the
121 * arguments one would give to "connect").
123 struct SocketAddress remote_address;
126 * Address information we used locally (AF and proto must match
127 * "remote_address"). Equivalent of the arguments one would give to
130 struct SocketAddress local_address;
133 Note 1: additional information might be added here in the
134 future to support protocols that require special handling,
137 Note 2: we might also sometimes not match on all components
138 of the tuple, to support protocols where things do not always
145 * Queue of messages to a tunnel.
147 struct TunnelMessageQueue
150 * This is a doubly-linked list.
152 struct TunnelMessageQueue *next;
155 * This is a doubly-linked list.
157 struct TunnelMessageQueue *prev;
160 * Payload to send via the tunnel.
165 * Number of bytes in 'payload'.
172 * This struct is saved into connections_map to allow finding the
173 * right tunnel given an IP packet from TUN. It is also associated
174 * with the tunnel's closure so we can find it again for the next
175 * message from the tunnel.
180 * Mesh tunnel that is used for this connection.
182 struct GNUNET_MESH_Tunnel *tunnel;
185 * Heap node for this state in the connections_heap.
187 struct GNUNET_CONTAINER_HeapNode *heap_node;
190 * Key this state has in the connections_map.
192 GNUNET_HashCode state_key;
195 * Associated service record, or NULL for no service.
197 struct LocalService *serv;
200 * Head of DLL of messages for this tunnel.
202 struct TunnelMessageQueue *head;
205 * Tail of DLL of messages for this tunnel.
207 struct TunnelMessageQueue *tail;
210 * Active tunnel transmission request (or NULL).
212 struct GNUNET_MESH_TransmitHandle *th;
215 * Primary redirection information for this connection.
217 struct RedirectInformation ri;
223 * The handle to the configuration used throughout the process
225 static const struct GNUNET_CONFIGURATION_Handle *cfg;
228 * The handle to the helper
230 static struct GNUNET_HELPER_Handle *helper_handle;
233 * Arguments to the exit helper.
235 static char *exit_argv[8];
238 * IPv6 address of our TUN interface.
240 static struct in6_addr exit_ipv6addr;
243 * IPv6 prefix (0..127) from configuration file.
245 static unsigned long long ipv6prefix;
248 * IPv4 address of our TUN interface.
250 static struct in_addr exit_ipv4addr;
253 * IPv4 netmask of our TUN interface.
255 static struct in_addr exit_ipv4mask;
261 static struct GNUNET_STATISTICS_Handle *stats;
266 static struct GNUNET_MESH_Handle *mesh_handle;
269 * This hashmaps contains the mapping from peer, service-descriptor,
270 * source-port and destination-port to a struct TunnelState
272 static struct GNUNET_CONTAINER_MultiHashMap *connections_map;
275 * Heap so we can quickly find "old" connections.
277 static struct GNUNET_CONTAINER_Heap *connections_heap;
280 * If there are at least this many connections, old ones will be removed
282 static long long unsigned int max_connections;
285 * This hashmaps saves interesting things about the configured UDP services
287 static struct GNUNET_CONTAINER_MultiHashMap *udp_services;
290 * This hashmaps saves interesting things about the configured TCP services
292 static struct GNUNET_CONTAINER_MultiHashMap *tcp_services;
295 * Are we an IPv4-exit?
297 static int ipv4_exit;
300 * Are we an IPv6-exit?
302 static int ipv6_exit;
305 * Do we support IPv4 at all on the TUN interface?
307 static int ipv4_enabled;
310 * Do we support IPv6 at all on the TUN interface?
312 static int ipv6_enabled;
316 * Given IP information about a connection, calculate the respective
317 * hash we would use for the 'connections_map'.
319 * @param hash resulting hash
320 * @param ri information about the connection
323 hash_redirect_info (GNUNET_HashCode *hash,
324 const struct RedirectInformation *ri)
328 memset (hash, 0, sizeof (GNUNET_HashCode));
329 /* the GNUnet hashmap only uses the first sizeof(unsigned int) of the hash,
330 so we put the IP address in there (and hope for few collisions) */
332 switch (ri->remote_address.af)
335 memcpy (off, &ri->remote_address.address.ipv4, sizeof (struct in_addr));
336 off += sizeof (struct in_addr);
339 memcpy (off, &ri->remote_address.address.ipv6, sizeof (struct in6_addr));
340 off += sizeof (struct in_addr);
345 memcpy (off, &ri->remote_address.port, sizeof (uint16_t));
346 off += sizeof (uint16_t);
347 switch (ri->local_address.af)
350 memcpy (off, &ri->local_address.address.ipv4, sizeof (struct in_addr));
351 off += sizeof (struct in_addr);
354 memcpy (off, &ri->local_address.address.ipv6, sizeof (struct in6_addr));
355 off += sizeof (struct in_addr);
360 memcpy (off, &ri->local_address.port, sizeof (uint16_t));
361 off += sizeof (uint16_t);
362 memcpy (off, &ri->remote_address.proto, sizeof (uint8_t));
363 off += sizeof (uint8_t);
368 * Get our connection tracking state. Warns if it does not exists,
369 * refreshes the timestamp if it does exist.
371 * @param af address family
372 * @param protocol IPPROTO_UDP or IPPROTO_TCP
373 * @param destination_ip target IP
374 * @param destination_port target port
375 * @param local_ip local IP
376 * @param local_port local port
377 * @param state_key set to hash's state if non-NULL
378 * @return NULL if we have no tracking information for this tuple
380 static struct TunnelState *
381 get_redirect_state (int af,
383 const void *destination_ip,
384 uint16_t destination_port,
385 const void *local_ip,
387 GNUNET_HashCode *state_key)
389 struct RedirectInformation ri;
391 struct TunnelState *state;
393 if (protocol == IPPROTO_ICMP)
396 destination_port = 0;
399 ri.remote_address.af = af;
401 ri.remote_address.address.ipv4 = *((struct in_addr*) destination_ip);
403 ri.remote_address.address.ipv6 = * ((struct in6_addr*) destination_ip);
404 ri.remote_address.port = destination_port;
405 ri.remote_address.proto = protocol;
406 ri.local_address.af = af;
408 ri.local_address.address.ipv4 = *((struct in_addr*) local_ip);
410 ri.local_address.address.ipv6 = * ((struct in6_addr*) local_ip);
411 ri.local_address.port = local_port;
412 ri.local_address.proto = protocol;
413 hash_redirect_info (&key, &ri);
414 if (NULL != state_key)
416 state = GNUNET_CONTAINER_multihashmap_get (connections_map, &key);
419 /* Mark this connection as freshly used */
420 if (NULL == state_key)
421 GNUNET_CONTAINER_heap_update_cost (connections_heap,
423 GNUNET_TIME_absolute_get ().abs_value);
429 * Given a service descriptor and a destination port, find the
430 * respective service entry.
432 * @param service_map map of services (TCP or UDP)
433 * @param desc service descriptor
434 * @param dpt destination port
435 * @return NULL if we are not aware of such a service
437 static struct LocalService *
438 find_service (struct GNUNET_CONTAINER_MultiHashMap *service_map,
439 const GNUNET_HashCode *desc,
442 char key[sizeof (GNUNET_HashCode) + sizeof (uint16_t)];
444 memcpy (&key[0], &dpt, sizeof (uint16_t));
445 memcpy (&key[sizeof(uint16_t)], desc, sizeof (GNUNET_HashCode));
446 return GNUNET_CONTAINER_multihashmap_get (service_map,
447 (GNUNET_HashCode *) key);
452 * Free memory associated with a service record.
455 * @param key service descriptor
456 * @param value service record to free
460 free_service_record (void *cls,
461 const GNUNET_HashCode *key,
464 struct LocalService *service = value;
466 GNUNET_free_non_null (service->name);
467 GNUNET_free (service);
473 * Given a service descriptor and a destination port, find the
474 * respective service entry.
476 * @param service_map map of services (TCP or UDP)
477 * @param name name of the service
478 * @param dpt destination port
479 * @param service service information record to store (service->name will be set).
482 store_service (struct GNUNET_CONTAINER_MultiHashMap *service_map,
485 struct LocalService *service)
487 char key[sizeof (GNUNET_HashCode) + sizeof (uint16_t)];
488 GNUNET_HashCode desc;
490 GNUNET_CRYPTO_hash (name, strlen (name) + 1, &desc);
491 service->name = GNUNET_strdup (name);
492 memcpy (&key[0], &dpt, sizeof (uint16_t));
493 memcpy (&key[sizeof(uint16_t)], &desc, sizeof (GNUNET_HashCode));
495 GNUNET_CONTAINER_multihashmap_put (service_map,
496 (GNUNET_HashCode *) key,
498 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
500 free_service_record (NULL, (GNUNET_HashCode *) key, service);
501 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
502 _("Got duplicate service records for `%s:%u'\n"),
510 * MESH is ready to receive a message for the tunnel. Transmit it.
512 * @param cls the 'struct TunnelState'.
513 * @param size number of bytes available in buf
514 * @param buf where to copy the message
515 * @return number of bytes copied to buf
518 send_to_peer_notify_callback (void *cls, size_t size, void *buf)
520 struct TunnelState *s = cls;
521 struct GNUNET_MESH_Tunnel *tunnel = s->tunnel;
522 struct TunnelMessageQueue *tnq;
530 s->th = GNUNET_MESH_notify_transmit_ready (tunnel,
531 GNUNET_NO /* corking */,
533 GNUNET_TIME_UNIT_FOREVER_REL,
536 &send_to_peer_notify_callback,
540 GNUNET_assert (size >= tnq->len);
541 memcpy (buf, tnq->payload, tnq->len);
543 GNUNET_CONTAINER_DLL_remove (s->head,
547 if (NULL != (tnq = s->head))
548 s->th = GNUNET_MESH_notify_transmit_ready (tunnel,
549 GNUNET_NO /* corking */,
551 GNUNET_TIME_UNIT_FOREVER_REL,
554 &send_to_peer_notify_callback,
556 GNUNET_STATISTICS_update (stats,
557 gettext_noop ("# Bytes transmitted via mesh tunnels"),
564 * Send the given packet via the mesh tunnel.
