2 This file is part of GNUnet.
3 (C) 2010 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file vpn/gnunet-daemon-exit.c
24 * @author Philipp Toelke
27 #include <gnunet_common.h>
28 #include <gnunet_program_lib.h>
29 #include <gnunet_protocols.h>
30 #include <gnunet_applications.h>
31 #include <gnunet_mesh_service.h>
32 #include <gnunet_constants.h>
35 #include "gnunet-vpn-packet.h"
36 #include "gnunet-helper-vpn-api.h"
37 #include "gnunet-vpn-checksum.h"
39 GNUNET_SCHEDULER_TaskIdentifier shs_task;
42 * The handle to the configuration used throughout the process
44 static const struct GNUNET_CONFIGURATION_Handle *cfg;
47 * The handle to the helper
49 struct GNUNET_VPN_HELPER_Handle *helper_handle;
59 static struct GNUNET_MESH_Handle *mesh_handle;
62 * This hashmaps contains the mapping from peer, service-descriptor,
63 * source-port and destination-port to a struct redirect_state
65 static struct GNUNET_CONTAINER_MultiHashMap *udp_connections;
66 static struct GNUNET_CONTAINER_Heap *udp_connections_heap;
67 static struct GNUNET_CONTAINER_MultiHashMap *tcp_connections;
68 static struct GNUNET_CONTAINER_Heap *tcp_connections_heap;
71 * If there are at least this many udp-Connections, old ones will be removed
73 static long long unsigned int max_udp_connections = 200;
76 * If there are at least this many tcp-Connections, old ones will be removed
78 static long long unsigned int max_tcp_connections = 200;
83 unsigned char addr[16];
88 * This struct is saved into the services-hashmap
90 struct redirect_service
115 * The source-address of this connection. When a packet to this address is
116 * received, this tunnel is used to forward it. ipv4-addresses will be put
117 * here left-aligned */
120 * The source-port of this connection
126 * This struct is saved into {tcp,udp}_connections;
128 struct redirect_state
130 struct GNUNET_MESH_Tunnel *tunnel;
131 GNUNET_HashCode desc;
132 struct redirect_service *serv;
133 struct remote_addr remote;
135 struct GNUNET_CONTAINER_HeapNode *heap_node;
136 struct GNUNET_CONTAINER_MultiHashMap *hashmap;
137 GNUNET_HashCode hash;
140 { SERVICE, REMOTE } type;
143 * The source-address and -port of this connection
145 struct redirect_info redirect_info;
149 * This hashmaps saves interesting things about the configured services
151 static struct GNUNET_CONTAINER_MultiHashMap *udp_services;
152 static struct GNUNET_CONTAINER_MultiHashMap *tcp_services;
154 struct tunnel_notify_queue
156 struct tunnel_notify_queue *next;
157 struct tunnel_notify_queue *prev;
164 struct tunnel_notify_queue *head;
165 struct tunnel_notify_queue *tail;
166 struct GNUNET_MESH_TransmitHandle *th;
170 * Function that frees everything from a hashmap
173 free_iterate (void *cls __attribute__ ((unused)), const GNUNET_HashCode * hash
174 __attribute__ ((unused)), void *value)
181 * Function scheduled as very last function, cleans up after us
185 __attribute__ ((unused)),
186 const struct GNUNET_SCHEDULER_TaskContext *tskctx)
188 GNUNET_assert (0 != (tskctx->reason & GNUNET_SCHEDULER_REASON_SHUTDOWN));
190 GNUNET_CONTAINER_multihashmap_iterate (udp_connections, free_iterate, NULL);
192 GNUNET_CONTAINER_multihashmap_iterate (tcp_connections, free_iterate, NULL);
194 if (mesh_handle != NULL)
196 GNUNET_MESH_disconnect (mesh_handle);
202 new_tunnel (void *cls
203 __attribute__ ((unused)), struct GNUNET_MESH_Tunnel *tunnel,
204 const struct GNUNET_PeerIdentity *initiator
205 __attribute__ ((unused)), const struct GNUNET_ATS_Information *ats
206 __attribute__ ((unused)))
208 struct tunnel_state *s = GNUNET_malloc (sizeof *s);
217 clean_tunnel (void *cls
218 __attribute__ ((unused)), const struct GNUNET_MESH_Tunnel *tunnel,
221 GNUNET_free (tunnel_ctx);
225 collect_connections (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
227 if ((tc->reason & GNUNET_SCHEDULER_REASON_SHUTDOWN) != 0)
231 struct GNUNET_CONTAINER_Heap *heap = cls;
233 struct redirect_state *state = GNUNET_CONTAINER_heap_remove_root (heap);
235 /* This is free()ed memory! */
236 state->heap_node = NULL;
238 /* FIXME! GNUNET_MESH_close_tunnel(state->tunnel); */
240 GNUNET_assert (GNUNET_OK ==
241 GNUNET_CONTAINER_multihashmap_remove (state->hashmap,
242 &state->hash, state));
248 hash_redirect_info (GNUNET_HashCode * hash, struct redirect_info *u_i,
252 /* the gnunet hashmap only uses the first sizeof(unsigned int) of the hash
254 * build the hash out of the last bytes of the address and the 2 bytes of
257 memcpy (hash, &u_i->pt, sizeof (u_i->pt));
258 memcpy (((unsigned char *) hash) + 2,
259 u_i->addr + (addrlen - (sizeof (unsigned int) - 2)),
260 (sizeof (unsigned int) - 2));
261 memset (((unsigned char *) hash) + sizeof (unsigned int), 0,
262 sizeof (GNUNET_HashCode) - sizeof (unsigned int));
266 * cls is the pointer to a GNUNET_MessageHeader that is
267 * followed by the service-descriptor and the udp-packet that should be sent;
270 send_udp_to_peer_notify_callback (void *cls, size_t size, void *buf)
272 struct GNUNET_MESH_Tunnel **tunnel = cls;
274 GNUNET_MESH_tunnel_set_data (*tunnel, NULL);
275 struct GNUNET_MessageHeader *hdr =
276 (struct GNUNET_MessageHeader *) (tunnel + 1);
277 GNUNET_assert (size >= ntohs (hdr->size));
278 memcpy (buf, hdr, ntohs (hdr->size));
279 size = ntohs (hdr->size);
281 struct tunnel_state *s = GNUNET_MESH_tunnel_get_data (*tunnel);
285 struct tunnel_notify_queue *element = s->head;
287 GNUNET_CONTAINER_DLL_remove (s->head, s->tail, element);
290 GNUNET_MESH_notify_transmit_ready (*tunnel, GNUNET_NO, 42,
291 GNUNET_TIME_relative_divide
292 (GNUNET_CONSTANTS_MAX_CORK_DELAY, 2),
293 (const struct GNUNET_PeerIdentity *)
295 send_udp_to_peer_notify_callback,
298 /* save the handle */
299 GNUNET_free (element);
308 * @brief Handles an UDP-Packet received from the helper.
