2 This file is part of GNUnet.
3 (C) 2010, 2012 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file exit/gnunet-daemon-exit.c
23 * @brief tool to allow IP traffic exit from the GNUnet mesh to the Internet
24 * @author Philipp Toelke
25 * @author Christian Grothoff
31 * - which code should advertise services? the service model is right
32 * now a bit odd, especially as this code DOES the exit and knows
33 * the DNS "name", but OTOH this is clearly NOT the place to advertise
34 * the service's existence; maybe the daemon should turn into a
35 * service with an API to add local-exit services dynamically?
38 #include "gnunet_util_lib.h"
39 #include "gnunet_protocols.h"
40 #include "gnunet_applications.h"
41 #include "gnunet_mesh_service.h"
42 #include "gnunet_statistics_service.h"
43 #include "gnunet_constants.h"
44 #include "gnunet_tun_lib.h"
48 * Information about an address.
53 * AF_INET or AF_INET6.
58 * Remote address information.
63 * Address, if af is AF_INET.
68 * Address, if af is AF_INET6.
74 * IPPROTO_TCP or IPPROTO_UDP;
79 * Remote port, in host byte order!
86 * This struct is saved into the services-hashmap to represent
87 * a service this peer is specifically offering an exit for
88 * (for a specific domain name).
94 * Remote address to use for the service.
96 struct SocketAddress address;
99 * DNS name of the service.
104 * Port I am listening on within GNUnet for this service, in host
105 * byte order. (as we may redirect ports).
112 * Information we use to track a connection (the classical 6-tuple of
113 * IP-version, protocol, source-IP, destination-IP, source-port and
116 struct RedirectInformation
120 * Address information for the other party (equivalent of the
121 * arguments one would give to "connect").
123 struct SocketAddress remote_address;
126 * Address information we used locally (AF and proto must match
127 * "remote_address"). Equivalent of the arguments one would give to
130 struct SocketAddress local_address;
133 Note 1: additional information might be added here in the
134 future to support protocols that require special handling,
137 Note 2: we might also sometimes not match on all components
138 of the tuple, to support protocols where things do not always
145 * Queue of messages to a tunnel.
147 struct TunnelMessageQueue
150 * This is a doubly-linked list.
152 struct TunnelMessageQueue *next;
155 * This is a doubly-linked list.
157 struct TunnelMessageQueue *prev;
160 * Payload to send via the tunnel.
165 * Number of bytes in 'payload'.
172 * This struct is saved into connections_map to allow finding the
173 * right tunnel given an IP packet from TUN. It is also associated
174 * with the tunnel's closure so we can find it again for the next
175 * message from the tunnel.
180 * Mesh tunnel that is used for this connection.
182 struct GNUNET_MESH_Tunnel *tunnel;
185 * Heap node for this state in the connections_heap.
187 struct GNUNET_CONTAINER_HeapNode *heap_node;
190 * Key this state has in the connections_map.
192 GNUNET_HashCode state_key;
195 * Associated service record, or NULL for no service.
197 struct LocalService *serv;
200 * Head of DLL of messages for this tunnel.
202 struct TunnelMessageQueue *head;
205 * Tail of DLL of messages for this tunnel.
207 struct TunnelMessageQueue *tail;
210 * Active tunnel transmission request (or NULL).
212 struct GNUNET_MESH_TransmitHandle *th;
215 * Primary redirection information for this connection.
217 struct RedirectInformation ri;
223 * The handle to the configuration used throughout the process
225 static const struct GNUNET_CONFIGURATION_Handle *cfg;
228 * The handle to the helper
230 static struct GNUNET_HELPER_Handle *helper_handle;
233 * Arguments to the exit helper.
235 static char *exit_argv[7];
238 * IPv6 prefix (0..127) from configuration file.
240 static unsigned long long ipv6prefix;
245 static struct GNUNET_STATISTICS_Handle *stats;
250 static struct GNUNET_MESH_Handle *mesh_handle;
253 * This hashmaps contains the mapping from peer, service-descriptor,
254 * source-port and destination-port to a struct TunnelState
256 static struct GNUNET_CONTAINER_MultiHashMap *connections_map;
259 * Heap so we can quickly find "old" connections.
261 static struct GNUNET_CONTAINER_Heap *connections_heap;
264 * If there are at least this many connections, old ones will be removed
266 static long long unsigned int max_connections;
269 * This hashmaps saves interesting things about the configured UDP services
271 static struct GNUNET_CONTAINER_MultiHashMap *udp_services;
274 * This hashmaps saves interesting things about the configured TCP services
276 static struct GNUNET_CONTAINER_MultiHashMap *tcp_services;
279 * Are we an IPv4-exit?
281 static int ipv4_exit;
284 * Are we an IPv6-exit?
286 static int ipv6_exit;
289 * Do we support IPv4 at all on the TUN interface?
291 static int ipv4_enabled;
294 * Do we support IPv6 at all on the TUN interface?
296 static int ipv6_enabled;
300 * Given IP information about a connection, calculate the respective
301 * hash we would use for the 'connections_map'.
303 * @param hash resulting hash
304 * @param ri information about the connection
307 hash_redirect_info (GNUNET_HashCode *hash,
308 const struct RedirectInformation *ri)
312 memset (hash, 0, sizeof (GNUNET_HashCode));
313 /* the GNUnet hashmap only uses the first sizeof(unsigned int) of the hash,
314 so we put the IP address in there (and hope for few collisions) */
316 switch (ri->remote_address.af)
319 memcpy (off, &ri->remote_address.address.ipv4, sizeof (struct in_addr));
320 off += sizeof (struct in_addr);
323 memcpy (off, &ri->remote_address.address.ipv6, sizeof (struct in6_addr));
324 off += sizeof (struct in_addr);
329 memcpy (off, &ri->remote_address.port, sizeof (uint16_t));
330 off += sizeof (uint16_t);
331 switch (ri->local_address.af)
334 memcpy (off, &ri->local_address.address.ipv4, sizeof (struct in_addr));
335 off += sizeof (struct in_addr);
338 memcpy (off, &ri->local_address.address.ipv6, sizeof (struct in6_addr));
339 off += sizeof (struct in_addr);
344 memcpy (off, &ri->local_address.port, sizeof (uint16_t));
345 off += sizeof (uint16_t);
346 memcpy (off, &ri->remote_address.proto, sizeof (uint8_t));
347 off += sizeof (uint8_t);
352 * Get our connection tracking state. Warns if it does not exists,
353 * refreshes the timestamp if it does exist.
355 * @param af address family
356 * @param protocol IPPROTO_UDP or IPPROTO_TCP
357 * @param destination_ip target IP
358 * @param destination_port target port
359 * @param local_ip local IP
360 * @param local_port local port
361 * @param state_key set to hash's state if non-NULL
362 * @return NULL if we have no tracking information for this tuple
364 static struct TunnelState *
365 get_redirect_state (int af,
367 const void *destination_ip,
368 uint16_t destination_port,
369 const void *local_ip,
371 GNUNET_HashCode *state_key)
373 struct RedirectInformation ri;
375 struct TunnelState *state;
377 ri.remote_address.af = af;
379 ri.remote_address.address.ipv4 = *((struct in_addr*) destination_ip);
381 ri.remote_address.address.ipv6 = * ((struct in6_addr*) destination_ip);
382 ri.remote_address.port = destination_port;
383 ri.remote_address.proto = protocol;
384 ri.local_address.af = af;
386 ri.local_address.address.ipv4 = *((struct in_addr*) local_ip);
388 ri.local_address.address.ipv6 = * ((struct in6_addr*) local_ip);
389 ri.local_address.port = local_port;
390 ri.local_address.proto = protocol;
391 hash_redirect_info (&key, &ri);
392 if (NULL != state_key)
394 state = GNUNET_CONTAINER_multihashmap_get (connections_map, &key);
397 /* Mark this connection as freshly used */
398 if (NULL == state_key)
399 GNUNET_CONTAINER_heap_update_cost (connections_heap,
401 GNUNET_TIME_absolute_get ().abs_value);
407 * Given a service descriptor and a destination port, find the
408 * respective service entry.