566 * @param mesh_tunnel destination
567 * @param tnq message to queue
570 send_packet_to_mesh_tunnel (struct GNUNET_MESH_Tunnel *mesh_tunnel,
571 struct TunnelMessageQueue *tnq)
573 struct TunnelState *s;
575 s = GNUNET_MESH_tunnel_get_data (mesh_tunnel);
576 GNUNET_assert (NULL != s);
577 GNUNET_CONTAINER_DLL_insert_tail (s->head, s->tail, tnq);
579 s->th = GNUNET_MESH_notify_transmit_ready (mesh_tunnel, GNUNET_NO /* cork */, 0 /* priority */,
580 GNUNET_TIME_UNIT_FOREVER_REL,
582 &send_to_peer_notify_callback,
588 * @brief Handles an ICMP packet received from the helper.
590 * @param icmp A pointer to the Packet
591 * @param pktlen number of bytes in 'icmp'
592 * @param af address family (AFINET or AF_INET6)
593 * @param destination_ip destination IP-address of the IP packet (should
594 * be our local address)
595 * @param source_ip original source IP-address of the IP packet (should
596 * be the original destination address)
599 icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp,
602 const void *destination_ip,
603 const void *source_ip)
605 struct TunnelState *state;
606 struct TunnelMessageQueue *tnq;
607 struct GNUNET_EXIT_IcmpToVPNMessage *i2v;
608 const struct GNUNET_TUN_IPv4Header *ipv4;
609 const struct GNUNET_TUN_IPv6Header *ipv6;
610 const struct GNUNET_TUN_UdpHeader *udp;
617 char sbuf[INET6_ADDRSTRLEN];
618 char dbuf[INET6_ADDRSTRLEN];
619 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
620 "Received ICMP packet going from %s to %s\n",
623 sbuf, sizeof (sbuf)),
626 dbuf, sizeof (dbuf)));
628 if (pktlen < sizeof (struct GNUNET_TUN_IcmpHeader))
635 /* Find out if this is an ICMP packet in response to an existing
636 TCP/UDP packet and if so, figure out ports / protocol of the
637 existing session from the IP data in the ICMP payload */
640 protocol = IPPROTO_ICMP;
646 case GNUNET_TUN_ICMPTYPE_ECHO_REPLY:
647 case GNUNET_TUN_ICMPTYPE_ECHO_REQUEST:
649 case GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE:
650 case GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH:
651 case GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED:
653 sizeof (struct GNUNET_TUN_IcmpHeader) +
654 sizeof (struct GNUNET_TUN_IPv4Header) + 8)
660 ipv4 = (const struct GNUNET_TUN_IPv4Header *) &icmp[1];
661 protocol = ipv4->protocol;
662 /* could be TCP or UDP, but both have the ports in the right
663 place, so that doesn't matter here */
664 udp = (const struct GNUNET_TUN_UdpHeader *) &ipv4[1];
665 spt = ntohs (udp->spt);
666 dpt = ntohs (udp->dpt);
667 /* throw away ICMP payload, won't be useful for the other side anyway */
668 pktlen = sizeof (struct GNUNET_TUN_IcmpHeader);
671 GNUNET_STATISTICS_update (stats,
672 gettext_noop ("# ICMPv4 packets dropped (type not allowed)"),
680 case GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE:
681 case GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG:
682 case GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED:
683 case GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM:
685 sizeof (struct GNUNET_TUN_IcmpHeader) +
686 sizeof (struct GNUNET_TUN_IPv6Header) + 8)
692 ipv6 = (const struct GNUNET_TUN_IPv6Header *) &icmp[1];
693 protocol = ipv6->next_header;
694 /* could be TCP or UDP, but both have the ports in the right
695 place, so that doesn't matter here */
696 udp = (const struct GNUNET_TUN_UdpHeader *) &ipv6[1];
697 spt = ntohs (udp->spt);
698 dpt = ntohs (udp->dpt);
699 /* throw away ICMP payload, won't be useful for the other side anyway */
700 pktlen = sizeof (struct GNUNET_TUN_IcmpHeader);
702 case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST:
703 case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY:
706 GNUNET_STATISTICS_update (stats,
707 gettext_noop ("# ICMPv6 packets dropped (type not allowed)"),
718 state = get_redirect_state (af, IPPROTO_ICMP,
724 state = get_redirect_state (af, IPPROTO_UDP,
732 state = get_redirect_state (af, IPPROTO_TCP,
740 GNUNET_STATISTICS_update (stats,
741 gettext_noop ("# ICMP packets dropped (not allowed)"),
747 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
748 _("ICMP Packet dropped, have no matching connection information\n"));
751 mlen = sizeof (struct GNUNET_EXIT_IcmpToVPNMessage) + pktlen - sizeof (struct GNUNET_TUN_IcmpHeader);
752 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueue) + mlen);
753 tnq->payload = &tnq[1];
755 i2v = (struct GNUNET_EXIT_IcmpToVPNMessage *) &tnq[1];
756 i2v->header.size = htons ((uint16_t) mlen);
757 i2v->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_VPN);
758 i2v->af = htonl (af);
759 memcpy (&i2v->icmp_header,
762 send_packet_to_mesh_tunnel (state->tunnel,
768 * @brief Handles an UDP packet received from the helper.
770 * @param udp A pointer to the Packet
771 * @param pktlen number of bytes in 'udp'
772 * @param af address family (AFINET or AF_INET6)
773 * @param destination_ip destination IP-address of the IP packet (should
774 * be our local address)
775 * @param source_ip original source IP-address of the IP packet (should
776 * be the original destination address)
779 udp_from_helper (const struct GNUNET_TUN_UdpHeader *udp,
782 const void *destination_ip,
783 const void *source_ip)
785 struct TunnelState *state;
786 struct TunnelMessageQueue *tnq;
787 struct GNUNET_EXIT_UdpReplyMessage *urm;
791 char sbuf[INET6_ADDRSTRLEN];
792 char dbuf[INET6_ADDRSTRLEN];
793 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
794 "Received UDP packet going from %s:%u to %s:%u\n",
797 sbuf, sizeof (sbuf)),
798 (unsigned int) ntohs (udp->spt),
801 dbuf, sizeof (dbuf)),
802 (unsigned int) ntohs (udp->dpt));
804 if (pktlen < sizeof (struct GNUNET_TUN_UdpHeader))
810 if (pktlen != ntohs (udp->len))
816 state = get_redirect_state (af, IPPROTO_UDP,
824 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
825 _("UDP Packet dropped, have no matching connection information\n"));
828 mlen = sizeof (struct GNUNET_EXIT_UdpReplyMessage) + pktlen - sizeof (struct GNUNET_TUN_UdpHeader);
829 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueue) + mlen);
830 tnq->payload = &tnq[1];
832 urm = (struct GNUNET_EXIT_UdpReplyMessage *) &tnq[1];
833 urm->header.size = htons ((uint16_t) mlen);
834 urm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_UDP_REPLY);
835 urm->source_port = htons (0);
836 urm->destination_port = htons (0);
839 pktlen - sizeof (struct GNUNET_TUN_UdpHeader));
840 send_packet_to_mesh_tunnel (state->tunnel,
846 * @brief Handles a TCP packet received from the helper.
848 * @param tcp A pointer to the Packet
849 * @param pktlen the length of the packet, including its TCP header
850 * @param af address family (AFINET or AF_INET6)
851 * @param destination_ip destination IP-address of the IP packet (should
852 * be our local address)
853 * @param source_ip original source IP-address of the IP packet (should
854 * be the original destination address)
857 tcp_from_helper (const struct GNUNET_TUN_TcpHeader *tcp,
860 const void *destination_ip,
861 const void *source_ip)
863 struct TunnelState *state;
865 struct GNUNET_TUN_TcpHeader *mtcp;
866 struct GNUNET_EXIT_TcpDataMessage *tdm;
867 struct TunnelMessageQueue *tnq;
871 char sbuf[INET6_ADDRSTRLEN];
872 char dbuf[INET6_ADDRSTRLEN];
873 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
874 "Received TCP packet with %u bytes going from %s:%u to %s:%u\n",
875 pktlen - sizeof (struct GNUNET_TUN_TcpHeader),
878 sbuf, sizeof (sbuf)),
879 (unsigned int) ntohs (tcp->spt),
882 dbuf, sizeof (dbuf)),
883 (unsigned int) ntohs (tcp->dpt));
885 if (pktlen < sizeof (struct GNUNET_TUN_TcpHeader))
891 state = get_redirect_state (af, IPPROTO_TCP,
899 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
900 _("TCP Packet dropped, have no matching connection information\n"));
904 /* mug port numbers and crc to avoid information leakage;
905 sender will need to lookup the correct values anyway */
906 memcpy (buf, tcp, pktlen);
907 mtcp = (struct GNUNET_TUN_TcpHeader *) buf;
912 mlen = sizeof (struct GNUNET_EXIT_TcpDataMessage) + (pktlen - sizeof (struct GNUNET_TUN_TcpHeader));
913 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
919 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueue) + mlen);
920 tnq->payload = &tnq[1];
922 tdm = (struct GNUNET_EXIT_TcpDataMessage *) &tnq[1];
923 tdm->header.size = htons ((uint16_t) mlen);
924 tdm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_VPN);
925 tdm->reserved = htonl (0);
926 memcpy (&tdm->tcp_header,
929 send_packet_to_mesh_tunnel (state->tunnel,
935 * Receive packets from the helper-process
938 * @param client unsued
939 * @param message message received from helper
942 message_token (void *cls GNUNET_UNUSED, void *client GNUNET_UNUSED,
943 const struct GNUNET_MessageHeader *message)
945 const struct GNUNET_TUN_Layer2PacketHeader *pkt_tun;
948 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
949 "Got %u-byte message of type %u from gnunet-helper-exit\n",
950 ntohs (message->size),
951 ntohs (message->type));
952 GNUNET_STATISTICS_update (stats,
953 gettext_noop ("# Packets received from TUN"),
955 if (ntohs (message->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER)
960 size = ntohs (message->size);
961 if (size < sizeof (struct GNUNET_TUN_Layer2PacketHeader) + sizeof (struct GNUNET_MessageHeader))
966 GNUNET_STATISTICS_update (stats,
967 gettext_noop ("# Bytes received from TUN"),
969 pkt_tun = (const struct GNUNET_TUN_Layer2PacketHeader *) &message[1];
970 size -= sizeof (struct GNUNET_TUN_Layer2PacketHeader) + sizeof (struct GNUNET_MessageHeader);
971 switch (ntohs (pkt_tun->proto))
975 const struct GNUNET_TUN_IPv4Header *pkt4;
977 if (size < sizeof (struct GNUNET_TUN_IPv4Header))
979 /* Kernel to blame? */
983 pkt4 = (const struct GNUNET_TUN_IPv4Header *) &pkt_tun[1];
984 if (size != ntohs (pkt4->total_length))
986 /* Kernel to blame? */
990 if (pkt4->header_length * 4 != sizeof (struct GNUNET_TUN_IPv4Header))
992 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
993 _("IPv4 packet options received. Ignored.\n"));
997 size -= sizeof (struct GNUNET_TUN_IPv4Header);
998 switch (pkt4->protocol)
1001 udp_from_helper ((const struct GNUNET_TUN_UdpHeader *) &pkt4[1], size,
1003 &pkt4->destination_address,
1004 &pkt4->source_address);
1007 tcp_from_helper ((const struct GNUNET_TUN_TcpHeader *) &pkt4[1], size,
1009 &pkt4->destination_address,
1010 &pkt4->source_address);
1013 icmp_from_helper ((const struct GNUNET_TUN_IcmpHeader *) &pkt4[1], size,
1015 &pkt4->destination_address,
1016 &pkt4->source_address);
1019 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1020 _("IPv4 packet with unsupported next header received. Ignored.\n"));
1027 const struct GNUNET_TUN_IPv6Header *pkt6;
1029 if (size < sizeof (struct GNUNET_TUN_IPv6Header))
1031 /* Kernel to blame? */
1035 pkt6 = (struct GNUNET_TUN_IPv6Header *) &pkt_tun[1];
1036 if (size != ntohs (pkt6->payload_length))
1038 /* Kernel to blame? */
1042 size -= sizeof (struct GNUNET_TUN_IPv6Header);
1043 switch (pkt6->next_header)
1046 udp_from_helper ((const struct GNUNET_TUN_UdpHeader *) &pkt6[1], size,
1048 &pkt6->destination_address,
1049 &pkt6->source_address);
1052 tcp_from_helper ((const struct GNUNET_TUN_TcpHeader *) &pkt6[1], size,
1054 &pkt6->destination_address,
1055 &pkt6->source_address);
1058 icmp_from_helper ((const struct GNUNET_TUN_IcmpHeader *) &pkt6[1], size,
1060 &pkt6->destination_address,
1061 &pkt6->source_address);
1064 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1065 _("IPv6 packet with unsupported next header received. Ignored.\n"));
1071 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1072 _("Packet from unknown protocol %u received. Ignored.\n"),
1073 ntohs (pkt_tun->proto));
1080 * We need to create a (unique) fresh local address (IP+port).
