2 This file is part of GNUnet.
3 (C) 2010, 2012 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file vpn/gnunet-daemon-exit.c
24 * @author Philipp Toelke
27 #include <gnunet_common.h>
28 #include <gnunet_program_lib.h>
29 #include <gnunet_protocols.h>
30 #include <gnunet_applications.h>
31 #include <gnunet_mesh_service.h>
32 #include <gnunet_constants.h>
35 #include "gnunet-vpn-packet.h"
41 unsigned char addr[16];
46 * This struct is saved into the services-hashmap
48 struct redirect_service
73 * The source-address of this connection. When a packet to this address is
74 * received, this tunnel is used to forward it. ipv4-addresses will be put
75 * here left-aligned */
78 * The source-port of this connection
84 * This struct is saved into {tcp,udp}_connections;
88 struct GNUNET_MESH_Tunnel *tunnel;
90 struct redirect_service *serv;
91 struct remote_addr remote;
93 struct GNUNET_CONTAINER_HeapNode *heap_node;
94 struct GNUNET_CONTAINER_MultiHashMap *hashmap;
97 enum { SERVICE, REMOTE } type;
100 * The source-address and -port of this connection
102 struct redirect_info redirect_info;
105 struct tunnel_notify_queue
107 struct tunnel_notify_queue *next;
108 struct tunnel_notify_queue *prev;
115 struct tunnel_notify_queue *head;
116 struct tunnel_notify_queue *tail;
117 struct GNUNET_MESH_TransmitHandle *th;
122 * The handle to the configuration used throughout the process
124 static const struct GNUNET_CONFIGURATION_Handle *cfg;
127 * The handle to the helper
129 static struct GNUNET_HELPER_Handle *helper_handle;
132 * Arguments to the exit helper.
134 static char *exit_argv[7];
144 static struct GNUNET_MESH_Handle *mesh_handle;
147 * This hashmaps contains the mapping from peer, service-descriptor,
148 * source-port and destination-port to a struct redirect_state
150 static struct GNUNET_CONTAINER_MultiHashMap *udp_connections;
152 static struct GNUNET_CONTAINER_Heap *udp_connections_heap;
154 static struct GNUNET_CONTAINER_MultiHashMap *tcp_connections;
156 static struct GNUNET_CONTAINER_Heap *tcp_connections_heap;
159 * If there are at least this many udp-Connections, old ones will be removed
161 static long long unsigned int max_udp_connections = 200;
164 * If there are at least this many tcp-Connections, old ones will be removed
166 static long long unsigned int max_tcp_connections = 200;
169 * This hashmaps saves interesting things about the configured UDP services
171 static struct GNUNET_CONTAINER_MultiHashMap *udp_services;
174 * This hashmaps saves interesting things about the configured TCP services
177 static struct GNUNET_CONTAINER_MultiHashMap *tcp_services;
181 * Function that frees everything from a hashmap
184 free_iterate (void *cls GNUNET_UNUSED,
185 const GNUNET_HashCode * hash GNUNET_UNUSED, void *value)
192 * Function scheduled as very last function, cleans up after us
195 cleanup (void *cls GNUNET_UNUSED,
196 const struct GNUNET_SCHEDULER_TaskContext *tskctx)
200 GNUNET_assert (0 != (tskctx->reason & GNUNET_SCHEDULER_REASON_SHUTDOWN));
201 if (mesh_handle != NULL)
203 GNUNET_MESH_disconnect (mesh_handle);
206 if (helper_handle != NULL)
208 GNUNET_HELPER_stop (helper_handle);
209 helper_handle = NULL;
211 GNUNET_CONTAINER_multihashmap_iterate (udp_connections, &free_iterate, NULL);
212 GNUNET_CONTAINER_multihashmap_iterate (tcp_connections, &free_iterate, NULL);
214 GNUNET_free_non_null (exit_argv[i]);
218 new_tunnel (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
219 const struct GNUNET_PeerIdentity *initiator GNUNET_UNUSED,
220 const struct GNUNET_ATS_Information *ats GNUNET_UNUSED)
222 struct tunnel_state *s = GNUNET_malloc (sizeof *s);
231 clean_tunnel (void *cls GNUNET_UNUSED, const struct GNUNET_MESH_Tunnel *tunnel,
234 GNUNET_free (tunnel_ctx);
238 collect_connections (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
240 if ((tc->reason & GNUNET_SCHEDULER_REASON_SHUTDOWN) != 0)
244 struct GNUNET_CONTAINER_Heap *heap = cls;
246 struct redirect_state *state = GNUNET_CONTAINER_heap_remove_root (heap);
248 /* This is free()ed memory! */
249 state->heap_node = NULL;
251 /* FIXME! GNUNET_MESH_close_tunnel(state->tunnel); */
253 GNUNET_assert (GNUNET_OK ==
254 GNUNET_CONTAINER_multihashmap_remove (state->hashmap,
255 &state->hash, state));
261 hash_redirect_info (GNUNET_HashCode * hash, struct redirect_info *u_i,
265 /* the gnunet hashmap only uses the first sizeof(unsigned int) of the hash
267 * build the hash out of the last bytes of the address and the 2 bytes of
270 memcpy (hash, &u_i->pt, sizeof (u_i->pt));
271 memcpy (((unsigned char *) hash) + 2,
272 u_i->addr + (addrlen - (sizeof (unsigned int) - 2)),
273 (sizeof (unsigned int) - 2));
274 memset (((unsigned char *) hash) + sizeof (unsigned int), 0,
275 sizeof (GNUNET_HashCode) - sizeof (unsigned int));
279 * cls is the pointer to a GNUNET_MessageHeader that is
280 * followed by the service-descriptor and the udp-packet that should be sent;
283 send_udp_to_peer_notify_callback (void *cls, size_t size, void *buf)
285 struct GNUNET_MESH_Tunnel **tunnel = cls;
287 GNUNET_MESH_tunnel_set_data (*tunnel, NULL);
288 struct GNUNET_MessageHeader *hdr =
289 (struct GNUNET_MessageHeader *) (tunnel + 1);
290 GNUNET_assert (size >= ntohs (hdr->size));
291 memcpy (buf, hdr, ntohs (hdr->size));
292 size = ntohs (hdr->size);
294 struct tunnel_state *s = GNUNET_MESH_tunnel_get_data (*tunnel);
298 struct tunnel_notify_queue *element = s->head;
300 GNUNET_CONTAINER_DLL_remove (s->head, s->tail, element);
303 GNUNET_MESH_notify_transmit_ready (*tunnel, GNUNET_NO, 42,
304 GNUNET_TIME_relative_divide
305 (GNUNET_CONSTANTS_MAX_CORK_DELAY, 2),
306 (const struct GNUNET_PeerIdentity *)
308 send_udp_to_peer_notify_callback,
311 /* save the handle */
312 GNUNET_free (element);
321 * @brief Handles an UDP-Packet received from the helper.