310 * @param udp A pointer to the Packet
311 * @param dadr The IP-Destination-address
312 * @param addrlen The length of the address
315 udp_from_helper (struct udp_pkt *udp, unsigned char *dadr, size_t addrlen)
317 struct redirect_info u_i;
318 struct GNUNET_MESH_Tunnel *tunnel;
320 struct GNUNET_MessageHeader *msg;
322 memset (&u_i, 0, sizeof (struct redirect_info));
324 memcpy (&u_i.addr, dadr, addrlen);
328 /* get tunnel and service-descriptor from this */
329 GNUNET_HashCode hash;
331 hash_redirect_info (&hash, &u_i, addrlen);
333 struct redirect_state *state =
334 GNUNET_CONTAINER_multihashmap_get (udp_connections, &hash);
336 /* Mark this connection as freshly used */
337 GNUNET_CONTAINER_heap_update_cost (udp_connections_heap, state->heap_node,
338 GNUNET_TIME_absolute_get ().abs_value);
340 tunnel = state->tunnel;
342 if (state->type == SERVICE)
344 /* check if spt == serv.remote if yes: set spt = serv.myport ("nat") */
345 if (ntohs (udp->spt) == state->serv->remote_port)
347 udp->spt = htons (state->serv->my_port);
351 /* otherwise the answer came from a different port (tftp does this)
352 * add this new port to the list of all services, so that the packets
353 * coming back from the client to this new port will be routed correctly
355 struct redirect_service *serv =
356 GNUNET_malloc (sizeof (struct redirect_service));
357 memcpy (serv, state->serv, sizeof (struct redirect_service));
358 serv->my_port = ntohs (udp->spt);
359 serv->remote_port = ntohs (udp->spt);
360 uint16_t *desc = alloca (sizeof (GNUNET_HashCode) + 2);
362 memcpy ((GNUNET_HashCode *) (desc + 1), &state->desc,
363 sizeof (GNUNET_HashCode));
364 *desc = ntohs (udp->spt);
365 GNUNET_assert (GNUNET_OK ==
366 GNUNET_CONTAINER_multihashmap_put (udp_services,
369 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
375 /* send udp-packet back */
377 sizeof (struct GNUNET_MessageHeader) + sizeof (GNUNET_HashCode) +
379 struct GNUNET_MESH_Tunnel **ctunnel =
380 GNUNET_malloc (sizeof (struct GNUNET_MESH_TUNNEL *) + len);
382 msg = (struct GNUNET_MessageHeader *) (ctunnel + 1);
383 msg->size = htons (len);
385 htons (state->type ==
386 SERVICE ? GNUNET_MESSAGE_TYPE_VPN_SERVICE_UDP_BACK :
387 GNUNET_MESSAGE_TYPE_VPN_REMOTE_UDP_BACK);
388 GNUNET_HashCode *desc = (GNUNET_HashCode *) (msg + 1);
390 if (state->type == SERVICE)
391 memcpy (desc, &state->desc, sizeof (GNUNET_HashCode));
393 memcpy (desc, &state->remote, sizeof (struct remote_addr));
394 void *_udp = desc + 1;
396 memcpy (_udp, udp, ntohs (udp->len));
398 struct tunnel_state *s = GNUNET_MESH_tunnel_get_data (tunnel);
402 /* No notify is pending */
404 GNUNET_MESH_notify_transmit_ready (tunnel, GNUNET_NO, 42,
405 GNUNET_TIME_relative_divide
406 (GNUNET_CONSTANTS_MAX_CORK_DELAY, 2),
407 (const struct GNUNET_PeerIdentity *)
409 send_udp_to_peer_notify_callback,
414 struct tunnel_notify_queue *element =
415 GNUNET_malloc (sizeof (struct tunnel_notify_queue));
416 element->cls = ctunnel;
419 GNUNET_CONTAINER_DLL_insert_tail (s->head, s->tail, element);
424 * @brief Handles a TCP-Packet received from the helper.