410 * @param service_map map of services (TCP or UDP)
411 * @param desc service descriptor
412 * @param dpt destination port
413 * @return NULL if we are not aware of such a service
415 static struct LocalService *
416 find_service (struct GNUNET_CONTAINER_MultiHashMap *service_map,
417 const GNUNET_HashCode *desc,
420 char key[sizeof (GNUNET_HashCode) + sizeof (uint16_t)];
422 memcpy (&key[0], &dpt, sizeof (uint16_t));
423 memcpy (&key[sizeof(uint16_t)], desc, sizeof (GNUNET_HashCode));
424 return GNUNET_CONTAINER_multihashmap_get (service_map,
425 (GNUNET_HashCode *) key);
430 * Free memory associated with a service record.
433 * @param key service descriptor
434 * @param value service record to free
438 free_service_record (void *cls,
439 const GNUNET_HashCode *key,
442 struct LocalService *service = value;
444 GNUNET_free_non_null (service->name);
445 GNUNET_free (service);
451 * Given a service descriptor and a destination port, find the
452 * respective service entry.
454 * @param service_map map of services (TCP or UDP)
455 * @param name name of the service
456 * @param dpt destination port
457 * @param service service information record to store (service->name will be set).
460 store_service (struct GNUNET_CONTAINER_MultiHashMap *service_map,
463 struct LocalService *service)
465 char key[sizeof (GNUNET_HashCode) + sizeof (uint16_t)];
466 GNUNET_HashCode desc;
468 GNUNET_CRYPTO_hash (name, strlen (name) + 1, &desc);
469 service->name = GNUNET_strdup (name);
470 memcpy (&key[0], &dpt, sizeof (uint16_t));
471 memcpy (&key[sizeof(uint16_t)], &desc, sizeof (GNUNET_HashCode));
473 GNUNET_CONTAINER_multihashmap_put (service_map,
474 (GNUNET_HashCode *) key,
476 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
478 free_service_record (NULL, (GNUNET_HashCode *) key, service);
479 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
480 _("Got duplicate service records for `%s:%u'\n"),
488 * MESH is ready to receive a message for the tunnel. Transmit it.
490 * @param cls the 'struct TunnelState'.
491 * @param size number of bytes available in buf
492 * @param buf where to copy the message
493 * @return number of bytes copied to buf
496 send_to_peer_notify_callback (void *cls, size_t size, void *buf)
498 struct TunnelState *s = cls;
499 struct GNUNET_MESH_Tunnel *tunnel = s->tunnel;
500 struct TunnelMessageQueue *tnq;
504 GNUNET_assert (size >= tnq->len);
505 memcpy (buf, tnq->payload, tnq->len);
507 GNUNET_CONTAINER_DLL_remove (s->head,
511 if (NULL != (tnq = s->head))
512 s->th = GNUNET_MESH_notify_transmit_ready (tunnel,
513 GNUNET_NO /* corking */,
515 GNUNET_TIME_UNIT_FOREVER_REL,
518 &send_to_peer_notify_callback,
520 GNUNET_STATISTICS_update (stats,
521 gettext_noop ("# Bytes transmitted via mesh tunnels"),
528 * Send the given packet via the mesh tunnel.
530 * @param mesh_tunnel destination
531 * @param payload message to transmit
532 * @param payload_length number of bytes in payload
533 * @param desc descriptor to add before payload (optional)
534 * @param mtype message type to use
537 send_packet_to_mesh_tunnel (struct GNUNET_MESH_Tunnel *mesh_tunnel,
539 size_t payload_length,
540 const GNUNET_HashCode *desc,
543 struct TunnelState *s;
544 struct TunnelMessageQueue *tnq;
545 struct GNUNET_MessageHeader *msg;
549 len = sizeof (struct GNUNET_MessageHeader) + sizeof (GNUNET_HashCode) + payload_length;
550 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
555 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueue) + len);
556 tnq->payload = &tnq[1];
558 msg = (struct GNUNET_MessageHeader *) &tnq[1];
559 msg->size = htons ((uint16_t) len);
560 msg->type = htons (mtype);
563 dp = (GNUNET_HashCode *) &msg[1];
565 memcpy (&dp[1], payload, payload_length);
569 memcpy (&msg[1], payload, payload_length);
571 s = GNUNET_MESH_tunnel_get_data (mesh_tunnel);
572 GNUNET_assert (NULL != s);
573 GNUNET_CONTAINER_DLL_insert_tail (s->head, s->tail, tnq);
575 s->th = GNUNET_MESH_notify_transmit_ready (mesh_tunnel, GNUNET_NO /* cork */, 0 /* priority */,
576 GNUNET_TIME_UNIT_FOREVER_REL,
578 &send_to_peer_notify_callback,
584 * @brief Handles an UDP packet received from the helper.
586 * @param udp A pointer to the Packet
587 * @param pktlen number of bytes in 'udp'
588 * @param af address family (AFINET or AF_INET6)
589 * @param destination_ip destination IP-address of the IP packet (should
590 * be our local address)
591 * @param source_ip original source IP-address of the IP packet (should
592 * be the original destination address)
595 udp_from_helper (const struct GNUNET_TUN_UdpHeader *udp,
598 const void *destination_ip,
599 const void *source_ip)
601 struct TunnelState *state;
604 char sbuf[INET6_ADDRSTRLEN];
605 char dbuf[INET6_ADDRSTRLEN];
606 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
607 "Received UDP packet going from %s:%u to %s:%u\n",
610 sbuf, sizeof (sbuf)),
611 (unsigned int) ntohs (udp->spt),
614 dbuf, sizeof (dbuf)),
615 (unsigned int) ntohs (udp->dpt));
617 if (pktlen < sizeof (struct GNUNET_TUN_UdpHeader))
623 if (pktlen != ntohs (udp->len))
629 state = get_redirect_state (af, IPPROTO_UDP,
637 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
638 _("Packet dropped, have no matching connection information\n"));
641 send_packet_to_mesh_tunnel (state->tunnel,
642 &udp[1], pktlen - sizeof (struct GNUNET_TUN_UdpHeader),
644 GNUNET_MESSAGE_TYPE_VPN_UDP_REPLY);
649 * @brief Handles a TCP packet received from the helper.
