2 This file is part of GNUnet.
3 (C) 2010, 2012 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file pt/gnunet-daemon-pt.c
23 * @brief tool to manipulate DNS and VPN services to perform protocol translation (IPvX over GNUnet)
24 * @author Christian Grothoff
27 #include "gnunet_util_lib.h"
28 #include "gnunet_dns_service.h"
29 #include "gnunet_dnsparser_lib.h"
30 #include "gnunet_mesh_service.h"
31 #include "gnunet_tun_lib.h"
32 #include "gnunet_vpn_service.h"
33 #include "gnunet_statistics_service.h"
34 #include "gnunet_applications.h"
38 * After how long do we time out if we could not get an IP from VPN or MESH?
40 #define TIMEOUT GNUNET_TIME_UNIT_MINUTES
44 * How many bytes of payload do we allow at most for a DNS reply?
45 * Given that this is pretty much limited to loopback, we can be
46 * pretty high (Linux loopback defaults to 16k, most local UDP packets
47 * should survive up to 9k (NFS), so 8k should be pretty safe in
50 #define MAX_DNS_SIZE (8 * 1024)
54 * Which group of DNS records are we currently processing?
64 * DNS authority records
66 AUTHORITY_RECORDS = 1,
69 * DNS additional records
71 ADDITIONAL_RECORDS = 2,
74 * We're done processing.
81 * Information tracked per DNS reply that we are processing.
86 * Handle to submit the final result.
88 struct GNUNET_DNS_RequestHandle *rh;
91 * DNS packet that is being modified.
93 struct GNUNET_DNSPARSER_Packet *dns;
96 * Active redirection request with the VPN.
98 struct GNUNET_VPN_RedirectionRequest *rr;
101 * Record for which we have an active redirection request.
103 struct GNUNET_DNSPARSER_Record *rec;
106 * Offset in the current record group that is being modified.
111 * Group that is being modified
113 enum RequestGroup group;
119 * State we keep for a request that is going out via MESH.
121 struct RequestContext
124 * We keep these in a DLL.
126 struct RequestContext *next;
129 * We keep these in a DLL.
131 struct RequestContext *prev;
134 * Handle for interaction with DNS service.
136 struct GNUNET_DNS_RequestHandle *rh;
139 * Message we're sending out via MESH, allocated at the
140 * end of this struct.
142 const struct GNUNET_MessageHeader *mesh_message;
145 * Task used to abort this operation with timeout.
147 GNUNET_SCHEDULER_TaskIdentifier timeout_task;
150 * ID of the original DNS request (used to match the reply).
155 * GNUNET_NO if this request is still in the transmit_queue,
156 * GNUNET_YES if we are in the receive_queue.
158 int16_t was_transmitted;
164 * The handle to the configuration used throughout the process
166 static const struct GNUNET_CONFIGURATION_Handle *cfg;
169 * The handle to the VPN
171 static struct GNUNET_VPN_Handle *vpn_handle;
174 * The handle to the MESH service
176 static struct GNUNET_MESH_Handle *mesh_handle;
179 * Tunnel we use for DNS requests over MESH.
181 static struct GNUNET_MESH_Tunnel *mesh_tunnel;
184 * Active transmission request with MESH (or NULL).
186 static struct GNUNET_MESH_TransmitHandle *mesh_th;
189 * Head of DLL of requests to be transmitted to mesh_tunnel.
191 static struct RequestContext *transmit_queue_head;
194 * Tail of DLL of requests to be transmitted to mesh_tunnel.
196 static struct RequestContext *transmit_queue_tail;
199 * Head of DLL of requests waiting for a response.
201 static struct RequestContext *receive_queue_head;
204 * Tail of DLL of requests waiting for a response.
206 static struct RequestContext *receive_queue_tail;
211 static struct GNUNET_STATISTICS_Handle *stats;
214 * The handle to DNS post-resolution modifications.
216 static struct GNUNET_DNS_Handle *dns_post_handle;
219 * The handle to DNS pre-resolution modifications.
221 static struct GNUNET_DNS_Handle *dns_pre_handle;
224 * Are we doing IPv4-pt?
229 * Are we doing IPv6-pt?
234 * Are we tunneling DNS queries?
236 static int dns_tunnel;
239 * Number of DNS exit peers we currently have in the mesh tunnel.
240 * Used to see if using the mesh tunnel makes any sense right now.