426 * @param tcp A pointer to the Packet
427 * @param dadr The IP-Destination-address
428 * @param addrlen The length of the address
429 * @param pktlen the length of the packet, including its header
432 tcp_from_helper (struct tcp_pkt *tcp, unsigned char *dadr, size_t addrlen,
435 struct redirect_info u_i;
436 struct GNUNET_MESH_Tunnel *tunnel;
438 struct GNUNET_MessageHeader *msg;
440 memset (&u_i, 0, sizeof (struct redirect_info));
442 memcpy (&u_i.addr, dadr, addrlen);
445 /* get tunnel and service-descriptor from this */
446 GNUNET_HashCode hash;
448 hash_redirect_info (&hash, &u_i, addrlen);
450 struct redirect_state *state =
451 GNUNET_CONTAINER_multihashmap_get (tcp_connections, &hash);
455 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
456 "No mapping for this connection; hash is %x\n",
457 *((uint32_t *) & hash));
461 /* Mark this connection as freshly used */
462 GNUNET_CONTAINER_heap_update_cost (tcp_connections_heap, state->heap_node,
463 GNUNET_TIME_absolute_get ().abs_value);
465 tunnel = state->tunnel;
467 if (state->type == SERVICE)
469 /* check if spt == serv.remote if yes: set spt = serv.myport ("nat") */
470 if (ntohs (tcp->spt) == state->serv->remote_port)
472 tcp->spt = htons (state->serv->my_port);
476 // This is an illegal packet.
481 /* send tcp-packet back */
483 sizeof (struct GNUNET_MessageHeader) + sizeof (GNUNET_HashCode) + pktlen;
484 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "len: %d\n", pktlen);
485 struct GNUNET_MESH_Tunnel **ctunnel =
486 GNUNET_malloc (sizeof (struct GNUNET_MESH_TUNNEL *) + len);
488 msg = (struct GNUNET_MessageHeader *) (ctunnel + 1);
489 msg->size = htons (len);
491 htons (state->type ==
492 SERVICE ? GNUNET_MESSAGE_TYPE_VPN_SERVICE_TCP_BACK :
493 GNUNET_MESSAGE_TYPE_VPN_REMOTE_TCP_BACK);
494 GNUNET_HashCode *desc = (GNUNET_HashCode *) (msg + 1);
496 if (state->type == SERVICE)
497 memcpy (desc, &state->desc, sizeof (GNUNET_HashCode));
499 memcpy (desc, &state->remote, sizeof (struct remote_addr));
500 void *_tcp = desc + 1;
502 memcpy (_tcp, tcp, pktlen);
504 struct tunnel_state *s = GNUNET_MESH_tunnel_get_data (tunnel);
508 /* No notify is pending */
510 GNUNET_MESH_notify_transmit_ready (tunnel, GNUNET_NO, 42,
511 GNUNET_TIME_relative_divide
512 (GNUNET_CONSTANTS_MAX_CORK_DELAY, 2),
513 (const struct GNUNET_PeerIdentity *)
515 send_udp_to_peer_notify_callback,
520 struct tunnel_notify_queue *element =
521 GNUNET_malloc (sizeof (struct tunnel_notify_queue));
522 element->cls = ctunnel;
525 GNUNET_CONTAINER_DLL_insert_tail (s->head, s->tail, element);
531 * Receive packets from the helper-process
534 message_token (void *cls __attribute__ ((unused)), void *client
535 __attribute__ ((unused)),
536 const struct GNUNET_MessageHeader *message)
538 GNUNET_assert (ntohs (message->type) == GNUNET_MESSAGE_TYPE_VPN_HELPER);
540 struct tun_pkt *pkt_tun = (struct tun_pkt *) message;
542 /* ethertype is ipv6 */
543 if (ntohs (pkt_tun->tun.type) == 0x86dd)
545 struct ip6_pkt *pkt6 = (struct ip6_pkt *) pkt_tun;
547 if (IPPROTO_UDP == pkt6->ip6_hdr.nxthdr)
548 udp_from_helper (&((struct ip6_udp *) pkt6)->udp_hdr,
549 (unsigned char *) &pkt6->ip6_hdr.dadr, 16);
550 else if (IPPROTO_TCP == pkt6->ip6_hdr.nxthdr)
551 tcp_from_helper (&((struct ip6_tcp *) pkt6)->tcp_hdr,
552 (unsigned char *) &pkt6->ip6_hdr.dadr, 16,
553 ntohs (pkt6->ip6_hdr.paylgth));
555 else if (ntohs (pkt_tun->tun.type) == 0x0800)
557 struct ip_pkt *pkt4 = (struct ip_pkt *) pkt_tun;
558 uint32_t tmp = pkt4->ip_hdr.dadr;
560 if (IPPROTO_UDP == pkt4->ip_hdr.proto)
561 udp_from_helper (&((struct ip_udp *) pkt4)->udp_hdr,
562 (unsigned char *) &tmp, 4);
563 else if (IPPROTO_TCP == pkt4->ip_hdr.proto)
565 size_t pktlen = ntohs (pkt4->ip_hdr.tot_lngth);
567 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "tot: %d\n", pktlen);
568 pktlen -= 4 * pkt4->ip_hdr.hdr_lngth;
569 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "-hdr: %d\n", pktlen);
570 tcp_from_helper (&((struct ip_tcp *) pkt4)->tcp_hdr,
571 (unsigned char *) &tmp, 4, pktlen);
581 * Reads the configuration servicecfg and populates udp_services
584 * @param section name of section in config, equal to hostname
587 read_service_conf (void *cls __attribute__ ((unused)), const char *section)
589 if ((strlen (section) < 8) ||
590 (0 != strcmp (".gnunet.", section + (strlen (section) - 8))))