323 * @param udp A pointer to the Packet
324 * @param dadr The IP-Destination-address
325 * @param addrlen The length of the address
328 udp_from_helper (struct udp_pkt *udp, unsigned char *dadr, size_t addrlen)
330 struct redirect_info u_i;
331 struct GNUNET_MESH_Tunnel *tunnel;
333 struct GNUNET_MessageHeader *msg;
335 memset (&u_i, 0, sizeof (struct redirect_info));
337 memcpy (&u_i.addr, dadr, addrlen);
341 /* get tunnel and service-descriptor from this */
342 GNUNET_HashCode hash;
344 hash_redirect_info (&hash, &u_i, addrlen);
346 struct redirect_state *state =
347 GNUNET_CONTAINER_multihashmap_get (udp_connections, &hash);
349 /* Mark this connection as freshly used */
350 GNUNET_CONTAINER_heap_update_cost (udp_connections_heap, state->heap_node,
351 GNUNET_TIME_absolute_get ().abs_value);
353 tunnel = state->tunnel;
355 if (state->type == SERVICE)
357 /* check if spt == serv.remote if yes: set spt = serv.myport ("nat") */
358 if (ntohs (udp->spt) == state->serv->remote_port)
360 udp->spt = htons (state->serv->my_port);
364 /* otherwise the answer came from a different port (tftp does this)
365 * add this new port to the list of all services, so that the packets
366 * coming back from the client to this new port will be routed correctly
368 struct redirect_service *serv =
369 GNUNET_malloc (sizeof (struct redirect_service));
370 memcpy (serv, state->serv, sizeof (struct redirect_service));
371 serv->my_port = ntohs (udp->spt);
372 serv->remote_port = ntohs (udp->spt);
373 uint16_t *desc = alloca (sizeof (GNUNET_HashCode) + 2);
375 memcpy ((GNUNET_HashCode *) (desc + 1), &state->desc,
376 sizeof (GNUNET_HashCode));
377 *desc = ntohs (udp->spt);
378 GNUNET_assert (GNUNET_OK ==
379 GNUNET_CONTAINER_multihashmap_put (udp_services,
382 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
388 /* send udp-packet back */
390 sizeof (struct GNUNET_MessageHeader) + sizeof (GNUNET_HashCode) +
392 struct GNUNET_MESH_Tunnel **ctunnel =
393 GNUNET_malloc (sizeof (struct GNUNET_MESH_TUNNEL *) + len);
395 msg = (struct GNUNET_MessageHeader *) (ctunnel + 1);
396 msg->size = htons (len);
398 htons (state->type ==
399 SERVICE ? GNUNET_MESSAGE_TYPE_VPN_SERVICE_UDP_BACK :
400 GNUNET_MESSAGE_TYPE_VPN_REMOTE_UDP_BACK);
401 GNUNET_HashCode *desc = (GNUNET_HashCode *) (msg + 1);
403 if (state->type == SERVICE)
404 memcpy (desc, &state->desc, sizeof (GNUNET_HashCode));
406 memcpy (desc, &state->remote, sizeof (struct remote_addr));
407 void *_udp = desc + 1;
409 memcpy (_udp, udp, ntohs (udp->len));
411 struct tunnel_state *s = GNUNET_MESH_tunnel_get_data (tunnel);
415 /* No notify is pending */
417 GNUNET_MESH_notify_transmit_ready (tunnel, GNUNET_NO, 42,
418 GNUNET_TIME_relative_divide
419 (GNUNET_CONSTANTS_MAX_CORK_DELAY, 2),
420 (const struct GNUNET_PeerIdentity *)
422 send_udp_to_peer_notify_callback,
427 struct tunnel_notify_queue *element =
428 GNUNET_malloc (sizeof (struct tunnel_notify_queue));
429 element->cls = ctunnel;
432 GNUNET_CONTAINER_DLL_insert_tail (s->head, s->tail, element);
437 * @brief Handles a TCP-Packet received from the helper.