242 static unsigned int dns_exit_available;
246 * We're done modifying all records in the response. Submit the reply
247 * and free the resources of the rc.
249 * @param rc context to process
252 finish_request (struct ReplyContext *rc)
258 GNUNET_DNSPARSER_pack (rc->dns,
263 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
264 _("Failed to pack DNS request. Dropping.\n"));
265 GNUNET_DNS_request_drop (rc->rh);
269 GNUNET_STATISTICS_update (stats,
270 gettext_noop ("# DNS requests mapped to VPN"),
272 GNUNET_DNS_request_answer (rc->rh,
276 GNUNET_DNSPARSER_free_packet (rc->dns);
282 * Process the next record of the given request context.
283 * When done, submit the reply and free the resources of
286 * @param rc context to process
289 submit_request (struct ReplyContext *rc);
293 * Callback invoked from the VPN service once a redirection is
294 * available. Provides the IP address that can now be used to
295 * reach the requested destination. We substitute the active
296 * record and then continue with 'submit_request' to look at
299 * @param cls our 'struct ReplyContext'
300 * @param af address family, AF_INET or AF_INET6; AF_UNSPEC on error;
301 * will match 'result_af' from the request
302 * @param address IP address (struct in_addr or struct in_addr6, depending on 'af')
303 * that the VPN allocated for the redirection;
304 * traffic to this IP will now be redirected to the
305 * specified target peer; NULL on error
308 vpn_allocation_callback (void *cls,
312 struct ReplyContext *rc = cls;
317 GNUNET_DNS_request_drop (rc->rh);
318 GNUNET_DNSPARSER_free_packet (rc->dns);
322 GNUNET_STATISTICS_update (stats,
323 gettext_noop ("# DNS records modified"),
325 switch (rc->rec->type)
327 case GNUNET_DNSPARSER_TYPE_A:
328 GNUNET_assert (AF_INET == af);
329 memcpy (rc->rec->data.raw.data, address, sizeof (struct in_addr));
331 case GNUNET_DNSPARSER_TYPE_AAAA:
332 GNUNET_assert (AF_INET6 == af);
333 memcpy (rc->rec->data.raw.data, address, sizeof (struct in6_addr));
345 * Modify the given DNS record by asking VPN to create a tunnel
346 * to the given address. When done, continue with submitting
347 * other records from the request context ('submit_request' is
350 * @param rc context to process
351 * @param rec record to modify
354 modify_address (struct ReplyContext *rc,
355 struct GNUNET_DNSPARSER_Record *rec)
361 case GNUNET_DNSPARSER_TYPE_A:
363 GNUNET_assert (rec->data.raw.data_len == sizeof (struct in_addr));
365 case GNUNET_DNSPARSER_TYPE_AAAA:
367 GNUNET_assert (rec->data.raw.data_len == sizeof (struct in6_addr));
374 rc->rr = GNUNET_VPN_redirect_to_ip (vpn_handle,
378 GNUNET_TIME_relative_to_absolute (TIMEOUT),
379 &vpn_allocation_callback,
385 * Process the next record of the given request context.
386 * When done, submit the reply and free the resources of
389 * @param rc context to process
392 submit_request (struct ReplyContext *rc)
394 struct GNUNET_DNSPARSER_Record *ra;
403 ra = rc->dns->answers;
404 ra_len = rc->dns->num_answers;
406 case AUTHORITY_RECORDS:
407 ra = rc->dns->authority_records;
408 ra_len = rc->dns->num_authority_records;
410 case ADDITIONAL_RECORDS:
411 ra = rc->dns->additional_records;
412 ra_len = rc->dns->num_additional_records;
420 for (i=rc->offset;i<ra_len;i++)
424 case GNUNET_DNSPARSER_TYPE_A:
428 modify_address (rc, &ra[i]);
432 case GNUNET_DNSPARSER_TYPE_AAAA:
436 modify_address (rc, &ra[i]);
448 * Test if any of the given records need protocol-translation work.
450 * @param ra array of records
451 * @param ra_len number of entries in ra
452 * @return GNUNET_YES if any of the given records require protocol-translation
455 work_test (const struct GNUNET_DNSPARSER_Record *ra,
460 for (i=0;i<ra_len;i++)
464 case GNUNET_DNSPARSER_TYPE_A:
468 case GNUNET_DNSPARSER_TYPE_AAAA:
479 * This function is called AFTER we got an IP address for a
480 * DNS request. Now, the PT daemon has the chance to substitute
481 * the IP address with one from the VPN range to tunnel requests
482 * destined for this IP address via VPN and MESH.
