2 This file is part of GNUnet.
3 (C) 2010, 2011, 2012 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file vpn/gnunet-service-vpn.c
23 * @brief service that opens a virtual interface and allows its clients
24 * to allocate IPs on the virtual interface and to then redirect
25 * IP traffic received on those IPs via the GNUnet mesh
26 * @author Philipp Toelke
27 * @author Christian Grothoff
34 * - add back ICMP support (especially needed for IPv6)
37 * - consider moving IP-header building / checksumming code into shared library
38 * with dns/exit/vpn (libgnunettun_tcpip?)
41 #include "gnunet_util_lib.h"
42 #include "gnunet_common.h"
43 #include "gnunet_protocols.h"
44 #include "gnunet_applications.h"
45 #include "gnunet_mesh_service.h"
46 #include "gnunet_statistics_service.h"
47 #include "gnunet_constants.h"
48 #include "gnunet_tun_lib.h"
54 * Maximum number of messages we allow in the queue for mesh.
56 #define MAX_MESSAGE_QUEUE_SIZE 4
60 * State we keep for each of our tunnels.
66 * Information we track for each IP address to determine which tunnel
67 * to send the traffic over to the destination.
69 struct DestinationEntry
73 * Key under which this entry is in the 'destination_map' (only valid
74 * if 'heap_node != NULL').
79 * Pre-allocated tunnel for this destination, or NULL for none.
81 struct TunnelState *ts;
84 * Entry for this entry in the destination_heap.
86 struct GNUNET_CONTAINER_HeapNode *heap_node;
89 * GNUNET_NO if this is a tunnel to an Internet-exit,
90 * GNUNET_YES if this tunnel is to a service.
95 * Details about the connection (depending on is_service).
103 * The description of the service (only used for service tunnels).
105 GNUNET_HashCode service_descriptor;
108 * Peer offering the service.
110 struct GNUNET_PeerIdentity target;
112 } service_destination;
118 * Address family used (AF_INET or AF_INET6).
123 * IP address of the ultimate destination (only used for exit tunnels).
128 * Address if af is AF_INET.
133 * Address if af is AF_INET6.
146 * A messages we have in queue for a particular tunnel.
148 struct TunnelMessageQueueEntry
151 * This is a doubly-linked list.
153 struct TunnelMessageQueueEntry *next;
156 * This is a doubly-linked list.
158 struct TunnelMessageQueueEntry *prev;
161 * Number of bytes in 'msg'.
166 * Message to transmit, allocated at the end of this struct.
173 * State we keep for each of our tunnels.
179 * Information about the tunnel to use, NULL if no tunnel
180 * is available right now.
182 struct GNUNET_MESH_Tunnel *tunnel;
185 * Active transmission handle, NULL for none.
187 struct GNUNET_MESH_TransmitHandle *th;
190 * Entry for this entry in the tunnel_heap, NULL as long as this
191 * tunnel state is not fully bound.
193 struct GNUNET_CONTAINER_HeapNode *heap_node;
196 * Head of list of messages scheduled for transmission.
198 struct TunnelMessageQueueEntry *tmq_head;
201 * Tail of list of messages scheduled for transmission.
203 struct TunnelMessageQueueEntry *tmq_tail;
206 * Client that needs to be notified about the tunnel being
207 * up as soon as a peer is connected; NULL for none.
209 struct GNUNET_SERVER_Client *client;
212 * Destination entry that has a pointer to this tunnel state;
213 * NULL if this tunnel state is in the tunnel map.
215 struct DestinationEntry *destination_container;
218 * ID of the client request that caused us to setup this entry.
223 * Destination to which this tunnel leads. Note that
224 * this struct is NOT in the destination_map (but a
225 * local copy) and that the 'heap_node' should always
228 struct DestinationEntry destination;
231 * Task scheduled to destroy the tunnel (or NO_TASK).
233 GNUNET_SCHEDULER_TaskIdentifier destroy_task;
236 * Addess family used for this tunnel on the local TUN interface.
