2 This file is part of GNUnet.
3 (C) 2010, 2012 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file exit/gnunet-daemon-exit.c
23 * @brief tool to allow IP traffic exit from the GNUnet mesh to the Internet
24 * @author Philipp Toelke
25 * @author Christian Grothoff
31 * - which code should advertise services? the service model is right
32 * now a bit odd, especially as this code DOES the exit and knows
33 * the DNS "name", but OTOH this is clearly NOT the place to advertise
34 * the service's existence; maybe the daemon should turn into a
35 * service with an API to add local-exit services dynamically?
38 #include "gnunet_util_lib.h"
39 #include "gnunet_protocols.h"
40 #include "gnunet_applications.h"
41 #include "gnunet_mesh_service.h"
42 #include "gnunet_statistics_service.h"
43 #include "gnunet_constants.h"
44 #include "gnunet_tun_lib.h"
48 * Information about an address.
53 * AF_INET or AF_INET6.
58 * Remote address information.
63 * Address, if af is AF_INET.
68 * Address, if af is AF_INET6.
74 * IPPROTO_TCP or IPPROTO_UDP;
79 * Remote port, in host byte order!
86 * This struct is saved into the services-hashmap to represent
87 * a service this peer is specifically offering an exit for
88 * (for a specific domain name).
94 * Remote address to use for the service.
96 struct SocketAddress address;
99 * DNS name of the service.
104 * Port I am listening on within GNUnet for this service, in host
105 * byte order. (as we may redirect ports).
112 * Information we use to track a connection (the classical 6-tuple of
113 * IP-version, protocol, source-IP, destination-IP, source-port and
116 struct RedirectInformation
120 * Address information for the other party (equivalent of the
121 * arguments one would give to "connect").
123 struct SocketAddress remote_address;
126 * Address information we used locally (AF and proto must match
127 * "remote_address"). Equivalent of the arguments one would give to
130 struct SocketAddress local_address;
133 Note 1: additional information might be added here in the
134 future to support protocols that require special handling,
137 Note 2: we might also sometimes not match on all components
138 of the tuple, to support protocols where things do not always
145 * Queue of messages to a tunnel.
147 struct TunnelMessageQueue
150 * This is a doubly-linked list.
152 struct TunnelMessageQueue *next;
155 * This is a doubly-linked list.
157 struct TunnelMessageQueue *prev;
160 * Payload to send via the tunnel.
165 * Number of bytes in 'payload'.
172 * This struct is saved into connections_map to allow finding the
173 * right tunnel given an IP packet from TUN. It is also associated
174 * with the tunnel's closure so we can find it again for the next
175 * message from the tunnel.
180 * Mesh tunnel that is used for this connection.
182 struct GNUNET_MESH_Tunnel *tunnel;
185 * Heap node for this state in the connections_heap.
187 struct GNUNET_CONTAINER_HeapNode *heap_node;
190 * Key this state has in the connections_map.
192 GNUNET_HashCode state_key;
195 * Associated service record, or NULL for no service.
197 struct LocalService *serv;
200 * Head of DLL of messages for this tunnel.
202 struct TunnelMessageQueue *head;
205 * Tail of DLL of messages for this tunnel.
207 struct TunnelMessageQueue *tail;
210 * Active tunnel transmission request (or NULL).
212 struct GNUNET_MESH_TransmitHandle *th;
215 * Primary redirection information for this connection.
217 struct RedirectInformation ri;
223 * Return value from 'main'.
225 static int global_ret;
228 * The handle to the configuration used throughout the process
230 static const struct GNUNET_CONFIGURATION_Handle *cfg;
233 * The handle to the helper
235 static struct GNUNET_HELPER_Handle *helper_handle;
238 * Arguments to the exit helper.
240 static char *exit_argv[8];
243 * IPv6 address of our TUN interface.
245 static struct in6_addr exit_ipv6addr;
248 * IPv6 prefix (0..127) from configuration file.
250 static unsigned long long ipv6prefix;
253 * IPv4 address of our TUN interface.
255 static struct in_addr exit_ipv4addr;
258 * IPv4 netmask of our TUN interface.
260 static struct in_addr exit_ipv4mask;
266 static struct GNUNET_STATISTICS_Handle *stats;
271 static struct GNUNET_MESH_Handle *mesh_handle;
274 * This hashmaps contains the mapping from peer, service-descriptor,
275 * source-port and destination-port to a struct TunnelState
277 static struct GNUNET_CONTAINER_MultiHashMap *connections_map;
280 * Heap so we can quickly find "old" connections.
282 static struct GNUNET_CONTAINER_Heap *connections_heap;
285 * If there are at least this many connections, old ones will be removed
287 static long long unsigned int max_connections;
290 * This hashmaps saves interesting things about the configured UDP services
292 static struct GNUNET_CONTAINER_MultiHashMap *udp_services;
295 * This hashmaps saves interesting things about the configured TCP services
297 static struct GNUNET_CONTAINER_MultiHashMap *tcp_services;
300 * Are we an IPv4-exit?
302 static int ipv4_exit;
305 * Are we an IPv6-exit?
307 static int ipv6_exit;
310 * Do we support IPv4 at all on the TUN interface?
312 static int ipv4_enabled;
315 * Do we support IPv6 at all on the TUN interface?
317 static int ipv6_enabled;
321 * Given IP information about a connection, calculate the respective
322 * hash we would use for the 'connections_map'.
324 * @param hash resulting hash
325 * @param ri information about the connection
328 hash_redirect_info (GNUNET_HashCode *hash,
329 const struct RedirectInformation *ri)
333 memset (hash, 0, sizeof (GNUNET_HashCode));
334 /* the GNUnet hashmap only uses the first sizeof(unsigned int) of the hash,
335 so we put the IP address in there (and hope for few collisions) */
337 switch (ri->remote_address.af)
340 memcpy (off, &ri->remote_address.address.ipv4, sizeof (struct in_addr));
341 off += sizeof (struct in_addr);
344 memcpy (off, &ri->remote_address.address.ipv6, sizeof (struct in6_addr));
345 off += sizeof (struct in_addr);
350 memcpy (off, &ri->remote_address.port, sizeof (uint16_t));
351 off += sizeof (uint16_t);
352 switch (ri->local_address.af)
355 memcpy (off, &ri->local_address.address.ipv4, sizeof (struct in_addr));
356 off += sizeof (struct in_addr);
359 memcpy (off, &ri->local_address.address.ipv6, sizeof (struct in6_addr));
360 off += sizeof (struct in_addr);
365 memcpy (off, &ri->local_address.port, sizeof (uint16_t));
366 off += sizeof (uint16_t);
367 memcpy (off, &ri->remote_address.proto, sizeof (uint8_t));
368 off += sizeof (uint8_t);
373 * Get our connection tracking state. Warns if it does not exists,
374 * refreshes the timestamp if it does exist.
376 * @param af address family
377 * @param protocol IPPROTO_UDP or IPPROTO_TCP
378 * @param destination_ip target IP
379 * @param destination_port target port
380 * @param local_ip local IP
381 * @param local_port local port
382 * @param state_key set to hash's state if non-NULL
383 * @return NULL if we have no tracking information for this tuple
385 static struct TunnelState *
386 get_redirect_state (int af,
388 const void *destination_ip,
389 uint16_t destination_port,
390 const void *local_ip,
392 GNUNET_HashCode *state_key)
394 struct RedirectInformation ri;
396 struct TunnelState *state;
398 if (protocol == IPPROTO_ICMP)
401 destination_port = 0;
404 ri.remote_address.af = af;
406 ri.remote_address.address.ipv4 = *((struct in_addr*) destination_ip);
408 ri.remote_address.address.ipv6 = * ((struct in6_addr*) destination_ip);
409 ri.remote_address.port = destination_port;
410 ri.remote_address.proto = protocol;
411 ri.local_address.af = af;
413 ri.local_address.address.ipv4 = *((struct in_addr*) local_ip);
415 ri.local_address.address.ipv6 = * ((struct in6_addr*) local_ip);
416 ri.local_address.port = local_port;
417 ri.local_address.proto = protocol;
418 hash_redirect_info (&key, &ri);
419 if (NULL != state_key)
421 state = GNUNET_CONTAINER_multihashmap_get (connections_map, &key);
424 /* Mark this connection as freshly used */
425 if (NULL == state_key)
426 GNUNET_CONTAINER_heap_update_cost (connections_heap,
428 GNUNET_TIME_absolute_get ().abs_value);
434 * Given a service descriptor and a destination port, find the
435 * respective service entry.
437 * @param service_map map of services (TCP or UDP)
438 * @param desc service descriptor
439 * @param destination_port destination port
440 * @return NULL if we are not aware of such a service
442 static struct LocalService *
443 find_service (struct GNUNET_CONTAINER_MultiHashMap *service_map,
444 const GNUNET_HashCode *desc,
445 uint16_t destination_port)
447 char key[sizeof (GNUNET_HashCode) + sizeof (uint16_t)];
449 memcpy (&key[0], &destination_port, sizeof (uint16_t));
450 memcpy (&key[sizeof(uint16_t)], desc, sizeof (GNUNET_HashCode));
451 return GNUNET_CONTAINER_multihashmap_get (service_map,
452 (GNUNET_HashCode *) key);
457 * Free memory associated with a service record.
460 * @param key service descriptor
461 * @param value service record to free
465 free_service_record (void *cls,
466 const GNUNET_HashCode *key,
469 struct LocalService *service = value;
471 GNUNET_free_non_null (service->name);
472 GNUNET_free (service);
478 * Given a service descriptor and a destination port, find the
479 * respective service entry.
481 * @param service_map map of services (TCP or UDP)
482 * @param name name of the service
483 * @param destination_port destination port
484 * @param service service information record to store (service->name will be set).
487 store_service (struct GNUNET_CONTAINER_MultiHashMap *service_map,
489 uint16_t destination_port,
490 struct LocalService *service)
492 char key[sizeof (GNUNET_HashCode) + sizeof (uint16_t)];
493 GNUNET_HashCode desc;
495 GNUNET_CRYPTO_hash (name, strlen (name) + 1, &desc);
496 service->name = GNUNET_strdup (name);
497 memcpy (&key[0], &destination_port, sizeof (uint16_t));
498 memcpy (&key[sizeof(uint16_t)], &desc, sizeof (GNUNET_HashCode));
500 GNUNET_CONTAINER_multihashmap_put (service_map,
501 (GNUNET_HashCode *) key,
503 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
505 free_service_record (NULL, (GNUNET_HashCode *) key, service);
506 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
507 _("Got duplicate service records for `%s:%u'\n"),
509 (unsigned int) destination_port);
515 * MESH is ready to receive a message for the tunnel. Transmit it.
517 * @param cls the 'struct TunnelState'.