485 * @param rh request handle to user for reply
486 * @param request_length number of bytes in request
487 * @param request udp payload of the DNS request
490 dns_post_request_handler (void *cls,
491 struct GNUNET_DNS_RequestHandle *rh,
492 size_t request_length,
495 struct GNUNET_DNSPARSER_Packet *dns;
496 struct ReplyContext *rc;
499 GNUNET_STATISTICS_update (stats,
500 gettext_noop ("# DNS replies intercepted"),
502 dns = GNUNET_DNSPARSER_parse (request, request_length);
505 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
506 _("Failed to parse DNS request. Dropping.\n"));
507 GNUNET_DNS_request_drop (rh);
511 work |= work_test (dns->answers, dns->num_answers);
512 work |= work_test (dns->authority_records, dns->num_authority_records);
513 work |= work_test (dns->additional_records, dns->num_additional_records);
516 GNUNET_DNS_request_forward (rh);
517 GNUNET_DNSPARSER_free_packet (dns);
520 rc = GNUNET_malloc (sizeof (struct ReplyContext));
530 * Transmit a DNS request via MESH and move the request
531 * handle to the receive queue.
534 * @param size number of bytes available in buf
535 * @param buf where to copy the message
536 * @return number of bytes written to buf
539 transmit_dns_request_to_mesh (void *cls,
543 struct RequestContext *rc;
547 if (NULL == (rc = transmit_queue_head))
549 mlen = ntohs (rc->mesh_message->size);
552 mesh_th = GNUNET_MESH_notify_transmit_ready (mesh_tunnel,
556 &transmit_dns_request_to_mesh,
560 GNUNET_assert (GNUNET_NO == rc->was_transmitted);
561 memcpy (buf, rc->mesh_message, mlen);
562 GNUNET_CONTAINER_DLL_remove (transmit_queue_head,
565 rc->was_transmitted = GNUNET_YES;
566 GNUNET_CONTAINER_DLL_insert (receive_queue_head,
569 rc = transmit_queue_head;
571 mesh_th = GNUNET_MESH_notify_transmit_ready (mesh_tunnel,
574 NULL, ntohs (rc->mesh_message->size),
575 &transmit_dns_request_to_mesh,
582 * Task run if the time to answer a DNS request via MESH is over.
584 * @param cls the 'struct RequestContext' to abort
585 * @param tc scheduler context
588 timeout_request (void *cls,
589 const struct GNUNET_SCHEDULER_TaskContext *tc)
591 struct RequestContext *rc = cls;
593 if (rc->was_transmitted)
594 GNUNET_CONTAINER_DLL_remove (receive_queue_head,
598 GNUNET_CONTAINER_DLL_remove (transmit_queue_head,
601 GNUNET_STATISTICS_update (stats,
602 gettext_noop ("# DNS requests dropped (timeout)"),
604 GNUNET_DNS_request_drop (rc->rh);
610 * This function is called *before* the DNS request has been
611 * given to a "local" DNS resolver. Tunneling for DNS requests
612 * was enabled, so we now need to send the request via some MESH
613 * tunnel to a DNS EXIT for resolution.
616 * @param rh request handle to user for reply
617 * @param request_length number of bytes in request
618 * @param request udp payload of the DNS request
621 dns_pre_request_handler (void *cls,
622 struct GNUNET_DNS_RequestHandle *rh,
623 size_t request_length,
626 struct RequestContext *rc;
628 struct GNUNET_MessageHeader hdr;
629 struct GNUNET_TUN_DnsHeader dns;
631 GNUNET_STATISTICS_update (stats,
632 gettext_noop ("# DNS requests intercepted"),
634 if (0 == dns_exit_available)
636 GNUNET_STATISTICS_update (stats,
637 gettext_noop ("# DNS requests dropped (DNS mesh tunnel down)"),
639 GNUNET_DNS_request_drop (rh);
642 if (request_length < sizeof (dns))
644 GNUNET_STATISTICS_update (stats,
645 gettext_noop ("# DNS requests dropped (malformed)"),
647 GNUNET_DNS_request_drop (rh);
650 memcpy (&dns, request, sizeof (dns));
651 GNUNET_assert (NULL != mesh_tunnel);
652 mlen = sizeof (struct GNUNET_MessageHeader) + request_length;
653 rc = GNUNET_malloc (sizeof (struct RequestContext) + mlen);
655 rc->mesh_message = (const struct GNUNET_MessageHeader*) &rc[1];
656 rc->timeout_task = GNUNET_SCHEDULER_add_delayed (TIMEOUT,
660 hdr.type = htons (GNUNET_MESSAGE_TYPE_VPN_DNS_TO_INTERNET);
661 hdr.size = htons (mlen);
662 memcpy (&rc[1], &hdr, sizeof (struct GNUNET_MessageHeader));
663 memcpy (&(((char*)&rc[1])[sizeof (struct GNUNET_MessageHeader)]),
666 GNUNET_CONTAINER_DLL_insert_tail (transmit_queue_head,
670 mesh_th = GNUNET_MESH_notify_transmit_ready (mesh_tunnel,
674 &transmit_dns_request_to_mesh,
680 * Process a request via mesh to perform a DNS query.