1083 * @param af desired address family
1084 * @param proto desired protocol (IPPROTO_UDP or IPPROTO_TCP)
1085 * @param local_address address to initialize
1088 setup_fresh_address (int af,
1090 struct SocketAddress *local_address)
1092 local_address->af = af;
1093 local_address->proto = (uint8_t) proto;
1094 /* default "local" port range is often 32768--61000,
1095 so we pick a random value in that range */
1096 if (proto == IPPROTO_ICMP)
1097 local_address->port = 0;
1100 = (uint16_t) 32768 + GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1106 struct in_addr addr;
1107 struct in_addr mask;
1110 addr = exit_ipv4addr;
1111 mask = exit_ipv4mask;
1112 if (0 == ~mask.s_addr)
1114 /* only one valid IP anyway */
1115 local_address->address.ipv4 = addr;
1118 /* Given 192.168.0.1/255.255.0.0, we want a mask
1119 of '192.168.255.255', thus: */
1120 mask.s_addr = addr.s_addr | ~mask.s_addr;
1121 /* Pick random IPv4 address within the subnet, except 'addr' or 'mask' itself */
1124 rnd.s_addr = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1126 local_address->address.ipv4.s_addr = (addr.s_addr | rnd.s_addr) & mask.s_addr;
1128 while ( (local_address->address.ipv4.s_addr == addr.s_addr) ||
1129 (local_address->address.ipv4.s_addr == mask.s_addr) );
1134 struct in6_addr addr;
1135 struct in6_addr mask;
1136 struct in6_addr rnd;
1139 addr = exit_ipv6addr;
1140 GNUNET_assert (ipv6prefix < 128);
1141 if (ipv6prefix == 127)
1143 /* only one valid IP anyway */
1144 local_address->address.ipv6 = addr;
1147 /* Given ABCD::/96, we want a mask of 'ABCD::FFFF:FFFF,
1150 for (i=127;i>=128-ipv6prefix;i--)
1151 mask.s6_addr[i / 8] |= (1 << (i % 8));
1153 /* Pick random IPv6 address within the subnet, except 'addr' or 'mask' itself */
1158 rnd.s6_addr[i] = (unsigned char) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1160 local_address->address.ipv6.s6_addr[i]
1161 = (addr.s6_addr[i] | rnd.s6_addr[i]) & mask.s6_addr[i];
1164 while ( (0 == memcmp (&local_address->address.ipv6,
1166 sizeof (struct in6_addr))) ||
1167 (0 == memcmp (&local_address->address.ipv6,
1169 sizeof (struct in6_addr))) );
1179 * We are starting a fresh connection (TCP or UDP) and need
1180 * to pick a source port and IP address (within the correct
1181 * range and address family) to associate replies with the
1182 * connection / correct mesh tunnel. This function generates
1183 * a "fresh" source IP and source port number for a connection
1184 * After picking a good source address, this function sets up
1185 * the state in the 'connections_map' and 'connections_heap'
1186 * to allow finding the state when needed later. The function
1187 * also makes sure that we remain within memory limits by
1188 * cleaning up 'old' states.
1190 * @param state skeleton state to setup a record for; should
1191 * 'state->ri.remote_address' filled in so that
1192 * this code can determine which AF/protocol is
1193 * going to be used (the 'tunnel' should also
1194 * already be set); after calling this function,
1195 * heap_node and the local_address will be
1196 * also initialized (heap_node != NULL can be
1197 * used to test if a state has been fully setup).
1200 setup_state_record (struct TunnelState *state)
1202 GNUNET_HashCode key;
1203 struct TunnelState *s;
1205 /* generate fresh, unique address */
1208 if (NULL == state->serv)
1209 setup_fresh_address (state->ri.remote_address.af,
1210 state->ri.remote_address.proto,
1211 &state->ri.local_address);
1213 setup_fresh_address (state->serv->address.af,
1214 state->serv->address.proto,
1215 &state->ri.local_address);
1216 } while (NULL != get_redirect_state (state->ri.remote_address.af,
1217 state->ri.remote_address.proto,
1218 &state->ri.remote_address.address,
1219 state->ri.remote_address.port,
1220 &state->ri.local_address.address,
1221 state->ri.local_address.port,
1224 char buf[INET6_ADDRSTRLEN];
1225 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1226 "Picked local address %s:%u for new connection\n",
1227 inet_ntop (state->ri.local_address.af,
1228 &state->ri.local_address.address,
1230 (unsigned int) state->ri.local_address.port);
1232 state->state_key = key;
1233 GNUNET_assert (GNUNET_OK ==
1234 GNUNET_CONTAINER_multihashmap_put (connections_map,
1236 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
1237 state->heap_node = GNUNET_CONTAINER_heap_insert (connections_heap,
1239 GNUNET_TIME_absolute_get ().abs_value);
1240 while (GNUNET_CONTAINER_heap_get_size (connections_heap) > max_connections)
1242 s = GNUNET_CONTAINER_heap_remove_root (connections_heap);
1243 GNUNET_assert (state != s);
1244 s->heap_node = NULL;
1245 GNUNET_MESH_tunnel_destroy (s->tunnel);
1246 GNUNET_assert (GNUNET_OK ==
1247 GNUNET_CONTAINER_multihashmap_remove (connections_map,
1256 * Prepare an IPv4 packet for transmission via the TUN interface.
1257 * Initializes the IP header and calculates checksums (IP+UDP/TCP).
1258 * For UDP, the UDP header will be fully created, whereas for TCP
1259 * only the ports and checksum will be filled in. So for TCP,
1260 * a skeleton TCP header must be part of the provided payload.
1262 * @param payload payload of the packet (starting with UDP payload or
1263 * TCP header, depending on protocol)
1264 * @param payload_length number of bytes in 'payload'
1265 * @param protocol IPPROTO_UDP or IPPROTO_TCP
1266 * @param src_address source address to use (IP and port)
1267 * @param dst_address destination address to use (IP and port)
1268 * @param pkt6 where to write the assembled packet; must
1269 * contain enough space for the IP header, UDP/TCP header
1273 prepare_ipv4_packet (const void *payload, size_t payload_length,
1275 const struct GNUNET_TUN_TcpHeader *tcp_header,
1276 const struct SocketAddress *src_address,
1277 const struct SocketAddress *dst_address,
1278 struct GNUNET_TUN_IPv4Header *pkt4)
1282 len = payload_length;
1286 len += sizeof (struct GNUNET_TUN_UdpHeader);
1289 len += sizeof (struct GNUNET_TUN_TcpHeader);
1290 GNUNET_assert (NULL != tcp_header);
1296 if (len + sizeof (struct GNUNET_TUN_IPv4Header) > UINT16_MAX)
1302 GNUNET_TUN_initialize_ipv4_header (pkt4,
1305 &src_address->address.ipv4,
1306 &dst_address->address.ipv4);
1311 struct GNUNET_TUN_UdpHeader *pkt4_udp = (struct GNUNET_TUN_UdpHeader *) &pkt4[1];
1313 pkt4_udp->spt = htons (src_address->port);
1314 pkt4_udp->dpt = htons (dst_address->port);
1315 pkt4_udp->len = htons ((uint16_t) payload_length);
1316 GNUNET_TUN_calculate_udp4_checksum (pkt4,
1318 payload, payload_length);
1319 memcpy (&pkt4_udp[1], payload, payload_length);
1324 struct GNUNET_TUN_TcpHeader *pkt4_tcp = (struct GNUNET_TUN_TcpHeader *) &pkt4[1];
1326 memcpy (pkt4_tcp, tcp_header, sizeof (struct GNUNET_TUN_TcpHeader));
1327 pkt4_tcp->spt = htons (src_address->port);
1328 pkt4_tcp->dpt = htons (dst_address->port);
1329 GNUNET_TUN_calculate_tcp4_checksum (pkt4,
1333 memcpy (&pkt4_tcp[1], payload, payload_length);
1343 * Prepare an IPv6 packet for transmission via the TUN interface.