518 * @param size number of bytes available in buf
519 * @param buf where to copy the message
520 * @return number of bytes copied to buf
523 send_to_peer_notify_callback (void *cls, size_t size, void *buf)
525 struct TunnelState *s = cls;
526 struct GNUNET_MESH_Tunnel *tunnel = s->tunnel;
527 struct TunnelMessageQueue *tnq;
535 s->th = GNUNET_MESH_notify_transmit_ready (tunnel,
536 GNUNET_NO /* corking */,
538 GNUNET_TIME_UNIT_FOREVER_REL,
541 &send_to_peer_notify_callback,
545 GNUNET_assert (size >= tnq->len);
546 memcpy (buf, tnq->payload, tnq->len);
548 GNUNET_CONTAINER_DLL_remove (s->head,
552 if (NULL != (tnq = s->head))
553 s->th = GNUNET_MESH_notify_transmit_ready (tunnel,
554 GNUNET_NO /* corking */,
556 GNUNET_TIME_UNIT_FOREVER_REL,
559 &send_to_peer_notify_callback,
561 GNUNET_STATISTICS_update (stats,
562 gettext_noop ("# Bytes transmitted via mesh tunnels"),
569 * Send the given packet via the mesh tunnel.
571 * @param mesh_tunnel destination
572 * @param tnq message to queue
575 send_packet_to_mesh_tunnel (struct GNUNET_MESH_Tunnel *mesh_tunnel,
576 struct TunnelMessageQueue *tnq)
578 struct TunnelState *s;
580 s = GNUNET_MESH_tunnel_get_data (mesh_tunnel);
581 GNUNET_assert (NULL != s);
582 GNUNET_CONTAINER_DLL_insert_tail (s->head, s->tail, tnq);
584 s->th = GNUNET_MESH_notify_transmit_ready (mesh_tunnel, GNUNET_NO /* cork */, 0 /* priority */,
585 GNUNET_TIME_UNIT_FOREVER_REL,
587 &send_to_peer_notify_callback,
593 * @brief Handles an ICMP packet received from the helper.
595 * @param icmp A pointer to the Packet
596 * @param pktlen number of bytes in 'icmp'
597 * @param af address family (AFINET or AF_INET6)
598 * @param destination_ip destination IP-address of the IP packet (should
599 * be our local address)
600 * @param source_ip original source IP-address of the IP packet (should
601 * be the original destination address)
604 icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp,
607 const void *destination_ip,
608 const void *source_ip)
610 struct TunnelState *state;
611 struct TunnelMessageQueue *tnq;
612 struct GNUNET_EXIT_IcmpToVPNMessage *i2v;
613 const struct GNUNET_TUN_IPv4Header *ipv4;
614 const struct GNUNET_TUN_IPv6Header *ipv6;
615 const struct GNUNET_TUN_UdpHeader *udp;
617 uint16_t source_port;
618 uint16_t destination_port;
622 char sbuf[INET6_ADDRSTRLEN];
623 char dbuf[INET6_ADDRSTRLEN];
624 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
625 "Received ICMP packet going from %s to %s\n",
628 sbuf, sizeof (sbuf)),
631 dbuf, sizeof (dbuf)));
633 if (pktlen < sizeof (struct GNUNET_TUN_IcmpHeader))
640 /* Find out if this is an ICMP packet in response to an existing
641 TCP/UDP packet and if so, figure out ports / protocol of the
642 existing session from the IP data in the ICMP payload */
644 destination_port = 0;
645 protocol = IPPROTO_ICMP;
651 case GNUNET_TUN_ICMPTYPE_ECHO_REPLY:
652 case GNUNET_TUN_ICMPTYPE_ECHO_REQUEST:
654 case GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE:
655 case GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH:
656 case GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED:
658 sizeof (struct GNUNET_TUN_IcmpHeader) +
659 sizeof (struct GNUNET_TUN_IPv4Header) + 8)
665 ipv4 = (const struct GNUNET_TUN_IPv4Header *) &icmp[1];
666 protocol = ipv4->protocol;
667 /* could be TCP or UDP, but both have the ports in the right
668 place, so that doesn't matter here */
669 udp = (const struct GNUNET_TUN_UdpHeader *) &ipv4[1];
670 source_port = ntohs (udp->source_port);
671 destination_port = ntohs (udp->destination_port);
672 /* throw away ICMP payload, won't be useful for the other side anyway */
673 pktlen = sizeof (struct GNUNET_TUN_IcmpHeader);
676 GNUNET_STATISTICS_update (stats,
677 gettext_noop ("# ICMPv4 packets dropped (type not allowed)"),
685 case GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE:
686 case GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG:
687 case GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED:
688 case GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM:
690 sizeof (struct GNUNET_TUN_IcmpHeader) +
691 sizeof (struct GNUNET_TUN_IPv6Header) + 8)
697 ipv6 = (const struct GNUNET_TUN_IPv6Header *) &icmp[1];
698 protocol = ipv6->next_header;
699 /* could be TCP or UDP, but both have the ports in the right
700 place, so that doesn't matter here */
701 udp = (const struct GNUNET_TUN_UdpHeader *) &ipv6[1];
702 source_port = ntohs (udp->source_port);
703 destination_port = ntohs (udp->destination_port);
704 /* throw away ICMP payload, won't be useful for the other side anyway */
705 pktlen = sizeof (struct GNUNET_TUN_IcmpHeader);
707 case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST:
708 case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY:
711 GNUNET_STATISTICS_update (stats,
712 gettext_noop ("# ICMPv6 packets dropped (type not allowed)"),
723 state = get_redirect_state (af, IPPROTO_ICMP,
729 state = get_redirect_state (af, IPPROTO_UDP,
737 state = get_redirect_state (af, IPPROTO_TCP,
745 GNUNET_STATISTICS_update (stats,
746 gettext_noop ("# ICMP packets dropped (not allowed)"),
752 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
753 _("ICMP Packet dropped, have no matching connection information\n"));
756 mlen = sizeof (struct GNUNET_EXIT_IcmpToVPNMessage) + pktlen - sizeof (struct GNUNET_TUN_IcmpHeader);
757 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueue) + mlen);
758 tnq->payload = &tnq[1];
760 i2v = (struct GNUNET_EXIT_IcmpToVPNMessage *) &tnq[1];
761 i2v->header.size = htons ((uint16_t) mlen);
762 i2v->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_VPN);
763 i2v->af = htonl (af);
764 memcpy (&i2v->icmp_header,
767 send_packet_to_mesh_tunnel (state->tunnel,
773 * @brief Handles an UDP packet received from the helper.
775 * @param udp A pointer to the Packet
776 * @param pktlen number of bytes in 'udp'
777 * @param af address family (AFINET or AF_INET6)
778 * @param destination_ip destination IP-address of the IP packet (should
779 * be our local address)
780 * @param source_ip original source IP-address of the IP packet (should
781 * be the original destination address)
784 udp_from_helper (const struct GNUNET_TUN_UdpHeader *udp,
787 const void *destination_ip,
788 const void *source_ip)
790 struct TunnelState *state;
791 struct TunnelMessageQueue *tnq;
792 struct GNUNET_EXIT_UdpReplyMessage *urm;
796 char sbuf[INET6_ADDRSTRLEN];
797 char dbuf[INET6_ADDRSTRLEN];
798 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
799 "Received UDP packet going from %s:%u to %s:%u\n",
802 sbuf, sizeof (sbuf)),
803 (unsigned int) ntohs (udp->source_port),
806 dbuf, sizeof (dbuf)),
807 (unsigned int) ntohs (udp->destination_port));
809 if (pktlen < sizeof (struct GNUNET_TUN_UdpHeader))
815 if (pktlen != ntohs (udp->len))
821 state = get_redirect_state (af, IPPROTO_UDP,
823 ntohs (udp->source_port),
825 ntohs (udp->destination_port),
829 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
830 _("UDP Packet dropped, have no matching connection information\n"));
833 mlen = sizeof (struct GNUNET_EXIT_UdpReplyMessage) + pktlen - sizeof (struct GNUNET_TUN_UdpHeader);
834 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueue) + mlen);
835 tnq->payload = &tnq[1];
837 urm = (struct GNUNET_EXIT_UdpReplyMessage *) &tnq[1];
838 urm->header.size = htons ((uint16_t) mlen);
839 urm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_UDP_REPLY);
840 urm->source_port = htons (0);
841 urm->destination_port = htons (0);
844 pktlen - sizeof (struct GNUNET_TUN_UdpHeader));
845 send_packet_to_mesh_tunnel (state->tunnel,
851 * @brief Handles a TCP packet received from the helper.