651 * @param tcp A pointer to the Packet
652 * @param pktlen the length of the packet, including its header
653 * @param af address family (AFINET or AF_INET6)
654 * @param destination_ip destination IP-address of the IP packet (should
655 * be our local address)
656 * @param source_ip original source IP-address of the IP packet (should
657 * be the original destination address)
660 tcp_from_helper (const struct GNUNET_TUN_TcpHeader *tcp,
663 const void *destination_ip,
664 const void *source_ip)
666 struct TunnelState *state;
668 struct GNUNET_TUN_TcpHeader *mtcp;
671 char sbuf[INET6_ADDRSTRLEN];
672 char dbuf[INET6_ADDRSTRLEN];
673 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
674 "Received TCP packet going from %s:%u to %s:%u\n",
677 sbuf, sizeof (sbuf)),
678 (unsigned int) ntohs (tcp->spt),
681 dbuf, sizeof (dbuf)),
682 (unsigned int) ntohs (tcp->dpt));
684 if (pktlen < sizeof (struct GNUNET_TUN_TcpHeader))
690 state = get_redirect_state (af, IPPROTO_TCP,
698 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
699 _("Packet dropped, have no matching connection information\n"));
703 /* mug port numbers and crc to avoid information leakage;
704 sender will need to lookup the correct values anyway */
705 memcpy (buf, tcp, pktlen);
706 mtcp = (struct GNUNET_TUN_TcpHeader *) buf;
710 send_packet_to_mesh_tunnel (state->tunnel,
713 GNUNET_MESSAGE_TYPE_VPN_TCP_DATA);
718 * Receive packets from the helper-process
721 * @param client unsued
722 * @param message message received from helper
725 message_token (void *cls GNUNET_UNUSED, void *client GNUNET_UNUSED,
726 const struct GNUNET_MessageHeader *message)
728 const struct GNUNET_TUN_Layer2PacketHeader *pkt_tun;
731 GNUNET_STATISTICS_update (stats,
732 gettext_noop ("# Packets received from TUN"),
734 if (ntohs (message->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER)
739 size = ntohs (message->size);
740 if (size < sizeof (struct GNUNET_TUN_Layer2PacketHeader) + sizeof (struct GNUNET_MessageHeader))
745 GNUNET_STATISTICS_update (stats,
746 gettext_noop ("# Bytes received from TUN"),
748 pkt_tun = (const struct GNUNET_TUN_Layer2PacketHeader *) &message[1];
749 size -= sizeof (struct GNUNET_TUN_Layer2PacketHeader) + sizeof (struct GNUNET_MessageHeader);
750 switch (ntohs (pkt_tun->proto))
754 const struct GNUNET_TUN_IPv6Header *pkt6;
756 if (size < sizeof (struct GNUNET_TUN_IPv6Header))
758 /* Kernel to blame? */
762 pkt6 = (struct GNUNET_TUN_IPv6Header *) &pkt_tun[1];
763 if (size != ntohs (pkt6->payload_length))
765 /* Kernel to blame? */
769 size -= sizeof (struct GNUNET_TUN_IPv6Header);
770 switch (pkt6->next_header)
773 udp_from_helper ((const struct GNUNET_TUN_UdpHeader *) &pkt6[1], size,
775 &pkt6->destination_address,
776 &pkt6->source_address);
779 tcp_from_helper ((const struct GNUNET_TUN_TcpHeader *) &pkt6[1], size,
781 &pkt6->destination_address,
782 &pkt6->source_address);
785 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
786 _("IPv6 packet with unsupported next header received. Ignored.\n"));
793 const struct GNUNET_TUN_IPv4Header *pkt4;
795 if (size < sizeof (struct GNUNET_TUN_IPv4Header))
797 /* Kernel to blame? */
801 pkt4 = (const struct GNUNET_TUN_IPv4Header *) &pkt_tun[1];
802 if (size != ntohs (pkt4->total_length))
804 /* Kernel to blame? */
808 if (pkt4->header_length * 4 != sizeof (struct GNUNET_TUN_IPv4Header))
810 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
811 _("IPv4 packet options received. Ignored.\n"));
814 size -= sizeof (struct GNUNET_TUN_IPv4Header);
815 switch (pkt4->protocol)
818 udp_from_helper ((const struct GNUNET_TUN_UdpHeader *) &pkt4[1], size,
820 &pkt4->destination_address,
821 &pkt4->source_address);
823 tcp_from_helper ((const struct GNUNET_TUN_TcpHeader *) &pkt4[1], size,
825 &pkt4->destination_address,
826 &pkt4->source_address);
829 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
830 _("IPv4 packet with unsupported next header received. Ignored.\n"));
836 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
837 _("Packet from unknown protocol %u received. Ignored.\n"),
838 ntohs (pkt_tun->proto));
845 * We need to create a (unique) fresh local address (IP+port).
848 * @param af desired address family
849 * @param proto desired protocol (IPPROTO_UDP or IPPROTO_TCP)
850 * @param local_address address to initialize
853 setup_fresh_address (int af,
855 struct SocketAddress *local_address)
857 local_address->af = af;
858 local_address->proto = (uint8_t) proto;
859 /* default "local" port range is often 32768--61000,
860 so we pick a random value in that range */
862 = (uint16_t) 32768 + GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
868 const char *ipv4addr = exit_argv[4];
869 const char *ipv4mask = exit_argv[5];
874 GNUNET_assert (1 == inet_pton (AF_INET, ipv4addr, &addr));
875 GNUNET_assert (1 == inet_pton (AF_INET, ipv4mask, &mask));
876 if (0 == ~mask.s_addr)
878 /* only one valid IP anyway */
879 local_address->address.ipv4 = addr;
882 /* Given 192.168.0.1/255.255.0.0, we want a mask
883 of '192.168.255.255', thus: */
884 mask.s_addr = addr.s_addr | ~mask.s_addr;
885 /* Pick random IPv4 address within the subnet, except 'addr' or 'mask' itself */
888 rnd.s_addr = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
890 local_address->address.ipv4.s_addr = (addr.s_addr | rnd.s_addr) & mask.s_addr;
892 while ( (local_address->address.ipv4.s_addr == addr.s_addr) ||
893 (local_address->address.ipv4.s_addr == mask.s_addr) );
898 const char *ipv6addr = exit_argv[2];
899 struct in6_addr addr;
900 struct in6_addr mask;
904 GNUNET_assert (1 == inet_pton (AF_INET6, ipv6addr, &addr));
905 GNUNET_assert (ipv6prefix < 128);
906 if (ipv6prefix == 127)
908 /* only one valid IP anyway */
909 local_address->address.ipv6 = addr;
912 /* Given ABCD::/96, we want a mask of 'ABCD::FFFF:FFFF,
915 for (i=127;i>=128-ipv6prefix;i--)
916 mask.s6_addr[i / 8] |= (1 << (i % 8));
918 /* Pick random IPv6 address within the subnet, except 'addr' or 'mask' itself */
923 rnd.s6_addr[i] = (unsigned char) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
925 local_address->address.ipv6.s6_addr[i]
926 = (addr.s6_addr[i] | rnd.s6_addr[i]) & mask.s6_addr[i];
929 while ( (0 == memcmp (&local_address->address.ipv6,
931 sizeof (struct in6_addr))) ||
932 (0 == memcmp (&local_address->address.ipv6,
934 sizeof (struct in6_addr))) );
944 * We are starting a fresh connection (TCP or UDP) and need
945 * to pick a source port and IP address (within the correct
946 * range and address family) to associate replies with the
947 * connection / correct mesh tunnel. This function generates
948 * a "fresh" source IP and source port number for a connection
949 * After picking a good source address, this function sets up
950 * the state in the 'connections_map' and 'connections_heap'
951 * to allow finding the state when needed later. The function
952 * also makes sure that we remain within memory limits by
953 * cleaning up 'old' states.
955 * @param state skeleton state to setup a record for; should
956 * 'state->ri.remote_address' filled in so that
957 * this code can determine which AF/protocol is
958 * going to be used (the 'tunnel' should also
959 * already be set); after calling this function,
960 * heap_node and the local_address will be
961 * also initialized (heap_node != NULL can be
962 * used to test if a state has been fully setup).