1344 * Initializes the IP header and calculates checksums (IP+UDP/TCP).
1345 * For UDP, the UDP header will be fully created, whereas for TCP
1346 * only the ports and checksum will be filled in. So for TCP,
1347 * a skeleton TCP header must be part of the provided payload.
1349 * @param payload payload of the packet (starting with UDP payload or
1350 * TCP header, depending on protocol)
1351 * @param payload_length number of bytes in 'payload'
1352 * @param protocol IPPROTO_UDP or IPPROTO_TCP
1353 * @param src_address source address to use (IP and port)
1354 * @param dst_address destination address to use (IP and port)
1355 * @param pkt6 where to write the assembled packet; must
1356 * contain enough space for the IP header, UDP/TCP header
1360 prepare_ipv6_packet (const void *payload, size_t payload_length,
1362 const struct GNUNET_TUN_TcpHeader *tcp_header,
1363 const struct SocketAddress *src_address,
1364 const struct SocketAddress *dst_address,
1365 struct GNUNET_TUN_IPv6Header *pkt6)
1369 len = payload_length;
1373 len += sizeof (struct GNUNET_TUN_UdpHeader);
1376 /* tcp_header (with port/crc not set) must be part of payload! */
1377 if (len < sizeof (struct GNUNET_TUN_TcpHeader))
1387 if (len > UINT16_MAX)
1393 GNUNET_TUN_initialize_ipv6_header (pkt6,
1396 &dst_address->address.ipv6,
1397 &src_address->address.ipv6);
1403 struct GNUNET_TUN_UdpHeader *pkt6_udp = (struct GNUNET_TUN_UdpHeader *) &pkt6[1];
1405 pkt6_udp->spt = htons (src_address->port);
1406 pkt6_udp->dpt = htons (dst_address->port);
1407 pkt6_udp->len = htons ((uint16_t) payload_length);
1409 GNUNET_TUN_calculate_udp6_checksum (pkt6,
1413 memcpy (&pkt6[1], payload, payload_length);
1418 struct GNUNET_TUN_TcpHeader *pkt6_tcp = (struct GNUNET_TUN_TcpHeader *) pkt6;
1420 /* memcpy first here as some TCP header fields are initialized this way! */
1421 memcpy (pkt6_tcp, payload, payload_length);
1422 pkt6_tcp->spt = htons (src_address->port);
1423 pkt6_tcp->dpt = htons (dst_address->port);
1424 GNUNET_TUN_calculate_tcp6_checksum (pkt6,
1438 * Send a TCP packet via the TUN interface.
1440 * @param destination_address IP and port to use for the TCP packet's destination
1441 * @param source_address IP and port to use for the TCP packet's source
1442 * @param tcp header template to use
1443 * @param payload payload of the TCP packet
1444 * @param payload_length number of bytes in 'payload'
1447 send_tcp_packet_via_tun (const struct SocketAddress *destination_address,
1448 const struct SocketAddress *source_address,
1449 const struct GNUNET_TUN_TcpHeader *tcp_header,
1450 const void *payload, size_t payload_length)
1454 GNUNET_STATISTICS_update (stats,
1455 gettext_noop ("# TCP packets sent via TUN"),
1457 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1458 "Sending packet with %u bytes TCP payload via TUN\n",
1459 (unsigned int) payload_length);
1460 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
1461 switch (source_address->af)
1464 len += sizeof (struct GNUNET_TUN_IPv4Header);
1467 len += sizeof (struct GNUNET_TUN_IPv6Header);
1473 len += sizeof (struct GNUNET_TUN_TcpHeader);
1474 len += payload_length;
1475 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1482 struct GNUNET_MessageHeader *hdr;
1483 struct GNUNET_TUN_Layer2PacketHeader *tun;
1485 hdr = (struct GNUNET_MessageHeader *) buf;
1486 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1487 hdr->size = htons (len);
1488 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
1489 tun->flags = htons (0);
1490 switch (source_address->af)
1494 struct GNUNET_TUN_IPv4Header * ipv4 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
1496 tun->proto = htons (ETH_P_IPV4);
1497 prepare_ipv4_packet (payload, payload_length,
1501 destination_address,
1507 struct GNUNET_TUN_IPv6Header * ipv6 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
1509 tun->proto = htons (ETH_P_IPV6);
1510 prepare_ipv6_packet (payload, payload_length,
1514 destination_address,
1522 (void) GNUNET_HELPER_send (helper_handle,
1523 (const struct GNUNET_MessageHeader*) buf,
1531 * Process a request via mesh to send a request to a TCP service
1532 * offered by this system.
1534 * @param cls closure, NULL
1535 * @param tunnel connection to the other end
1536 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1537 * @param sender who sent the message
1538 * @param message the actual message
1539 * @param atsi performance data for the connection
1540 * @return GNUNET_OK to keep the connection open,
1541 * GNUNET_SYSERR to close it (signal serious error)
1544 receive_tcp_service (void *unused GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1545 void **tunnel_ctx GNUNET_UNUSED,
1546 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1547 const struct GNUNET_MessageHeader *message,
1548 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1550 struct TunnelState *state = *tunnel_ctx;
1551 const struct GNUNET_EXIT_TcpServiceStartMessage *start;
1552 uint16_t pkt_len = ntohs (message->size);
1554 GNUNET_STATISTICS_update (stats,
1555 gettext_noop ("# TCP service creation requests received via mesh"),
1557 GNUNET_STATISTICS_update (stats,
1558 gettext_noop ("# Bytes received from MESH"),
1559 pkt_len, GNUNET_NO);
1560 /* check that we got at least a valid header */
1561 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpServiceStartMessage))
1563 GNUNET_break_op (0);
1564 return GNUNET_SYSERR;
1566 start = (const struct GNUNET_EXIT_TcpServiceStartMessage*) message;
1567 pkt_len -= sizeof (struct GNUNET_EXIT_TcpServiceStartMessage);
1568 if ( (NULL == state) ||
1569 (NULL != state->serv) ||
1570 (NULL != state->heap_node) )
1572 GNUNET_break_op (0);
1573 return GNUNET_SYSERR;
1575 GNUNET_break_op (ntohl (start->reserved) == 0);
1576 /* setup fresh connection */
1577 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1578 "Received data from %s for forwarding to TCP service %s on port %u\n",
1579 GNUNET_i2s (sender),
1580 GNUNET_h2s (&start->service_descriptor),
1581 (unsigned int) ntohs (start->tcp_header.dpt));
1582 if (NULL == (state->serv = find_service (tcp_services, &start->service_descriptor,
1583 ntohs (start->tcp_header.dpt))))
1585 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1586 _("No service found for %s on port %d!\n"),
1588 ntohs (start->tcp_header.dpt));
1589 GNUNET_STATISTICS_update (stats,
1590 gettext_noop ("# TCP requests dropped (no such service)"),
1592 return GNUNET_SYSERR;
1594 state->ri.remote_address = state->serv->address;
1595 setup_state_record (state);
1596 send_tcp_packet_via_tun (&state->ri.remote_address,
1597 &state->ri.local_address,
1599 &start[1], pkt_len);
1605 * Process a request to forward TCP data to the Internet via this peer.
1607 * @param cls closure, NULL
1608 * @param tunnel connection to the other end
1609 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1610 * @param sender who sent the message
1611 * @param message the actual message
1612 * @param atsi performance data for the connection
1613 * @return GNUNET_OK to keep the connection open,
1614 * GNUNET_SYSERR to close it (signal serious error)
1617 receive_tcp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1618 void **tunnel_ctx GNUNET_UNUSED,
1619 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1620 const struct GNUNET_MessageHeader *message,
1621 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1623 struct TunnelState *state = *tunnel_ctx;
1624 const struct GNUNET_EXIT_TcpInternetStartMessage *start;
1625 uint16_t pkt_len = ntohs (message->size);
1626 const struct in_addr *v4;
1627 const struct in6_addr *v6;
1628 const void *payload;
1631 GNUNET_STATISTICS_update (stats,
1632 gettext_noop ("# Bytes received from MESH"),
1633 pkt_len, GNUNET_NO);
1634 GNUNET_STATISTICS_update (stats,
1635 gettext_noop ("# TCP IP-exit creation requests received via mesh"),
1637 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpInternetStartMessage))
1639 GNUNET_break_op (0);
1640 return GNUNET_SYSERR;
1642 start = (const struct GNUNET_EXIT_TcpInternetStartMessage*) message;
1643 pkt_len -= sizeof (struct GNUNET_EXIT_TcpInternetStartMessage);
1644 if ( (NULL == state) ||
1645 (NULL != state->serv) ||
1646 (NULL != state->heap_node) )
1648 GNUNET_break_op (0);
1649 return GNUNET_SYSERR;
1651 af = (int) ntohl (start->af);
1652 state->ri.remote_address.af = af;
1656 if (pkt_len < sizeof (struct in_addr))
1658 GNUNET_break_op (0);
1659 return GNUNET_SYSERR;
1663 GNUNET_break_op (0);
1664 return GNUNET_SYSERR;
1666 v4 = (const struct in_addr*) &start[1];
1668 pkt_len -= sizeof (struct in_addr);
1669 state->ri.remote_address.address.ipv4 = *v4;
1672 if (pkt_len < sizeof (struct in6_addr))
1674 GNUNET_break_op (0);
1675 return GNUNET_SYSERR;
1679 GNUNET_break_op (0);
1680 return GNUNET_SYSERR;
1682 v6 = (const struct in6_addr*) &start[1];
1684 pkt_len -= sizeof (struct in6_addr);
1685 state->ri.remote_address.address.ipv6 = *v6;
1688 GNUNET_break_op (0);
1689 return GNUNET_SYSERR;
1692 char buf[INET6_ADDRSTRLEN];
1693 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1694 "Received data from %s for starting TCP stream to %s:%u\n",
1695 GNUNET_i2s (sender),
1697 &state->ri.remote_address.address,
1699 (unsigned int) ntohs (start->tcp_header.dpt));
1702 state->ri.remote_address.proto = IPPROTO_TCP;
1703 state->ri.remote_address.port = ntohs (start->tcp_header.dpt);
1704 setup_state_record (state);
1705 send_tcp_packet_via_tun (&state->ri.remote_address,
1706 &state->ri.local_address,
1714 * Process a request to forward TCP data on an established
1715 * connection via this peer.