853 * @param tcp A pointer to the Packet
854 * @param pktlen the length of the packet, including its TCP header
855 * @param af address family (AFINET or AF_INET6)
856 * @param destination_ip destination IP-address of the IP packet (should
857 * be our local address)
858 * @param source_ip original source IP-address of the IP packet (should
859 * be the original destination address)
862 tcp_from_helper (const struct GNUNET_TUN_TcpHeader *tcp,
865 const void *destination_ip,
866 const void *source_ip)
868 struct TunnelState *state;
870 struct GNUNET_TUN_TcpHeader *mtcp;
871 struct GNUNET_EXIT_TcpDataMessage *tdm;
872 struct TunnelMessageQueue *tnq;
876 char sbuf[INET6_ADDRSTRLEN];
877 char dbuf[INET6_ADDRSTRLEN];
878 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
879 "Received TCP packet with %u bytes going from %s:%u to %s:%u\n",
880 pktlen - sizeof (struct GNUNET_TUN_TcpHeader),
883 sbuf, sizeof (sbuf)),
884 (unsigned int) ntohs (tcp->source_port),
887 dbuf, sizeof (dbuf)),
888 (unsigned int) ntohs (tcp->destination_port));
890 if (pktlen < sizeof (struct GNUNET_TUN_TcpHeader))
896 state = get_redirect_state (af, IPPROTO_TCP,
898 ntohs (tcp->source_port),
900 ntohs (tcp->destination_port),
904 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
905 _("TCP Packet dropped, have no matching connection information\n"));
909 /* mug port numbers and crc to avoid information leakage;
910 sender will need to lookup the correct values anyway */
911 memcpy (buf, tcp, pktlen);
912 mtcp = (struct GNUNET_TUN_TcpHeader *) buf;
913 mtcp->source_port = 0;
914 mtcp->destination_port = 0;
917 mlen = sizeof (struct GNUNET_EXIT_TcpDataMessage) + (pktlen - sizeof (struct GNUNET_TUN_TcpHeader));
918 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
924 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueue) + mlen);
925 tnq->payload = &tnq[1];
927 tdm = (struct GNUNET_EXIT_TcpDataMessage *) &tnq[1];
928 tdm->header.size = htons ((uint16_t) mlen);
929 tdm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_VPN);
930 tdm->reserved = htonl (0);
931 memcpy (&tdm->tcp_header,
934 send_packet_to_mesh_tunnel (state->tunnel,
940 * Receive packets from the helper-process
943 * @param client unsued
944 * @param message message received from helper
947 message_token (void *cls GNUNET_UNUSED, void *client GNUNET_UNUSED,
948 const struct GNUNET_MessageHeader *message)
950 const struct GNUNET_TUN_Layer2PacketHeader *pkt_tun;
953 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
954 "Got %u-byte message of type %u from gnunet-helper-exit\n",
955 ntohs (message->size),
956 ntohs (message->type));
957 GNUNET_STATISTICS_update (stats,
958 gettext_noop ("# Packets received from TUN"),
960 if (ntohs (message->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER)
965 size = ntohs (message->size);
966 if (size < sizeof (struct GNUNET_TUN_Layer2PacketHeader) + sizeof (struct GNUNET_MessageHeader))
971 GNUNET_STATISTICS_update (stats,
972 gettext_noop ("# Bytes received from TUN"),
974 pkt_tun = (const struct GNUNET_TUN_Layer2PacketHeader *) &message[1];
975 size -= sizeof (struct GNUNET_TUN_Layer2PacketHeader) + sizeof (struct GNUNET_MessageHeader);
976 switch (ntohs (pkt_tun->proto))
980 const struct GNUNET_TUN_IPv4Header *pkt4;
982 if (size < sizeof (struct GNUNET_TUN_IPv4Header))
984 /* Kernel to blame? */
988 pkt4 = (const struct GNUNET_TUN_IPv4Header *) &pkt_tun[1];
989 if (size != ntohs (pkt4->total_length))
991 /* Kernel to blame? */
995 if (pkt4->header_length * 4 != sizeof (struct GNUNET_TUN_IPv4Header))
997 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
998 _("IPv4 packet options received. Ignored.\n"));
1002 size -= sizeof (struct GNUNET_TUN_IPv4Header);
1003 switch (pkt4->protocol)
1006 udp_from_helper ((const struct GNUNET_TUN_UdpHeader *) &pkt4[1], size,
1008 &pkt4->destination_address,
1009 &pkt4->source_address);
1012 tcp_from_helper ((const struct GNUNET_TUN_TcpHeader *) &pkt4[1], size,
1014 &pkt4->destination_address,
1015 &pkt4->source_address);
1018 icmp_from_helper ((const struct GNUNET_TUN_IcmpHeader *) &pkt4[1], size,
1020 &pkt4->destination_address,
1021 &pkt4->source_address);
1024 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1025 _("IPv4 packet with unsupported next header %u received. Ignored.\n"),
1026 (int) pkt4->protocol);
1033 const struct GNUNET_TUN_IPv6Header *pkt6;
1035 if (size < sizeof (struct GNUNET_TUN_IPv6Header))
1037 /* Kernel to blame? */
1041 pkt6 = (struct GNUNET_TUN_IPv6Header *) &pkt_tun[1];
1042 if (size != ntohs (pkt6->payload_length) + sizeof (struct GNUNET_TUN_IPv6Header))
1044 /* Kernel to blame? */
1048 size -= sizeof (struct GNUNET_TUN_IPv6Header);
1049 switch (pkt6->next_header)
1052 udp_from_helper ((const struct GNUNET_TUN_UdpHeader *) &pkt6[1], size,
1054 &pkt6->destination_address,
1055 &pkt6->source_address);
1058 tcp_from_helper ((const struct GNUNET_TUN_TcpHeader *) &pkt6[1], size,
1060 &pkt6->destination_address,
1061 &pkt6->source_address);
1064 icmp_from_helper ((const struct GNUNET_TUN_IcmpHeader *) &pkt6[1], size,
1066 &pkt6->destination_address,
1067 &pkt6->source_address);
1070 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1071 _("IPv6 packet with unsupported next header %d received. Ignored.\n"),
1078 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1079 _("Packet from unknown protocol %u received. Ignored.\n"),
1080 ntohs (pkt_tun->proto));
1087 * We need to create a (unique) fresh local address (IP+port).
1090 * @param af desired address family
1091 * @param proto desired protocol (IPPROTO_UDP or IPPROTO_TCP)
1092 * @param local_address address to initialize
1095 setup_fresh_address (int af,
1097 struct SocketAddress *local_address)
1099 local_address->af = af;
1100 local_address->proto = (uint8_t) proto;
1101 /* default "local" port range is often 32768--61000,
1102 so we pick a random value in that range */
1103 if (proto == IPPROTO_ICMP)
1104 local_address->port = 0;
1107 = (uint16_t) 32768 + GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1113 struct in_addr addr;
1114 struct in_addr mask;
1117 addr = exit_ipv4addr;
1118 mask = exit_ipv4mask;
1119 if (0 == ~mask.s_addr)
1121 /* only one valid IP anyway */
1122 local_address->address.ipv4 = addr;
1125 /* Given 192.168.0.1/255.255.0.0, we want a mask
1126 of '192.168.255.255', thus: */
1127 mask.s_addr = addr.s_addr | ~mask.s_addr;
1128 /* Pick random IPv4 address within the subnet, except 'addr' or 'mask' itself */
1131 rnd.s_addr = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1133 local_address->address.ipv4.s_addr = (addr.s_addr | rnd.s_addr) & mask.s_addr;
1135 while ( (local_address->address.ipv4.s_addr == addr.s_addr) ||
1136 (local_address->address.ipv4.s_addr == mask.s_addr) );
1141 struct in6_addr addr;
1142 struct in6_addr mask;
1143 struct in6_addr rnd;
1146 addr = exit_ipv6addr;
1147 GNUNET_assert (ipv6prefix < 128);
1148 if (ipv6prefix == 127)
1150 /* only one valid IP anyway */
1151 local_address->address.ipv6 = addr;
1154 /* Given ABCD::/96, we want a mask of 'ABCD::FFFF:FFFF,
1157 for (i=127;i>=ipv6prefix;i--)
1158 mask.s6_addr[i / 8] |= (1 << (i % 8));
1160 /* Pick random IPv6 address within the subnet, except 'addr' or 'mask' itself */
1165 rnd.s6_addr[i] = (unsigned char) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1167 local_address->address.ipv6.s6_addr[i]
1168 = (addr.s6_addr[i] | rnd.s6_addr[i]) & mask.s6_addr[i];
1171 while ( (0 == memcmp (&local_address->address.ipv6,
1173 sizeof (struct in6_addr))) ||
1174 (0 == memcmp (&local_address->address.ipv6,
1176 sizeof (struct in6_addr))) );
1186 * We are starting a fresh connection (TCP or UDP) and need
1187 * to pick a source port and IP address (within the correct
1188 * range and address family) to associate replies with the
1189 * connection / correct mesh tunnel. This function generates
1190 * a "fresh" source IP and source port number for a connection
1191 * After picking a good source address, this function sets up
1192 * the state in the 'connections_map' and 'connections_heap'
1193 * to allow finding the state when needed later. The function
1194 * also makes sure that we remain within memory limits by
1195 * cleaning up 'old' states.
1197 * @param state skeleton state to setup a record for; should
1198 * 'state->ri.remote_address' filled in so that
1199 * this code can determine which AF/protocol is
1200 * going to be used (the 'tunnel' should also
1201 * already be set); after calling this function,
1202 * heap_node and the local_address will be
1203 * also initialized (heap_node != NULL can be
1204 * used to test if a state has been fully setup).
1207 setup_state_record (struct TunnelState *state)
1209 GNUNET_HashCode key;
1210 struct TunnelState *s;
1212 /* generate fresh, unique address */
1215 if (NULL == state->serv)
1216 setup_fresh_address (state->ri.remote_address.af,
1217 state->ri.remote_address.proto,
1218 &state->ri.local_address);
1220 setup_fresh_address (state->serv->address.af,
1221 state->serv->address.proto,
1222 &state->ri.local_address);
1223 } while (NULL != get_redirect_state (state->ri.remote_address.af,
1224 state->ri.remote_address.proto,
1225 &state->ri.remote_address.address,
1226 state->ri.remote_address.port,
1227 &state->ri.local_address.address,
1228 state->ri.local_address.port,
1231 char buf[INET6_ADDRSTRLEN];
1232 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1233 "Picked local address %s:%u for new connection\n",
1234 inet_ntop (state->ri.local_address.af,
1235 &state->ri.local_address.address,
1237 (unsigned int) state->ri.local_address.port);
1239 state->state_key = key;
1240 GNUNET_assert (GNUNET_OK ==
1241 GNUNET_CONTAINER_multihashmap_put (connections_map,
1243 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
1244 state->heap_node = GNUNET_CONTAINER_heap_insert (connections_heap,
1246 GNUNET_TIME_absolute_get ().abs_value);
1247 while (GNUNET_CONTAINER_heap_get_size (connections_heap) > max_connections)
1249 s = GNUNET_CONTAINER_heap_remove_root (connections_heap);
1250 GNUNET_assert (state != s);
1251 s->heap_node = NULL;
1252 GNUNET_MESH_tunnel_destroy (s->tunnel);
1253 GNUNET_assert (GNUNET_OK ==
1254 GNUNET_CONTAINER_multihashmap_remove (connections_map,
1263 * Prepare an IPv4 packet for transmission via the TUN interface.
1264 * Initializes the IP header and calculates checksums (IP+UDP/TCP).
1265 * For UDP, the UDP header will be fully created, whereas for TCP
1266 * only the ports and checksum will be filled in. So for TCP,
1267 * a skeleton TCP header must be part of the provided payload.
