2 This file is part of GNUnet.
3 (C) 2010, 2012 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file pt/gnunet-daemon-pt.c
23 * @brief tool to manipulate DNS and VPN services to perform protocol translation (IPvX over GNUnet)
24 * @author Christian Grothoff
27 #include "gnunet_util_lib.h"
28 #include "gnunet_dns_service.h"
29 #include "gnunet_dnsparser_lib.h"
30 #include "gnunet_mesh_service.h"
31 #include "gnunet_tun_lib.h"
32 #include "gnunet_vpn_service.h"
33 #include "gnunet_statistics_service.h"
34 #include "gnunet_applications.h"
38 * After how long do we time out if we could not get an IP from VPN or MESH?
40 #define TIMEOUT GNUNET_TIME_UNIT_MINUTES
44 * How many bytes of payload do we allow at most for a DNS reply?
45 * Given that this is pretty much limited to loopback, we can be
46 * pretty high (Linux loopback defaults to 16k, most local UDP packets
47 * should survive up to 9k (NFS), so 8k should be pretty safe in
50 #define MAX_DNS_SIZE (8 * 1024)
54 * Which group of DNS records are we currently processing?
64 * DNS authority records
66 AUTHORITY_RECORDS = 1,
69 * DNS additional records
71 ADDITIONAL_RECORDS = 2,
74 * We're done processing.
81 * Information tracked per DNS reply that we are processing.
86 * Handle to submit the final result.
88 struct GNUNET_DNS_RequestHandle *rh;
91 * DNS packet that is being modified.
93 struct GNUNET_DNSPARSER_Packet *dns;
96 * Active redirection request with the VPN.
98 struct GNUNET_VPN_RedirectionRequest *rr;
101 * Record for which we have an active redirection request.
103 struct GNUNET_DNSPARSER_Record *rec;
106 * Offset in the current record group that is being modified.
111 * Group that is being modified
113 enum RequestGroup group;
119 * State we keep for a request that is going out via MESH.
121 struct RequestContext
124 * We keep these in a DLL.
126 struct RequestContext *next;
129 * We keep these in a DLL.
131 struct RequestContext *prev;
134 * Handle for interaction with DNS service.
136 struct GNUNET_DNS_RequestHandle *rh;
139 * Message we're sending out via MESH, allocated at the
140 * end of this struct.
142 const struct GNUNET_MessageHeader *mesh_message;
145 * Task used to abort this operation with timeout.
147 GNUNET_SCHEDULER_TaskIdentifier timeout_task;
150 * ID of the original DNS request (used to match the reply).
155 * GNUNET_NO if this request is still in the transmit_queue,
156 * GNUNET_YES if we are in the receive_queue.
158 int16_t was_transmitted;
164 * The handle to the configuration used throughout the process
166 static const struct GNUNET_CONFIGURATION_Handle *cfg;
169 * The handle to the VPN
171 static struct GNUNET_VPN_Handle *vpn_handle;
174 * The handle to the MESH service
176 static struct GNUNET_MESH_Handle *mesh_handle;
179 * Tunnel we use for DNS requests over MESH.
181 static struct GNUNET_MESH_Tunnel *mesh_tunnel;
184 * Active transmission request with MESH (or NULL).
186 static struct GNUNET_MESH_TransmitHandle *mesh_th;
189 * Head of DLL of requests to be transmitted to mesh_tunnel.
191 static struct RequestContext *transmit_queue_head;
194 * Tail of DLL of requests to be transmitted to mesh_tunnel.
196 static struct RequestContext *transmit_queue_tail;
199 * Head of DLL of requests waiting for a response.
201 static struct RequestContext *receive_queue_head;
204 * Tail of DLL of requests waiting for a response.
206 static struct RequestContext *receive_queue_tail;
211 static struct GNUNET_STATISTICS_Handle *stats;
214 * The handle to DNS post-resolution modifications.
216 static struct GNUNET_DNS_Handle *dns_post_handle;
219 * The handle to DNS pre-resolution modifications.
221 static struct GNUNET_DNS_Handle *dns_pre_handle;
224 * Are we doing IPv4-pt?
229 * Are we doing IPv6-pt?
234 * Are we tunneling DNS queries?
236 static int dns_tunnel;
239 * Number of DNS exit peers we currently have in the mesh tunnel.
240 * Used to see if using the mesh tunnel makes any sense right now.