439 * @param tcp A pointer to the Packet
440 * @param dadr The IP-Destination-address
441 * @param addrlen The length of the address
442 * @param pktlen the length of the packet, including its header
445 tcp_from_helper (struct tcp_pkt *tcp, unsigned char *dadr, size_t addrlen,
448 struct redirect_info u_i;
449 struct GNUNET_MESH_Tunnel *tunnel;
451 struct GNUNET_MessageHeader *msg;
453 memset (&u_i, 0, sizeof (struct redirect_info));
455 memcpy (&u_i.addr, dadr, addrlen);
458 /* get tunnel and service-descriptor from this */
459 GNUNET_HashCode hash;
461 hash_redirect_info (&hash, &u_i, addrlen);
463 struct redirect_state *state =
464 GNUNET_CONTAINER_multihashmap_get (tcp_connections, &hash);
468 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
469 "No mapping for this connection; hash is %x\n",
470 *((uint32_t *) & hash));
474 /* Mark this connection as freshly used */
475 GNUNET_CONTAINER_heap_update_cost (tcp_connections_heap, state->heap_node,
476 GNUNET_TIME_absolute_get ().abs_value);
478 tunnel = state->tunnel;
480 if (state->type == SERVICE)
482 /* check if spt == serv.remote if yes: set spt = serv.myport ("nat") */
483 if (ntohs (tcp->spt) == state->serv->remote_port)
485 tcp->spt = htons (state->serv->my_port);
489 // This is an illegal packet.
494 /* send tcp-packet back */
496 sizeof (struct GNUNET_MessageHeader) + sizeof (GNUNET_HashCode) + pktlen;
497 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "len: %d\n", pktlen);
498 struct GNUNET_MESH_Tunnel **ctunnel =
499 GNUNET_malloc (sizeof (struct GNUNET_MESH_TUNNEL *) + len);
501 msg = (struct GNUNET_MessageHeader *) (ctunnel + 1);
502 msg->size = htons (len);
504 htons (state->type ==
505 SERVICE ? GNUNET_MESSAGE_TYPE_VPN_SERVICE_TCP_BACK :
506 GNUNET_MESSAGE_TYPE_VPN_REMOTE_TCP_BACK);
507 GNUNET_HashCode *desc = (GNUNET_HashCode *) (msg + 1);
509 if (state->type == SERVICE)
510 memcpy (desc, &state->desc, sizeof (GNUNET_HashCode));
512 memcpy (desc, &state->remote, sizeof (struct remote_addr));
513 void *_tcp = desc + 1;
515 memcpy (_tcp, tcp, pktlen);
517 struct tunnel_state *s = GNUNET_MESH_tunnel_get_data (tunnel);
521 /* No notify is pending */
523 GNUNET_MESH_notify_transmit_ready (tunnel, GNUNET_NO, 42,
524 GNUNET_TIME_relative_divide
525 (GNUNET_CONSTANTS_MAX_CORK_DELAY, 2),
526 (const struct GNUNET_PeerIdentity *)
528 send_udp_to_peer_notify_callback,
533 struct tunnel_notify_queue *element =
534 GNUNET_malloc (sizeof (struct tunnel_notify_queue));
535 element->cls = ctunnel;
538 GNUNET_CONTAINER_DLL_insert_tail (s->head, s->tail, element);
544 * Receive packets from the helper-process
547 message_token (void *cls GNUNET_UNUSED, void *client GNUNET_UNUSED,
548 const struct GNUNET_MessageHeader *message)
550 GNUNET_assert (ntohs (message->type) == GNUNET_MESSAGE_TYPE_VPN_HELPER);
552 struct tun_pkt *pkt_tun = (struct tun_pkt *) message;
554 /* ethertype is ipv6 */
555 if (ntohs (pkt_tun->tun.type) == 0x86dd)
557 struct ip6_pkt *pkt6 = (struct ip6_pkt *) pkt_tun;
559 if (IPPROTO_UDP == pkt6->ip6_hdr.nxthdr)
560 udp_from_helper (&((struct ip6_udp *) pkt6)->udp_hdr,
561 (unsigned char *) &pkt6->ip6_hdr.dadr, 16);
562 else if (IPPROTO_TCP == pkt6->ip6_hdr.nxthdr)
563 tcp_from_helper (&((struct ip6_tcp *) pkt6)->tcp_hdr,
564 (unsigned char *) &pkt6->ip6_hdr.dadr, 16,
565 ntohs (pkt6->ip6_hdr.paylgth));
567 else if (ntohs (pkt_tun->tun.type) == 0x0800)
569 struct ip_pkt *pkt4 = (struct ip_pkt *) pkt_tun;
571 if (IPPROTO_UDP == pkt4->ip_hdr.proto)
572 udp_from_helper (&((struct ip_udp *) pkt4)->udp_hdr,
573 (unsigned char *) &pkt4->ip_hdr.dadr, 4);
574 else if (IPPROTO_TCP == pkt4->ip_hdr.proto)
576 size_t pktlen = ntohs (pkt4->ip_hdr.tot_lngth);
578 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "tot: %d\n", pktlen);
579 pktlen -= 4 * pkt4->ip_hdr.hdr_lngth;
580 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "-hdr: %d\n", pktlen);
581 tcp_from_helper (&((struct ip_tcp *) pkt4)->tcp_hdr,
582 (unsigned char *) &pkt4->ip_hdr.dadr, 4, pktlen);
592 * Reads the configuration servicecfg and populates udp_services
595 * @param section name of section in config, equal to hostname
598 read_service_conf (void *cls GNUNET_UNUSED, const char *section)
600 if ((strlen (section) < 8) ||
601 (0 != strcmp (".gnunet.", section + (strlen (section) - 8))))
604 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing dns-name %d %s %s\n",
605 strlen (section), section, section + (strlen (section) - 8));