593 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing dns-name %d %s %s\n",
594 strlen (section), section, section + (strlen (section) - 8));
600 uint16_t *desc = alloca (sizeof (GNUNET_HashCode) + 2);
602 GNUNET_CRYPTO_hash (section, strlen (section) + 1,
603 (GNUNET_HashCode *) (desc + 1));
614 GNUNET_CONFIGURATION_get_value_string (cfg, section, "UDP_REDIRECTS",
617 else if (proto == TCP &&
619 GNUNET_CONFIGURATION_get_value_string (cfg, section,
620 "TCP_REDIRECTS", &cpy)))
623 for (redirect = strtok (cpy, " "); redirect != NULL;
624 redirect = strtok (NULL, " "))
626 if (NULL == (hostname = strstr (redirect, ":")))
628 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
629 "Warning: option %s is not formatted correctly!\n",
635 if (NULL == (hostport = strstr (hostname, ":")))
637 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
638 "Warning: option %s is not formatted correctly!\n",
645 int local_port = atoi (redirect);
647 if (!((local_port > 0) && (local_port < 65536)))
648 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
649 "Warning: %s is not a correct port.", redirect);
653 struct redirect_service *serv =
654 GNUNET_malloc (sizeof (struct redirect_service));
655 serv->my_port = local_port;
657 if (0 == strcmp ("localhost4", hostname))
663 GNUNET_assert (GNUNET_OK ==
664 GNUNET_CONFIGURATION_get_value_string (cfg, "exit",
667 GNUNET_assert (1 == inet_pton (AF_INET, ip4addr, serv->v4.ip4address));
668 GNUNET_free (ip4addr);
670 else if (0 == strcmp ("localhost6", hostname))
676 GNUNET_assert (GNUNET_OK ==
677 GNUNET_CONFIGURATION_get_value_string (cfg, "exit",
680 GNUNET_assert (1 == inet_pton (AF_INET6, ip6addr, serv->v6.ip6address));
681 GNUNET_free (ip6addr);
685 struct addrinfo *res;
687 int ret = getaddrinfo (hostname, NULL, NULL, &res);
691 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No addresses found for %s!\n",
699 struct addrinfo *c = res;
703 if (c->ai_family == AF_INET)
706 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
707 "Found %s as address for %s\n",
708 inet_ntop (c->ai_family,
709 &((struct sockaddr_in *) (c->
711 (char *) &buf, 256), hostname);
712 memcpy (serv->v4.ip4address,
713 &((struct sockaddr_in *) (c->ai_addr))->sin_addr, 4);
715 else if (c->ai_family == AF_INET6)
718 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
719 "Found %s as address for %s\n",
720 inet_ntop (c->ai_family,
721 &((struct sockaddr_in6 *) (c->
722 ai_addr))->sin6_addr,
723 (char *) &buf, 256), hostname);
724 memcpy (serv->v6.ip6address,
725 &((struct sockaddr_in6 *) (c->ai_addr))->sin6_addr, 16);
737 serv->remote_port = atoi (hostport);
739 GNUNET_assert (GNUNET_OK ==
740 GNUNET_CONTAINER_multihashmap_put (udp_services,
743 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
745 GNUNET_assert (GNUNET_OK ==
746 GNUNET_CONTAINER_multihashmap_put (tcp_services,
749 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
754 proto = (proto == UDP) ? TCP : UDP;
756 while (proto != UDP);
760 * Start the helper-process
762 * If cls != NULL it is assumed that this function is called as a result of a dying
763 * helper. cls is then taken as handle to the old helper and is cleaned up.
766 start_helper_and_schedule (void *cls,
767 const struct GNUNET_SCHEDULER_TaskContext *tc)
769 if (0 != (tc->reason & GNUNET_SCHEDULER_REASON_SHUTDOWN))
773 cleanup_helper (cls);
783 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IFNAME", &ifname))
785 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
786 "No entry 'IFNAME' in configuration!\n");
791 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6ADDR",
794 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
795 "No entry 'IPV6ADDR' in configuration!\n");
800 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6PREFIX",
803 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
804 "No entry 'IPV6PREFIX' in configuration!\n");
809 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4ADDR",
812 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
813 "No entry 'IPV4ADDR' in configuration!\n");
818 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4MASK",
821 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
822 "No entry 'IPV4MASK' in configuration!\n");
827 * Messages get passed to the function message_token
828 * When the helper dies, this function will be called again with the
829 * helper_handle as cls.