682 * @param cls closure, NULL
683 * @param tunnel connection to the other end
684 * @param tunnel_ctx pointer to our 'struct TunnelState *'
685 * @param sender who sent the message
686 * @param message the actual message
687 * @param atsi performance data for the connection
688 * @return GNUNET_OK to keep the connection open,
689 * GNUNET_SYSERR to close it (signal serious error)
692 receive_dns_response (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
694 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
695 const struct GNUNET_MessageHeader *message,
696 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
698 struct GNUNET_TUN_DnsHeader dns;
700 struct RequestContext *rc;
702 mlen = ntohs (message->size);
703 mlen -= sizeof (struct GNUNET_MessageHeader);
704 if (mlen < sizeof (struct GNUNET_TUN_DnsHeader))
707 return GNUNET_SYSERR;
709 memcpy (&dns, &message[1], sizeof (dns));
710 for (rc = receive_queue_head; NULL != rc; rc = rc->next)
712 GNUNET_assert (GNUNET_YES == rc->was_transmitted);
713 if (dns.id == rc->dns_id)
715 GNUNET_STATISTICS_update (stats,
716 gettext_noop ("# DNS replies received"),
718 GNUNET_DNS_request_answer (rc->rh,
720 (const void*) &message[1]);
721 GNUNET_CONTAINER_DLL_remove (receive_queue_head,
724 GNUNET_SCHEDULER_cancel (rc->timeout_task);
729 GNUNET_STATISTICS_update (stats,
730 gettext_noop ("# DNS replies dropped (too late?)"),
737 * The MESH DNS tunnel went down. Abort all pending DNS
738 * requests (we're unlikely to get an answer in time).
741 abort_all_requests ()
743 struct RequestContext *rc;
745 while (NULL != (rc = receive_queue_head))
747 GNUNET_STATISTICS_update (stats,
748 gettext_noop ("# DNS requests aborted (tunnel down)"),
750 GNUNET_CONTAINER_DLL_remove (receive_queue_head,
753 GNUNET_DNS_request_drop (rc->rh);
754 GNUNET_SCHEDULER_cancel (rc->timeout_task);
757 while (NULL != (rc = transmit_queue_head))
759 GNUNET_STATISTICS_update (stats,
760 gettext_noop ("# DNS requests aborted (tunnel down)"),
762 GNUNET_CONTAINER_DLL_remove (transmit_queue_head,
765 GNUNET_DNS_request_drop (rc->rh);
766 GNUNET_SCHEDULER_cancel (rc->timeout_task);
773 * Method called whenever a peer has disconnected from the tunnel.
776 * @param peer peer identity the tunnel stopped working with
779 mesh_disconnect_handler (void *cls,
781 GNUNET_PeerIdentity * peer)
783 GNUNET_assert (dns_exit_available > 0);
784 dns_exit_available--;
785 if (0 == dns_exit_available)
789 GNUNET_MESH_notify_transmit_ready_cancel (mesh_th);
792 abort_all_requests ();
798 * Method called whenever a peer has connected to the tunnel.