1269 * @param payload payload of the packet (starting with UDP payload or
1270 * TCP header, depending on protocol)
1271 * @param payload_length number of bytes in 'payload'
1272 * @param protocol IPPROTO_UDP or IPPROTO_TCP
1273 * @param tcp_header skeleton of the TCP header, NULL for UDP
1274 * @param src_address source address to use (IP and port)
1275 * @param dst_address destination address to use (IP and port)
1276 * @param pkt4 where to write the assembled packet; must
1277 * contain enough space for the IP header, UDP/TCP header
1281 prepare_ipv4_packet (const void *payload, size_t payload_length,
1283 const struct GNUNET_TUN_TcpHeader *tcp_header,
1284 const struct SocketAddress *src_address,
1285 const struct SocketAddress *dst_address,
1286 struct GNUNET_TUN_IPv4Header *pkt4)
1290 len = payload_length;
1294 len += sizeof (struct GNUNET_TUN_UdpHeader);
1297 len += sizeof (struct GNUNET_TUN_TcpHeader);
1298 GNUNET_assert (NULL != tcp_header);
1304 if (len + sizeof (struct GNUNET_TUN_IPv4Header) > UINT16_MAX)
1310 GNUNET_TUN_initialize_ipv4_header (pkt4,
1313 &src_address->address.ipv4,
1314 &dst_address->address.ipv4);
1319 struct GNUNET_TUN_UdpHeader *pkt4_udp = (struct GNUNET_TUN_UdpHeader *) &pkt4[1];
1321 pkt4_udp->source_port = htons (src_address->port);
1322 pkt4_udp->destination_port = htons (dst_address->port);
1323 pkt4_udp->len = htons ((uint16_t) payload_length);
1324 GNUNET_TUN_calculate_udp4_checksum (pkt4,
1326 payload, payload_length);
1327 memcpy (&pkt4_udp[1], payload, payload_length);
1332 struct GNUNET_TUN_TcpHeader *pkt4_tcp = (struct GNUNET_TUN_TcpHeader *) &pkt4[1];
1334 *pkt4_tcp = *tcp_header;
1335 pkt4_tcp->source_port = htons (src_address->port);
1336 pkt4_tcp->destination_port = htons (dst_address->port);
1337 GNUNET_TUN_calculate_tcp4_checksum (pkt4,
1341 memcpy (&pkt4_tcp[1], payload, payload_length);
1351 * Prepare an IPv6 packet for transmission via the TUN interface.
1352 * Initializes the IP header and calculates checksums (IP+UDP/TCP).
1353 * For UDP, the UDP header will be fully created, whereas for TCP
1354 * only the ports and checksum will be filled in. So for TCP,
1355 * a skeleton TCP header must be part of the provided payload.
1357 * @param payload payload of the packet (starting with UDP payload or
1358 * TCP header, depending on protocol)
1359 * @param payload_length number of bytes in 'payload'
1360 * @param protocol IPPROTO_UDP or IPPROTO_TCP
1361 * @param tcp_header skeleton TCP header data to send, NULL for UDP
1362 * @param src_address source address to use (IP and port)
1363 * @param dst_address destination address to use (IP and port)
1364 * @param pkt6 where to write the assembled packet; must
1365 * contain enough space for the IP header, UDP/TCP header
1369 prepare_ipv6_packet (const void *payload, size_t payload_length,
1371 const struct GNUNET_TUN_TcpHeader *tcp_header,
1372 const struct SocketAddress *src_address,
1373 const struct SocketAddress *dst_address,
1374 struct GNUNET_TUN_IPv6Header *pkt6)
1378 len = payload_length;
1382 len += sizeof (struct GNUNET_TUN_UdpHeader);
1385 len += sizeof (struct GNUNET_TUN_TcpHeader);
1391 if (len > UINT16_MAX)
1397 GNUNET_TUN_initialize_ipv6_header (pkt6,
1400 &src_address->address.ipv6,
1401 &dst_address->address.ipv6);
1407 struct GNUNET_TUN_UdpHeader *pkt6_udp = (struct GNUNET_TUN_UdpHeader *) &pkt6[1];
1409 pkt6_udp->source_port = htons (src_address->port);
1410 pkt6_udp->destination_port = htons (dst_address->port);
1411 pkt6_udp->len = htons ((uint16_t) payload_length);
1412 GNUNET_TUN_calculate_udp6_checksum (pkt6,
1416 memcpy (&pkt6_udp[1], payload, payload_length);
1421 struct GNUNET_TUN_TcpHeader *pkt6_tcp = (struct GNUNET_TUN_TcpHeader *) &pkt6[1];
1423 /* memcpy first here as some TCP header fields are initialized this way! */
1424 *pkt6_tcp = *tcp_header;
1425 pkt6_tcp->source_port = htons (src_address->port);
1426 pkt6_tcp->destination_port = htons (dst_address->port);
1427 GNUNET_TUN_calculate_tcp6_checksum (pkt6,
1431 memcpy (&pkt6_tcp[1], payload, payload_length);
1442 * Send a TCP packet via the TUN interface.
1444 * @param destination_address IP and port to use for the TCP packet's destination
1445 * @param source_address IP and port to use for the TCP packet's source
1446 * @param tcp_header header template to use
1447 * @param payload payload of the TCP packet
1448 * @param payload_length number of bytes in 'payload'
1451 send_tcp_packet_via_tun (const struct SocketAddress *destination_address,
1452 const struct SocketAddress *source_address,
1453 const struct GNUNET_TUN_TcpHeader *tcp_header,
1454 const void *payload, size_t payload_length)
1458 GNUNET_STATISTICS_update (stats,
1459 gettext_noop ("# TCP packets sent via TUN"),
1461 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1462 "Sending packet with %u bytes TCP payload via TUN\n",
1463 (unsigned int) payload_length);
1464 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
1465 switch (source_address->af)
1468 len += sizeof (struct GNUNET_TUN_IPv4Header);
1471 len += sizeof (struct GNUNET_TUN_IPv6Header);
1477 len += sizeof (struct GNUNET_TUN_TcpHeader);
1478 len += payload_length;
1479 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1486 struct GNUNET_MessageHeader *hdr;
1487 struct GNUNET_TUN_Layer2PacketHeader *tun;
1489 hdr = (struct GNUNET_MessageHeader *) buf;
1490 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1491 hdr->size = htons (len);
1492 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
1493 tun->flags = htons (0);
1494 switch (source_address->af)
1498 struct GNUNET_TUN_IPv4Header * ipv4 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
1500 tun->proto = htons (ETH_P_IPV4);
1501 prepare_ipv4_packet (payload, payload_length,
1505 destination_address,
1511 struct GNUNET_TUN_IPv6Header * ipv6 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
1513 tun->proto = htons (ETH_P_IPV6);
1514 prepare_ipv6_packet (payload, payload_length,
1518 destination_address,
1526 (void) GNUNET_HELPER_send (helper_handle,
1527 (const struct GNUNET_MessageHeader*) buf,
1535 * Process a request via mesh to send a request to a TCP service
1536 * offered by this system.
1538 * @param cls closure, NULL
1539 * @param tunnel connection to the other end
1540 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1541 * @param sender who sent the message
1542 * @param message the actual message
1543 * @param atsi performance data for the connection
1544 * @return GNUNET_OK to keep the connection open,
1545 * GNUNET_SYSERR to close it (signal serious error)
1548 receive_tcp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1549 void **tunnel_ctx GNUNET_UNUSED,
1550 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1551 const struct GNUNET_MessageHeader *message,
1552 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1554 struct TunnelState *state = *tunnel_ctx;
1555 const struct GNUNET_EXIT_TcpServiceStartMessage *start;
1556 uint16_t pkt_len = ntohs (message->size);
1558 GNUNET_STATISTICS_update (stats,
1559 gettext_noop ("# TCP service creation requests received via mesh"),
1561 GNUNET_STATISTICS_update (stats,
1562 gettext_noop ("# Bytes received from MESH"),
1563 pkt_len, GNUNET_NO);
1564 /* check that we got at least a valid header */
1565 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpServiceStartMessage))
1567 GNUNET_break_op (0);
1568 return GNUNET_SYSERR;
1570 start = (const struct GNUNET_EXIT_TcpServiceStartMessage*) message;
1571 pkt_len -= sizeof (struct GNUNET_EXIT_TcpServiceStartMessage);
1572 if ( (NULL == state) ||
1573 (NULL != state->serv) ||
1574 (NULL != state->heap_node) )
1576 GNUNET_break_op (0);
1577 return GNUNET_SYSERR;
1579 if (start->tcp_header.off * 4 < sizeof (struct GNUNET_TUN_TcpHeader))
1581 GNUNET_break_op (0);
1582 return GNUNET_SYSERR;
1584 GNUNET_break_op (ntohl (start->reserved) == 0);
1585 /* setup fresh connection */
1586 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1587 "Received data from %s for forwarding to TCP service %s on port %u\n",
1588 GNUNET_i2s (sender),
1589 GNUNET_h2s (&start->service_descriptor),
1590 (unsigned int) ntohs (start->tcp_header.destination_port));
1591 if (NULL == (state->serv = find_service (tcp_services, &start->service_descriptor,
1592 ntohs (start->tcp_header.destination_port))))
1594 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1595 _("No service found for %s on port %d!\n"),
1597 ntohs (start->tcp_header.destination_port));
1598 GNUNET_STATISTICS_update (stats,
1599 gettext_noop ("# TCP requests dropped (no such service)"),
1601 return GNUNET_SYSERR;
1603 state->ri.remote_address = state->serv->address;
1604 setup_state_record (state);
1605 send_tcp_packet_via_tun (&state->ri.remote_address,
1606 &state->ri.local_address,
1608 &start[1], pkt_len);
1614 * Process a request to forward TCP data to the Internet via this peer.
1616 * @param cls closure, NULL
1617 * @param tunnel connection to the other end
1618 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1619 * @param sender who sent the message
1620 * @param message the actual message
1621 * @param atsi performance data for the connection
1622 * @return GNUNET_OK to keep the connection open,
1623 * GNUNET_SYSERR to close it (signal serious error)
1626 receive_tcp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1627 void **tunnel_ctx GNUNET_UNUSED,
1628 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1629 const struct GNUNET_MessageHeader *message,
1630 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1632 struct TunnelState *state = *tunnel_ctx;
1633 const struct GNUNET_EXIT_TcpInternetStartMessage *start;
1634 uint16_t pkt_len = ntohs (message->size);
1635 const struct in_addr *v4;
1636 const struct in6_addr *v6;
1637 const void *payload;
1640 GNUNET_STATISTICS_update (stats,
1641 gettext_noop ("# Bytes received from MESH"),
1642 pkt_len, GNUNET_NO);
1643 GNUNET_STATISTICS_update (stats,
1644 gettext_noop ("# TCP IP-exit creation requests received via mesh"),
1646 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpInternetStartMessage))
1648 GNUNET_break_op (0);
1649 return GNUNET_SYSERR;
1651 start = (const struct GNUNET_EXIT_TcpInternetStartMessage*) message;
1652 pkt_len -= sizeof (struct GNUNET_EXIT_TcpInternetStartMessage);
1653 if ( (NULL == state) ||
1654 (NULL != state->serv) ||
1655 (NULL != state->heap_node) )
1657 GNUNET_break_op (0);
1658 return GNUNET_SYSERR;
1660 if (start->tcp_header.off * 4 < sizeof (struct GNUNET_TUN_TcpHeader))
1662 GNUNET_break_op (0);
1663 return GNUNET_SYSERR;
1665 af = (int) ntohl (start->af);
1666 state->ri.remote_address.af = af;
1670 if (pkt_len < sizeof (struct in_addr))
1672 GNUNET_break_op (0);
1673 return GNUNET_SYSERR;
1677 GNUNET_break_op (0);
1678 return GNUNET_SYSERR;
1680 v4 = (const struct in_addr*) &start[1];
1682 pkt_len -= sizeof (struct in_addr);
1683 state->ri.remote_address.address.ipv4 = *v4;
1686 if (pkt_len < sizeof (struct in6_addr))
1688 GNUNET_break_op (0);
1689 return GNUNET_SYSERR;
1693 GNUNET_break_op (0);
1694 return GNUNET_SYSERR;
1696 v6 = (const struct in6_addr*) &start[1];
1698 pkt_len -= sizeof (struct in6_addr);
1699 state->ri.remote_address.address.ipv6 = *v6;
1702 GNUNET_break_op (0);
1703 return GNUNET_SYSERR;
1706 char buf[INET6_ADDRSTRLEN];
1707 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1708 "Received data from %s for starting TCP stream to %s:%u\n",
1709 GNUNET_i2s (sender),
1711 &state->ri.remote_address.address,
1713 (unsigned int) ntohs (start->tcp_header.destination_port));
1715 state->ri.remote_address.proto = IPPROTO_TCP;
1716 state->ri.remote_address.port = ntohs (start->tcp_header.destination_port);
1717 setup_state_record (state);
1718 send_tcp_packet_via_tun (&state->ri.remote_address,
1719 &state->ri.local_address,
1727 * Process a request to forward TCP data on an established
1728 * connection via this peer.