832 start_helper (ifname, ipv6addr, ipv6prefix, ipv4addr, ipv4mask,
833 "exit-gnunet", start_helper_and_schedule, message_token,
836 GNUNET_free (ipv6addr);
837 GNUNET_free (ipv6prefix);
838 GNUNET_free (ipv4addr);
839 GNUNET_free (ipv4mask);
840 GNUNET_free (ifname);
844 prepare_ipv4_packet (size_t len, uint16_t pktlen, void *payload,
845 uint16_t protocol, void *ipaddress, void *tunnel,
846 struct redirect_state *state, struct ip_pkt *pkt4)
850 pkt4->shdr.type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
851 pkt4->shdr.size = htons (len);
853 pkt4->tun.type = htons (0x0800);
855 memcpy (&pkt4->data, payload, pktlen);
857 pkt4->ip_hdr.version = 4;
858 pkt4->ip_hdr.hdr_lngth = 5;
859 pkt4->ip_hdr.diff_serv = 0;
860 pkt4->ip_hdr.tot_lngth = htons (20 + pktlen);
861 pkt4->ip_hdr.ident = 0;
862 pkt4->ip_hdr.flags = 0;
863 pkt4->ip_hdr.frag_off = 0;
864 pkt4->ip_hdr.ttl = 255;
865 pkt4->ip_hdr.proto = protocol;
866 pkt4->ip_hdr.chks = 0; /* Will be calculated later */
868 memcpy (&tmp, ipaddress, 4);
869 pkt4->ip_hdr.dadr = tmp;
871 /* Generate a new src-address */
875 GNUNET_assert (GNUNET_OK ==
876 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4ADDR",
878 GNUNET_assert (GNUNET_OK ==
879 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4MASK",
881 inet_pton (AF_INET, ipv4addr, &tmp);
882 inet_pton (AF_INET, ipv4mask, &tmp2);
883 GNUNET_free (ipv4addr);
884 GNUNET_free (ipv4mask);
886 /* This should be a noop */
889 tmp |= ntohl (*((uint32_t *) tunnel)) & (~tmp2);
891 pkt4->ip_hdr.sadr = tmp;
893 memcpy (&state->redirect_info.addr, &tmp, 4);
894 if (IPPROTO_UDP == protocol)
896 struct ip_udp *pkt4_udp = (struct ip_udp *) pkt4;
898 state->redirect_info.pt = pkt4_udp->udp_hdr.spt;
900 pkt4_udp->udp_hdr.crc = 0; /* Optional for IPv4 */
902 else if (IPPROTO_TCP == protocol)
904 struct ip_tcp *pkt4_tcp = (struct ip_tcp *) pkt4;
906 state->redirect_info.pt = pkt4_tcp->tcp_hdr.spt;
908 pkt4_tcp->tcp_hdr.crc = 0;
911 tmp = pkt4->ip_hdr.sadr;
912 sum = calculate_checksum_update (sum, (uint16_t *) & tmp, 4);
913 tmp = pkt4->ip_hdr.dadr;
914 sum = calculate_checksum_update (sum, (uint16_t *) & tmp, 4);
916 tmp = (protocol << 16) | (0xffff & pktlen);
918 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "line: %08x, %x \n", tmp,
923 sum = calculate_checksum_update (sum, (uint16_t *) & tmp, 4);
926 calculate_checksum_update (sum, (uint16_t *) & pkt4_tcp->tcp_hdr,
928 pkt4_tcp->tcp_hdr.crc = calculate_checksum_end (sum);
932 calculate_ip_checksum ((uint16_t *) & pkt4->ip_hdr, 5 * 4);
936 prepare_ipv6_packet (size_t len, uint16_t pktlen, void *payload,
937 uint16_t protocol, void *ipaddress, void *tunnel,
938 struct redirect_state *state, struct ip6_pkt *pkt6)
942 pkt6->shdr.type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
943 pkt6->shdr.size = htons (len);
946 pkt6->tun.type = htons (0x86dd);
948 memcpy (&pkt6->data, payload, pktlen);
950 pkt6->ip6_hdr.version = 6;
951 pkt6->ip6_hdr.nxthdr = protocol;
952 pkt6->ip6_hdr.paylgth = htons (pktlen);
953 pkt6->ip6_hdr.hoplmt = 64;
955 memcpy (pkt6->ip6_hdr.dadr, ipaddress, 16);
957 /* Generate a new src-address
958 * This takes as much from the address of the tunnel as fits into
961 unsigned long long ipv6prefix;
963 GNUNET_assert (GNUNET_OK ==
964 GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6ADDR",
966 GNUNET_assert (GNUNET_OK ==
967 GNUNET_CONFIGURATION_get_value_number (cfg, "exit",
970 GNUNET_assert (ipv6prefix < 127);
971 ipv6prefix = (ipv6prefix + 7) / 8;
973 inet_pton (AF_INET6, ipv6addr, &pkt6->ip6_hdr.sadr);
974 GNUNET_free (ipv6addr);
976 if (ipv6prefix < (16 - sizeof (void *)))
977 ipv6prefix = 16 - sizeof (void *);
979 unsigned int offset = ipv6prefix - (16 - sizeof (void *));
981 memcpy ((((char *) &pkt6->ip6_hdr.sadr)) + ipv6prefix,
982 ((char *) &tunnel) + offset, 16 - ipv6prefix);
984 /* copy the needed information into the state */
985 memcpy (&state->redirect_info.addr, &pkt6->ip6_hdr.sadr, 16);
987 if (IPPROTO_UDP == protocol)
989 struct ip6_udp *pkt6_udp = (struct ip6_udp *) pkt6;
991 state->redirect_info.pt = pkt6_udp->udp_hdr.spt;
993 pkt6_udp->udp_hdr.crc = 0;
997 calculate_checksum_update (sum, (uint16_t *) & pkt6_udp->ip6_hdr.sadr,
1000 calculate_checksum_update (sum, (uint16_t *) & pkt6_udp->ip6_hdr.dadr,
1002 tmp = (htons (pktlen) & 0xffff);
1003 sum = calculate_checksum_update (sum, (uint16_t *) & tmp, 4);
1004 tmp = htons (((pkt6_udp->ip6_hdr.nxthdr & 0x00ff)));
1005 sum = calculate_checksum_update (sum, (uint16_t *) & tmp, 4);
1008 calculate_checksum_update (sum, (uint16_t *) & pkt6_udp->udp_hdr,