242 static unsigned int dns_exit_available;
246 * We're done modifying all records in the response. Submit the reply
247 * and free the resources of the rc.
249 * @param rc context to process
252 finish_request (struct ReplyContext *rc)
258 GNUNET_DNSPARSER_pack (rc->dns,
263 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
264 _("Failed to pack DNS request. Dropping.\n"));
265 GNUNET_DNS_request_drop (rc->rh);
269 GNUNET_STATISTICS_update (stats,
270 gettext_noop ("# DNS requests mapped to VPN"),
272 GNUNET_DNS_request_answer (rc->rh,
276 GNUNET_DNSPARSER_free_packet (rc->dns);
282 * Process the next record of the given request context.
283 * When done, submit the reply and free the resources of
286 * @param rc context to process
289 submit_request (struct ReplyContext *rc);
293 * Callback invoked from the VPN service once a redirection is
294 * available. Provides the IP address that can now be used to
295 * reach the requested destination. We substitute the active
296 * record and then continue with 'submit_request' to look at
299 * @param cls our 'struct ReplyContext'
300 * @param af address family, AF_INET or AF_INET6; AF_UNSPEC on error;
301 * will match 'result_af' from the request
302 * @param address IP address (struct in_addr or struct in_addr6, depending on 'af')
303 * that the VPN allocated for the redirection;
304 * traffic to this IP will now be redirected to the
305 * specified target peer; NULL on error
308 vpn_allocation_callback (void *cls,
312 struct ReplyContext *rc = cls;
317 GNUNET_DNS_request_drop (rc->rh);
318 GNUNET_DNSPARSER_free_packet (rc->dns);
322 GNUNET_STATISTICS_update (stats,
323 gettext_noop ("# DNS records modified"),
325 switch (rc->rec->type)
327 case GNUNET_DNSPARSER_TYPE_A:
328 GNUNET_assert (AF_INET == af);
329 memcpy (rc->rec->data.raw.data, address, sizeof (struct in_addr));
331 case GNUNET_DNSPARSER_TYPE_AAAA:
332 GNUNET_assert (AF_INET6 == af);
333 memcpy (rc->rec->data.raw.data, address, sizeof (struct in6_addr));
345 * Modify the given DNS record by asking VPN to create a tunnel
346 * to the given address. When done, continue with submitting
347 * other records from the request context ('submit_request' is
350 * @param rc context to process
351 * @param rec record to modify
354 modify_address (struct ReplyContext *rc,
355 struct GNUNET_DNSPARSER_Record *rec)
361 case GNUNET_DNSPARSER_TYPE_A:
363 GNUNET_assert (rec->data.raw.data_len == sizeof (struct in_addr));
365 case GNUNET_DNSPARSER_TYPE_AAAA:
367 GNUNET_assert (rec->data.raw.data_len == sizeof (struct in6_addr));
374 rc->rr = GNUNET_VPN_redirect_to_ip (vpn_handle,
378 GNUNET_TIME_relative_to_absolute (TIMEOUT),
379 &vpn_allocation_callback,
385 * Process the next record of the given request context.
386 * When done, submit the reply and free the resources of
389 * @param rc context to process
392 submit_request (struct ReplyContext *rc)
394 struct GNUNET_DNSPARSER_Record *ra;
403 ra = rc->dns->answers;
404 ra_len = rc->dns->num_answers;
406 case AUTHORITY_RECORDS:
407 ra = rc->dns->authority_records;
408 ra_len = rc->dns->num_authority_records;
410 case ADDITIONAL_RECORDS:
411 ra = rc->dns->additional_records;
412 ra_len = rc->dns->num_additional_records;
420 for (i=rc->offset;i<ra_len;i++)
424 case GNUNET_DNSPARSER_TYPE_A:
428 modify_address (rc, &ra[i]);
432 case GNUNET_DNSPARSER_TYPE_AAAA:
436 modify_address (rc, &ra[i]);
448 * Test if any of the given records need protocol-translation work.
450 * @param ra array of records
451 * @param ra_len number of entries in ra
452 * @return GNUNET_YES if any of the given records require protocol-translation
455 work_test (const struct GNUNET_DNSPARSER_Record *ra,
460 for (i=0;i<ra_len;i++)
464 case GNUNET_DNSPARSER_TYPE_A:
468 case GNUNET_DNSPARSER_TYPE_AAAA:
479 * This function is called AFTER we got an IP address for a
480 * DNS request. Now, the PT daemon has the chance to substitute
481 * the IP address with one from the VPN range to tunnel requests
482 * destined for this IP address via VPN and MESH.