1717 * @param cls closure, NULL
1718 * @param tunnel connection to the other end
1719 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1720 * @param sender who sent the message
1721 * @param message the actual message
1722 * @param atsi performance data for the connection
1723 * @return GNUNET_OK to keep the connection open,
1724 * GNUNET_SYSERR to close it (signal serious error)
1727 receive_tcp_data (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1728 void **tunnel_ctx GNUNET_UNUSED,
1729 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1730 const struct GNUNET_MessageHeader *message,
1731 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1733 struct TunnelState *state = *tunnel_ctx;
1734 const struct GNUNET_EXIT_TcpDataMessage *data;
1735 uint16_t pkt_len = ntohs (message->size);
1737 GNUNET_STATISTICS_update (stats,
1738 gettext_noop ("# Bytes received from MESH"),
1739 pkt_len, GNUNET_NO);
1740 GNUNET_STATISTICS_update (stats,
1741 gettext_noop ("# TCP data requests received via mesh"),
1743 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpDataMessage))
1745 GNUNET_break_op (0);
1746 return GNUNET_SYSERR;
1748 data = (const struct GNUNET_EXIT_TcpDataMessage*) message;
1749 pkt_len -= sizeof (struct GNUNET_EXIT_TcpDataMessage);
1750 if ( (NULL == state) ||
1751 (NULL == state->heap_node) )
1753 /* connection should have been up! */
1754 GNUNET_STATISTICS_update (stats,
1755 gettext_noop ("# TCP DATA requests dropped (no session)"),
1757 return GNUNET_SYSERR;
1759 GNUNET_break_op (ntohl (data->reserved) == 0);
1761 char buf[INET6_ADDRSTRLEN];
1762 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1763 "Received additional %u bytes of data from %s for TCP stream to %s:%u\n",
1765 GNUNET_i2s (sender),
1766 inet_ntop (state->ri.remote_address.af,
1767 &state->ri.remote_address.address,
1769 (unsigned int) state->ri.remote_address.port);
1772 send_tcp_packet_via_tun (&state->ri.remote_address,
1773 &state->ri.local_address,
1781 * Send an ICMP packet via the TUN interface.
1783 * @param destination_address IP to use for the ICMP packet's destination
1784 * @param source_address IP to use for the ICMP packet's source
1785 * @param icmp_header ICMP header to send
1786 * @param payload payload of the ICMP packet (does NOT include ICMP header)
1787 * @param payload_length number of bytes of data in payload
1790 send_icmp_packet_via_tun (const struct SocketAddress *destination_address,
1791 const struct SocketAddress *source_address,
1792 const struct GNUNET_TUN_IcmpHeader *icmp_header,
1793 const void *payload, size_t payload_length)
1796 struct GNUNET_TUN_IcmpHeader *icmp;
1798 GNUNET_STATISTICS_update (stats,
1799 gettext_noop ("# ICMP packets sent via TUN"),
1801 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1802 "Sending packet with %u bytes ICMP payload via TUN\n",
1803 (unsigned int) payload_length);
1804 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
1805 switch (destination_address->af)
1808 len += sizeof (struct GNUNET_TUN_IPv4Header);
1811 len += sizeof (struct GNUNET_TUN_IPv6Header);
1817 len += sizeof (struct GNUNET_TUN_IcmpHeader);
1818 len += payload_length;
1819 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1826 struct GNUNET_MessageHeader *hdr;
1827 struct GNUNET_TUN_Layer2PacketHeader *tun;
1829 hdr= (struct GNUNET_MessageHeader *) buf;
1830 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1831 hdr->size = htons (len);
1832 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
1833 tun->flags = htons (0);
1834 switch (source_address->af)
1838 struct GNUNET_TUN_IPv4Header * ipv4 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
1840 tun->proto = htons (ETH_P_IPV4);
1841 GNUNET_TUN_initialize_ipv4_header (ipv4,
1843 sizeof (struct GNUNET_TUN_IcmpHeader) + payload_length,
1844 &source_address->address.ipv4,
1845 &destination_address->address.ipv4);
1846 icmp = (struct GNUNET_TUN_IcmpHeader*) &ipv4[1];
1851 struct GNUNET_TUN_IPv6Header * ipv6 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
1853 tun->proto = htons (ETH_P_IPV6);
1854 GNUNET_TUN_initialize_ipv6_header (ipv6,
1856 sizeof (struct GNUNET_TUN_IcmpHeader) + payload_length,
1857 &source_address->address.ipv6,
1858 &destination_address->address.ipv6);
1859 icmp = (struct GNUNET_TUN_IcmpHeader*) &ipv6[1];
1866 *icmp = *icmp_header;
1870 GNUNET_TUN_calculate_icmp_checksum (icmp,
1873 (void) GNUNET_HELPER_send (helper_handle,
1874 (const struct GNUNET_MessageHeader*) buf,
1882 * Synthesize a plausible ICMP payload for an ICMPv4 error
1883 * response on the given tunnel.
1885 * @param state tunnel information
1886 * @param ipp IPv6 header to fill in (ICMP payload)
1887 * @param udp "UDP" header to fill in (ICMP payload); might actually
1888 * also be the first 8 bytes of the TCP header
1891 make_up_icmpv4_payload (struct TunnelState *state,
1892 struct GNUNET_TUN_IPv4Header *ipp,
1893 struct GNUNET_TUN_UdpHeader *udp)
1895 GNUNET_TUN_initialize_ipv4_header (ipp,
1896 state->ri.remote_address.proto,
1897 sizeof (struct GNUNET_TUN_TcpHeader),
1898 &state->ri.remote_address.address.ipv4,
1899 &state->ri.local_address.address.ipv4);
1900 udp->spt = htons (state->ri.remote_address.port);
1901 udp->dpt = htons (state->ri.local_address.port);
1902 udp->len = htons (0);
1903 udp->crc = htons (0);
1908 * Synthesize a plausible ICMP payload for an ICMPv6 error
1909 * response on the given tunnel.
1911 * @param state tunnel information
1912 * @param ipp IPv6 header to fill in (ICMP payload)
1913 * @param udp "UDP" header to fill in (ICMP payload); might actually
1914 * also be the first 8 bytes of the TCP header
1917 make_up_icmpv6_payload (struct TunnelState *state,
1918 struct GNUNET_TUN_IPv6Header *ipp,
1919 struct GNUNET_TUN_UdpHeader *udp)
1921 GNUNET_TUN_initialize_ipv6_header (ipp,
1922 state->ri.remote_address.proto,
1923 sizeof (struct GNUNET_TUN_TcpHeader),
1924 &state->ri.remote_address.address.ipv6,
1925 &state->ri.local_address.address.ipv6);
1926 udp->spt = htons (state->ri.remote_address.port);
1927 udp->dpt = htons (state->ri.local_address.port);
1928 udp->len = htons (0);
1929 udp->crc = htons (0);
1934 * Process a request to forward ICMP data to the Internet via this peer.
1936 * @param cls closure, NULL
1937 * @param tunnel connection to the other end
1938 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1939 * @param sender who sent the message
1940 * @param message the actual message
1941 * @param atsi performance data for the connection
1942 * @return GNUNET_OK to keep the connection open,
1943 * GNUNET_SYSERR to close it (signal serious error)
1946 receive_icmp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1947 void **tunnel_ctx GNUNET_UNUSED,
1948 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1949 const struct GNUNET_MessageHeader *message,
1950 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1952 struct TunnelState *state = *tunnel_ctx;
1953 const struct GNUNET_EXIT_IcmpInternetMessage *msg;
1954 uint16_t pkt_len = ntohs (message->size);
1955 const struct in_addr *v4;
1956 const struct in6_addr *v6;
1957 const void *payload;
1958 char buf[sizeof (struct GNUNET_TUN_IPv6Header) + 8];
1961 GNUNET_STATISTICS_update (stats,
1962 gettext_noop ("# Bytes received from MESH"),
1963 pkt_len, GNUNET_NO);
1964 GNUNET_STATISTICS_update (stats,
1965 gettext_noop ("# ICMP IP-exit requests received via mesh"),
1967 if (pkt_len < sizeof (struct GNUNET_EXIT_IcmpInternetMessage))
1969 GNUNET_break_op (0);
1970 return GNUNET_SYSERR;
1972 msg = (const struct GNUNET_EXIT_IcmpInternetMessage*) message;
1973 pkt_len -= sizeof (struct GNUNET_EXIT_IcmpInternetMessage);
1975 af = (int) ntohl (msg->af);
1976 if ( (NULL != state->heap_node) &&
1977 (af != state->ri.remote_address.af) )
1979 /* other peer switched AF on this tunnel; not allowed */
1980 GNUNET_break_op (0);
1981 return GNUNET_SYSERR;
1987 if (pkt_len < sizeof (struct in_addr))
1989 GNUNET_break_op (0);
1990 return GNUNET_SYSERR;
1994 GNUNET_break_op (0);
1995 return GNUNET_SYSERR;
1997 v4 = (const struct in_addr*) &msg[1];
1999 pkt_len -= sizeof (struct in_addr);
2000 state->ri.remote_address.address.ipv4 = *v4;
2001 if (NULL == state->heap_node)
2003 state->ri.remote_address.af = af;
2004 state->ri.remote_address.proto = IPPROTO_ICMP;
2005 setup_state_record (state);
2007 /* check that ICMP type is something we want to support
2008 and possibly make up payload! */
2009 switch (msg->icmp_header.type)
2011 case GNUNET_TUN_ICMPTYPE_ECHO_REPLY:
2012 case GNUNET_TUN_ICMPTYPE_ECHO_REQUEST:
2014 case GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE:
2015 case GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH:
2016 case GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED:
2019 GNUNET_break_op (0);
2020 return GNUNET_SYSERR;
2022 /* make up payload */
2024 struct GNUNET_TUN_IPv4Header *ipp = (struct GNUNET_TUN_IPv4Header *) buf;
2025 struct GNUNET_TUN_UdpHeader *udp = (struct GNUNET_TUN_UdpHeader *) &ipp[1];
2027 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2028 pkt_len = sizeof (struct GNUNET_TUN_IPv4Header) + 8;
2029 make_up_icmpv4_payload (state,
2036 GNUNET_break_op (0);
2037 GNUNET_STATISTICS_update (stats,
2038 gettext_noop ("# ICMPv4 packets dropped (type not allowed)"),
2040 return GNUNET_SYSERR;
2045 if (pkt_len < sizeof (struct in6_addr))
2047 GNUNET_break_op (0);
2048 return GNUNET_SYSERR;
2052 GNUNET_break_op (0);
2053 return GNUNET_SYSERR;
2055 v6 = (const struct in6_addr*) &msg[1];
2057 pkt_len -= sizeof (struct in6_addr);
2058 state->ri.remote_address.address.ipv6 = *v6;
2059 if (NULL == state->heap_node)
2061 state->ri.remote_address.af = af;
2062 state->ri.remote_address.proto = IPPROTO_ICMP;
2063 setup_state_record (state);
2065 /* check that ICMP type is something we want to support
2066 and possibly make up payload! */
2067 switch (msg->icmp_header.type)
2069 case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY:
2070 case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST:
2072 case GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE:
2073 case GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG:
2074 case GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED:
2075 case GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM:
2078 GNUNET_break_op (0);
2079 return GNUNET_SYSERR;
2081 /* make up payload */
2083 struct GNUNET_TUN_IPv6Header *ipp = (struct GNUNET_TUN_IPv6Header *) buf;
2084 struct GNUNET_TUN_UdpHeader *udp = (struct GNUNET_TUN_UdpHeader *) &ipp[1];
2086 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2087 pkt_len = sizeof (struct GNUNET_TUN_IPv6Header) + 8;
2088 make_up_icmpv6_payload (state,
2095 GNUNET_break_op (0);
2096 GNUNET_STATISTICS_update (stats,
2097 gettext_noop ("# ICMPv6 packets dropped (type not allowed)"),
2099 return GNUNET_SYSERR;
2105 GNUNET_break_op (0);
2106 return GNUNET_SYSERR;
2110 char buf[INET6_ADDRSTRLEN];
2111 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2112 "Received ICMP data from %s for forwarding to %s\n",
2113 GNUNET_i2s (sender),
2115 &state->ri.remote_address.address,
2116 buf, sizeof (buf)));
2118 send_icmp_packet_via_tun (&state->ri.remote_address,
2119 &state->ri.local_address,
2127 * Setup ICMP payload for ICMP error messages. Called
2128 * for both IPv4 and IPv6 addresses.