1730 * @param cls closure, NULL
1731 * @param tunnel connection to the other end
1732 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1733 * @param sender who sent the message
1734 * @param message the actual message
1735 * @param atsi performance data for the connection
1736 * @return GNUNET_OK to keep the connection open,
1737 * GNUNET_SYSERR to close it (signal serious error)
1740 receive_tcp_data (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1741 void **tunnel_ctx GNUNET_UNUSED,
1742 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1743 const struct GNUNET_MessageHeader *message,
1744 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1746 struct TunnelState *state = *tunnel_ctx;
1747 const struct GNUNET_EXIT_TcpDataMessage *data;
1748 uint16_t pkt_len = ntohs (message->size);
1750 GNUNET_STATISTICS_update (stats,
1751 gettext_noop ("# Bytes received from MESH"),
1752 pkt_len, GNUNET_NO);
1753 GNUNET_STATISTICS_update (stats,
1754 gettext_noop ("# TCP data requests received via mesh"),
1756 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpDataMessage))
1758 GNUNET_break_op (0);
1759 return GNUNET_SYSERR;
1761 data = (const struct GNUNET_EXIT_TcpDataMessage*) message;
1762 pkt_len -= sizeof (struct GNUNET_EXIT_TcpDataMessage);
1763 if ( (NULL == state) ||
1764 (NULL == state->heap_node) )
1766 /* connection should have been up! */
1767 GNUNET_STATISTICS_update (stats,
1768 gettext_noop ("# TCP DATA requests dropped (no session)"),
1770 return GNUNET_SYSERR;
1772 if (data->tcp_header.off * 4 < sizeof (struct GNUNET_TUN_TcpHeader))
1774 GNUNET_break_op (0);
1775 return GNUNET_SYSERR;
1778 GNUNET_break_op (ntohl (data->reserved) == 0);
1780 char buf[INET6_ADDRSTRLEN];
1781 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1782 "Received additional %u bytes of data from %s for TCP stream to %s:%u\n",
1784 GNUNET_i2s (sender),
1785 inet_ntop (state->ri.remote_address.af,
1786 &state->ri.remote_address.address,
1788 (unsigned int) state->ri.remote_address.port);
1791 send_tcp_packet_via_tun (&state->ri.remote_address,
1792 &state->ri.local_address,
1800 * Send an ICMP packet via the TUN interface.
1802 * @param destination_address IP to use for the ICMP packet's destination
1803 * @param source_address IP to use for the ICMP packet's source
1804 * @param icmp_header ICMP header to send
1805 * @param payload payload of the ICMP packet (does NOT include ICMP header)
1806 * @param payload_length number of bytes of data in payload
1809 send_icmp_packet_via_tun (const struct SocketAddress *destination_address,
1810 const struct SocketAddress *source_address,
1811 const struct GNUNET_TUN_IcmpHeader *icmp_header,
1812 const void *payload, size_t payload_length)
1815 struct GNUNET_TUN_IcmpHeader *icmp;
1817 GNUNET_STATISTICS_update (stats,
1818 gettext_noop ("# ICMP packets sent via TUN"),
1820 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1821 "Sending packet with %u bytes ICMP payload via TUN\n",
1822 (unsigned int) payload_length);
1823 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
1824 switch (destination_address->af)
1827 len += sizeof (struct GNUNET_TUN_IPv4Header);
1830 len += sizeof (struct GNUNET_TUN_IPv6Header);
1836 len += sizeof (struct GNUNET_TUN_IcmpHeader);
1837 len += payload_length;
1838 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1845 struct GNUNET_MessageHeader *hdr;
1846 struct GNUNET_TUN_Layer2PacketHeader *tun;
1848 hdr= (struct GNUNET_MessageHeader *) buf;
1849 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1850 hdr->size = htons (len);
1851 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
1852 tun->flags = htons (0);
1853 switch (source_address->af)
1857 struct GNUNET_TUN_IPv4Header * ipv4 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
1859 tun->proto = htons (ETH_P_IPV4);
1860 GNUNET_TUN_initialize_ipv4_header (ipv4,
1862 sizeof (struct GNUNET_TUN_IcmpHeader) + payload_length,
1863 &source_address->address.ipv4,
1864 &destination_address->address.ipv4);
1865 icmp = (struct GNUNET_TUN_IcmpHeader*) &ipv4[1];
1870 struct GNUNET_TUN_IPv6Header * ipv6 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
1872 tun->proto = htons (ETH_P_IPV6);
1873 GNUNET_TUN_initialize_ipv6_header (ipv6,
1875 sizeof (struct GNUNET_TUN_IcmpHeader) + payload_length,
1876 &source_address->address.ipv6,
1877 &destination_address->address.ipv6);
1878 icmp = (struct GNUNET_TUN_IcmpHeader*) &ipv6[1];
1885 *icmp = *icmp_header;
1889 GNUNET_TUN_calculate_icmp_checksum (icmp,
1892 (void) GNUNET_HELPER_send (helper_handle,
1893 (const struct GNUNET_MessageHeader*) buf,
1901 * Synthesize a plausible ICMP payload for an ICMPv4 error
1902 * response on the given tunnel.
1904 * @param state tunnel information
1905 * @param ipp IPv6 header to fill in (ICMP payload)
1906 * @param udp "UDP" header to fill in (ICMP payload); might actually
1907 * also be the first 8 bytes of the TCP header
1910 make_up_icmpv4_payload (struct TunnelState *state,
1911 struct GNUNET_TUN_IPv4Header *ipp,
1912 struct GNUNET_TUN_UdpHeader *udp)
1914 GNUNET_TUN_initialize_ipv4_header (ipp,
1915 state->ri.remote_address.proto,
1916 sizeof (struct GNUNET_TUN_TcpHeader),
1917 &state->ri.remote_address.address.ipv4,
1918 &state->ri.local_address.address.ipv4);
1919 udp->source_port = htons (state->ri.remote_address.port);
1920 udp->destination_port = htons (state->ri.local_address.port);
1921 udp->len = htons (0);
1922 udp->crc = htons (0);
1927 * Synthesize a plausible ICMP payload for an ICMPv6 error
1928 * response on the given tunnel.
1930 * @param state tunnel information
1931 * @param ipp IPv6 header to fill in (ICMP payload)
1932 * @param udp "UDP" header to fill in (ICMP payload); might actually
1933 * also be the first 8 bytes of the TCP header
1936 make_up_icmpv6_payload (struct TunnelState *state,
1937 struct GNUNET_TUN_IPv6Header *ipp,
1938 struct GNUNET_TUN_UdpHeader *udp)
1940 GNUNET_TUN_initialize_ipv6_header (ipp,
1941 state->ri.remote_address.proto,
1942 sizeof (struct GNUNET_TUN_TcpHeader),
1943 &state->ri.remote_address.address.ipv6,
1944 &state->ri.local_address.address.ipv6);
1945 udp->source_port = htons (state->ri.remote_address.port);
1946 udp->destination_port = htons (state->ri.local_address.port);
1947 udp->len = htons (0);
1948 udp->crc = htons (0);
1953 * Process a request to forward ICMP data to the Internet via this peer.