1009 ntohs (pkt6_udp->udp_hdr.len));
1010 pkt6_udp->udp_hdr.crc = calculate_checksum_end (sum);
1012 else if (IPPROTO_TCP == protocol)
1014 struct ip6_tcp *pkt6_tcp = (struct ip6_tcp *) pkt6;
1016 state->redirect_info.pt = pkt6_tcp->tcp_hdr.spt;
1018 pkt6_tcp->tcp_hdr.crc = 0;
1022 calculate_checksum_update (sum, (uint16_t *) & pkt6->ip6_hdr.sadr, 16);
1024 calculate_checksum_update (sum, (uint16_t *) & pkt6->ip6_hdr.dadr, 16);
1025 tmp = htonl (pktlen);
1026 sum = calculate_checksum_update (sum, (uint16_t *) & tmp, 4);
1027 tmp = htonl (((pkt6->ip6_hdr.nxthdr & 0x000000ff)));
1028 sum = calculate_checksum_update (sum, (uint16_t *) & tmp, 4);
1031 calculate_checksum_update (sum, (uint16_t *) & pkt6_tcp->tcp_hdr,
1032 ntohs (pkt6->ip6_hdr.paylgth));
1033 pkt6_tcp->tcp_hdr.crc = calculate_checksum_end (sum);
1038 * The messages are one GNUNET_HashCode for the service followed by a struct tcp_pkt
1041 receive_tcp_service (void *cls
1042 __attribute__ ((unused)),
1043 struct GNUNET_MESH_Tunnel *tunnel, void **tunnel_ctx
1044 __attribute__ ((unused)),
1045 const struct GNUNET_PeerIdentity *sender
1046 __attribute__ ((unused)),
1047 const struct GNUNET_MessageHeader *message,
1048 const struct GNUNET_ATS_Information *atsi
1049 __attribute__ ((unused)))
1051 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received TCP-Packet\n");
1052 GNUNET_HashCode *desc = (GNUNET_HashCode *) (message + 1);
1053 struct tcp_pkt *pkt = (struct tcp_pkt *) (desc + 1);
1055 ntohs (message->size) - sizeof (struct GNUNET_MessageHeader) -
1056 sizeof (GNUNET_HashCode);
1058 /** Get the configuration from the services-hashmap.
1060 * Which service is needed only depends on the service-descriptor and the
1063 uint16_t *tcp_desc = alloca (sizeof (GNUNET_HashCode) + 2);
1065 memcpy (tcp_desc + 1, desc, sizeof (GNUNET_HashCode));
1066 *tcp_desc = ntohs (pkt->dpt);
1067 struct redirect_service *serv =
1068 GNUNET_CONTAINER_multihashmap_get (tcp_services,
1069 (GNUNET_HashCode *) tcp_desc);
1073 GNUNET_log (GNUNET_ERROR_TYPE_INFO, "No service found for TCP dpt %d!\n",
1078 pkt->dpt = htons (serv->remote_port);
1081 * At this point it would be possible to check against some kind of ACL.
1087 /* Prepare the state.
1088 * This will be saved in the hashmap, so that the receiving procedure knows
1089 * through which tunnel this connection has to be routed.
1091 struct redirect_state *state = GNUNET_malloc (sizeof (struct redirect_state));
1093 state->tunnel = tunnel;
1095 state->type = SERVICE;
1096 state->hashmap = tcp_connections;
1097 memcpy (&state->desc, desc, sizeof (GNUNET_HashCode));
1100 sizeof (struct GNUNET_MessageHeader) + sizeof (struct pkt_tun) +
1101 sizeof (struct ip6_hdr) + pkt_len;
1104 memset (buf, 0, len);
1106 switch (serv->version)
1109 prepare_ipv4_packet (len, pkt_len, pkt, IPPROTO_TCP, &serv->v4.ip4address,
1110 tunnel, state, (struct ip_pkt *) buf);
1113 prepare_ipv6_packet (len, pkt_len, pkt, IPPROTO_TCP, &serv->v6.ip6address,
1114 tunnel, state, (struct ip6_pkt *) buf);
1122 hash_redirect_info (&state->hash, &state->redirect_info,
1123 serv->version == 4 ? 4 : 16);
1126 GNUNET_CONTAINER_multihashmap_contains (tcp_connections, &state->hash))
1128 GNUNET_CONTAINER_multihashmap_put (tcp_connections, &state->hash, state,
1129 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
1132 GNUNET_CONTAINER_heap_insert (tcp_connections_heap, state,
1133 GNUNET_TIME_absolute_get ().abs_value);
1135 if (GNUNET_CONTAINER_heap_get_size (tcp_connections_heap) >
1136 max_tcp_connections)
1137 GNUNET_SCHEDULER_add_now (collect_connections, tcp_connections_heap);
1140 GNUNET_free (state);
1142 (void) GNUNET_DISK_file_write (helper_handle->fh_to_helper, buf, len);
1147 receive_tcp_remote (void *cls
1148 __attribute__ ((unused)), struct GNUNET_MESH_Tunnel *tunnel,
1150 __attribute__ ((unused)),
1151 const struct GNUNET_PeerIdentity *sender
1152 __attribute__ ((unused)),
1153 const struct GNUNET_MessageHeader *message,
1154 const struct GNUNET_ATS_Information *atsi
1155 __attribute__ ((unused)))
1157 GNUNET_HashCode *desc = (GNUNET_HashCode *) (message + 1);
1158 struct tcp_pkt *pkt = (struct tcp_pkt *) (desc + 1);
1159 struct remote_addr *s = (struct remote_addr *) desc;
1163 ntohs (message->size) - sizeof (struct GNUNET_MessageHeader) -
1164 sizeof (GNUNET_HashCode);
1166 struct redirect_state *state = GNUNET_malloc (sizeof (struct redirect_state));
1168 state->tunnel = tunnel;
1169 state->type = REMOTE;
1170 state->hashmap = tcp_connections;
1171 memcpy (&state->remote, s, sizeof (struct remote_addr));