2130 * @param state context for creating the IP Packet
2131 * @param buf where to create the payload, has at least
2132 * sizeof (struct GNUNET_TUN_IPv6Header) + 8 bytes
2133 * @return number of bytes of payload we created in buf
2136 make_up_icmp_service_payload (struct TunnelState *state,
2139 switch (state->serv->address.af)
2143 struct GNUNET_TUN_IPv4Header *ipv4;
2144 struct GNUNET_TUN_UdpHeader *udp;
2146 ipv4 = (struct GNUNET_TUN_IPv4Header *)buf;
2147 udp = (struct GNUNET_TUN_UdpHeader *) &ipv4[1];
2148 make_up_icmpv4_payload (state,
2151 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2152 return sizeof (struct GNUNET_TUN_IPv4Header) + 8;
2157 struct GNUNET_TUN_IPv6Header *ipv6;
2158 struct GNUNET_TUN_UdpHeader *udp;
2160 ipv6 = (struct GNUNET_TUN_IPv6Header *)buf;
2161 udp = (struct GNUNET_TUN_UdpHeader *) &ipv6[1];
2162 make_up_icmpv6_payload (state,
2165 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2166 return sizeof (struct GNUNET_TUN_IPv6Header) + 8;
2177 * Process a request via mesh to send ICMP data to a service
2178 * offered by this system.
2180 * @param cls closure, NULL
2181 * @param tunnel connection to the other end
2182 * @param tunnel_ctx pointer to our 'struct TunnelState *'
2183 * @param sender who sent the message
2184 * @param message the actual message
2185 * @param atsi performance data for the connection
2186 * @return GNUNET_OK to keep the connection open,
2187 * GNUNET_SYSERR to close it (signal serious error)
2190 receive_icmp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
2192 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
2193 const struct GNUNET_MessageHeader *message,
2194 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
2196 struct TunnelState *state = *tunnel_ctx;
2197 const struct GNUNET_EXIT_IcmpServiceMessage *msg;
2198 uint16_t pkt_len = ntohs (message->size);
2199 struct GNUNET_TUN_IcmpHeader icmp;
2200 char buf[sizeof (struct GNUNET_TUN_IPv6Header) + 8];
2201 const void *payload;
2203 GNUNET_STATISTICS_update (stats,
2204 gettext_noop ("# Bytes received from MESH"),
2205 pkt_len, GNUNET_NO);
2206 GNUNET_STATISTICS_update (stats,
2207 gettext_noop ("# ICMP service requests received via mesh"),
2209 /* check that we got at least a valid header */
2210 if (pkt_len < sizeof (struct GNUNET_EXIT_IcmpServiceMessage))
2212 GNUNET_break_op (0);
2213 return GNUNET_SYSERR;
2215 msg = (const struct GNUNET_EXIT_IcmpServiceMessage*) message;
2216 pkt_len -= sizeof (struct GNUNET_EXIT_IcmpServiceMessage);
2217 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2218 "Received data from %s for forwarding to ICMP service %s\n",
2219 GNUNET_i2s (sender),
2220 GNUNET_h2s (&msg->service_descriptor));
2221 if (NULL == state->serv)
2223 /* first packet to service must not be ICMP (cannot determine service!) */
2224 GNUNET_break_op (0);
2225 return GNUNET_SYSERR;
2227 icmp = msg->icmp_header;
2229 state->ri.remote_address = state->serv->address;
2230 setup_state_record (state);
2232 /* check that ICMP type is something we want to support,
2233 perform ICMP PT if needed ans possibly make up payload */
2237 switch (msg->icmp_header.type)
2239 case GNUNET_TUN_ICMPTYPE_ECHO_REPLY:
2240 if (state->serv->address.af == AF_INET6)
2241 icmp.type = GNUNET_TUN_ICMPTYPE6_ECHO_REPLY;
2243 case GNUNET_TUN_ICMPTYPE_ECHO_REQUEST:
2244 if (state->serv->address.af == AF_INET6)
2245 icmp.type = GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST;
2247 case GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE:
2248 if (state->serv->address.af == AF_INET6)
2249 icmp.type = GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE;
2252 GNUNET_break_op (0);
2253 return GNUNET_SYSERR;
2256 pkt_len = make_up_icmp_service_payload (state, buf);
2258 case GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED:
2259 if (state->serv->address.af == AF_INET6)
2260 icmp.type = GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED;
2263 GNUNET_break_op (0);
2264 return GNUNET_SYSERR;
2267 pkt_len = make_up_icmp_service_payload (state, buf);
2269 case GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH:
2270 if (state->serv->address.af == AF_INET6)
2272 GNUNET_STATISTICS_update (stats,
2273 gettext_noop ("# ICMPv4 packets dropped (impossible PT to v6)"),
2279 GNUNET_break_op (0);
2280 return GNUNET_SYSERR;
2283 pkt_len = make_up_icmp_service_payload (state, buf);
2286 GNUNET_break_op (0);
2287 GNUNET_STATISTICS_update (stats,
2288 gettext_noop ("# ICMPv4 packets dropped (type not allowed)"),
2290 return GNUNET_SYSERR;
2292 /* end of AF_INET */
2295 switch (msg->icmp_header.type)
2297 case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY:
2298 if (state->serv->address.af == AF_INET)
2299 icmp.type = GNUNET_TUN_ICMPTYPE_ECHO_REPLY;
2301 case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST:
2302 if (state->serv->address.af == AF_INET)
2303 icmp.type = GNUNET_TUN_ICMPTYPE_ECHO_REQUEST;
2305 case GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE:
2306 if (state->serv->address.af == AF_INET)
2307 icmp.type = GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE;
2310 GNUNET_break_op (0);
2311 return GNUNET_SYSERR;
2314 pkt_len = make_up_icmp_service_payload (state, buf);
2316 case GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED:
2317 if (state->serv->address.af == AF_INET)
2318 icmp.type = GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED;
2321 GNUNET_break_op (0);
2322 return GNUNET_SYSERR;
2325 pkt_len = make_up_icmp_service_payload (state, buf);
2327 case GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG:
2328 case GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM:
2329 if (state->serv->address.af == AF_INET)
2331 GNUNET_STATISTICS_update (stats,
2332 gettext_noop ("# ICMPv6 packets dropped (impossible PT to v4)"),
2338 GNUNET_break_op (0);
2339 return GNUNET_SYSERR;
2342 pkt_len = make_up_icmp_service_payload (state, buf);
2345 GNUNET_break_op (0);
2346 GNUNET_STATISTICS_update (stats,
2347 gettext_noop ("# ICMPv6 packets dropped (type not allowed)"),
2349 return GNUNET_SYSERR;
2351 /* end of AF_INET6 */
2354 GNUNET_break_op (0);
2355 return GNUNET_SYSERR;
2358 send_icmp_packet_via_tun (&state->ri.remote_address,
2359 &state->ri.local_address,
2367 * Send a UDP packet via the TUN interface.