965 setup_state_record (struct TunnelState *state)
968 struct TunnelState *s;
970 /* generate fresh, unique address */
973 setup_fresh_address (state->serv->address.af,
974 state->serv->address.proto,
975 &state->ri.local_address);
976 } while (NULL != get_redirect_state (state->ri.remote_address.af,
977 state->ri.remote_address.proto,
978 &state->ri.remote_address.address,
979 state->ri.remote_address.port,
980 &state->ri.local_address.address,
981 state->ri.local_address.port,
984 char buf[INET6_ADDRSTRLEN];
985 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
986 "Picked local address %s:%u for new connection\n",
987 inet_ntop (state->ri.local_address.af,
988 &state->ri.local_address.address,
990 (unsigned int) state->ri.local_address.port);
992 GNUNET_assert (GNUNET_OK ==
993 GNUNET_CONTAINER_multihashmap_put (connections_map,
995 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
996 state->heap_node = GNUNET_CONTAINER_heap_insert (connections_heap,
998 GNUNET_TIME_absolute_get ().abs_value);
999 while (GNUNET_CONTAINER_heap_get_size (connections_heap) > max_connections)
1001 s = GNUNET_CONTAINER_heap_remove_root (connections_heap);
1002 GNUNET_assert (state != s);
1003 s->heap_node = NULL;
1004 GNUNET_MESH_tunnel_destroy (s->tunnel);
1005 GNUNET_assert (GNUNET_OK ==
1006 GNUNET_CONTAINER_multihashmap_remove (connections_map,
1015 * Prepare an IPv4 packet for transmission via the TUN interface.
1016 * Initializes the IP header and calculates checksums (IP+UDP/TCP).
1017 * For UDP, the UDP header will be fully created, whereas for TCP
1018 * only the ports and checksum will be filled in. So for TCP,
1019 * a skeleton TCP header must be part of the provided payload.
1021 * @param payload payload of the packet (starting with UDP payload or
1022 * TCP header, depending on protocol)
1023 * @param payload_length number of bytes in 'payload'
1024 * @param protocol IPPROTO_UDP or IPPROTO_TCP
1025 * @param src_address source address to use (IP and port)
1026 * @param dst_address destination address to use (IP and port)
1027 * @param pkt6 where to write the assembled packet; must
1028 * contain enough space for the IP header, UDP/TCP header
1032 prepare_ipv4_packet (const void *payload, size_t payload_length,
1034 const struct GNUNET_TUN_TcpHeader *tcp_header,
1035 const struct SocketAddress *src_address,
1036 const struct SocketAddress *dst_address,
1037 struct GNUNET_TUN_IPv4Header *pkt4)
1041 len = payload_length;
1045 len += sizeof (struct GNUNET_TUN_UdpHeader);
1048 len += sizeof (struct GNUNET_TUN_TcpHeader);
1049 GNUNET_assert (NULL != tcp_header);
1055 if (len + sizeof (struct GNUNET_TUN_IPv4Header) > UINT16_MAX)
1061 GNUNET_TUN_initialize_ipv4_header (pkt4,
1064 &src_address->address.ipv4,
1065 &dst_address->address.ipv4);
1070 struct GNUNET_TUN_UdpHeader *pkt4_udp = (struct GNUNET_TUN_UdpHeader *) &pkt4[1];
1072 pkt4_udp->spt = htons (src_address->port);
1073 pkt4_udp->dpt = htons (dst_address->port);
1074 pkt4_udp->len = htons ((uint16_t) payload_length);
1075 GNUNET_TUN_calculate_udp4_checksum (pkt4,
1077 payload, payload_length);
1078 memcpy (&pkt4_udp[1], payload, payload_length);
1083 struct GNUNET_TUN_TcpHeader *pkt4_tcp = (struct GNUNET_TUN_TcpHeader *) &pkt4[1];
1085 memcpy (pkt4_tcp, tcp_header, sizeof (struct GNUNET_TUN_TcpHeader));
1086 pkt4_tcp->spt = htons (src_address->port);
1087 pkt4_tcp->dpt = htons (dst_address->port);
1088 GNUNET_TUN_calculate_tcp4_checksum (pkt4,
1092 memcpy (&pkt4_tcp[1], payload, payload_length);
1102 * Prepare an IPv6 packet for transmission via the TUN interface.
1103 * Initializes the IP header and calculates checksums (IP+UDP/TCP).
1104 * For UDP, the UDP header will be fully created, whereas for TCP
1105 * only the ports and checksum will be filled in. So for TCP,
1106 * a skeleton TCP header must be part of the provided payload.
1108 * @param payload payload of the packet (starting with UDP payload or
1109 * TCP header, depending on protocol)
1110 * @param payload_length number of bytes in 'payload'
1111 * @param protocol IPPROTO_UDP or IPPROTO_TCP
1112 * @param src_address source address to use (IP and port)
1113 * @param dst_address destination address to use (IP and port)
1114 * @param pkt6 where to write the assembled packet; must
1115 * contain enough space for the IP header, UDP/TCP header
1119 prepare_ipv6_packet (const void *payload, size_t payload_length,
1121 const struct GNUNET_TUN_TcpHeader *tcp_header,
1122 const struct SocketAddress *src_address,
1123 const struct SocketAddress *dst_address,
1124 struct GNUNET_TUN_IPv6Header *pkt6)
1128 len = payload_length;
1132 len += sizeof (struct GNUNET_TUN_UdpHeader);
1135 /* tcp_header (with port/crc not set) must be part of payload! */
1136 if (len < sizeof (struct GNUNET_TUN_TcpHeader))
1146 if (len > UINT16_MAX)
1152 GNUNET_TUN_initialize_ipv6_header (pkt6,
1155 &dst_address->address.ipv6,
1156 &src_address->address.ipv6);
1162 struct GNUNET_TUN_UdpHeader *pkt6_udp = (struct GNUNET_TUN_UdpHeader *) &pkt6[1];
1164 pkt6_udp->spt = htons (src_address->port);
1165 pkt6_udp->dpt = htons (dst_address->port);
1166 pkt6_udp->len = htons ((uint16_t) payload_length);
1168 GNUNET_TUN_calculate_udp6_checksum (pkt6,
1172 memcpy (&pkt6[1], payload, payload_length);
1177 struct GNUNET_TUN_TcpHeader *pkt6_tcp = (struct GNUNET_TUN_TcpHeader *) pkt6;
1179 /* memcpy first here as some TCP header fields are initialized this way! */
1180 memcpy (pkt6_tcp, payload, payload_length);
1181 pkt6_tcp->spt = htons (src_address->port);
1182 pkt6_tcp->dpt = htons (dst_address->port);
1183 GNUNET_TUN_calculate_tcp6_checksum (pkt6,
1197 * Send a TCP packet via the TUN interface.