1174 sizeof (struct GNUNET_MessageHeader) + sizeof (struct pkt_tun) +
1175 sizeof (struct ip6_hdr) + pkt_len;
1178 memset (buf, 0, len);
1183 prepare_ipv4_packet (len, pkt_len, pkt, IPPROTO_TCP, &s->addr, tunnel,
1184 state, (struct ip_pkt *) buf);
1187 prepare_ipv6_packet (len, pkt_len, pkt, IPPROTO_TCP, &s->addr, tunnel,
1188 state, (struct ip6_pkt *) buf);
1191 GNUNET_free (state);
1192 return GNUNET_SYSERR;
1195 hash_redirect_info (&state->hash, &state->redirect_info, s->addrlen);
1197 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Packet from remote; hash is %x\n",
1198 *((uint32_t *) & state->hash));
1201 GNUNET_CONTAINER_multihashmap_contains (tcp_connections, &state->hash))
1203 GNUNET_CONTAINER_multihashmap_put (tcp_connections, &state->hash, state,
1204 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
1207 GNUNET_CONTAINER_heap_insert (tcp_connections_heap, state,
1208 GNUNET_TIME_absolute_get ().abs_value);
1210 if (GNUNET_CONTAINER_heap_get_size (tcp_connections_heap) >
1211 max_tcp_connections)
1212 GNUNET_SCHEDULER_add_now (collect_connections, tcp_connections_heap);
1215 GNUNET_free (state);
1217 (void) GNUNET_DISK_file_write (helper_handle->fh_to_helper, buf, len);
1223 receive_udp_remote (void *cls
1224 __attribute__ ((unused)), struct GNUNET_MESH_Tunnel *tunnel,
1226 __attribute__ ((unused)),
1227 const struct GNUNET_PeerIdentity *sender
1228 __attribute__ ((unused)),
1229 const struct GNUNET_MessageHeader *message,
1230 const struct GNUNET_ATS_Information *atsi
1231 __attribute__ ((unused)))
1233 GNUNET_HashCode *desc = (GNUNET_HashCode *) (message + 1);
1234 struct udp_pkt *pkt = (struct udp_pkt *) (desc + 1);
1235 struct remote_addr *s = (struct remote_addr *) desc;
1239 GNUNET_assert (ntohs (pkt->len) ==
1240 ntohs (message->size) - sizeof (struct GNUNET_MessageHeader) -
1241 sizeof (GNUNET_HashCode));
1243 /* Prepare the state.
1244 * This will be saved in the hashmap, so that the receiving procedure knows
1245 * through which tunnel this connection has to be routed.
1247 struct redirect_state *state = GNUNET_malloc (sizeof (struct redirect_state));
1249 state->tunnel = tunnel;
1250 state->hashmap = udp_connections;
1251 state->type = REMOTE;
1252 memcpy (&state->remote, s, sizeof (struct remote_addr));
1255 sizeof (struct GNUNET_MessageHeader) + sizeof (struct pkt_tun) +
1256 sizeof (struct ip6_hdr) + ntohs (pkt->len);
1259 memset (buf, 0, len);
1264 prepare_ipv4_packet (len, ntohs (pkt->len), pkt, IPPROTO_UDP, &s->addr,
1265 tunnel, state, (struct ip_pkt *) buf);
1268 prepare_ipv6_packet (len, ntohs (pkt->len), pkt, IPPROTO_UDP, &s->addr,
1269 tunnel, state, (struct ip6_pkt *) buf);
1276 hash_redirect_info (&state->hash, &state->redirect_info, s->addrlen);
1279 GNUNET_CONTAINER_multihashmap_contains (udp_connections, &state->hash))
1281 GNUNET_CONTAINER_multihashmap_put (udp_connections, &state->hash, state,
1282 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
1285 GNUNET_CONTAINER_heap_insert (udp_connections_heap, state,
1286 GNUNET_TIME_absolute_get ().abs_value);
1288 if (GNUNET_CONTAINER_heap_get_size (udp_connections_heap) >
1289 max_udp_connections)
1290 GNUNET_SCHEDULER_add_now (collect_connections, udp_connections_heap);
1293 GNUNET_free (state);
1295 (void) GNUNET_DISK_file_write (helper_handle->fh_to_helper, buf, len);
1300 * The messages are one GNUNET_HashCode for the service, followed by a struct udp_pkt
1303 receive_udp_service (void *cls
1304 __attribute__ ((unused)),
1305 struct GNUNET_MESH_Tunnel *tunnel, void **tunnel_ctx,
1306 const struct GNUNET_PeerIdentity *sender
1307 __attribute__ ((unused)),
1308 const struct GNUNET_MessageHeader *message,
1309 const struct GNUNET_ATS_Information *atsi
1310 __attribute__ ((unused)))
1312 GNUNET_HashCode *desc = (GNUNET_HashCode *) (message + 1);
1313 struct udp_pkt *pkt = (struct udp_pkt *) (desc + 1);
1315 GNUNET_assert (ntohs (pkt->len) ==
1316 ntohs (message->size) - sizeof (struct GNUNET_MessageHeader) -
1317 sizeof (GNUNET_HashCode));
1319 /* Get the configuration from the hashmap */
1320 uint16_t *udp_desc = alloca (sizeof (GNUNET_HashCode) + 2);
1322 memcpy (udp_desc + 1, desc, sizeof (GNUNET_HashCode));
1323 *udp_desc = ntohs (pkt->dpt);
1324 struct redirect_service *serv =
1325 GNUNET_CONTAINER_multihashmap_get (udp_services,
1326 (GNUNET_HashCode *) udp_desc);
1330 GNUNET_log (GNUNET_ERROR_TYPE_INFO, "No service found for UDP dpt %d!\n",
1335 pkt->dpt = htons (serv->remote_port);
1338 * At this point it would be possible to check against some kind of ACL.