611 uint16_t *desc = alloca (sizeof (GNUNET_HashCode) + 2);
613 GNUNET_CRYPTO_hash (section, strlen (section) + 1,
614 (GNUNET_HashCode *) (desc + 1));
625 GNUNET_CONFIGURATION_get_value_string (cfg, section, "UDP_REDIRECTS",
628 else if (proto == TCP &&
630 GNUNET_CONFIGURATION_get_value_string (cfg, section,
631 "TCP_REDIRECTS", &cpy)))
634 for (redirect = strtok (cpy, " "); redirect != NULL;
635 redirect = strtok (NULL, " "))
637 if (NULL == (hostname = strstr (redirect, ":")))
639 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
640 "Warning: option %s is not formatted correctly!\n",
646 if (NULL == (hostport = strstr (hostname, ":")))
648 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
649 "Warning: option %s is not formatted correctly!\n",
656 int local_port = atoi (redirect);
658 if (!((local_port > 0) && (local_port < 65536)))
659 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
660 "Warning: %s is not a correct port.", redirect);
664 struct redirect_service *serv =
665 GNUNET_malloc (sizeof (struct redirect_service));
666 serv->my_port = local_port;
668 if (0 == strcmp ("localhost4", hostname))
674 GNUNET_assert (GNUNET_OK ==
675 GNUNET_CONFIGURATION_get_value_string (cfg, "exit",
678 GNUNET_assert (1 == inet_pton (AF_INET, ip4addr, serv->v4.ip4address));
679 GNUNET_free (ip4addr);
681 else if (0 == strcmp ("localhost6", hostname))
687 GNUNET_assert (GNUNET_OK ==
688 GNUNET_CONFIGURATION_get_value_string (cfg, "exit",
691 GNUNET_assert (1 == inet_pton (AF_INET6, ip6addr, serv->v6.ip6address));
692 GNUNET_free (ip6addr);
696 struct addrinfo *res;
698 int ret = getaddrinfo (hostname, NULL, NULL, &res);
702 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No addresses found for %s!\n",
710 struct addrinfo *c = res;
714 if (c->ai_family == AF_INET)
717 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
718 "Found %s as address for %s\n",
719 inet_ntop (c->ai_family,
720 &((struct sockaddr_in *) (c->
722 (char *) &buf, 256), hostname);
723 memcpy (serv->v4.ip4address,
724 &((struct sockaddr_in *) (c->ai_addr))->sin_addr, 4);
726 else if (c->ai_family == AF_INET6)
729 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
730 "Found %s as address for %s\n",
731 inet_ntop (c->ai_family,
732 &((struct sockaddr_in6 *) (c->
733 ai_addr))->sin6_addr,
734 (char *) &buf, 256), hostname);
735 memcpy (serv->v6.ip6address,
736 &((struct sockaddr_in6 *) (c->ai_addr))->sin6_addr, 16);
748 serv->remote_port = atoi (hostport);
750 GNUNET_assert (GNUNET_OK ==
751 GNUNET_CONTAINER_multihashmap_put (udp_services,
754 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
756 GNUNET_assert (GNUNET_OK ==
757 GNUNET_CONTAINER_multihashmap_put (tcp_services,
760 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
765 proto = (proto == UDP) ? TCP : UDP;
767 while (proto != UDP);
773 prepare_ipv4_packet (size_t len, uint16_t pktlen, void *payload,
774 uint16_t protocol, void *ipaddress, void *tunnel,
775 struct redirect_state *state, struct ip_pkt *pkt4)
779 pkt4->shdr.type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
780 pkt4->shdr.size = htons (len);
782 pkt4->tun.type = htons (0x0800);
784 memcpy (&pkt4->data, payload, pktlen);
786 pkt4->ip_hdr.version = 4;
787 pkt4->ip_hdr.hdr_lngth = 5;
788 pkt4->ip_hdr.diff_serv = 0;
789 pkt4->ip_hdr.tot_lngth = htons (20 + pktlen);
790 pkt4->ip_hdr.ident = 0;
791 pkt4->ip_hdr.flags = 0;
792 pkt4->ip_hdr.frag_off = 0;
793 pkt4->ip_hdr.ttl = 255;
794 pkt4->ip_hdr.proto = protocol;
795 pkt4->ip_hdr.chks = 0; /* Will be calculated later */
797 memcpy (&pkt4->ip_hdr.dadr, ipaddress, sizeof (struct in_addr));
799 /* Generate a new src-address */
803 GNUNET_assert (GNUNET_OK ==
804 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4ADDR",
806 GNUNET_assert (GNUNET_OK ==
807 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4MASK",
809 inet_pton (AF_INET, ipv4addr, &tmp);
810 inet_pton (AF_INET, ipv4mask, &tmp2);
811 GNUNET_free (ipv4addr);
812 GNUNET_free (ipv4mask);
814 /* This should be a noop */
817 tmp |= ntohl (*((uint32_t *) tunnel)) & (~tmp2);
819 pkt4->ip_hdr.sadr.s_addr = tmp;
821 memcpy (&state->redirect_info.addr, &tmp, 4);
822 if (IPPROTO_UDP == protocol)
824 struct ip_udp *pkt4_udp = (struct ip_udp *) pkt4;
826 state->redirect_info.pt = pkt4_udp->udp_hdr.spt;
828 pkt4_udp->udp_hdr.crc = 0; /* Optional for IPv4 */
830 else if (IPPROTO_TCP == protocol)
