2 This file is part of GNUnet.
3 (C) 2010, 2012 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file vpn/gnunet-helper-vpn-windows.c
23 * @brief the helper for the VPN service in win32 builds.
24 * Opens a virtual network-interface, sends data received on the if to stdout,
25 * sends data received on stdin to the interface
26 * @author Christian M. Fuchs
28 * The following list of people have reviewed this code and considered
29 * it safe since the last modification (if you reviewed it, please
30 * have your name added to the list):
37 #include <ddk/cfgmgr32.h>
42 * Need 'struct GNUNET_MessageHeader'.
44 #include "gnunet_common.h"
47 * Need VPN message types.
49 #include "gnunet_protocols.h"
52 * Should we print (interesting|debug) messages that can happen during
55 #define DEBUG GNUNET_NO
58 * Maximum size of a GNUnet message (GNUNET_SERVER_MAX_MESSAGE_SIZE)
60 #define MAX_SIZE 65536
63 * Name or Path+Name of our driver in Unicode.
64 * The .sys and .cat files HAVE to be in the same location as this file!
66 #define INF_FILE "tapw32.inf"
69 * Hardware ID used in the inf-file.
70 * This might change over time, as openvpn advances their driver
72 #define HARDWARE_ID "TAP0901"
75 * Location of the network interface list resides in registry.
76 * TODO: is this fixed on all version of windows? Checked with XP and 7
78 #define INTERFACE_REGISTRY_LOCATION "SYSTEM\\CurrentControlSet\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}"
81 * Our local process' PID. Used for creating a sufficiently unique additional
82 * hardware ID for our device.
84 static char secondary_hwid[LINE_LEN / 2];
87 * Device's visible Name, used to identify a network device in netsh.
88 * eg: "Local Area Connection 9"
90 static char device_visible_name[256];
93 * This is our own local instance of a virtual network interface
94 * It is (somewhat) equivalent to using tun/tap in unixoid systems
96 * Upon initialization, we create such an device node.
97 * Upon termination, we remove it again.
99 * If we crash this device might stay around.
101 static HDEVINFO DeviceInfo = INVALID_HANDLE_VALUE;
104 * Registry Key we hand over to windows to spawn a new virtual interface
106 static SP_DEVINFO_DATA DeviceNode;
109 * Class-tag of our virtual device
111 static char class[128];
114 * GUID of our virtual device in the form of
115 * {12345678-1234-1234-1234-123456789abc} - in hex
121 * inet_pton() wrapper for WSAStringToAddress()
123 * this is needed as long as we support WinXP, because only Vista+ support
124 * inet_pton at all, and mingw does not yet offer inet_pton/ntop at all
126 * @param af - IN - the aftype this address is supposed to be (v4/v6)
127 * @param src - IN - the presentation form of the address
128 * @param dst - OUT - the numerical form of the address
129 * @return 0 on success, 1 on failure
132 int inet_pton (int af, const char *src, void *dst);
135 inet_pton (int af, const char *src, void *dst)
137 struct sockaddr_storage addr;
138 int size = sizeof (addr);
139 char local_copy[INET6_ADDRSTRLEN + 1];
141 ZeroMemory (&addr, sizeof (addr));
142 /* stupid non-const API */
143 strncpy (local_copy, src, INET6_ADDRSTRLEN + 1);
144 local_copy[INET6_ADDRSTRLEN] = 0;
146 if (WSAStringToAddressA (local_copy, af, NULL, (struct sockaddr *) &addr, &size) == 0)
151 *(struct in_addr *) dst = ((struct sockaddr_in *) &addr)->sin_addr;
154 *(struct in6_addr *) dst = ((struct sockaddr_in6 *) &addr)->sin6_addr;
162 * Wrapper for executing a shellcommand in windows.
164 * @param command - the command + parameters to execute
165 * @return * exitcode of the program executed,
166 * * EINVAL (cmd/file not found)
167 * * EPIPE (could not read STDOUT)
170 execute_shellcommand (char * command)
174 if (NULL == command ||
175 NULL == (pipe = _popen (command, "rt")))
180 char output[LINE_LEN];
182 printf ("executed command: %s", command);
183 while (NULL != fgets (output, sizeof (output), pipe))
191 return _pclose (pipe);
195 * @brief Sets the IPv6-Address given in address on the interface dev
197 * @param address the IPv6-Address
198 * @param prefix_len the length of the network-prefix
201 set_address6 (const char *address, unsigned long prefix_len)
204 char command[LINE_LEN];
205 struct sockaddr_in6 sa6;
208 * parse the new address
210 memset (&sa6, 0, sizeof (struct sockaddr_in6));
211 sa6.sin6_family = AF_INET6;
212 if (1 != inet_pton (AF_INET6, address, &sa6.sin6_addr.s6_addr))
214 fprintf (stderr, "Failed to parse address `%s': %s\n", address,
220 * prepare the command
222 snprintf (command, LINE_LEN,
223 "netsh interface ipv6 add address \"%s\" %s/%d",
224 device_visible_name, address, prefix_len);
228 ret = execute_shellcommand (command);
233 fprintf (stderr, "Setting IPv6 address failed: %s\n", strerror (ret));
234 exit (1); // FIXME: return error code, shut down interface / unload driver
239 * @brief Sets the IPv4-Address given in address on the interface dev
241 * @param dev the interface to configure
242 * @param address the IPv4-Address
243 * @param mask the netmask
246 set_address4 (const char *address, const char *mask)
249 char command[LINE_LEN];
251 struct sockaddr_in addr;
252 addr.sin_family = AF_INET;
257 if (1 != inet_pton (AF_INET, address, &addr.sin_addr.s_addr))
259 fprintf (stderr, "Failed to parse address `%s': %s\n", address,
265 * prepare the command
267 snprintf (command, LINE_LEN,
268 "netsh interface ipv4 add address \"%s\" %s %s",
269 device_visible_name, address, mask);
273 ret = execute_shellcommand (command);
278 fprintf (stderr, "Setting IPv4 address failed: %s\n", strerror (ret));
279 exit (1); // FIXME: return error code, shut down interface / unload driver
284 * Setup a new virtual interface to use for tunneling.