485 * @param rh request handle to user for reply
486 * @param request_length number of bytes in request
487 * @param request udp payload of the DNS request
490 dns_post_request_handler (void *cls,
491 struct GNUNET_DNS_RequestHandle *rh,
492 size_t request_length,
495 struct GNUNET_DNSPARSER_Packet *dns;
496 struct ReplyContext *rc;
499 GNUNET_STATISTICS_update (stats,
500 gettext_noop ("# DNS replies intercepted"),
502 dns = GNUNET_DNSPARSER_parse (request, request_length);
505 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
506 _("Failed to parse DNS request. Dropping.\n"));
507 GNUNET_DNS_request_drop (rh);
511 work |= work_test (dns->answers, dns->num_answers);
512 work |= work_test (dns->authority_records, dns->num_authority_records);
513 work |= work_test (dns->additional_records, dns->num_additional_records);
516 GNUNET_DNS_request_forward (rh);
519 rc = GNUNET_malloc (sizeof (struct ReplyContext));
529 * Transmit a DNS request via MESH and move the request
530 * handle to the receive queue.
533 * @param size number of bytes available in buf
534 * @param buf where to copy the message
535 * @return number of bytes written to buf
538 transmit_dns_request_to_mesh (void *cls,
542 struct RequestContext *rc;
546 if (NULL == (rc = transmit_queue_head))
548 mlen = ntohs (rc->mesh_message->size);
551 mesh_th = GNUNET_MESH_notify_transmit_ready (mesh_tunnel,
555 &transmit_dns_request_to_mesh,
559 GNUNET_assert (GNUNET_NO == rc->was_transmitted);
560 memcpy (buf, rc->mesh_message, mlen);
561 GNUNET_CONTAINER_DLL_remove (transmit_queue_head,
564 rc->was_transmitted = GNUNET_YES;
565 GNUNET_CONTAINER_DLL_insert (receive_queue_head,
568 rc = transmit_queue_head;
570 mesh_th = GNUNET_MESH_notify_transmit_ready (mesh_tunnel,
573 NULL, ntohs (rc->mesh_message->size),
574 &transmit_dns_request_to_mesh,
581 * Task run if the time to answer a DNS request via MESH is over.
583 * @param cls the 'struct RequestContext' to abort
584 * @param tc scheduler context
587 timeout_request (void *cls,
588 const struct GNUNET_SCHEDULER_TaskContext *tc)
590 struct RequestContext *rc = cls;
592 if (rc->was_transmitted)
593 GNUNET_CONTAINER_DLL_remove (receive_queue_head,
597 GNUNET_CONTAINER_DLL_remove (transmit_queue_head,
600 GNUNET_STATISTICS_update (stats,
601 gettext_noop ("# DNS requests dropped (timeout)"),
603 GNUNET_DNS_request_drop (rc->rh);
609 * This function is called *before* the DNS request has been
610 * given to a "local" DNS resolver. Tunneling for DNS requests
611 * was enabled, so we now need to send the request via some MESH
612 * tunnel to a DNS EXIT for resolution.
615 * @param rh request handle to user for reply
616 * @param request_length number of bytes in request
617 * @param request udp payload of the DNS request
620 dns_pre_request_handler (void *cls,
621 struct GNUNET_DNS_RequestHandle *rh,
622 size_t request_length,
625 struct RequestContext *rc;
627 struct GNUNET_MessageHeader hdr;
628 struct GNUNET_TUN_DnsHeader dns;
630 GNUNET_STATISTICS_update (stats,
631 gettext_noop ("# DNS requests intercepted"),
633 if (0 == dns_exit_available)
635 GNUNET_STATISTICS_update (stats,
636 gettext_noop ("# DNS requests dropped (DNS mesh tunnel down)"),
638 GNUNET_DNS_request_drop (rh);
641 if (request_length < sizeof (dns))
643 GNUNET_STATISTICS_update (stats,
644 gettext_noop ("# DNS requests dropped (malformed)"),
646 GNUNET_DNS_request_drop (rh);
649 memcpy (&dns, request, sizeof (dns));
650 GNUNET_assert (NULL != mesh_tunnel);
651 mlen = sizeof (struct GNUNET_MessageHeader) + request_length;
652 rc = GNUNET_malloc (sizeof (struct RequestContext) + mlen);
654 rc->mesh_message = (const struct GNUNET_MessageHeader*) &rc[1];
655 rc->timeout_task = GNUNET_SCHEDULER_add_delayed (TIMEOUT,
659 hdr.type = htons (GNUNET_MESSAGE_TYPE_VPN_DNS_TO_INTERNET);
660 hdr.size = htons (mlen);
661 memcpy (&rc[1], &hdr, sizeof (struct GNUNET_MessageHeader));
662 memcpy (&(((char*)&rc[1])[sizeof (struct GNUNET_MessageHeader)]),
665 GNUNET_CONTAINER_DLL_insert_tail (transmit_queue_head,
669 mesh_th = GNUNET_MESH_notify_transmit_ready (mesh_tunnel,
673 &transmit_dns_request_to_mesh,
679 * Process a request via mesh to perform a DNS query.