832 struct ip_tcp *pkt4_tcp = (struct ip_tcp *) pkt4;
834 state->redirect_info.pt = pkt4_tcp->tcp_hdr.spt;
836 pkt4_tcp->tcp_hdr.crc = 0;
839 sum = GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) &pkt4->ip_hdr.sadr, sizeof (struct in_addr));
840 sum = GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) &pkt4->ip_hdr.dadr, sizeof (struct in_addr));
842 tmp = (protocol << 16) | (0xffff & pktlen);
844 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "line: %08x, %x \n", tmp,
849 sum = GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & tmp, 4);
852 GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & pkt4_tcp->tcp_hdr,
854 pkt4_tcp->tcp_hdr.crc = GNUNET_CRYPTO_crc16_finish (sum);
858 GNUNET_CRYPTO_crc16_n ((uint16_t *) & pkt4->ip_hdr, 5 * 4);
862 prepare_ipv6_packet (size_t len, uint16_t pktlen, void *payload,
863 uint16_t protocol, void *ipaddress, void *tunnel,
864 struct redirect_state *state, struct ip6_pkt *pkt6)
868 pkt6->shdr.type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
869 pkt6->shdr.size = htons (len);
872 pkt6->tun.type = htons (0x86dd);
874 memcpy (&pkt6->data, payload, pktlen);
876 pkt6->ip6_hdr.version = 6;
877 pkt6->ip6_hdr.nxthdr = protocol;
878 pkt6->ip6_hdr.paylgth = htons (pktlen);
879 pkt6->ip6_hdr.hoplmt = 64;
881 memcpy (&pkt6->ip6_hdr.dadr, ipaddress, sizeof (struct in6_addr));
883 /* Generate a new src-address
884 * This takes as much from the address of the tunnel as fits into
887 unsigned long long ipv6prefix;
889 GNUNET_assert (GNUNET_OK ==
890 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6ADDR",
892 GNUNET_assert (GNUNET_OK ==
893 GNUNET_CONFIGURATION_get_value_number (cfg, "exit",
896 GNUNET_assert (ipv6prefix < 127);
897 ipv6prefix = (ipv6prefix + 7) / 8;
899 inet_pton (AF_INET6, ipv6addr, &pkt6->ip6_hdr.sadr);
900 GNUNET_free (ipv6addr);
902 if (ipv6prefix < (16 - sizeof (void *)))
903 ipv6prefix = 16 - sizeof (void *);
905 unsigned int offset = ipv6prefix - (16 - sizeof (void *));
907 memcpy ((((char *) &pkt6->ip6_hdr.sadr)) + ipv6prefix,
908 ((char *) &tunnel) + offset, 16 - ipv6prefix);
910 /* copy the needed information into the state */
911 memcpy (&state->redirect_info.addr, &pkt6->ip6_hdr.sadr, 16);
913 if (IPPROTO_UDP == protocol)
915 struct ip6_udp *pkt6_udp = (struct ip6_udp *) pkt6;
917 state->redirect_info.pt = pkt6_udp->udp_hdr.spt;
919 pkt6_udp->udp_hdr.crc = 0;
923 GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & pkt6_udp->ip6_hdr.sadr,
926 GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & pkt6_udp->ip6_hdr.dadr,
928 tmp = (htons (pktlen) & 0xffff);
929 sum = GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & tmp, 4);
930 tmp = htons (((pkt6_udp->ip6_hdr.nxthdr & 0x00ff)));
931 sum = GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & tmp, 4);
934 GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & pkt6_udp->udp_hdr,
935 ntohs (pkt6_udp->udp_hdr.len));
936 pkt6_udp->udp_hdr.crc = GNUNET_CRYPTO_crc16_finish (sum);
938 else if (IPPROTO_TCP == protocol)
940 struct ip6_tcp *pkt6_tcp = (struct ip6_tcp *) pkt6;
942 state->redirect_info.pt = pkt6_tcp->tcp_hdr.spt;
944 pkt6_tcp->tcp_hdr.crc = 0;
948 GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & pkt6->ip6_hdr.sadr, 16);
950 GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & pkt6->ip6_hdr.dadr, 16);
951 tmp = htonl (pktlen);
952 sum = GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & tmp, 4);
953 tmp = htonl (((pkt6->ip6_hdr.nxthdr & 0x000000ff)));
954 sum = GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & tmp, 4);
957 GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & pkt6_tcp->tcp_hdr,
958 ntohs (pkt6->ip6_hdr.paylgth));
959 pkt6_tcp->tcp_hdr.crc = GNUNET_CRYPTO_crc16_finish (sum);
964 * The messages are one GNUNET_HashCode for the service followed by a struct tcp_pkt
967 receive_tcp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
968 void **tunnel_ctx GNUNET_UNUSED,
969 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
970 const struct GNUNET_MessageHeader *message,
971 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
973 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received TCP-Packet\n");
974 GNUNET_HashCode *desc = (GNUNET_HashCode *) (message + 1);
975 struct tcp_pkt *pkt = (struct tcp_pkt *) (desc + 1);
977 ntohs (message->size) - sizeof (struct GNUNET_MessageHeader) -
978 sizeof (GNUNET_HashCode);
980 /** Get the configuration from the services-hashmap.