1955 * @param cls closure, NULL
1956 * @param tunnel connection to the other end
1957 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1958 * @param sender who sent the message
1959 * @param message the actual message
1960 * @param atsi performance data for the connection
1961 * @return GNUNET_OK to keep the connection open,
1962 * GNUNET_SYSERR to close it (signal serious error)
1965 receive_icmp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1966 void **tunnel_ctx GNUNET_UNUSED,
1967 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1968 const struct GNUNET_MessageHeader *message,
1969 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1971 struct TunnelState *state = *tunnel_ctx;
1972 const struct GNUNET_EXIT_IcmpInternetMessage *msg;
1973 uint16_t pkt_len = ntohs (message->size);
1974 const struct in_addr *v4;
1975 const struct in6_addr *v6;
1976 const void *payload;
1977 char buf[sizeof (struct GNUNET_TUN_IPv6Header) + 8];
1980 GNUNET_STATISTICS_update (stats,
1981 gettext_noop ("# Bytes received from MESH"),
1982 pkt_len, GNUNET_NO);
1983 GNUNET_STATISTICS_update (stats,
1984 gettext_noop ("# ICMP IP-exit requests received via mesh"),
1986 if (pkt_len < sizeof (struct GNUNET_EXIT_IcmpInternetMessage))
1988 GNUNET_break_op (0);
1989 return GNUNET_SYSERR;
1991 msg = (const struct GNUNET_EXIT_IcmpInternetMessage*) message;
1992 pkt_len -= sizeof (struct GNUNET_EXIT_IcmpInternetMessage);
1994 af = (int) ntohl (msg->af);
1995 if ( (NULL != state->heap_node) &&
1996 (af != state->ri.remote_address.af) )
1998 /* other peer switched AF on this tunnel; not allowed */
1999 GNUNET_break_op (0);
2000 return GNUNET_SYSERR;
2006 if (pkt_len < sizeof (struct in_addr))
2008 GNUNET_break_op (0);
2009 return GNUNET_SYSERR;
2013 GNUNET_break_op (0);
2014 return GNUNET_SYSERR;
2016 v4 = (const struct in_addr*) &msg[1];
2018 pkt_len -= sizeof (struct in_addr);
2019 state->ri.remote_address.address.ipv4 = *v4;
2020 if (NULL == state->heap_node)
2022 state->ri.remote_address.af = af;
2023 state->ri.remote_address.proto = IPPROTO_ICMP;
2024 setup_state_record (state);
2026 /* check that ICMP type is something we want to support
2027 and possibly make up payload! */
2028 switch (msg->icmp_header.type)
2030 case GNUNET_TUN_ICMPTYPE_ECHO_REPLY:
2031 case GNUNET_TUN_ICMPTYPE_ECHO_REQUEST:
2033 case GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE:
2034 case GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH:
2035 case GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED:
2038 GNUNET_break_op (0);
2039 return GNUNET_SYSERR;
2041 /* make up payload */
2043 struct GNUNET_TUN_IPv4Header *ipp = (struct GNUNET_TUN_IPv4Header *) buf;
2044 struct GNUNET_TUN_UdpHeader *udp = (struct GNUNET_TUN_UdpHeader *) &ipp[1];
2046 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2047 pkt_len = sizeof (struct GNUNET_TUN_IPv4Header) + 8;
2048 make_up_icmpv4_payload (state,
2055 GNUNET_break_op (0);
2056 GNUNET_STATISTICS_update (stats,
2057 gettext_noop ("# ICMPv4 packets dropped (type not allowed)"),
2059 return GNUNET_SYSERR;
2064 if (pkt_len < sizeof (struct in6_addr))
2066 GNUNET_break_op (0);
2067 return GNUNET_SYSERR;
2071 GNUNET_break_op (0);
2072 return GNUNET_SYSERR;
2074 v6 = (const struct in6_addr*) &msg[1];
2076 pkt_len -= sizeof (struct in6_addr);
2077 state->ri.remote_address.address.ipv6 = *v6;
2078 if (NULL == state->heap_node)
2080 state->ri.remote_address.af = af;
2081 state->ri.remote_address.proto = IPPROTO_ICMP;
2082 setup_state_record (state);
2084 /* check that ICMP type is something we want to support
2085 and possibly make up payload! */
2086 switch (msg->icmp_header.type)
2088 case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY:
2089 case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST:
2091 case GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE:
2092 case GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG:
2093 case GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED:
2094 case GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM:
2097 GNUNET_break_op (0);
2098 return GNUNET_SYSERR;
2100 /* make up payload */
2102 struct GNUNET_TUN_IPv6Header *ipp = (struct GNUNET_TUN_IPv6Header *) buf;
2103 struct GNUNET_TUN_UdpHeader *udp = (struct GNUNET_TUN_UdpHeader *) &ipp[1];
2105 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2106 pkt_len = sizeof (struct GNUNET_TUN_IPv6Header) + 8;
2107 make_up_icmpv6_payload (state,
2114 GNUNET_break_op (0);
2115 GNUNET_STATISTICS_update (stats,
2116 gettext_noop ("# ICMPv6 packets dropped (type not allowed)"),
2118 return GNUNET_SYSERR;
2124 GNUNET_break_op (0);
2125 return GNUNET_SYSERR;
2129 char buf[INET6_ADDRSTRLEN];
2130 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2131 "Received ICMP data from %s for forwarding to %s\n",
2132 GNUNET_i2s (sender),
2134 &state->ri.remote_address.address,
2135 buf, sizeof (buf)));
2137 send_icmp_packet_via_tun (&state->ri.remote_address,
2138 &state->ri.local_address,
2146 * Setup ICMP payload for ICMP error messages. Called
2147 * for both IPv4 and IPv6 addresses.
2149 * @param state context for creating the IP Packet
2150 * @param buf where to create the payload, has at least
2151 * sizeof (struct GNUNET_TUN_IPv6Header) + 8 bytes
2152 * @return number of bytes of payload we created in buf
2155 make_up_icmp_service_payload (struct TunnelState *state,
2158 switch (state->serv->address.af)
2162 struct GNUNET_TUN_IPv4Header *ipv4;
2163 struct GNUNET_TUN_UdpHeader *udp;
2165 ipv4 = (struct GNUNET_TUN_IPv4Header *)buf;
2166 udp = (struct GNUNET_TUN_UdpHeader *) &ipv4[1];
2167 make_up_icmpv4_payload (state,
2170 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2171 return sizeof (struct GNUNET_TUN_IPv4Header) + 8;
2176 struct GNUNET_TUN_IPv6Header *ipv6;
2177 struct GNUNET_TUN_UdpHeader *udp;
2179 ipv6 = (struct GNUNET_TUN_IPv6Header *)buf;
2180 udp = (struct GNUNET_TUN_UdpHeader *) &ipv6[1];
2181 make_up_icmpv6_payload (state,
2184 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2185 return sizeof (struct GNUNET_TUN_IPv6Header) + 8;
2196 * Process a request via mesh to send ICMP data to a service
2197 * offered by this system.
2199 * @param cls closure, NULL
2200 * @param tunnel connection to the other end
2201 * @param tunnel_ctx pointer to our 'struct TunnelState *'
2202 * @param sender who sent the message
2203 * @param message the actual message
2204 * @param atsi performance data for the connection
2205 * @return GNUNET_OK to keep the connection open,
2206 * GNUNET_SYSERR to close it (signal serious error)
2209 receive_icmp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
2211 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
2212 const struct GNUNET_MessageHeader *message,
2213 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
2215 struct TunnelState *state = *tunnel_ctx;
2216 const struct GNUNET_EXIT_IcmpServiceMessage *msg;
2217 uint16_t pkt_len = ntohs (message->size);
2218 struct GNUNET_TUN_IcmpHeader icmp;
2219 char buf[sizeof (struct GNUNET_TUN_IPv6Header) + 8];
2220 const void *payload;
2222 GNUNET_STATISTICS_update (stats,
2223 gettext_noop ("# Bytes received from MESH"),
2224 pkt_len, GNUNET_NO);
2225 GNUNET_STATISTICS_update (stats,
2226 gettext_noop ("# ICMP service requests received via mesh"),
2228 /* check that we got at least a valid header */
2229 if (pkt_len < sizeof (struct GNUNET_EXIT_IcmpServiceMessage))
2231 GNUNET_break_op (0);
2232 return GNUNET_SYSERR;
2234 msg = (const struct GNUNET_EXIT_IcmpServiceMessage*) message;
2235 pkt_len -= sizeof (struct GNUNET_EXIT_IcmpServiceMessage);
2236 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2237 "Received data from %s for forwarding to ICMP service %s\n",
2238 GNUNET_i2s (sender),
2239 GNUNET_h2s (&msg->service_descriptor));
2240 if (NULL == state->serv)
2242 /* first packet to service must not be ICMP (cannot determine service!) */
2243 GNUNET_break_op (0);
2244 return GNUNET_SYSERR;
2246 icmp = msg->icmp_header;
2248 state->ri.remote_address = state->serv->address;
2249 setup_state_record (state);
2251 /* check that ICMP type is something we want to support,
2252 perform ICMP PT if needed ans possibly make up payload */
2256 switch (msg->icmp_header.type)
2258 case GNUNET_TUN_ICMPTYPE_ECHO_REPLY:
2259 if (state->serv->address.af == AF_INET6)
2260 icmp.type = GNUNET_TUN_ICMPTYPE6_ECHO_REPLY;
2262 case GNUNET_TUN_ICMPTYPE_ECHO_REQUEST:
2263 if (state->serv->address.af == AF_INET6)
2264 icmp.type = GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST;
2266 case GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE:
2267 if (state->serv->address.af == AF_INET6)
2268 icmp.type = GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE;
2271 GNUNET_break_op (0);
2272 return GNUNET_SYSERR;
2275 pkt_len = make_up_icmp_service_payload (state, buf);
2277 case GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED:
2278 if (state->serv->address.af == AF_INET6)
2279 icmp.type = GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED;
2282 GNUNET_break_op (0);
2283 return GNUNET_SYSERR;
2286 pkt_len = make_up_icmp_service_payload (state, buf);
2288 case GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH:
2289 if (state->serv->address.af == AF_INET6)
2291 GNUNET_STATISTICS_update (stats,
2292 gettext_noop ("# ICMPv4 packets dropped (impossible PT to v6)"),
2298 GNUNET_break_op (0);
2299 return GNUNET_SYSERR;
2302 pkt_len = make_up_icmp_service_payload (state, buf);
2305 GNUNET_break_op (0);
2306 GNUNET_STATISTICS_update (stats,
2307 gettext_noop ("# ICMPv4 packets dropped (type not allowed)"),
2309 return GNUNET_SYSERR;
2311 /* end of AF_INET */
2314 switch (msg->icmp_header.type)
2316 case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY:
2317 if (state->serv->address.af == AF_INET)
2318 icmp.type = GNUNET_TUN_ICMPTYPE_ECHO_REPLY;
2320 case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST:
2321 if (state->serv->address.af == AF_INET)
2322 icmp.type = GNUNET_TUN_ICMPTYPE_ECHO_REQUEST;
2324 case GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE:
2325 if (state->serv->address.af == AF_INET)
2326 icmp.type = GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE;
2329 GNUNET_break_op (0);
2330 return GNUNET_SYSERR;
2333 pkt_len = make_up_icmp_service_payload (state, buf);
2335 case GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED:
2336 if (state->serv->address.af == AF_INET)
2337 icmp.type = GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED;
2340 GNUNET_break_op (0);
2341 return GNUNET_SYSERR;
2344 pkt_len = make_up_icmp_service_payload (state, buf);
2346 case GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG:
2347 case GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM:
2348 if (state->serv->address.af == AF_INET)
2350 GNUNET_STATISTICS_update (stats,
2351 gettext_noop ("# ICMPv6 packets dropped (impossible PT to v4)"),
2357 GNUNET_break_op (0);
2358 return GNUNET_SYSERR;
2361 pkt_len = make_up_icmp_service_payload (state, buf);
2364 GNUNET_break_op (0);
2365 GNUNET_STATISTICS_update (stats,
2366 gettext_noop ("# ICMPv6 packets dropped (type not allowed)"),
2368 return GNUNET_SYSERR;
2370 /* end of AF_INET6 */
2373 GNUNET_break_op (0);
2374 return GNUNET_SYSERR;
2377 send_icmp_packet_via_tun (&state->ri.remote_address,
2378 &state->ri.local_address,
2386 * Send a UDP packet via the TUN interface.