801 * @param peer peer identity the tunnel was created to, NULL on timeout
802 * @param atsi performance data for the connection
805 mesh_connect_handler (void *cls,
806 const struct GNUNET_PeerIdentity
809 GNUNET_ATS_Information * atsi)
811 dns_exit_available++;
816 * Function scheduled as very last function, cleans up after us
819 cleanup (void *cls GNUNET_UNUSED,
820 const struct GNUNET_SCHEDULER_TaskContext *tskctx)
822 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
823 "Protocol translation daemon is shutting down now\n");
824 if (vpn_handle != NULL)
826 GNUNET_VPN_disconnect (vpn_handle);
831 GNUNET_MESH_notify_transmit_ready_cancel (mesh_th);
834 if (NULL != mesh_tunnel)
836 GNUNET_MESH_tunnel_destroy (mesh_tunnel);
839 if (mesh_handle != NULL)
841 GNUNET_MESH_disconnect (mesh_handle);
844 abort_all_requests ();
845 if (dns_post_handle != NULL)
847 GNUNET_DNS_disconnect (dns_post_handle);
848 dns_post_handle = NULL;
850 if (dns_pre_handle != NULL)
852 GNUNET_DNS_disconnect (dns_pre_handle);
853 dns_pre_handle = NULL;
857 GNUNET_STATISTICS_destroy (stats, GNUNET_YES);
864 * @brief Main function that will be run by the scheduler.
867 * @param args remaining command-line arguments
868 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
869 * @param cfg_ configuration
872 run (void *cls, char *const *args GNUNET_UNUSED,
873 const char *cfgfile GNUNET_UNUSED,
874 const struct GNUNET_CONFIGURATION_Handle *cfg_)
877 stats = GNUNET_STATISTICS_create ("pt", cfg);
878 ipv4_pt = GNUNET_CONFIGURATION_get_value_yesno (cfg, "pt", "TUNNEL_IPV4");
879 ipv6_pt = GNUNET_CONFIGURATION_get_value_yesno (cfg, "pt", "TUNNEL_IPV6");
880 dns_tunnel = GNUNET_CONFIGURATION_get_value_yesno (cfg, "pt", "TUNNEL_DNS");
881 if (! (ipv4_pt || ipv6_pt || dns_tunnel))
883 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
884 _("No useful service enabled. Exiting.\n"));
885 GNUNET_SCHEDULER_shutdown ();
888 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &cleanup, cls);
889 if (ipv4_pt || ipv6_pt)
892 = GNUNET_DNS_connect (cfg,
893 GNUNET_DNS_FLAG_POST_RESOLUTION,
894 &dns_post_request_handler, NULL);
895 if (NULL == dns_post_handle)
897 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
898 _("Failed to connect to %s service. Exiting.\n"),
900 GNUNET_SCHEDULER_shutdown ();
903 vpn_handle = GNUNET_VPN_connect (cfg);
904 if (NULL == vpn_handle)
906 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
907 _("Failed to connect to %s service. Exiting.\n"),
909 GNUNET_SCHEDULER_shutdown ();
915 static struct GNUNET_MESH_MessageHandler mesh_handlers[] = {
916 {&receive_dns_response, GNUNET_MESSAGE_TYPE_VPN_DNS_FROM_INTERNET, 0},
919 static GNUNET_MESH_ApplicationType mesh_types[] = {
920 GNUNET_APPLICATION_TYPE_END
924 = GNUNET_DNS_connect (cfg,
925 GNUNET_DNS_FLAG_PRE_RESOLUTION,
926 &dns_pre_request_handler, NULL);
927 if (NULL == dns_pre_handle)
929 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
930 _("Failed to connect to %s service. Exiting.\n"),
932 GNUNET_SCHEDULER_shutdown ();
935 mesh_handle = GNUNET_MESH_connect (cfg, NULL, NULL, NULL,
936 mesh_handlers, mesh_types);
937 if (NULL == mesh_handle)
939 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
940 _("Failed to connect to %s service. Exiting.\n"),
942 GNUNET_SCHEDULER_shutdown ();
945 mesh_tunnel = GNUNET_MESH_tunnel_create (mesh_handle,
947 &mesh_connect_handler,
948 &mesh_disconnect_handler,
950 GNUNET_MESH_peer_request_connect_by_type (mesh_tunnel,
951 GNUNET_APPLICATION_TYPE_INTERNET_RESOLVER);
959 * @param argc number of arguments from the command line
960 * @param argv command line arguments
961 * @return 0 ok, 1 on error
964 main (int argc, char *const *argv)
966 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
967 GNUNET_GETOPT_OPTION_END
970 if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv))
974 GNUNET_PROGRAM_run (argc, argv, "gnunet-daemon-pt",
976 ("Daemon to run to perform IP protocol translation to GNUnet"),
977 options, &run, NULL)) ? 0 : 1;
981 /* end of gnunet-daemon-pt.c */