1344 /* Prepare the state.
1345 * This will be saved in the hashmap, so that the receiving procedure knows
1346 * through which tunnel this connection has to be routed.
1348 struct redirect_state *state = GNUNET_malloc (sizeof (struct redirect_state));
1350 state->tunnel = tunnel;
1352 state->type = SERVICE;
1353 state->hashmap = udp_connections;
1354 memcpy (&state->desc, desc, sizeof (GNUNET_HashCode));
1357 sizeof (struct GNUNET_MessageHeader) + sizeof (struct pkt_tun) +
1358 sizeof (struct ip6_hdr) + ntohs (pkt->len);
1361 memset (buf, 0, len);
1363 switch (serv->version)
1366 prepare_ipv4_packet (len, ntohs (pkt->len), pkt, IPPROTO_UDP,
1367 &serv->v4.ip4address, tunnel, state,
1368 (struct ip_pkt *) buf);
1371 prepare_ipv6_packet (len, ntohs (pkt->len), pkt, IPPROTO_UDP,
1372 &serv->v6.ip6address, tunnel, state,
1373 (struct ip6_pkt *) buf);
1381 hash_redirect_info (&state->hash, &state->redirect_info,
1382 serv->version == 4 ? 4 : 16);
1385 GNUNET_CONTAINER_multihashmap_contains (udp_connections, &state->hash))
1387 GNUNET_CONTAINER_multihashmap_put (udp_connections, &state->hash, state,
1388 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
1391 GNUNET_CONTAINER_heap_insert (udp_connections_heap, state,
1392 GNUNET_TIME_absolute_get ().abs_value);
1394 if (GNUNET_CONTAINER_heap_get_size (udp_connections_heap) >
1395 max_udp_connections)
1396 GNUNET_SCHEDULER_add_now (collect_connections, udp_connections_heap);
1399 GNUNET_free (state);
1401 (void) GNUNET_DISK_file_write (helper_handle->fh_to_helper, buf, len);
1409 int handler_idx, app_idx;
1411 udp = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_UDP");
1412 tcp = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_TCP");
1414 static struct GNUNET_MESH_MessageHandler handlers[] = {
1415 {receive_udp_service, GNUNET_MESSAGE_TYPE_VPN_SERVICE_UDP, 0},
1416 {receive_tcp_service, GNUNET_MESSAGE_TYPE_VPN_SERVICE_TCP, 0},
1422 static GNUNET_MESH_ApplicationType apptypes[] = {
1423 GNUNET_APPLICATION_TYPE_END,
1424 GNUNET_APPLICATION_TYPE_END,
1425 GNUNET_APPLICATION_TYPE_END
1431 if (GNUNET_YES == udp)
1433 handlers[handler_idx].callback = receive_udp_remote;
1434 handlers[handler_idx].expected_size = 0;
1435 handlers[handler_idx].type = GNUNET_MESSAGE_TYPE_VPN_REMOTE_UDP;
1436 apptypes[app_idx] = GNUNET_APPLICATION_TYPE_INTERNET_UDP_GATEWAY;
1441 if (GNUNET_YES == tcp)
1443 handlers[handler_idx].callback = receive_tcp_remote;
1444 handlers[handler_idx].expected_size = 0;
1445 handlers[handler_idx].type = GNUNET_MESSAGE_TYPE_VPN_REMOTE_TCP;
1446 apptypes[app_idx] = GNUNET_APPLICATION_TYPE_INTERNET_TCP_GATEWAY;
1452 GNUNET_MESH_connect (cfg, 42, NULL, new_tunnel, clean_tunnel, handlers,
1458 * @brief Main function that will be run by the scheduler.
1460 * @param cls closure
1461 * @param args remaining command-line arguments
1462 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
1463 * @param cfg_ configuration
1466 run (void *cls, char *const *args __attribute__ ((unused)), const char *cfgfile
1467 __attribute__ ((unused)), const struct GNUNET_CONFIGURATION_Handle *cfg_)
1473 udp_connections = GNUNET_CONTAINER_multihashmap_create (65536);
1474 udp_connections_heap =
1475 GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
1476 tcp_connections = GNUNET_CONTAINER_multihashmap_create (65536);
1477 tcp_connections_heap =
1478 GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
1479 udp_services = GNUNET_CONTAINER_multihashmap_create (65536);
1480 tcp_services = GNUNET_CONTAINER_multihashmap_create (65536);
1483 GNUNET_CONFIGURATION_get_value_number (cfg, "exit", "MAX_UDP_CONNECTIONS",
1484 &max_udp_connections))
1485 max_udp_connections = 1024;
1487 GNUNET_CONFIGURATION_get_value_number (cfg, "exit", "MAX_TCP_CONNECTIONS",
1488 &max_tcp_connections))
1489 max_tcp_connections = 256;
1490 GNUNET_CONFIGURATION_iterate_sections (cfg, read_service_conf, NULL);
1491 GNUNET_SCHEDULER_add_now (start_helper_and_schedule, NULL);
1492 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &cleanup, cls);
1499 * @param argc number of arguments from the command line
1500 * @param argv command line arguments
1501 * @return 0 ok, 1 on error
1504 main (int argc, char *const *argv)
1506 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
1507 GNUNET_GETOPT_OPTION_END
1510 return (GNUNET_OK ==
1511 GNUNET_PROGRAM_run (argc, argv, "gnunet-daemon-exit",
1513 ("Daemon to run to provide an IP exit node for the VPN"),
1514 options, &run, NULL)) ? ret : 1;
1518 /* end of gnunet-daemon-exit.c */