982 * Which service is needed only depends on the service-descriptor and the
985 uint16_t *tcp_desc = alloca (sizeof (GNUNET_HashCode) + 2);
987 memcpy (tcp_desc + 1, desc, sizeof (GNUNET_HashCode));
988 *tcp_desc = ntohs (pkt->dpt);
989 struct redirect_service *serv =
990 GNUNET_CONTAINER_multihashmap_get (tcp_services,
991 (GNUNET_HashCode *) tcp_desc);
995 GNUNET_log (GNUNET_ERROR_TYPE_INFO, "No service found for TCP dpt %d!\n",
1000 pkt->dpt = htons (serv->remote_port);
1003 * At this point it would be possible to check against some kind of ACL.
1008 /* Prepare the state.
1009 * This will be saved in the hashmap, so that the receiving procedure knows
1010 * through which tunnel this connection has to be routed.
1012 struct redirect_state *state = GNUNET_malloc (sizeof (struct redirect_state));
1014 state->tunnel = tunnel;
1016 state->type = SERVICE;
1017 state->hashmap = tcp_connections;
1018 memcpy (&state->desc, desc, sizeof (GNUNET_HashCode));
1021 sizeof (struct GNUNET_MessageHeader) + sizeof (struct pkt_tun) +
1022 sizeof (struct ip6_hdr) + pkt_len;
1026 memset (buf, 0, len);
1027 switch (serv->version)
1030 prepare_ipv4_packet (len, pkt_len, pkt, IPPROTO_TCP, &serv->v4.ip4address,
1031 tunnel, state, (struct ip_pkt *) buf);
1034 prepare_ipv6_packet (len, pkt_len, pkt, IPPROTO_TCP, &serv->v6.ip6address,
1035 tunnel, state, (struct ip6_pkt *) buf);
1043 hash_redirect_info (&state->hash, &state->redirect_info,
1044 serv->version == 4 ? 4 : 16);
1047 GNUNET_CONTAINER_multihashmap_contains (tcp_connections, &state->hash))
1049 GNUNET_CONTAINER_multihashmap_put (tcp_connections, &state->hash, state,
1050 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
1053 GNUNET_CONTAINER_heap_insert (tcp_connections_heap, state,
1054 GNUNET_TIME_absolute_get ().abs_value);
1056 if (GNUNET_CONTAINER_heap_get_size (tcp_connections_heap) >
1057 max_tcp_connections)
1058 GNUNET_SCHEDULER_add_now (collect_connections, tcp_connections_heap);
1061 GNUNET_free (state);
1063 /* FIXME: here, flow-control with mesh would be nice to have... */
1064 (void) GNUNET_HELPER_send (helper_handle,
1065 (const struct GNUNET_MessageHeader*) buf,
1074 receive_tcp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1075 void **tunnel_ctx GNUNET_UNUSED,
1076 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1077 const struct GNUNET_MessageHeader *message,
1078 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1080 GNUNET_HashCode *desc = (GNUNET_HashCode *) (message + 1);
1081 struct tcp_pkt *pkt = (struct tcp_pkt *) (desc + 1);
1082 struct remote_addr *s = (struct remote_addr *) desc;
1086 ntohs (message->size) - sizeof (struct GNUNET_MessageHeader) -
1087 sizeof (GNUNET_HashCode);
1089 struct redirect_state *state = GNUNET_malloc (sizeof (struct redirect_state));
1091 state->tunnel = tunnel;
1092 state->type = REMOTE;
1093 state->hashmap = tcp_connections;
1094 memcpy (&state->remote, s, sizeof (struct remote_addr));
1097 sizeof (struct GNUNET_MessageHeader) + sizeof (struct pkt_tun) +
1098 sizeof (struct ip6_hdr) + pkt_len;
1101 memset (buf, 0, len);
1106 prepare_ipv4_packet (len, pkt_len, pkt, IPPROTO_TCP, &s->addr, tunnel,
1107 state, (struct ip_pkt *) buf);
1110 prepare_ipv6_packet (len, pkt_len, pkt, IPPROTO_TCP, &s->addr, tunnel,
1111 state, (struct ip6_pkt *) buf);
1114 GNUNET_free (state);
1115 return GNUNET_SYSERR;
1118 hash_redirect_info (&state->hash, &state->redirect_info, s->addrlen);
1120 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Packet from remote; hash is %x\n",
1121 *((uint32_t *) & state->hash));
1124 GNUNET_CONTAINER_multihashmap_contains (tcp_connections, &state->hash))
1126 GNUNET_CONTAINER_multihashmap_put (tcp_connections, &state->hash, state,
1127 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
1130 GNUNET_CONTAINER_heap_insert (tcp_connections_heap, state,
1131 GNUNET_TIME_absolute_get ().abs_value);
1133 if (GNUNET_CONTAINER_heap_get_size (tcp_connections_heap) >
1134 max_tcp_connections)
1135 GNUNET_SCHEDULER_add_now (collect_connections, tcp_connections_heap);
1138 GNUNET_free (state);
1140 /* FIXME: here, flow-control with mesh would be nice to have... */
1141 (void) GNUNET_HELPER_send (helper_handle,
1142 (const struct GNUNET_MessageHeader*) buf,
1150 receive_udp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1151 void **tunnel_ctx GNUNET_UNUSED,
1152 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1153 const struct GNUNET_MessageHeader *message,
1154 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1156 GNUNET_HashCode *desc = (GNUNET_HashCode *) (message + 1);
1157 struct udp_pkt *pkt = (struct udp_pkt *) (desc + 1);
1158 struct remote_addr *s = (struct remote_addr *) desc;
1162 GNUNET_assert (ntohs (pkt->len) ==
1163 ntohs (message->size) - sizeof (struct GNUNET_MessageHeader) -
1164 sizeof (GNUNET_HashCode));
1166 /* Prepare the state.