2369 * @param destination_address IP and port to use for the UDP packet's destination
2370 * @param source_address IP and port to use for the UDP packet's source
2371 * @param payload payload of the UDP packet (does NOT include UDP header)
2372 * @param payload_length number of bytes of data in payload
2375 send_udp_packet_via_tun (const struct SocketAddress *destination_address,
2376 const struct SocketAddress *source_address,
2377 const void *payload, size_t payload_length)
2381 GNUNET_STATISTICS_update (stats,
2382 gettext_noop ("# UDP packets sent via TUN"),
2384 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2385 "Sending packet with %u bytes UDP payload via TUN\n",
2386 (unsigned int) payload_length);
2387 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
2388 switch (source_address->af)
2391 len += sizeof (struct GNUNET_TUN_IPv4Header);
2394 len += sizeof (struct GNUNET_TUN_IPv6Header);
2400 len += sizeof (struct GNUNET_TUN_UdpHeader);
2401 len += payload_length;
2402 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
2409 struct GNUNET_MessageHeader *hdr;
2410 struct GNUNET_TUN_Layer2PacketHeader *tun;
2412 hdr= (struct GNUNET_MessageHeader *) buf;
2413 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
2414 hdr->size = htons (len);
2415 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
2416 tun->flags = htons (0);
2417 switch (source_address->af)
2421 struct GNUNET_TUN_IPv4Header * ipv4 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
2423 tun->proto = htons (ETH_P_IPV4);
2424 prepare_ipv4_packet (payload, payload_length,
2428 destination_address,
2434 struct GNUNET_TUN_IPv6Header * ipv6 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
2436 tun->proto = htons (ETH_P_IPV6);
2437 prepare_ipv6_packet (payload, payload_length,
2441 destination_address,
2449 (void) GNUNET_HELPER_send (helper_handle,
2450 (const struct GNUNET_MessageHeader*) buf,
2458 * Process a request to forward UDP data to the Internet via this peer.
2460 * @param cls closure, NULL
2461 * @param tunnel connection to the other end
2462 * @param tunnel_ctx pointer to our 'struct TunnelState *'
2463 * @param sender who sent the message
2464 * @param message the actual message
2465 * @param atsi performance data for the connection
2466 * @return GNUNET_OK to keep the connection open,
2467 * GNUNET_SYSERR to close it (signal serious error)
2470 receive_udp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
2471 void **tunnel_ctx GNUNET_UNUSED,
2472 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
2473 const struct GNUNET_MessageHeader *message,
2474 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
2476 struct TunnelState *state = *tunnel_ctx;
2477 const struct GNUNET_EXIT_UdpInternetMessage *msg;
2478 uint16_t pkt_len = ntohs (message->size);
2479 const struct in_addr *v4;
2480 const struct in6_addr *v6;
2481 const void *payload;
2484 GNUNET_STATISTICS_update (stats,
2485 gettext_noop ("# Bytes received from MESH"),
2486 pkt_len, GNUNET_NO);
2487 GNUNET_STATISTICS_update (stats,
2488 gettext_noop ("# UDP IP-exit requests received via mesh"),
2490 if (pkt_len < sizeof (struct GNUNET_EXIT_UdpInternetMessage))
2492 GNUNET_break_op (0);
2493 return GNUNET_SYSERR;
2495 msg = (const struct GNUNET_EXIT_UdpInternetMessage*) message;
2496 pkt_len -= sizeof (struct GNUNET_EXIT_UdpInternetMessage);
2497 af = (int) ntohl (msg->af);
2498 state->ri.remote_address.af = af;
2502 if (pkt_len < sizeof (struct in_addr))
2504 GNUNET_break_op (0);
2505 return GNUNET_SYSERR;
2509 GNUNET_break_op (0);
2510 return GNUNET_SYSERR;
2512 v4 = (const struct in_addr*) &msg[1];
2514 pkt_len -= sizeof (struct in_addr);
2515 state->ri.remote_address.address.ipv4 = *v4;
2518 if (pkt_len < sizeof (struct in6_addr))
2520 GNUNET_break_op (0);
2521 return GNUNET_SYSERR;
2525 GNUNET_break_op (0);
2526 return GNUNET_SYSERR;
2528 v6 = (const struct in6_addr*) &msg[1];
2530 pkt_len -= sizeof (struct in6_addr);
2531 state->ri.remote_address.address.ipv6 = *v6;
2534 GNUNET_break_op (0);
2535 return GNUNET_SYSERR;
2538 char buf[INET6_ADDRSTRLEN];
2539 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2540 "Received data from %s for forwarding to UDP %s:%u\n",
2541 GNUNET_i2s (sender),
2543 &state->ri.remote_address.address,
2545 (unsigned int) ntohs (msg->destination_port));
2547 state->ri.remote_address.proto = IPPROTO_UDP;
2548 state->ri.remote_address.port = msg->destination_port;
2549 if (NULL == state->heap_node)
2550 setup_state_record (state);
2551 if (0 != ntohs (msg->source_port))
2552 state->ri.local_address.port = msg->source_port;
2553 send_udp_packet_via_tun (&state->ri.remote_address,
2554 &state->ri.local_address,
2561 * Process a request via mesh to send a request to a UDP service
2562 * offered by this system.
2564 * @param cls closure, NULL
2565 * @param tunnel connection to the other end
2566 * @param tunnel_ctx pointer to our 'struct TunnelState *'
2567 * @param sender who sent the message
2568 * @param message the actual message
2569 * @param atsi performance data for the connection
2570 * @return GNUNET_OK to keep the connection open,
2571 * GNUNET_SYSERR to close it (signal serious error)
2574 receive_udp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
2576 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
2577 const struct GNUNET_MessageHeader *message,
2578 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
2580 struct TunnelState *state = *tunnel_ctx;
2581 const struct GNUNET_EXIT_UdpServiceMessage *msg;
2582 uint16_t pkt_len = ntohs (message->size);
2584 GNUNET_STATISTICS_update (stats,
2585 gettext_noop ("# Bytes received from MESH"),
2586 pkt_len, GNUNET_NO);
2587 GNUNET_STATISTICS_update (stats,
2588 gettext_noop ("# UDP service requests received via mesh"),
2590 /* check that we got at least a valid header */
2591 if (pkt_len < sizeof (struct GNUNET_EXIT_UdpServiceMessage))
2593 GNUNET_break_op (0);
2594 return GNUNET_SYSERR;
2596 msg = (const struct GNUNET_EXIT_UdpServiceMessage*) message;
2597 pkt_len -= sizeof (struct GNUNET_EXIT_UdpServiceMessage);
2598 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2599 "Received data from %s for forwarding to UDP service %s on port %u\n",
2600 GNUNET_i2s (sender),
2601 GNUNET_h2s (&msg->service_descriptor),
2602 (unsigned int) ntohs (msg->destination_port));
2603 if (NULL == (state->serv = find_service (udp_services, &msg->service_descriptor,
2604 ntohs (msg->destination_port))))
2606 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
2607 _("No service found for %s on port %d!\n"),
2609 ntohs (msg->destination_port));
2610 GNUNET_STATISTICS_update (stats,
2611 gettext_noop ("# UDP requests dropped (no such service)"),
2613 return GNUNET_SYSERR;
2615 state->ri.remote_address = state->serv->address;
2616 setup_state_record (state);
2617 if (0 != ntohs (msg->source_port))
2618 state->ri.local_address.port = msg->source_port;
2619 send_udp_packet_via_tun (&state->ri.remote_address,
2620 &state->ri.local_address,
2627 * Callback from GNUNET_MESH for new tunnels.
2629 * @param cls closure
2630 * @param tunnel new handle to the tunnel
2631 * @param initiator peer that started the tunnel
2632 * @param atsi performance information for the tunnel
2633 * @return initial tunnel context for the tunnel
2636 new_tunnel (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
2637 const struct GNUNET_PeerIdentity *initiator GNUNET_UNUSED,
2638 const struct GNUNET_ATS_Information *ats GNUNET_UNUSED)
2640 struct TunnelState *s = GNUNET_malloc (sizeof (struct TunnelState));
2642 GNUNET_STATISTICS_update (stats,
2643 gettext_noop ("# Inbound MESH tunnels created"),
2645 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2646 "Received inbound tunnel from `%s'\n",
2647 GNUNET_i2s (initiator));
2654 * Function called by mesh whenever an inbound tunnel is destroyed.
2655 * Should clean up any associated state.
2657 * @param cls closure (set from GNUNET_MESH_connect)
2658 * @param tunnel connection to the other end (henceforth invalid)
2659 * @param tunnel_ctx place where local state associated
2660 * with the tunnel is stored
2663 clean_tunnel (void *cls GNUNET_UNUSED, const struct GNUNET_MESH_Tunnel *tunnel,
2666 struct TunnelState *s = tunnel_ctx;
2667 struct TunnelMessageQueue *tnq;
2669 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2670 "Tunnel destroyed\n");
2671 while (NULL != (tnq = s->head))
2673 GNUNET_CONTAINER_DLL_remove (s->head,
2678 if (s->heap_node != NULL)
2680 GNUNET_assert (GNUNET_YES ==
2681 GNUNET_CONTAINER_multihashmap_remove (connections_map,
2684 GNUNET_CONTAINER_heap_remove_node (s->heap_node);
2685 s->heap_node = NULL;
2689 GNUNET_MESH_notify_transmit_ready_cancel (s->th);
2697 * Function that frees everything from a hashmap
2701 * @param value value to free
2704 free_iterate (void *cls GNUNET_UNUSED,
2705 const GNUNET_HashCode * hash GNUNET_UNUSED, void *value)
2707 GNUNET_free (value);
2713 * Function scheduled as very last function, cleans up after us
2716 cleanup (void *cls GNUNET_UNUSED,
2717 const struct GNUNET_SCHEDULER_TaskContext *tskctx)
2721 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2722 "Exit service is shutting down now\n");
2723 if (helper_handle != NULL)
2725 GNUNET_HELPER_stop (helper_handle);
2726 helper_handle = NULL;
2728 if (mesh_handle != NULL)
2730 GNUNET_MESH_disconnect (mesh_handle);
2733 if (NULL != connections_map)
2735 GNUNET_CONTAINER_multihashmap_iterate (connections_map, &free_iterate, NULL);
2736 GNUNET_CONTAINER_multihashmap_destroy (connections_map);
2737 connections_map = NULL;
2739 if (NULL != connections_heap)
2741 GNUNET_CONTAINER_heap_destroy (connections_heap);
2742 connections_heap = NULL;
2744 if (NULL != tcp_services)
2746 GNUNET_CONTAINER_multihashmap_iterate (tcp_services, &free_service_record, NULL);
2747 GNUNET_CONTAINER_multihashmap_destroy (tcp_services);
2748 tcp_services = NULL;
2750 if (NULL != udp_services)
2752 GNUNET_CONTAINER_multihashmap_iterate (udp_services, &free_service_record, NULL);
2753 GNUNET_CONTAINER_multihashmap_destroy (udp_services);
2754 udp_services = NULL;
2758 GNUNET_STATISTICS_destroy (stats, GNUNET_YES);
2762 GNUNET_free_non_null (exit_argv[i]);
2767 * Add services to the service map.