2388 * @param destination_address IP and port to use for the UDP packet's destination
2389 * @param source_address IP and port to use for the UDP packet's source
2390 * @param payload payload of the UDP packet (does NOT include UDP header)
2391 * @param payload_length number of bytes of data in payload
2394 send_udp_packet_via_tun (const struct SocketAddress *destination_address,
2395 const struct SocketAddress *source_address,
2396 const void *payload, size_t payload_length)
2400 GNUNET_STATISTICS_update (stats,
2401 gettext_noop ("# UDP packets sent via TUN"),
2403 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2404 "Sending packet with %u bytes UDP payload via TUN\n",
2405 (unsigned int) payload_length);
2406 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
2407 switch (source_address->af)
2410 len += sizeof (struct GNUNET_TUN_IPv4Header);
2413 len += sizeof (struct GNUNET_TUN_IPv6Header);
2419 len += sizeof (struct GNUNET_TUN_UdpHeader);
2420 len += payload_length;
2421 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
2428 struct GNUNET_MessageHeader *hdr;
2429 struct GNUNET_TUN_Layer2PacketHeader *tun;
2431 hdr= (struct GNUNET_MessageHeader *) buf;
2432 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
2433 hdr->size = htons (len);
2434 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
2435 tun->flags = htons (0);
2436 switch (source_address->af)
2440 struct GNUNET_TUN_IPv4Header * ipv4 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
2442 tun->proto = htons (ETH_P_IPV4);
2443 prepare_ipv4_packet (payload, payload_length,
2447 destination_address,
2453 struct GNUNET_TUN_IPv6Header * ipv6 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
2455 tun->proto = htons (ETH_P_IPV6);
2456 prepare_ipv6_packet (payload, payload_length,
2460 destination_address,
2468 (void) GNUNET_HELPER_send (helper_handle,
2469 (const struct GNUNET_MessageHeader*) buf,
2477 * Process a request to forward UDP data to the Internet via this peer.
2479 * @param cls closure, NULL
2480 * @param tunnel connection to the other end
2481 * @param tunnel_ctx pointer to our 'struct TunnelState *'
2482 * @param sender who sent the message
2483 * @param message the actual message
2484 * @param atsi performance data for the connection
2485 * @return GNUNET_OK to keep the connection open,
2486 * GNUNET_SYSERR to close it (signal serious error)
2489 receive_udp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
2490 void **tunnel_ctx GNUNET_UNUSED,
2491 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
2492 const struct GNUNET_MessageHeader *message,
2493 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
2495 struct TunnelState *state = *tunnel_ctx;
2496 const struct GNUNET_EXIT_UdpInternetMessage *msg;
2497 uint16_t pkt_len = ntohs (message->size);
2498 const struct in_addr *v4;
2499 const struct in6_addr *v6;
2500 const void *payload;
2503 GNUNET_STATISTICS_update (stats,
2504 gettext_noop ("# Bytes received from MESH"),
2505 pkt_len, GNUNET_NO);
2506 GNUNET_STATISTICS_update (stats,
2507 gettext_noop ("# UDP IP-exit requests received via mesh"),
2509 if (pkt_len < sizeof (struct GNUNET_EXIT_UdpInternetMessage))
2511 GNUNET_break_op (0);
2512 return GNUNET_SYSERR;
2514 msg = (const struct GNUNET_EXIT_UdpInternetMessage*) message;
2515 pkt_len -= sizeof (struct GNUNET_EXIT_UdpInternetMessage);
2516 af = (int) ntohl (msg->af);
2517 state->ri.remote_address.af = af;
2521 if (pkt_len < sizeof (struct in_addr))
2523 GNUNET_break_op (0);
2524 return GNUNET_SYSERR;
2528 GNUNET_break_op (0);
2529 return GNUNET_SYSERR;
2531 v4 = (const struct in_addr*) &msg[1];
2533 pkt_len -= sizeof (struct in_addr);
2534 state->ri.remote_address.address.ipv4 = *v4;
2537 if (pkt_len < sizeof (struct in6_addr))
2539 GNUNET_break_op (0);
2540 return GNUNET_SYSERR;
2544 GNUNET_break_op (0);
2545 return GNUNET_SYSERR;
2547 v6 = (const struct in6_addr*) &msg[1];
2549 pkt_len -= sizeof (struct in6_addr);
2550 state->ri.remote_address.address.ipv6 = *v6;
2553 GNUNET_break_op (0);
2554 return GNUNET_SYSERR;
2557 char buf[INET6_ADDRSTRLEN];
2558 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2559 "Received data from %s for forwarding to UDP %s:%u\n",
2560 GNUNET_i2s (sender),
2562 &state->ri.remote_address.address,
2564 (unsigned int) ntohs (msg->destination_port));
2566 state->ri.remote_address.proto = IPPROTO_UDP;
2567 state->ri.remote_address.port = msg->destination_port;
2568 if (NULL == state->heap_node)
2569 setup_state_record (state);
2570 if (0 != ntohs (msg->source_port))
2571 state->ri.local_address.port = msg->source_port;
2572 send_udp_packet_via_tun (&state->ri.remote_address,
2573 &state->ri.local_address,
2580 * Process a request via mesh to send a request to a UDP service
2581 * offered by this system.
2583 * @param cls closure, NULL
2584 * @param tunnel connection to the other end
2585 * @param tunnel_ctx pointer to our 'struct TunnelState *'
2586 * @param sender who sent the message
2587 * @param message the actual message
2588 * @param atsi performance data for the connection
2589 * @return GNUNET_OK to keep the connection open,
2590 * GNUNET_SYSERR to close it (signal serious error)
2593 receive_udp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
2595 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
2596 const struct GNUNET_MessageHeader *message,
2597 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
2599 struct TunnelState *state = *tunnel_ctx;
2600 const struct GNUNET_EXIT_UdpServiceMessage *msg;
2601 uint16_t pkt_len = ntohs (message->size);
2603 GNUNET_STATISTICS_update (stats,
2604 gettext_noop ("# Bytes received from MESH"),
2605 pkt_len, GNUNET_NO);
2606 GNUNET_STATISTICS_update (stats,
2607 gettext_noop ("# UDP service requests received via mesh"),
2609 /* check that we got at least a valid header */
2610 if (pkt_len < sizeof (struct GNUNET_EXIT_UdpServiceMessage))
2612 GNUNET_break_op (0);
2613 return GNUNET_SYSERR;
2615 msg = (const struct GNUNET_EXIT_UdpServiceMessage*) message;
2616 pkt_len -= sizeof (struct GNUNET_EXIT_UdpServiceMessage);
2617 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2618 "Received data from %s for forwarding to UDP service %s on port %u\n",
2619 GNUNET_i2s (sender),
2620 GNUNET_h2s (&msg->service_descriptor),
2621 (unsigned int) ntohs (msg->destination_port));
2622 if (NULL == (state->serv = find_service (udp_services, &msg->service_descriptor,
2623 ntohs (msg->destination_port))))
2625 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
2626 _("No service found for %s on port %d!\n"),
2628 ntohs (msg->destination_port));
2629 GNUNET_STATISTICS_update (stats,
2630 gettext_noop ("# UDP requests dropped (no such service)"),
2632 return GNUNET_SYSERR;
2634 state->ri.remote_address = state->serv->address;
2635 setup_state_record (state);
2636 if (0 != ntohs (msg->source_port))
2637 state->ri.local_address.port = msg->source_port;
2638 send_udp_packet_via_tun (&state->ri.remote_address,
2639 &state->ri.local_address,
2646 * Callback from GNUNET_MESH for new tunnels.
2648 * @param cls closure
2649 * @param tunnel new handle to the tunnel
2650 * @param initiator peer that started the tunnel
2651 * @param atsi performance information for the tunnel
2652 * @return initial tunnel context for the tunnel
2655 new_tunnel (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
2656 const struct GNUNET_PeerIdentity *initiator GNUNET_UNUSED,
2657 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
2659 struct TunnelState *s = GNUNET_malloc (sizeof (struct TunnelState));
2661 GNUNET_STATISTICS_update (stats,
2662 gettext_noop ("# Inbound MESH tunnels created"),
2664 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2665 "Received inbound tunnel from `%s'\n",
2666 GNUNET_i2s (initiator));
2673 * Function called by mesh whenever an inbound tunnel is destroyed.
2674 * Should clean up any associated state.
2676 * @param cls closure (set from GNUNET_MESH_connect)
2677 * @param tunnel connection to the other end (henceforth invalid)
2678 * @param tunnel_ctx place where local state associated
2679 * with the tunnel is stored
2682 clean_tunnel (void *cls GNUNET_UNUSED, const struct GNUNET_MESH_Tunnel *tunnel,
2685 struct TunnelState *s = tunnel_ctx;
2686 struct TunnelMessageQueue *tnq;
2688 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2689 "Tunnel destroyed\n");
2690 while (NULL != (tnq = s->head))
2692 GNUNET_CONTAINER_DLL_remove (s->head,
2697 if (s->heap_node != NULL)
2699 GNUNET_assert (GNUNET_YES ==
2700 GNUNET_CONTAINER_multihashmap_remove (connections_map,
2703 GNUNET_CONTAINER_heap_remove_node (s->heap_node);
2704 s->heap_node = NULL;
2708 GNUNET_MESH_notify_transmit_ready_cancel (s->th);
2716 * Function that frees everything from a hashmap
2720 * @param value value to free
2723 free_iterate (void *cls GNUNET_UNUSED,
2724 const GNUNET_HashCode * hash GNUNET_UNUSED, void *value)
2726 GNUNET_free (value);
2732 * Function scheduled as very last function, cleans up after us
2735 cleanup (void *cls GNUNET_UNUSED,
2736 const struct GNUNET_SCHEDULER_TaskContext *tskctx)
2740 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2741 "Exit service is shutting down now\n");
2742 if (helper_handle != NULL)
2744 GNUNET_HELPER_stop (helper_handle);
2745 helper_handle = NULL;
2747 if (mesh_handle != NULL)
2749 GNUNET_MESH_disconnect (mesh_handle);
2752 if (NULL != connections_map)
2754 GNUNET_CONTAINER_multihashmap_iterate (connections_map, &free_iterate, NULL);
2755 GNUNET_CONTAINER_multihashmap_destroy (connections_map);
2756 connections_map = NULL;
2758 if (NULL != connections_heap)
2760 GNUNET_CONTAINER_heap_destroy (connections_heap);
2761 connections_heap = NULL;
2763 if (NULL != tcp_services)
2765 GNUNET_CONTAINER_multihashmap_iterate (tcp_services, &free_service_record, NULL);
2766 GNUNET_CONTAINER_multihashmap_destroy (tcp_services);
2767 tcp_services = NULL;
2769 if (NULL != udp_services)
2771 GNUNET_CONTAINER_multihashmap_iterate (udp_services, &free_service_record, NULL);
2772 GNUNET_CONTAINER_multihashmap_destroy (udp_services);
2773 udp_services = NULL;
2777 GNUNET_STATISTICS_destroy (stats, GNUNET_NO);
2781 GNUNET_free_non_null (exit_argv[i]);
2786 * Add services to the service map.