1167 * This will be saved in the hashmap, so that the receiving procedure knows
1168 * through which tunnel this connection has to be routed.
1170 struct redirect_state *state = GNUNET_malloc (sizeof (struct redirect_state));
1172 state->tunnel = tunnel;
1173 state->hashmap = udp_connections;
1174 state->type = REMOTE;
1175 memcpy (&state->remote, s, sizeof (struct remote_addr));
1178 sizeof (struct GNUNET_MessageHeader) + sizeof (struct pkt_tun) +
1179 sizeof (struct ip6_hdr) + ntohs (pkt->len);
1182 memset (buf, 0, len);
1187 prepare_ipv4_packet (len, ntohs (pkt->len), pkt, IPPROTO_UDP, &s->addr,
1188 tunnel, state, (struct ip_pkt *) buf);
1191 prepare_ipv6_packet (len, ntohs (pkt->len), pkt, IPPROTO_UDP, &s->addr,
1192 tunnel, state, (struct ip6_pkt *) buf);
1199 hash_redirect_info (&state->hash, &state->redirect_info, s->addrlen);
1202 GNUNET_CONTAINER_multihashmap_contains (udp_connections, &state->hash))
1204 GNUNET_CONTAINER_multihashmap_put (udp_connections, &state->hash, state,
1205 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
1208 GNUNET_CONTAINER_heap_insert (udp_connections_heap, state,
1209 GNUNET_TIME_absolute_get ().abs_value);
1211 if (GNUNET_CONTAINER_heap_get_size (udp_connections_heap) >
1212 max_udp_connections)
1213 GNUNET_SCHEDULER_add_now (collect_connections, udp_connections_heap);
1216 GNUNET_free (state);
1218 (void) GNUNET_HELPER_send (helper_handle,
1219 (const struct GNUNET_MessageHeader*) buf,
1226 * The messages are one GNUNET_HashCode for the service, followed by a struct udp_pkt
1229 receive_udp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1231 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1232 const struct GNUNET_MessageHeader *message,
1233 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1235 GNUNET_HashCode *desc = (GNUNET_HashCode *) (message + 1);
1236 struct udp_pkt *pkt = (struct udp_pkt *) (desc + 1);
1238 GNUNET_assert (ntohs (pkt->len) ==
1239 ntohs (message->size) - sizeof (struct GNUNET_MessageHeader) -
1240 sizeof (GNUNET_HashCode));
1242 /* Get the configuration from the hashmap */
1243 uint16_t *udp_desc = alloca (sizeof (GNUNET_HashCode) + 2);
1245 memcpy (udp_desc + 1, desc, sizeof (GNUNET_HashCode));
1246 *udp_desc = ntohs (pkt->dpt);
1247 struct redirect_service *serv =
1248 GNUNET_CONTAINER_multihashmap_get (udp_services,
1249 (GNUNET_HashCode *) udp_desc);
1253 GNUNET_log (GNUNET_ERROR_TYPE_INFO, "No service found for UDP dpt %d!\n",
1258 pkt->dpt = htons (serv->remote_port);
1261 * At this point it would be possible to check against some kind of ACL.
1267 /* Prepare the state.
1268 * This will be saved in the hashmap, so that the receiving procedure knows
1269 * through which tunnel this connection has to be routed.