1199 * @param destination_address IP and port to use for the TCP packet's destination
1200 * @param source_address IP and port to use for the TCP packet's source
1201 * @param tcp header template to use
1202 * @param payload payload of the TCP packet
1203 * @param payload_length number of bytes in 'payload'
1206 send_tcp_packet_via_tun (const struct SocketAddress *destination_address,
1207 const struct SocketAddress *source_address,
1208 const struct GNUNET_TUN_TcpHeader *tcp_header,
1209 const void *payload, size_t payload_length)
1213 GNUNET_STATISTICS_update (stats,
1214 gettext_noop ("# TCP packets sent via TUN"),
1216 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1217 "Sending packet with %u bytes TCP payload via TUN\n",
1218 (unsigned int) payload_length);
1219 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
1220 switch (source_address->af)
1223 len += sizeof (struct GNUNET_TUN_IPv4Header);
1226 len += sizeof (struct GNUNET_TUN_IPv6Header);
1232 len += payload_length;
1233 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1240 struct GNUNET_MessageHeader *hdr;
1241 struct GNUNET_TUN_Layer2PacketHeader *tun;
1243 hdr= (struct GNUNET_MessageHeader *) buf;
1244 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1245 hdr->size = htons (len);
1246 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
1247 tun->flags = htons (0);
1248 switch (source_address->af)
1252 struct GNUNET_TUN_IPv4Header * ipv4 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
1254 tun->proto = htons (ETH_P_IPV4);
1255 prepare_ipv4_packet (payload, payload_length,
1259 destination_address,
1265 struct GNUNET_TUN_IPv6Header * ipv6 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
1267 tun->proto = htons (ETH_P_IPV6);
1268 prepare_ipv6_packet (payload, payload_length,
1272 destination_address,
1280 (void) GNUNET_HELPER_send (helper_handle,
1281 (const struct GNUNET_MessageHeader*) buf,
1289 * Process a request via mesh to send a request to a TCP service
1290 * offered by this system.
1292 * @param cls closure, NULL
1293 * @param tunnel connection to the other end
1294 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1295 * @param sender who sent the message
1296 * @param message the actual message
1297 * @param atsi performance data for the connection
1298 * @return GNUNET_OK to keep the connection open,
1299 * GNUNET_SYSERR to close it (signal serious error)
1302 receive_tcp_service (void *unused GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1303 void **tunnel_ctx GNUNET_UNUSED,
1304 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1305 const struct GNUNET_MessageHeader *message,
1306 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1308 struct TunnelState *state = *tunnel_ctx;
1309 const struct GNUNET_EXIT_TcpServiceStartMessage *start;
1310 uint16_t pkt_len = ntohs (message->size);
1312 GNUNET_STATISTICS_update (stats,
1313 gettext_noop ("# TCP service creation requests received via mesh"),
1315 GNUNET_STATISTICS_update (stats,
1316 gettext_noop ("# Bytes received from MESH"),
1317 pkt_len, GNUNET_NO);
1318 /* check that we got at least a valid header */
1319 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpServiceStartMessage))
1321 GNUNET_break_op (0);
1322 return GNUNET_SYSERR;
1324 start = (const struct GNUNET_EXIT_TcpServiceStartMessage*) message;
1325 pkt_len -= sizeof (struct GNUNET_EXIT_TcpServiceStartMessage);
1326 if ( (NULL == state) ||
1327 (NULL != state->serv) ||
1328 (NULL != state->heap_node) )
1330 GNUNET_break_op (0);
1331 return GNUNET_SYSERR;
1333 GNUNET_break_op (ntohl (start->reserved) == 0);
1334 /* setup fresh connection */
1335 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1336 "Received data from %s for forwarding to TCP service %s on port %u\n",
1337 GNUNET_i2s (sender),
1338 GNUNET_h2s (&start->service_descriptor),
1339 (unsigned int) ntohs (start->tcp_header.dpt));
1340 if (NULL == (state->serv = find_service (tcp_services, &start->service_descriptor,
1341 ntohs (start->tcp_header.dpt))))
1343 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1344 _("No service found for %s on port %d!\n"),
1346 ntohs (start->tcp_header.dpt));
1347 GNUNET_STATISTICS_update (stats,
1348 gettext_noop ("# TCP requests dropped (no such service)"),
1350 return GNUNET_SYSERR;
1352 state->ri.remote_address = state->serv->address;
1353 setup_state_record (state);
1354 send_tcp_packet_via_tun (&state->ri.remote_address,
1355 &state->ri.local_address,
1357 &start[1], pkt_len);
1363 * Process a request to forward TCP data to the Internet via this peer.
1365 * @param cls closure, NULL
1366 * @param tunnel connection to the other end
1367 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1368 * @param sender who sent the message
1369 * @param message the actual message
1370 * @param atsi performance data for the connection
1371 * @return GNUNET_OK to keep the connection open,
1372 * GNUNET_SYSERR to close it (signal serious error)
1375 receive_tcp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1376 void **tunnel_ctx GNUNET_UNUSED,
1377 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1378 const struct GNUNET_MessageHeader *message,
1379 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1381 struct TunnelState *state = *tunnel_ctx;
1382 const struct GNUNET_EXIT_TcpInternetStartMessage *start;
1383 uint16_t pkt_len = ntohs (message->size);
1384 const struct in_addr *v4;
1385 const struct in6_addr *v6;
1386 const void *payload;
1389 GNUNET_STATISTICS_update (stats,
1390 gettext_noop ("# Bytes received from MESH"),
1391 pkt_len, GNUNET_NO);
1392 GNUNET_STATISTICS_update (stats,
1393 gettext_noop ("# TCP IP-exit creation requests received via mesh"),
1395 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpInternetStartMessage))
1397 GNUNET_break_op (0);
1398 return GNUNET_SYSERR;
1400 start = (const struct GNUNET_EXIT_TcpInternetStartMessage*) message;
1401 pkt_len -= sizeof (struct GNUNET_EXIT_TcpInternetStartMessage);
1402 if ( (NULL == state) ||
1403 (NULL != state->serv) ||
1404 (NULL != state->heap_node) )
1406 GNUNET_break_op (0);
1407 return GNUNET_SYSERR;
1409 af = (int) ntohl (start->af);
1410 state->ri.remote_address.af = af;
1414 if (pkt_len < sizeof (struct in_addr))
1416 GNUNET_break_op (0);
1417 return GNUNET_SYSERR;
1421 GNUNET_break_op (0);
1422 return GNUNET_SYSERR;
1424 v4 = (const struct in_addr*) &start[1];
1426 pkt_len -= sizeof (struct in_addr);
1427 state->ri.remote_address.address.ipv4 = *v4;
1430 if (pkt_len < sizeof (struct in6_addr))
1432 GNUNET_break_op (0);
1433 return GNUNET_SYSERR;
1437 GNUNET_break_op (0);
1438 return GNUNET_SYSERR;
1440 v6 = (const struct in6_addr*) &start[1];
1442 pkt_len -= sizeof (struct in_addr);
1443 state->ri.remote_address.address.ipv6 = *v6;
1446 GNUNET_break_op (0);
1447 return GNUNET_SYSERR;
1450 char buf[INET6_ADDRSTRLEN];
1451 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1452 "Received data from %s for starting TCP stream to %s:%u\n",
1453 GNUNET_i2s (sender),
1455 &state->ri.remote_address.address,
1457 (unsigned int) ntohs (start->tcp_header.dpt));
1460 state->ri.remote_address.proto = IPPROTO_TCP;
1461 state->ri.remote_address.port = ntohs (start->tcp_header.dpt);
1462 setup_state_record (state);
1463 send_tcp_packet_via_tun (&state->ri.remote_address,
1464 &state->ri.local_address,
1472 * Process a request to forward TCP data on an established
1473 * connection via this peer.