286 * @return: TRUE if setup was successful, else FALSE
292 * where to find our inf-file. (+ the "full" path, after windows found")
294 * We do not directly input all the props here, because openvpn will update
295 * these details over time.
297 char inf_file_path[MAX_PATH];
298 char hwidlist[LINE_LEN + 4];
304 * Set the device's hardware ID and add it to a list.
305 * This information will later on identify this device in registry.
307 * TODO: Currently we just use TAP0901 as HWID,
308 * but we might want to add additional information
310 strncpy (hwidlist, HARDWARE_ID, LINE_LEN);
312 * this is kind of over-complicated, but allows keeps things independent of
313 * how the openvpn-hwid is actually stored.
315 * A HWID list is double-\0 terminated and \0 separated
317 str_lenth = strlen (hwidlist) + 1;
318 strncpy (&hwidlist[str_lenth], secondary_hwid, LINE_LEN - str_lenth);
321 * Locate the inf-file, we need to store it somewhere where the system can
322 * find it. A good choice would be CWD/PDW or %WINDIR$\system32\
324 * TODO: How about win64 in the future?
325 * We need to use a different driver for amd64/i386 !
327 GetFullPathNameA (INF_FILE, MAX_PATH, inf_file_path, NULL);
330 * Bootstrap our device info using the drivers inf-file
332 if (!SetupDiGetINFClassA (inf_file_path,
334 class, sizeof (class) / sizeof (char),
339 * Collect all the other needed information...
340 * let the system fill our this form
342 DeviceInfo = SetupDiCreateDeviceInfoList (&guid, NULL);
343 if (DeviceInfo == INVALID_HANDLE_VALUE)
346 DeviceNode.cbSize = sizeof (SP_DEVINFO_DATA);
347 if (!SetupDiCreateDeviceInfoA (DeviceInfo,
356 /* Deploy all the information collected into the registry */
357 if (!SetupDiSetDeviceRegistryPropertyA (DeviceInfo,
361 (strlen (hwidlist) + 2) * sizeof (char)))
364 /* Install our new class(=device) into the system */
365 if (!SetupDiCallClassInstaller (DIF_REGISTERDEVICE,
374 * Remove our new virtual interface to use for tunneling.
375 * This function must be called AFTER setup_interface!
377 * @return: TRUE if destruction was successful, else FALSE
382 SP_REMOVEDEVICE_PARAMS remove;
384 if (INVALID_HANDLE_VALUE == DeviceInfo)
387 remove.ClassInstallHeader.cbSize = sizeof (SP_CLASSINSTALL_HEADER);
388 remove.HwProfile = 0;
389 remove.Scope = DI_REMOVEDEVICE_GLOBAL;
390 remove.ClassInstallHeader.InstallFunction = DIF_REMOVE;
392 * 1. Prepare our existing device information set, and place the
393 * uninstall related information into the structure
395 if (!SetupDiSetClassInstallParamsA (DeviceInfo,
396 (PSP_DEVINFO_DATA) & DeviceNode,
397 &remove.ClassInstallHeader,
401 * 2. Uninstall the virtual interface using the class installer
403 if (!SetupDiCallClassInstaller (DIF_REMOVE,
405 (PSP_DEVINFO_DATA) & DeviceNode))
408 SetupDiDestroyDeviceInfoList (DeviceInfo);
414 * Do all the lookup necessary to retrieve the inteface's actual name
417 * @return: TRUE if we were able to lookup the interface's name, else FALSE
420 resolve_interface_name ()
423 SP_DEVINFO_LIST_DETAIL_DATA device_details;
424 char pnp_instance_id [MAX_DEVICE_ID_LEN];
425 HKEY adapter_key_handle;
429 boolean retval = FALSE;
430 char adapter[] = INTERFACE_REGISTRY_LOCATION;
432 /* We can obtain the PNP instance ID from our setupapi handle */
433 device_details.cbSize = sizeof (device_details);
434 if (CR_SUCCESS != CM_Get_Device_ID_ExA (DeviceNode.DevInst,
435 (PCHAR) pnp_instance_id,
438 NULL)) //hMachine, we are local
441 /* Now we can use this ID to locate the correct networks interface in registry */
442 if (ERROR_SUCCESS != RegOpenKeyExA (
447 &adapter_key_handle))
450 /* Of course there is a multitude of entries here, with arbitrary names,
451 * thus we need to iterate through there.