1271 struct redirect_state *state = GNUNET_malloc (sizeof (struct redirect_state));
1273 state->tunnel = tunnel;
1275 state->type = SERVICE;
1276 state->hashmap = udp_connections;
1277 memcpy (&state->desc, desc, sizeof (GNUNET_HashCode));
1280 sizeof (struct GNUNET_MessageHeader) + sizeof (struct pkt_tun) +
1281 sizeof (struct ip6_hdr) + ntohs (pkt->len);
1284 memset (buf, 0, len);
1286 switch (serv->version)
1289 prepare_ipv4_packet (len, ntohs (pkt->len), pkt, IPPROTO_UDP,
1290 &serv->v4.ip4address, tunnel, state,
1291 (struct ip_pkt *) buf);
1294 prepare_ipv6_packet (len, ntohs (pkt->len), pkt, IPPROTO_UDP,
1295 &serv->v6.ip6address, tunnel, state,
1296 (struct ip6_pkt *) buf);
1304 hash_redirect_info (&state->hash, &state->redirect_info,
1305 serv->version == 4 ? 4 : 16);
1308 GNUNET_CONTAINER_multihashmap_contains (udp_connections, &state->hash))
1310 GNUNET_CONTAINER_multihashmap_put (udp_connections, &state->hash, state,
1311 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
1314 GNUNET_CONTAINER_heap_insert (udp_connections_heap, state,
1315 GNUNET_TIME_absolute_get ().abs_value);
1317 if (GNUNET_CONTAINER_heap_get_size (udp_connections_heap) >
1318 max_udp_connections)
1319 GNUNET_SCHEDULER_add_now (collect_connections, udp_connections_heap);
1322 GNUNET_free (state);
1324 (void) GNUNET_HELPER_send (helper_handle,
1325 (const struct GNUNET_MessageHeader*) buf,
1335 int handler_idx, app_idx;
1337 udp = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_UDP");
1338 tcp = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_TCP");
1340 static struct GNUNET_MESH_MessageHandler handlers[] = {
1341 {receive_udp_service, GNUNET_MESSAGE_TYPE_VPN_SERVICE_UDP, 0},
1342 {receive_tcp_service, GNUNET_MESSAGE_TYPE_VPN_SERVICE_TCP, 0},
1348 static GNUNET_MESH_ApplicationType apptypes[] = {
1349 GNUNET_APPLICATION_TYPE_END,
1350 GNUNET_APPLICATION_TYPE_END,
1351 GNUNET_APPLICATION_TYPE_END
1357 if (GNUNET_YES == udp)
1359 handlers[handler_idx].callback = receive_udp_remote;
1360 handlers[handler_idx].expected_size = 0;
1361 handlers[handler_idx].type = GNUNET_MESSAGE_TYPE_VPN_REMOTE_UDP;
1362 apptypes[app_idx] = GNUNET_APPLICATION_TYPE_INTERNET_UDP_GATEWAY;
1367 if (GNUNET_YES == tcp)
1369 handlers[handler_idx].callback = receive_tcp_remote;
1370 handlers[handler_idx].expected_size = 0;
1371 handlers[handler_idx].type = GNUNET_MESSAGE_TYPE_VPN_REMOTE_TCP;
1372 apptypes[app_idx] = GNUNET_APPLICATION_TYPE_INTERNET_TCP_GATEWAY;
1378 GNUNET_MESH_connect (cfg, 42, NULL, new_tunnel, clean_tunnel, handlers,
1385 * @brief Main function that will be run by the scheduler.
1387 * @param cls closure
1388 * @param args remaining command-line arguments
1389 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
1390 * @param cfg_ configuration
1393 run (void *cls, char *const *args GNUNET_UNUSED,
1394 const char *cfgfile GNUNET_UNUSED,
1395 const struct GNUNET_CONFIGURATION_Handle *cfg_)
1405 udp_connections = GNUNET_CONTAINER_multihashmap_create (65536);
1406 udp_connections_heap =
1407 GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
1408 tcp_connections = GNUNET_CONTAINER_multihashmap_create (65536);
1409 tcp_connections_heap =
1410 GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
1411 udp_services = GNUNET_CONTAINER_multihashmap_create (65536);
1412 tcp_services = GNUNET_CONTAINER_multihashmap_create (65536);
1414 GNUNET_CONFIGURATION_get_value_number (cfg, "exit", "MAX_UDP_CONNECTIONS",
1415 &max_udp_connections))
1416 max_udp_connections = 1024;
1418 GNUNET_CONFIGURATION_get_value_number (cfg, "exit", "MAX_TCP_CONNECTIONS",
1419 &max_tcp_connections))
1420 max_tcp_connections = 256;
1421 GNUNET_CONFIGURATION_iterate_sections (cfg, read_service_conf, NULL);
1423 if (GNUNET_SYSERR ==
1424 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IFNAME", &ifname))
1426 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1427 "No entry 'IFNAME' in configuration!\n");
1431 if (GNUNET_SYSERR ==
1432 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6ADDR",
1435 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1436 "No entry 'IPV6ADDR' in configuration!\n");
1440 if (GNUNET_SYSERR ==
1441 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6PREFIX",
1444 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1445 "No entry 'IPV6PREFIX' in configuration!\n");
1449 if (GNUNET_SYSERR ==
1450 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4ADDR",
1453 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1454 "No entry 'IPV4ADDR' in configuration!\n");
1458 if (GNUNET_SYSERR ==
1459 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4MASK",
1462 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1463 "No entry 'IPV4MASK' in configuration!\n");
1466 exit_argv[0] = GNUNET_strdup ("exit-gnunet");
1467 exit_argv[1] = ifname;
1468 exit_argv[2] = ipv6addr;
1469 exit_argv[3] = ipv6prefix;
1470 exit_argv[4] = ipv4addr;
1471 exit_argv[5] = ipv4mask;
1472 exit_argv[6] = NULL;
1473 helper_handle = GNUNET_HELPER_start ("gnunet-helper-vpn", exit_argv,
1474 &message_token, NULL);
1475 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &cleanup, cls);
1482 * @param argc number of arguments from the command line
1483 * @param argv command line arguments
1484 * @return 0 ok, 1 on error
1487 main (int argc, char *const *argv)
1489 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
1490 GNUNET_GETOPT_OPTION_END
1493 return (GNUNET_OK ==
1494 GNUNET_PROGRAM_run (argc, argv, "gnunet-daemon-exit",
1496 ("Daemon to run to provide an IP exit node for the VPN"),
1497 options, &run, NULL)) ? ret : 1;
1501 /* end of gnunet-daemon-exit.c */