2788 * @param proto IPPROTO_TCP or IPPROTO_UDP
2789 * @param cpy copy of the service descriptor (can be mutilated)
2790 * @param name DNS name of the service
2793 add_services (int proto,
2800 struct LocalService *serv;
2802 for (redirect = strtok (cpy, " "); redirect != NULL;
2803 redirect = strtok (NULL, " "))
2805 if (NULL == (hostname = strstr (redirect, ":")))
2807 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2808 "option `%s' for domain `%s' is not formatted correctly!\n",
2815 if (NULL == (hostport = strstr (hostname, ":")))
2817 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2818 "option `%s' for domain `%s' is not formatted correctly!\n",
2826 int local_port = atoi (redirect);
2827 int remote_port = atoi (hostport);
2829 if (!((local_port > 0) && (local_port < 65536)))
2831 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2832 "`%s' is not a valid port number (for domain `%s')!", redirect,
2836 if (!((remote_port > 0) && (remote_port < 65536)))
2838 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2839 "`%s' is not a valid port number (for domain `%s')!", hostport,
2844 serv = GNUNET_malloc (sizeof (struct LocalService));
2845 serv->my_port = (uint16_t) local_port;
2846 serv->address.port = remote_port;
2847 if (0 == strcmp ("localhost4", hostname))
2849 const char *ip4addr = exit_argv[4];
2851 serv->address.af = AF_INET;
2852 GNUNET_assert (1 != inet_pton (AF_INET, ip4addr, &serv->address.address.ipv4));
2854 else if (0 == strcmp ("localhost6", hostname))
2856 const char *ip6addr = exit_argv[2];
2858 serv->address.af = AF_INET6;
2859 GNUNET_assert (1 == inet_pton (AF_INET6, ip6addr, &serv->address.address.ipv6));
2863 struct addrinfo *res;
2866 ret = getaddrinfo (hostname, NULL, NULL, &res);
2867 if ( (ret != 0) || (res == NULL) )
2869 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2870 _("No addresses found for hostname `%s' of service `%s'!\n"),
2877 serv->address.af = res->ai_family;
2878 switch (res->ai_family)
2883 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2884 _("Service `%s' configured for IPv4, but IPv4 is disabled!\n"),
2890 serv->address.address.ipv4 = ((struct sockaddr_in *) res->ai_addr)->sin_addr;
2895 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2896 _("Service `%s' configured for IPv4, but IPv4 is disabled!\n"),
2902 serv->address.address.ipv6 = ((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
2906 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2907 _("No IP addresses found for hostname `%s' of service `%s'!\n"),
2915 store_service ((IPPROTO_UDP == proto) ? udp_services : tcp_services,
2924 * Reads the configuration servicecfg and populates udp_services
2927 * @param section name of section in config, equal to hostname
2930 read_service_conf (void *cls GNUNET_UNUSED, const char *section)
2934 if ((strlen (section) < 8) ||
2935 (0 != strcmp (".gnunet.", section + (strlen (section) - 8))))
2938 GNUNET_CONFIGURATION_get_value_string (cfg, section, "UDP_REDIRECTS",
2941 add_services (IPPROTO_UDP, cpy, section);
2945 GNUNET_CONFIGURATION_get_value_string (cfg, section, "TCP_REDIRECTS",
2948 add_services (IPPROTO_TCP, cpy, section);
2955 * Test if the given AF is supported by this system.
2958 * @return GNUNET_OK if the AF is supported
2965 s = socket (af, SOCK_STREAM, 0);
2968 if (EAFNOSUPPORT == errno)
2970 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
2972 return GNUNET_SYSERR;
2980 * @brief Main function that will be run by the scheduler.
2982 * @param cls closure
2983 * @param args remaining command-line arguments
2984 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
2985 * @param cfg_ configuration
2988 run (void *cls, char *const *args GNUNET_UNUSED,
2989 const char *cfgfile GNUNET_UNUSED,
2990 const struct GNUNET_CONFIGURATION_Handle *cfg_)
2992 static struct GNUNET_MESH_MessageHandler handlers[] = {
2993 {&receive_icmp_service, GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_SERVICE, 0},
2994 {&receive_icmp_remote, GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_INTERNET, 0},
2995 {&receive_udp_service, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_SERVICE, 0},
2996 {&receive_udp_remote, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_INTERNET, 0},
2997 {&receive_tcp_service, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_SERVICE_START, 0},
2998 {&receive_tcp_remote, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_INTERNET_START, 0},
2999 {&receive_tcp_data, GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_EXIT, 0},
3003 static GNUNET_MESH_ApplicationType apptypes[] = {
3004 GNUNET_APPLICATION_TYPE_END,
3005 GNUNET_APPLICATION_TYPE_END,
3006 GNUNET_APPLICATION_TYPE_END
3008 unsigned int app_idx;
3017 GNUNET_OS_check_helper_binary ("gnunet-helper-exit"))
3020 "`%s' is not SUID, refusing to run.\n",
3021 "gnunet-helper-exit");
3026 stats = GNUNET_STATISTICS_create ("exit", cfg);
3027 ipv4_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV4");
3028 ipv6_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV6");
3029 ipv4_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV4");
3030 ipv6_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV6");
3032 if ( (ipv4_exit || ipv4_enabled) &&
3033 GNUNET_OK != test_af (AF_INET))
3035 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3036 _("This system does not support IPv4, will disable IPv4 functions despite them being enabled in the configuration\n"));
3037 ipv4_exit = GNUNET_NO;
3038 ipv4_enabled = GNUNET_NO;
3040 if ( (ipv6_exit || ipv6_enabled) &&
3041 GNUNET_OK != test_af (AF_INET6))
3043 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3044 _("This system does not support IPv6, will disable IPv6 functions despite them being enabled in the configuration\n"));
3045 ipv6_exit = GNUNET_NO;
3046 ipv6_enabled = GNUNET_NO;
3048 if (ipv4_exit && (! ipv4_enabled))
3050 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3051 _("Cannot enable IPv4 exit but disable IPv4 on TUN interface, will use ENABLE_IPv4=YES\n"));
3052 ipv4_enabled = GNUNET_YES;
3054 if (ipv6_exit && (! ipv6_enabled))
3056 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3057 _("Cannot enable IPv6 exit but disable IPv6 on TUN interface, will use ENABLE_IPv6=YES\n"));
3058 ipv6_enabled = GNUNET_YES;
3060 if (! (ipv4_enabled || ipv6_enabled))
3062 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3063 _("No useful service enabled. Exiting.\n"));
3064 GNUNET_SCHEDULER_shutdown ();
3068 if (GNUNET_YES == ipv4_exit)
3070 apptypes[app_idx] = GNUNET_APPLICATION_TYPE_IPV4_GATEWAY;
3073 if (GNUNET_YES == ipv6_exit)
3075 apptypes[app_idx] = GNUNET_APPLICATION_TYPE_IPV6_GATEWAY;
3079 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &cleanup, cls);
3082 GNUNET_CONFIGURATION_get_value_number (cfg, "exit", "MAX_CONNECTIONS",
3084 max_connections = 1024;
3085 exit_argv[0] = GNUNET_strdup ("exit-gnunet");
3086 if (GNUNET_SYSERR ==
3087 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "TUN_IFNAME", &tun_ifname))
3089 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3090 "No entry 'TUN_IFNAME' in configuration!\n");
3091 GNUNET_SCHEDULER_shutdown ();
3094 exit_argv[1] = tun_ifname;
3097 if (GNUNET_SYSERR ==
3098 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "EXIT_IFNAME", &exit_ifname))
3100 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3101 "No entry 'EXIT_IFNAME' in configuration!\n");
3102 GNUNET_SCHEDULER_shutdown ();
3105 exit_argv[2] = exit_ifname;
3109 exit_argv[2] = GNUNET_strdup ("%");
3113 if (GNUNET_YES == ipv6_enabled)
3115 if ( (GNUNET_SYSERR ==
3116 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6ADDR",
3118 (1 != inet_pton (AF_INET6, ipv6addr, &exit_ipv6addr))) )
3120 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3121 "No valid entry 'IPV6ADDR' in configuration!\n");
3122 GNUNET_SCHEDULER_shutdown ();
3125 exit_argv[3] = ipv6addr;
3126 if (GNUNET_SYSERR ==
3127 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6PREFIX",
3130 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3131 "No entry 'IPV6PREFIX' in configuration!\n");
3132 GNUNET_SCHEDULER_shutdown ();
3135 exit_argv[4] = ipv6prefix_s;
3137 GNUNET_CONFIGURATION_get_value_number (cfg, "exit",
3140 (ipv6prefix >= 127) )
3142 GNUNET_SCHEDULER_shutdown ();
3148 /* IPv6 explicitly disabled */
3149 exit_argv[3] = GNUNET_strdup ("-");
3150 exit_argv[4] = GNUNET_strdup ("-");
3152 if (GNUNET_YES == ipv4_enabled)
3154 if ( (GNUNET_SYSERR ==
3155 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4ADDR",
3157 (1 != inet_pton (AF_INET, ipv4addr, &exit_ipv4addr))) )
3159 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3160 "No valid entry for 'IPV4ADDR' in configuration!\n");
3161 GNUNET_SCHEDULER_shutdown ();
3164 exit_argv[5] = ipv4addr;
3165 if ( (GNUNET_SYSERR ==
3166 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4MASK",
3168 (1 != inet_pton (AF_INET, ipv4mask, &exit_ipv4mask))) )
3170 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3171 "No valid entry 'IPV4MASK' in configuration!\n");
3172 GNUNET_SCHEDULER_shutdown ();
3175 exit_argv[6] = ipv4mask;
3179 /* IPv4 explicitly disabled */
3180 exit_argv[5] = GNUNET_strdup ("-");
3181 exit_argv[6] = GNUNET_strdup ("-");
3183 exit_argv[7] = NULL;
3185 udp_services = GNUNET_CONTAINER_multihashmap_create (65536);
3186 tcp_services = GNUNET_CONTAINER_multihashmap_create (65536);
3187 GNUNET_CONFIGURATION_iterate_sections (cfg, &read_service_conf, NULL);
3189 connections_map = GNUNET_CONTAINER_multihashmap_create (65536);
3190 connections_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
3192 = GNUNET_MESH_connect (cfg, 42 /* queue size */, NULL,
3194 &clean_tunnel, handlers,
3196 if (NULL == mesh_handle)
3198 GNUNET_SCHEDULER_shutdown ();
3201 helper_handle = GNUNET_HELPER_start ("gnunet-helper-exit",
3203 &message_token, NULL);
3210 * @param argc number of arguments from the command line
3211 * @param argv command line arguments
3212 * @return 0 ok, 1 on error
3215 main (int argc, char *const *argv)
3217 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
3218 GNUNET_GETOPT_OPTION_END
3221 return (GNUNET_OK ==
3222 GNUNET_PROGRAM_run (argc, argv, "gnunet-daemon-exit",
3224 ("Daemon to run to provide an IP exit node for the VPN"),
3225 options, &run, NULL)) ? global_ret : 1;
3229 /* end of gnunet-daemon-exit.c */