1475 * @param cls closure, NULL
1476 * @param tunnel connection to the other end
1477 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1478 * @param sender who sent the message
1479 * @param message the actual message
1480 * @param atsi performance data for the connection
1481 * @return GNUNET_OK to keep the connection open,
1482 * GNUNET_SYSERR to close it (signal serious error)
1485 receive_tcp_data (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1486 void **tunnel_ctx GNUNET_UNUSED,
1487 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1488 const struct GNUNET_MessageHeader *message,
1489 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1491 struct TunnelState *state = *tunnel_ctx;
1492 const struct GNUNET_EXIT_TcpDataMessage *data;
1493 uint16_t pkt_len = ntohs (message->size);
1495 GNUNET_STATISTICS_update (stats,
1496 gettext_noop ("# Bytes received from MESH"),
1497 pkt_len, GNUNET_NO);
1498 GNUNET_STATISTICS_update (stats,
1499 gettext_noop ("# TCP data requests received via mesh"),
1501 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpDataMessage))
1503 GNUNET_break_op (0);
1504 return GNUNET_SYSERR;
1506 data = (const struct GNUNET_EXIT_TcpDataMessage*) message;
1507 pkt_len -= sizeof (struct GNUNET_EXIT_TcpDataMessage);
1508 if ( (NULL == state) ||
1509 (NULL == state->heap_node) )
1511 /* connection should have been up! */
1512 GNUNET_STATISTICS_update (stats,
1513 gettext_noop ("# TCP DATA requests dropped (no session)"),
1515 return GNUNET_SYSERR;
1517 GNUNET_break_op (ntohl (data->reserved) == 0);
1519 char buf[INET6_ADDRSTRLEN];
1520 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1521 "Received additional data from %s for TCP stream to %s:%u\n",
1522 GNUNET_i2s (sender),
1523 inet_ntop (state->ri.remote_address.af,
1524 &state->ri.remote_address.address,
1526 (unsigned int) state->ri.remote_address.port);
1529 send_tcp_packet_via_tun (&state->ri.remote_address,
1530 &state->ri.local_address,
1538 * Send a UDP packet via the TUN interface.
1540 * @param destination_address IP and port to use for the UDP packet's destination
1541 * @param source_address IP and port to use for the UDP packet's source
1542 * @param payload payload of the UDP packet (does NOT include UDP header)
1543 * @param payload_length number of bytes of data in payload
1546 send_udp_packet_via_tun (const struct SocketAddress *destination_address,
1547 const struct SocketAddress *source_address,
1548 const void *payload, size_t payload_length)
1552 GNUNET_STATISTICS_update (stats,
1553 gettext_noop ("# UDP packets sent via TUN"),
1555 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1556 "Sending packet with %u bytes UDP payload via TUN\n",
1557 (unsigned int) payload_length);
1558 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
1559 switch (source_address->af)
1562 len += sizeof (struct GNUNET_TUN_IPv4Header);
1565 len += sizeof (struct GNUNET_TUN_IPv6Header);
1571 len += sizeof (struct GNUNET_TUN_UdpHeader);
1572 len += payload_length;
1573 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1580 struct GNUNET_MessageHeader *hdr;
1581 struct GNUNET_TUN_Layer2PacketHeader *tun;
1583 hdr= (struct GNUNET_MessageHeader *) buf;
1584 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1585 hdr->size = htons (len);
1586 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
1587 tun->flags = htons (0);
1588 switch (source_address->af)
1592 struct GNUNET_TUN_IPv4Header * ipv4 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
1594 tun->proto = htons (ETH_P_IPV4);
1595 prepare_ipv4_packet (payload, payload_length,
1599 destination_address,
1605 struct GNUNET_TUN_IPv6Header * ipv6 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
1607 tun->proto = htons (ETH_P_IPV6);
1608 prepare_ipv6_packet (payload, payload_length,
1612 destination_address,
1620 (void) GNUNET_HELPER_send (helper_handle,
1621 (const struct GNUNET_MessageHeader*) buf,
1629 * Process a request to forward UDP data to the Internet via this peer.
1631 * @param cls closure, NULL
1632 * @param tunnel connection to the other end
1633 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1634 * @param sender who sent the message
1635 * @param message the actual message
1636 * @param atsi performance data for the connection
1637 * @return GNUNET_OK to keep the connection open,
1638 * GNUNET_SYSERR to close it (signal serious error)
1641 receive_udp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1642 void **tunnel_ctx GNUNET_UNUSED,
1643 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1644 const struct GNUNET_MessageHeader *message,
1645 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1647 struct TunnelState *state = *tunnel_ctx;
1648 const struct GNUNET_EXIT_UdpInternetMessage *msg;
1649 uint16_t pkt_len = ntohs (message->size);
1650 const struct in_addr *v4;
1651 const struct in6_addr *v6;
1652 const void *payload;
1655 GNUNET_STATISTICS_update (stats,
1656 gettext_noop ("# Bytes received from MESH"),
1657 pkt_len, GNUNET_NO);
1658 GNUNET_STATISTICS_update (stats,
1659 gettext_noop ("# UDP IP-exit requests received via mesh"),
1661 if (pkt_len < sizeof (struct GNUNET_EXIT_UdpInternetMessage))
1663 GNUNET_break_op (0);
1664 return GNUNET_SYSERR;
1666 msg = (const struct GNUNET_EXIT_UdpInternetMessage*) message;
1667 pkt_len -= sizeof (struct GNUNET_EXIT_UdpInternetMessage);
1668 af = (int) ntohl (msg->af);
1669 state->ri.remote_address.af = af;
1673 if (pkt_len < sizeof (struct in_addr))
1675 GNUNET_break_op (0);
1676 return GNUNET_SYSERR;
1680 GNUNET_break_op (0);
1681 return GNUNET_SYSERR;
1683 v4 = (const struct in_addr*) &msg[1];
1685 pkt_len -= sizeof (struct in_addr);
1686 state->ri.remote_address.address.ipv4 = *v4;
1689 if (pkt_len < sizeof (struct in6_addr))
1691 GNUNET_break_op (0);
1692 return GNUNET_SYSERR;
1696 GNUNET_break_op (0);
1697 return GNUNET_SYSERR;
1699 v6 = (const struct in6_addr*) &msg[1];
1701 pkt_len -= sizeof (struct in_addr);
1702 state->ri.remote_address.address.ipv6 = *v6;
1705 GNUNET_break_op (0);
1706 return GNUNET_SYSERR;
1709 char buf[INET6_ADDRSTRLEN];
1710 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1711 "Received data from %s for forwarding to UDP %s:%u\n",
1712 GNUNET_i2s (sender),
1714 &state->ri.remote_address.address,
1716 (unsigned int) ntohs (msg->destination_port));
1718 state->ri.remote_address.proto = IPPROTO_UDP;
1719 state->ri.remote_address.port = msg->destination_port;
1720 if (NULL == state->heap_node)
1721 setup_state_record (state);
1722 if (0 != ntohs (msg->source_port))
1723 state->ri.local_address.port = msg->source_port;
1724 send_udp_packet_via_tun (&state->ri.remote_address,
1725 &state->ri.local_address,
1732 * Process a request via mesh to send a request to a UDP service
1733 * offered by this system.