455 char instance_key[256];
456 char query_key [256];
457 HKEY instance_key_handle;
458 char pnpinstanceid_name[] = "PnpInstanceID";
459 char pnpinstanceid_value[256];
460 char adaptername_name[] = "Name";
463 len = sizeof (adapter_key_handle);
464 /* optain a subkey of {4D36E972-E325-11CE-BFC1-08002BE10318} */
465 status = RegEnumKeyExA (
475 /* this may fail due to one of two reasons:
476 * we are at the end of the list*/
477 if (ERROR_NO_MORE_ITEMS == status)
479 // * we found a broken registry key, continue with the next key.
480 if (ERROR_SUCCESS != status)
483 /* prepare our new query string: */
484 snprintf (query_key, 256, "%s\\%s\\Connection",
485 INTERFACE_REGISTRY_LOCATION,
488 /* look inside instance_key\\Connection */
489 status = RegOpenKeyExA (
494 &instance_key_handle);
496 if (status != ERROR_SUCCESS)
499 /* now, read our PnpInstanceID */
500 len = sizeof (pnpinstanceid_value);
501 status = RegQueryValueExA (instance_key_handle,
503 NULL, //reserved, always NULL according to MSDN
505 (LPBYTE) pnpinstanceid_value,
508 if (status != ERROR_SUCCESS || data_type != REG_SZ)
511 /* compare the value we got to our devices PNPInstanceID*/
512 if (0 != strncmp (pnpinstanceid_value, pnp_instance_id,
513 sizeof (pnpinstanceid_value) / sizeof (char)))
516 len = sizeof (device_visible_name);
517 status = RegQueryValueExA (
520 NULL, //reserved, always NULL according to MSDN
522 (LPBYTE) device_visible_name,
525 if (status == ERROR_SUCCESS && data_type == REG_SZ)
530 RegCloseKey (instance_key_handle);
535 RegCloseKey (adapter_key_handle);
541 * Creates a tun-interface called dev;
543 * @return the fd to the tun or -1 on error
550 if (!setup_interface ())
556 if (!resolve_interface_name ())
573 * Start forwarding to and from the tunnel.
575 * @param fd_tun tunnel FD
581 * The buffer filled by reading from fd_tun
583 unsigned char buftun[MAX_SIZE];
584 ssize_t buftun_size = 0;
585 unsigned char *buftun_read = NULL;
588 * The buffer filled by reading from stdin
590 unsigned char bufin[MAX_SIZE];
591 ssize_t bufin_size = 0;
592 ssize_t bufin_rpos = 0;
593 unsigned char *bufin_read = NULL;
594 /* Hello, I am a stub function! I did my job, yay me! */
599 // tunnel_point_to_point
602 /* setup ansync IO */
611 * Open VPN tunnel interface.
613 * @param argc must be 6
614 * @param argv 0: binary name (gnunet-helper-vpn)
615 * 1: tunnel interface name (gnunet-vpn)
616 * 2: IPv6 address (::1), "-" to disable
617 * 3: IPv6 netmask length in bits (64), ignored if #2 is "-"
618 * 4: IPv4 address (1.2.3.4), "-" to disable
619 * 5: IPv4 netmask (255.255.0.0), ignored if #4 is "-"
622 main (int argc, char **argv)
630 fprintf (stderr, "Fatal: must supply 5 arguments!\n");
634 strncpy (hwid, argv[1], LINE_LEN);
635 hwid[LINE_LEN - 1] = '\0';
638 * We use our PID for finding/resolving the control-panel name of our virtual
639 * device. PIDs are (of course) unique at runtime, thus we can safely use it
640 * as additional hardware-id for our device.
642 snprintf (secondary_hwid, LINE_LEN / 2, "%s-%d",
646 if (-1 == (fd_tun = init_tun ()))
648 fprintf (stderr, "Fatal: could not initialize virtual-interface %s with IPv6 %s/%s and IPv4 %s/%s\n",
657 if (0 != strcmp (argv[2], "-"))
659 const char *address = argv[2];
660 long prefix_len = atol (argv[3]);
662 if ((prefix_len < 1) || (prefix_len > 127))
664 fprintf (stderr, "Fatal: prefix_len out of range\n");
669 set_address6 (address, prefix_len);
672 if (0 != strcmp (argv[4], "-"))
674 const char *address = argv[4];
675 const char *mask = argv[5];
677 set_address4 (address, mask);
681 // tap_allow_nonadmin_access