681 * @param cls closure, NULL
682 * @param tunnel connection to the other end
683 * @param tunnel_ctx pointer to our 'struct TunnelState *'
684 * @param sender who sent the message
685 * @param message the actual message
686 * @param atsi performance data for the connection
687 * @return GNUNET_OK to keep the connection open,
688 * GNUNET_SYSERR to close it (signal serious error)
691 receive_dns_response (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
693 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
694 const struct GNUNET_MessageHeader *message,
695 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
697 struct GNUNET_TUN_DnsHeader dns;
699 struct RequestContext *rc;
701 mlen = ntohs (message->size);
702 mlen -= sizeof (struct GNUNET_MessageHeader);
703 if (mlen < sizeof (struct GNUNET_TUN_DnsHeader))
706 return GNUNET_SYSERR;
708 memcpy (&dns, &message[1], sizeof (dns));
709 for (rc = receive_queue_head; NULL != rc; rc = rc->next)
711 GNUNET_assert (GNUNET_YES == rc->was_transmitted);
712 if (dns.id == rc->dns_id)
714 GNUNET_STATISTICS_update (stats,
715 gettext_noop ("# DNS replies received"),
717 GNUNET_DNS_request_answer (rc->rh,
719 (const void*) &message[1]);
720 GNUNET_CONTAINER_DLL_remove (receive_queue_head,
723 GNUNET_SCHEDULER_cancel (rc->timeout_task);
728 GNUNET_STATISTICS_update (stats,
729 gettext_noop ("# DNS replies dropped (too late?)"),
736 * The MESH DNS tunnel went down. Abort all pending DNS
737 * requests (we're unlikely to get an answer in time).
740 abort_all_requests ()
742 struct RequestContext *rc;
744 while (NULL != (rc = receive_queue_head))
746 GNUNET_STATISTICS_update (stats,
747 gettext_noop ("# DNS requests aborted (tunnel down)"),
749 GNUNET_CONTAINER_DLL_remove (receive_queue_head,
752 GNUNET_DNS_request_drop (rc->rh);
753 GNUNET_SCHEDULER_cancel (rc->timeout_task);
756 while (NULL != (rc = transmit_queue_head))
758 GNUNET_STATISTICS_update (stats,
759 gettext_noop ("# DNS requests aborted (tunnel down)"),
761 GNUNET_CONTAINER_DLL_remove (transmit_queue_head,
764 GNUNET_DNS_request_drop (rc->rh);
765 GNUNET_SCHEDULER_cancel (rc->timeout_task);
772 * Method called whenever a peer has disconnected from the tunnel.
775 * @param peer peer identity the tunnel stopped working with
778 mesh_disconnect_handler (void *cls,
780 GNUNET_PeerIdentity * peer)
782 GNUNET_assert (dns_exit_available > 0);
783 dns_exit_available--;
784 if (0 == dns_exit_available)
788 GNUNET_MESH_notify_transmit_ready_cancel (mesh_th);
791 abort_all_requests ();
797 * Method called whenever a peer has connected to the tunnel.