2769 * @param proto IPPROTO_TCP or IPPROTO_UDP
2770 * @param cpy copy of the service descriptor (can be mutilated)
2771 * @param name DNS name of the service
2774 add_services (int proto,
2781 struct LocalService *serv;
2783 for (redirect = strtok (cpy, " "); redirect != NULL;
2784 redirect = strtok (NULL, " "))
2786 if (NULL == (hostname = strstr (redirect, ":")))
2788 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2789 "option `%s' for domain `%s' is not formatted correctly!\n",
2796 if (NULL == (hostport = strstr (hostname, ":")))
2798 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2799 "option `%s' for domain `%s' is not formatted correctly!\n",
2807 int local_port = atoi (redirect);
2808 int remote_port = atoi (hostport);
2810 if (!((local_port > 0) && (local_port < 65536)))
2812 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2813 "`%s' is not a valid port number (for domain `%s')!", redirect,
2817 if (!((remote_port > 0) && (remote_port < 65536)))
2819 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2820 "`%s' is not a valid port number (for domain `%s')!", hostport,
2825 serv = GNUNET_malloc (sizeof (struct LocalService));
2826 serv->my_port = (uint16_t) local_port;
2827 serv->address.port = remote_port;
2828 if (0 == strcmp ("localhost4", hostname))
2830 const char *ip4addr = exit_argv[4];
2832 serv->address.af = AF_INET;
2833 GNUNET_assert (1 != inet_pton (AF_INET, ip4addr, &serv->address.address.ipv4));
2835 else if (0 == strcmp ("localhost6", hostname))
2837 const char *ip6addr = exit_argv[2];
2839 serv->address.af = AF_INET6;
2840 GNUNET_assert (1 == inet_pton (AF_INET6, ip6addr, &serv->address.address.ipv6));
2844 struct addrinfo *res;
2847 ret = getaddrinfo (hostname, NULL, NULL, &res);
2848 if ( (ret != 0) || (res == NULL) )
2850 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2851 _("No addresses found for hostname `%s' of service `%s'!\n"),
2858 serv->address.af = res->ai_family;
2859 switch (res->ai_family)
2864 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2865 _("Service `%s' configured for IPv4, but IPv4 is disabled!\n"),
2871 serv->address.address.ipv4 = ((struct sockaddr_in *) res->ai_addr)->sin_addr;
2876 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2877 _("Service `%s' configured for IPv4, but IPv4 is disabled!\n"),
2883 serv->address.address.ipv6 = ((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
2887 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2888 _("No IP addresses found for hostname `%s' of service `%s'!\n"),
2896 store_service ((IPPROTO_UDP == proto) ? udp_services : tcp_services,
2905 * Reads the configuration servicecfg and populates udp_services
2908 * @param section name of section in config, equal to hostname
2911 read_service_conf (void *cls GNUNET_UNUSED, const char *section)
2915 if ((strlen (section) < 8) ||
2916 (0 != strcmp (".gnunet.", section + (strlen (section) - 8))))
2919 GNUNET_CONFIGURATION_get_value_string (cfg, section, "UDP_REDIRECTS",
2922 add_services (IPPROTO_UDP, cpy, section);
2926 GNUNET_CONFIGURATION_get_value_string (cfg, section, "TCP_REDIRECTS",
2929 add_services (IPPROTO_TCP, cpy, section);
2936 * @brief Main function that will be run by the scheduler.
2938 * @param cls closure
2939 * @param args remaining command-line arguments
2940 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
2941 * @param cfg_ configuration
2944 run (void *cls, char *const *args GNUNET_UNUSED,
2945 const char *cfgfile GNUNET_UNUSED,
2946 const struct GNUNET_CONFIGURATION_Handle *cfg_)
2948 static struct GNUNET_MESH_MessageHandler handlers[] = {
2949 {&receive_icmp_service, GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_SERVICE, 0},
2950 {&receive_icmp_remote, GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_INTERNET, 0},
2951 {&receive_udp_service, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_SERVICE, 0},
2952 {&receive_udp_remote, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_INTERNET, 0},
2953 {&receive_tcp_service, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_SERVICE_START, 0},
2954 {&receive_tcp_remote, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_INTERNET_START, 0},
2955 {&receive_tcp_data, GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_EXIT, 0},
2959 static GNUNET_MESH_ApplicationType apptypes[] = {
2960 GNUNET_APPLICATION_TYPE_END,
2961 GNUNET_APPLICATION_TYPE_END,
2962 GNUNET_APPLICATION_TYPE_END
2964 unsigned int app_idx;
2973 stats = GNUNET_STATISTICS_create ("exit", cfg);
2974 ipv4_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV4");
2975 ipv6_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV6");
2976 ipv4_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV4");
2977 ipv6_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV6");
2978 if (ipv4_exit && (! ipv4_enabled))
2980 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2981 _("Cannot enable IPv4 exit but disable IPv4 on TUN interface, will use ENABLE_IPv4=YES\n"));
2982 ipv4_enabled = GNUNET_YES;
2984 if (ipv6_exit && (! ipv6_enabled))
2986 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2987 _("Cannot enable IPv6 exit but disable IPv6 on TUN interface, will use ENABLE_IPv6=YES\n"));
2988 ipv6_enabled = GNUNET_YES;
2990 if (! (ipv4_enabled || ipv6_enabled))
2992 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2993 _("No useful service enabled. Exiting.\n"));
2994 GNUNET_SCHEDULER_shutdown ();
2998 if (GNUNET_YES == ipv4_exit)
3000 apptypes[app_idx] = GNUNET_APPLICATION_TYPE_IPV4_GATEWAY;
3003 if (GNUNET_YES == ipv6_exit)
3005 apptypes[app_idx] = GNUNET_APPLICATION_TYPE_IPV6_GATEWAY;
3009 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &cleanup, cls);
3012 GNUNET_CONFIGURATION_get_value_number (cfg, "exit", "MAX_CONNECTIONS",
3014 max_connections = 1024;
3015 exit_argv[0] = GNUNET_strdup ("exit-gnunet");
3016 if (GNUNET_SYSERR ==
3017 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "TUN_IFNAME", &tun_ifname))
3019 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3020 "No entry 'TUN_IFNAME' in configuration!\n");
3021 GNUNET_SCHEDULER_shutdown ();
3024 exit_argv[1] = tun_ifname;
3027 if (GNUNET_SYSERR ==
3028 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "EXIT_IFNAME", &exit_ifname))
3030 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3031 "No entry 'EXIT_IFNAME' in configuration!\n");
3032 GNUNET_SCHEDULER_shutdown ();
3035 exit_argv[2] = exit_ifname;
3039 exit_argv[2] = GNUNET_strdup ("%");
3041 if (GNUNET_YES == ipv6_enabled)
3043 if ( (GNUNET_SYSERR ==
3044 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6ADDR",
3046 (1 != inet_pton (AF_INET6, ipv6addr, &exit_ipv6addr))) )
3048 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3049 "No valid entry 'IPV6ADDR' in configuration!\n");
3050 GNUNET_SCHEDULER_shutdown ();
3053 exit_argv[3] = ipv6addr;
3054 if (GNUNET_SYSERR ==
3055 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6PREFIX",
3058 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3059 "No entry 'IPV6PREFIX' in configuration!\n");
3060 GNUNET_SCHEDULER_shutdown ();
3063 exit_argv[4] = ipv6prefix_s;
3065 GNUNET_CONFIGURATION_get_value_number (cfg, "exit",
3068 (ipv6prefix >= 127) )
3070 GNUNET_SCHEDULER_shutdown ();
3076 /* IPv6 explicitly disabled */
3077 exit_argv[3] = GNUNET_strdup ("-");
3078 exit_argv[4] = GNUNET_strdup ("-");
3080 if (GNUNET_YES == ipv4_enabled)
3082 if ( (GNUNET_SYSERR ==
3083 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4ADDR",
3085 (1 != inet_pton (AF_INET, ipv4addr, &exit_ipv4addr))) )
3087 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3088 "No valid entry for 'IPV4ADDR' in configuration!\n");
3089 GNUNET_SCHEDULER_shutdown ();
3092 exit_argv[5] = ipv4addr;
3093 if ( (GNUNET_SYSERR ==
3094 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4MASK",
3096 (1 != inet_pton (AF_INET, ipv4mask, &exit_ipv4mask))) )
3098 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3099 "No valid entry 'IPV4MASK' in configuration!\n");
3100 GNUNET_SCHEDULER_shutdown ();
3103 exit_argv[6] = ipv4mask;
3107 /* IPv4 explicitly disabled */
3108 exit_argv[5] = GNUNET_strdup ("-");
3109 exit_argv[6] = GNUNET_strdup ("-");
3111 exit_argv[7] = NULL;
3113 udp_services = GNUNET_CONTAINER_multihashmap_create (65536);
3114 tcp_services = GNUNET_CONTAINER_multihashmap_create (65536);
3115 GNUNET_CONFIGURATION_iterate_sections (cfg, &read_service_conf, NULL);
3117 connections_map = GNUNET_CONTAINER_multihashmap_create (65536);
3118 connections_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
3120 = GNUNET_MESH_connect (cfg, 42 /* queue size */, NULL,
3122 &clean_tunnel, handlers,
3124 if (NULL == mesh_handle)
3126 GNUNET_SCHEDULER_shutdown ();
3129 helper_handle = GNUNET_HELPER_start ("gnunet-helper-exit",
3131 &message_token, NULL);
3138 * @param argc number of arguments from the command line
3139 * @param argv command line arguments
3140 * @return 0 ok, 1 on error
3143 main (int argc, char *const *argv)
3145 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
3146 GNUNET_GETOPT_OPTION_END
3149 return (GNUNET_OK ==
3150 GNUNET_PROGRAM_run (argc, argv, "gnunet-daemon-exit",
3152 ("Daemon to run to provide an IP exit node for the VPN"),
3153 options, &run, NULL)) ? 0 : 1;
3157 /* end of gnunet-daemon-exit.c */