241 * Length of the doubly linked 'tmq_head/tmq_tail' list.
243 unsigned int tmq_length;
246 * IPPROTO_TCP or IPPROTO_UDP once bound.
251 * IP address of the source on our end, initially uninitialized.
256 * Address if af is AF_INET.
261 * Address if af is AF_INET6.
268 * Destination IP address used by the source on our end (this is the IP
269 * that we pick freely within the VPN's tunnel IP range).
274 * Address if af is AF_INET.
279 * Address if af is AF_INET6.
286 * Source port used by the sender on our end; 0 for uninitialized.
288 uint16_t source_port;
291 * Destination port used by the sender on our end; 0 for uninitialized.
293 uint16_t destination_port;
299 * Configuration we use.
301 static const struct GNUNET_CONFIGURATION_Handle *cfg;
304 * Handle to the mesh service.
306 static struct GNUNET_MESH_Handle *mesh_handle;
309 * Map from IP address to destination information (possibly with a
310 * MESH tunnel handle for fast setup).
312 static struct GNUNET_CONTAINER_MultiHashMap *destination_map;
315 * Min-Heap sorted by activity time to expire old mappings.
317 static struct GNUNET_CONTAINER_Heap *destination_heap;
320 * Map from source and destination address (IP+port) to connection
321 * information (mostly with the respective MESH tunnel handle).
323 static struct GNUNET_CONTAINER_MultiHashMap *tunnel_map;
326 * Min-Heap sorted by activity time to expire old mappings; values are
327 * of type 'struct TunnelState'.
329 static struct GNUNET_CONTAINER_Heap *tunnel_heap;
334 static struct GNUNET_STATISTICS_Handle *stats;
337 * The handle to the VPN helper process "gnunet-helper-vpn".
339 static struct GNUNET_HELPER_Handle *helper_handle;
342 * Arguments to the vpn helper.
344 static char *vpn_argv[7];
347 * Length of the prefix of the VPN's IPv6 network.
349 static unsigned long long ipv6prefix;
352 * Notification context for sending replies to clients.
354 static struct GNUNET_SERVER_NotificationContext *nc;
357 * If there are more than this number of address-mappings, old ones
360 static unsigned long long max_destination_mappings;
363 * If there are more than this number of open tunnels, old ones
366 static unsigned long long max_tunnel_mappings;
370 * Compute the key under which we would store an entry in the
371 * destination_map for the given IP address.
373 * @param af address family (AF_INET or AF_INET6)
374 * @param address IP address, struct in_addr or struct in6_addr
375 * @param key where to store the key
378 get_destination_key_from_ip (int af,
380 GNUNET_HashCode *key)
385 GNUNET_CRYPTO_hash (address,
386 sizeof (struct in_addr),
390 GNUNET_CRYPTO_hash (address,
391 sizeof (struct in6_addr),
402 * Compute the key under which we would store an entry in the
403 * tunnel_map for the given socket address pair.
405 * @param af address family (AF_INET or AF_INET6)
406 * @param protocol IPPROTO_TCP or IPPROTO_UDP
407 * @param source_ip sender's source IP, struct in_addr or struct in6_addr
408 * @param source_port sender's source port
409 * @param destination_ip sender's destination IP, struct in_addr or struct in6_addr
410 * @param destination_port sender's destination port
411 * @param key where to store the key
414 get_tunnel_key_from_ips (int af,
416 const void *source_ip,
417 uint16_t source_port,
418 const void *destination_ip,
419 uint16_t destination_port,
420 GNUNET_HashCode *key)
424 memset (key, 0, sizeof (GNUNET_HashCode));
425 /* the GNUnet hashmap only uses the first sizeof(unsigned int) of the hash,
426 so we put the ports in there (and hope for few collisions) */
428 memcpy (off, &source_port, sizeof (uint16_t));
429 off += sizeof (uint16_t);
430 memcpy (off, &destination_port, sizeof (uint16_t));
431 off += sizeof (uint16_t);
435 memcpy (off, source_ip, sizeof (struct in_addr));
436 off += sizeof (struct in_addr);
437 memcpy (off, destination_ip, sizeof (struct in_addr));
438 off += sizeof (struct in_addr);
441 memcpy (off, source_ip, sizeof (struct in6_addr));
442 off += sizeof (struct in6_addr);
443 memcpy (off, destination_ip, sizeof (struct in6_addr));
444 off += sizeof (struct in6_addr);
450 memcpy (off, &protocol, sizeof (uint8_t));
451 off += sizeof (uint8_t);
456 * Notify the client about the result of its request.