800 * @param peer peer identity the tunnel was created to, NULL on timeout
801 * @param atsi performance data for the connection
804 mesh_connect_handler (void *cls,
805 const struct GNUNET_PeerIdentity
808 GNUNET_ATS_Information * atsi)
810 dns_exit_available++;
815 * Function scheduled as very last function, cleans up after us
818 cleanup (void *cls GNUNET_UNUSED,
819 const struct GNUNET_SCHEDULER_TaskContext *tskctx)
821 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
822 "Protocol translation daemon is shutting down now\n");
823 if (vpn_handle != NULL)
825 GNUNET_VPN_disconnect (vpn_handle);
830 GNUNET_MESH_notify_transmit_ready_cancel (mesh_th);
833 if (NULL != mesh_tunnel)
835 GNUNET_MESH_tunnel_destroy (mesh_tunnel);
838 if (mesh_handle != NULL)
840 GNUNET_MESH_disconnect (mesh_handle);
843 abort_all_requests ();
844 if (dns_post_handle != NULL)
846 GNUNET_DNS_disconnect (dns_post_handle);
847 dns_post_handle = NULL;
849 if (dns_pre_handle != NULL)
851 GNUNET_DNS_disconnect (dns_pre_handle);
852 dns_pre_handle = NULL;
856 GNUNET_STATISTICS_destroy (stats, GNUNET_YES);
863 * @brief Main function that will be run by the scheduler.
866 * @param args remaining command-line arguments
867 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
868 * @param cfg_ configuration
871 run (void *cls, char *const *args GNUNET_UNUSED,
872 const char *cfgfile GNUNET_UNUSED,
873 const struct GNUNET_CONFIGURATION_Handle *cfg_)
876 stats = GNUNET_STATISTICS_create ("pt", cfg);
877 ipv4_pt = GNUNET_CONFIGURATION_get_value_yesno (cfg, "pt", "TUNNEL_IPV4");
878 ipv6_pt = GNUNET_CONFIGURATION_get_value_yesno (cfg, "pt", "TUNNEL_IPV6");
879 dns_tunnel = GNUNET_CONFIGURATION_get_value_yesno (cfg, "pt", "TUNNEL_DNS");
880 if (! (ipv4_pt || ipv6_pt || dns_tunnel))
882 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
883 _("No useful service enabled. Exiting.\n"));
884 GNUNET_SCHEDULER_shutdown ();
887 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &cleanup, cls);
888 if (ipv4_pt || ipv6_pt)
891 = GNUNET_DNS_connect (cfg,
892 GNUNET_DNS_FLAG_POST_RESOLUTION,
893 &dns_post_request_handler, NULL);
894 if (NULL == dns_post_handle)
896 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
897 _("Failed to connect to %s service. Exiting.\n"),
899 GNUNET_SCHEDULER_shutdown ();
902 vpn_handle = GNUNET_VPN_connect (cfg);
903 if (NULL == vpn_handle)
905 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
906 _("Failed to connect to %s service. Exiting.\n"),
908 GNUNET_SCHEDULER_shutdown ();
914 static struct GNUNET_MESH_MessageHandler mesh_handlers[] = {
915 {&receive_dns_response, GNUNET_MESSAGE_TYPE_VPN_DNS_FROM_INTERNET, 0},
918 static GNUNET_MESH_ApplicationType mesh_types[] = {
919 GNUNET_APPLICATION_TYPE_END
923 = GNUNET_DNS_connect (cfg,
924 GNUNET_DNS_FLAG_PRE_RESOLUTION,
925 &dns_pre_request_handler, NULL);
926 if (NULL == dns_pre_handle)
928 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
929 _("Failed to connect to %s service. Exiting.\n"),
931 GNUNET_SCHEDULER_shutdown ();
934 mesh_handle = GNUNET_MESH_connect (cfg, 1, NULL, NULL, NULL,
935 mesh_handlers, mesh_types);
936 if (NULL == mesh_handle)
938 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
939 _("Failed to connect to %s service. Exiting.\n"),
941 GNUNET_SCHEDULER_shutdown ();
944 mesh_tunnel = GNUNET_MESH_tunnel_create (mesh_handle,
946 &mesh_connect_handler,
947 &mesh_disconnect_handler,
949 GNUNET_MESH_peer_request_connect_by_type (mesh_tunnel,
950 GNUNET_APPLICATION_TYPE_INTERNET_RESOLVER);
958 * @param argc number of arguments from the command line
959 * @param argv command line arguments
960 * @return 0 ok, 1 on error
963 main (int argc, char *const *argv)
965 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
966 GNUNET_GETOPT_OPTION_END
970 GNUNET_PROGRAM_run (argc, argv, "gnunet-daemon-pt",
972 ("Daemon to run to perform IP protocol translation to GNUnet"),
973 options, &run, NULL)) ? 0 : 1;
977 /* end of gnunet-daemon-pt.c */
projects / oweals / gnunet.git / blob