1735 * @param cls closure, NULL
1736 * @param tunnel connection to the other end
1737 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1738 * @param sender who sent the message
1739 * @param message the actual message
1740 * @param atsi performance data for the connection
1741 * @return GNUNET_OK to keep the connection open,
1742 * GNUNET_SYSERR to close it (signal serious error)
1745 receive_udp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1747 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1748 const struct GNUNET_MessageHeader *message,
1749 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1751 struct TunnelState *state = *tunnel_ctx;
1752 const struct GNUNET_EXIT_UdpServiceMessage *msg;
1753 uint16_t pkt_len = ntohs (message->size);
1755 GNUNET_STATISTICS_update (stats,
1756 gettext_noop ("# Bytes received from MESH"),
1757 pkt_len, GNUNET_NO);
1758 GNUNET_STATISTICS_update (stats,
1759 gettext_noop ("# UDP service requests received via mesh"),
1761 /* check that we got at least a valid header */
1762 if (pkt_len < sizeof (struct GNUNET_EXIT_UdpServiceMessage))
1764 GNUNET_break_op (0);
1765 return GNUNET_SYSERR;
1767 msg = (const struct GNUNET_EXIT_UdpServiceMessage*) message;
1768 pkt_len -= sizeof (struct GNUNET_EXIT_UdpServiceMessage);
1769 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1770 "Received data from %s for forwarding to UDP service %s on port %u\n",
1771 GNUNET_i2s (sender),
1772 GNUNET_h2s (&msg->service_descriptor),
1773 (unsigned int) ntohs (msg->destination_port));
1774 if (NULL == (state->serv = find_service (udp_services, &msg->service_descriptor,
1775 ntohs (msg->destination_port))))
1777 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1778 _("No service found for %s on port %d!\n"),
1780 ntohs (msg->destination_port));
1781 GNUNET_STATISTICS_update (stats,
1782 gettext_noop ("# UDP requests dropped (no such service)"),
1784 return GNUNET_SYSERR;
1786 state->ri.remote_address = state->serv->address;
1787 setup_state_record (state);
1788 if (0 != ntohs (msg->source_port))
1789 state->ri.local_address.port = msg->source_port;
1790 send_udp_packet_via_tun (&state->ri.remote_address,
1791 &state->ri.local_address,
1798 * Callback from GNUNET_MESH for new tunnels.
1800 * @param cls closure
1801 * @param tunnel new handle to the tunnel
1802 * @param initiator peer that started the tunnel
1803 * @param atsi performance information for the tunnel
1804 * @return initial tunnel context for the tunnel
1807 new_tunnel (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1808 const struct GNUNET_PeerIdentity *initiator GNUNET_UNUSED,
1809 const struct GNUNET_ATS_Information *ats GNUNET_UNUSED)
1811 struct TunnelState *s = GNUNET_malloc (sizeof (struct TunnelState));
1813 GNUNET_STATISTICS_update (stats,
1814 gettext_noop ("# Inbound MESH tunnels created"),
1816 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1817 "Received inbound tunnel from `%s'\n",
1818 GNUNET_i2s (initiator));
1825 * Function called by mesh whenever an inbound tunnel is destroyed.
1826 * Should clean up any associated state.
1828 * @param cls closure (set from GNUNET_MESH_connect)
1829 * @param tunnel connection to the other end (henceforth invalid)
1830 * @param tunnel_ctx place where local state associated
1831 * with the tunnel is stored
1834 clean_tunnel (void *cls GNUNET_UNUSED, const struct GNUNET_MESH_Tunnel *tunnel,
1837 struct TunnelState *s = tunnel_ctx;
1838 struct TunnelMessageQueue *tnq;
1840 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1841 "Tunnel destroyed\n");
1842 while (NULL != (tnq = s->head))
1844 GNUNET_CONTAINER_DLL_remove (s->head,
1849 if (s->heap_node != NULL)
1851 GNUNET_assert (GNUNET_YES ==
1852 GNUNET_CONTAINER_multihashmap_remove (connections_map,
1855 GNUNET_CONTAINER_heap_remove_node (s->heap_node);
1856 s->heap_node = NULL;
1860 GNUNET_MESH_notify_transmit_ready_cancel (s->th);
1868 * Function that frees everything from a hashmap
1872 * @param value value to free
1875 free_iterate (void *cls GNUNET_UNUSED,
1876 const GNUNET_HashCode * hash GNUNET_UNUSED, void *value)
1878 GNUNET_free (value);
1884 * Function scheduled as very last function, cleans up after us
1887 cleanup (void *cls GNUNET_UNUSED,
1888 const struct GNUNET_SCHEDULER_TaskContext *tskctx)
1892 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1893 "Exit service is shutting down now\n");
1894 if (helper_handle != NULL)
1896 GNUNET_HELPER_stop (helper_handle);
1897 helper_handle = NULL;
1899 if (mesh_handle != NULL)
1901 GNUNET_MESH_disconnect (mesh_handle);
1904 if (NULL != connections_map)
1906 GNUNET_CONTAINER_multihashmap_iterate (connections_map, &free_iterate, NULL);
1907 GNUNET_CONTAINER_multihashmap_destroy (connections_map);
1908 connections_map = NULL;
1910 if (NULL != connections_heap)
1912 GNUNET_CONTAINER_heap_destroy (connections_heap);
1913 connections_heap = NULL;
1915 if (NULL != tcp_services)
1917 GNUNET_CONTAINER_multihashmap_iterate (tcp_services, &free_service_record, NULL);
1918 GNUNET_CONTAINER_multihashmap_destroy (tcp_services);
1919 tcp_services = NULL;
1921 if (NULL != udp_services)
1923 GNUNET_CONTAINER_multihashmap_iterate (udp_services, &free_service_record, NULL);
1924 GNUNET_CONTAINER_multihashmap_destroy (udp_services);
1925 udp_services = NULL;
1929 GNUNET_STATISTICS_destroy (stats, GNUNET_YES);
1933 GNUNET_free_non_null (exit_argv[i]);
1938 * Add services to the service map.
1940 * @param proto IPPROTO_TCP or IPPROTO_UDP
1941 * @param cpy copy of the service descriptor (can be mutilated)
1942 * @param name DNS name of the service
1945 add_services (int proto,
1952 struct LocalService *serv;
1954 for (redirect = strtok (cpy, " "); redirect != NULL;
1955 redirect = strtok (NULL, " "))
1957 if (NULL == (hostname = strstr (redirect, ":")))
1959 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1960 "option `%s' for domain `%s' is not formatted correctly!\n",
1967 if (NULL == (hostport = strstr (hostname, ":")))
1969 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1970 "option `%s' for domain `%s' is not formatted correctly!\n",
1978 int local_port = atoi (redirect);
1979 int remote_port = atoi (hostport);
1981 if (!((local_port > 0) && (local_port < 65536)))
1983 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1984 "`%s' is not a valid port number (for domain `%s')!", redirect,
1988 if (!((remote_port > 0) && (remote_port < 65536)))
1990 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1991 "`%s' is not a valid port number (for domain `%s')!", hostport,
1996 serv = GNUNET_malloc (sizeof (struct LocalService));
1997 serv->my_port = (uint16_t) local_port;
1998 serv->address.port = remote_port;
1999 if (0 == strcmp ("localhost4", hostname))
2001 const char *ip4addr = exit_argv[4];
2003 serv->address.af = AF_INET;
2004 GNUNET_assert (1 != inet_pton (AF_INET, ip4addr, &serv->address.address.ipv4));
2006 else if (0 == strcmp ("localhost6", hostname))
2008 const char *ip6addr = exit_argv[2];
2010 serv->address.af = AF_INET6;
2011 GNUNET_assert (1 == inet_pton (AF_INET6, ip6addr, &serv->address.address.ipv6));
2015 struct addrinfo *res;
2018 ret = getaddrinfo (hostname, NULL, NULL, &res);
2019 if ( (ret != 0) || (res == NULL) )
2021 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2022 _("No addresses found for hostname `%s' of service `%s'!\n"),
2029 serv->address.af = res->ai_family;
2030 switch (res->ai_family)
2035 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2036 _("Service `%s' configured for IPv4, but IPv4 is disabled!\n"),
2042 serv->address.address.ipv4 = ((struct sockaddr_in *) res->ai_addr)->sin_addr;
2047 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2048 _("Service `%s' configured for IPv4, but IPv4 is disabled!\n"),
2054 serv->address.address.ipv6 = ((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
2058 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2059 _("No IP addresses found for hostname `%s' of service `%s'!\n"),
2067 store_service ((IPPROTO_UDP == proto) ? udp_services : tcp_services,
2076 * Reads the configuration servicecfg and populates udp_services
2079 * @param section name of section in config, equal to hostname
2082 read_service_conf (void *cls GNUNET_UNUSED, const char *section)
2086 if ((strlen (section) < 8) ||
2087 (0 != strcmp (".gnunet.", section + (strlen (section) - 8))))
2090 GNUNET_CONFIGURATION_get_value_string (cfg, section, "UDP_REDIRECTS",
2093 add_services (IPPROTO_UDP, cpy, section);
2097 GNUNET_CONFIGURATION_get_value_string (cfg, section, "TCP_REDIRECTS",
2100 add_services (IPPROTO_TCP, cpy, section);
2107 * @brief Main function that will be run by the scheduler.
2109 * @param cls closure
2110 * @param args remaining command-line arguments
2111 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
2112 * @param cfg_ configuration
2115 run (void *cls, char *const *args GNUNET_UNUSED,
2116 const char *cfgfile GNUNET_UNUSED,
2117 const struct GNUNET_CONFIGURATION_Handle *cfg_)
2119 static struct GNUNET_MESH_MessageHandler handlers[] = {
2120 {&receive_udp_service, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_SERVICE, 0},
2121 {&receive_udp_remote, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_INTERNET, 0},
2122 {&receive_tcp_service, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_SERVICE_START, 0},
2123 {&receive_tcp_remote, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_INTERNET_START, 0},
2124 {&receive_tcp_data, GNUNET_MESSAGE_TYPE_VPN_TCP_DATA, 0},
2128 static GNUNET_MESH_ApplicationType apptypes[] = {
2129 GNUNET_APPLICATION_TYPE_END,
2130 GNUNET_APPLICATION_TYPE_END,
2131 GNUNET_APPLICATION_TYPE_END
2133 unsigned int app_idx;
2144 stats = GNUNET_STATISTICS_create ("exit", cfg);
2145 ipv4_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV4");
2146 ipv6_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV6");
2147 ipv4_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV4");
2148 ipv6_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV6");
2149 if (ipv4_exit && (! ipv4_enabled))
2151 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2152 _("Cannot enable IPv4 exit but disable IPv4 on TUN interface, will use ENABLE_IPv4=YES\n"));
2153 ipv4_enabled = GNUNET_YES;
2155 if (ipv6_exit && (! ipv6_enabled))
2157 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2158 _("Cannot enable IPv6 exit but disable IPv6 on TUN interface, will use ENABLE_IPv6=YES\n"));
2159 ipv6_enabled = GNUNET_YES;
2161 if (! (ipv4_enabled || ipv6_enabled))
2163 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2164 _("No useful service enabled. Exiting.\n"));
2165 GNUNET_SCHEDULER_shutdown ();
2169 if (GNUNET_YES == ipv4_exit)
2171 apptypes[app_idx] = GNUNET_APPLICATION_TYPE_IPV4_GATEWAY;
2174 if (GNUNET_YES == ipv6_exit)
2176 apptypes[app_idx] = GNUNET_APPLICATION_TYPE_IPV6_GATEWAY;
2180 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &cleanup, cls);
2183 GNUNET_CONFIGURATION_get_value_number (cfg, "exit", "MAX_CONNECTIONS",
2185 max_connections = 1024;
2186 exit_argv[0] = GNUNET_strdup ("exit-gnunet");
2187 if (GNUNET_SYSERR ==
2188 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "TUN_IFNAME", &tun_ifname))
2190 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2191 "No entry 'TUN_IFNAME' in configuration!\n");
2192 GNUNET_SCHEDULER_shutdown ();
2195 exit_argv[1] = tun_ifname;
2198 if (GNUNET_SYSERR ==
2199 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "EXIT_IFNAME", &exit_ifname))
2201 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2202 "No entry 'EXIT_IFNAME' in configuration!\n");
2203 GNUNET_SCHEDULER_shutdown ();
2206 exit_argv[2] = exit_ifname;
2210 exit_argv[2] = GNUNET_strdup ("%");
2212 if (GNUNET_YES == ipv6_enabled)
2214 if ( (GNUNET_SYSERR ==
2215 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6ADDR",
2217 (1 != inet_pton (AF_INET6, ipv6addr, &v6))) )
2219 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2220 "No valid entry 'IPV6ADDR' in configuration!\n");
2221 GNUNET_SCHEDULER_shutdown ();
2224 exit_argv[3] = ipv6addr;
2225 if (GNUNET_SYSERR ==
2226 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6PREFIX",
2229 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2230 "No entry 'IPV6PREFIX' in configuration!\n");
2231 GNUNET_SCHEDULER_shutdown ();
2234 exit_argv[4] = ipv6prefix_s;
2236 GNUNET_CONFIGURATION_get_value_number (cfg, "exit",
2239 (ipv6prefix >= 127) )
2241 GNUNET_SCHEDULER_shutdown ();
2247 /* IPv6 explicitly disabled */
2248 exit_argv[3] = GNUNET_strdup ("-");
2249 exit_argv[4] = GNUNET_strdup ("-");
2251 if (GNUNET_YES == ipv4_enabled)
2253 if ( (GNUNET_SYSERR ==
2254 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4ADDR",
2256 (1 != inet_pton (AF_INET, ipv4addr, &v4))) )
2258 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2259 "No valid entry for 'IPV4ADDR' in configuration!\n");
2260 GNUNET_SCHEDULER_shutdown ();
2263 exit_argv[5] = ipv4addr;
2264 if ( (GNUNET_SYSERR ==
2265 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4MASK",
2267 (1 != inet_pton (AF_INET, ipv4mask, &v4))) )
2269 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2270 "No valid entry 'IPV4MASK' in configuration!\n");
2271 GNUNET_SCHEDULER_shutdown ();
2274 exit_argv[6] = ipv4mask;
2278 /* IPv4 explicitly disabled */
2279 exit_argv[5] = GNUNET_strdup ("-");
2280 exit_argv[6] = GNUNET_strdup ("-");
2282 exit_argv[7] = NULL;
2284 udp_services = GNUNET_CONTAINER_multihashmap_create (65536);
2285 tcp_services = GNUNET_CONTAINER_multihashmap_create (65536);
2286 GNUNET_CONFIGURATION_iterate_sections (cfg, &read_service_conf, NULL);
2288 connections_map = GNUNET_CONTAINER_multihashmap_create (65536);
2289 connections_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
2291 = GNUNET_MESH_connect (cfg, 42 /* queue size */, NULL,
2293 &clean_tunnel, handlers,
2295 if (NULL == mesh_handle)
2297 GNUNET_SCHEDULER_shutdown ();
2300 helper_handle = GNUNET_HELPER_start ("gnunet-helper-exit",
2302 &message_token, NULL);
2309 * @param argc number of arguments from the command line
2310 * @param argv command line arguments
2311 * @return 0 ok, 1 on error
2314 main (int argc, char *const *argv)
2316 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
2317 GNUNET_GETOPT_OPTION_END
2320 return (GNUNET_OK ==
2321 GNUNET_PROGRAM_run (argc, argv, "gnunet-daemon-exit",
2323 ("Daemon to run to provide an IP exit node for the VPN"),
2324 options, &run, NULL)) ? 0 : 1;
2328 /* end of gnunet-daemon-exit.c */