458 * @param client client to notify
459 * @param request_id original request ID to include in response
460 * @param result_af resulting address family
461 * @param addr resulting IP address
464 send_client_reply (struct GNUNET_SERVER_Client *client,
469 char buf[sizeof (struct RedirectToIpResponseMessage) + sizeof (struct in6_addr)];
470 struct RedirectToIpResponseMessage *res;
476 rlen = sizeof (struct in_addr);
479 rlen = sizeof (struct in6_addr);
488 res = (struct RedirectToIpResponseMessage *) buf;
489 res->header.size = htons (sizeof (struct RedirectToIpResponseMessage) + rlen);
490 res->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_CLIENT_USE_IP);
491 res->result_af = htonl (result_af);
492 res->request_id = request_id;
493 memcpy (&res[1], addr, rlen);
494 GNUNET_SERVER_notification_context_add (nc, client);
495 GNUNET_SERVER_notification_context_unicast (nc,
503 * Free resources associated with a tunnel state.
505 * @param ts state to free
508 free_tunnel_state (struct TunnelState *ts)
511 struct TunnelMessageQueueEntry *tnq;
512 struct GNUNET_MESH_Tunnel *tunnel;
514 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
515 "Cleaning up tunnel state\n");
516 GNUNET_STATISTICS_update (stats,
517 gettext_noop ("# Active tunnels"),
519 if (GNUNET_SCHEDULER_NO_TASK != ts->destroy_task)
521 GNUNET_SCHEDULER_cancel (ts->destroy_task);
522 ts->destroy_task = GNUNET_SCHEDULER_NO_TASK;
524 while (NULL != (tnq = ts->tmq_head))
526 GNUNET_CONTAINER_DLL_remove (ts->tmq_head,
532 GNUNET_assert (0 == ts->tmq_length);
533 if (NULL != ts->client)
535 GNUNET_SERVER_client_drop (ts->client);
540 GNUNET_MESH_notify_transmit_ready_cancel (ts->th);
543 GNUNET_assert (NULL == ts->destination.heap_node);
544 if (NULL != (tunnel = ts->tunnel))
547 GNUNET_MESH_tunnel_destroy (tunnel);
549 if (NULL != ts->heap_node)
551 GNUNET_CONTAINER_heap_remove_node (ts->heap_node);
552 ts->heap_node = NULL;
553 get_tunnel_key_from_ips (ts->af,
558 ts->destination_port,
560 GNUNET_assert (GNUNET_YES ==
561 GNUNET_CONTAINER_multihashmap_remove (tunnel_map,
565 if (NULL != ts->destination_container)
567 GNUNET_assert (ts == ts->destination_container->ts);
568 ts->destination_container->ts = NULL;
569 ts->destination_container = NULL;
576 * Destroy the mesh tunnel.
578 * @param cls the 'struct TunnelState' with the tunnel to destroy
579 * @param ts schedule context
582 destroy_tunnel_task (void *cls,
583 const struct GNUNET_SCHEDULER_TaskContext *tc)
585 struct TunnelState *ts = cls;
586 struct GNUNET_MESH_Tunnel *tunnel;
588 ts->destroy_task = GNUNET_SCHEDULER_NO_TASK;
589 GNUNET_assert (NULL != ts->tunnel);
592 GNUNET_MESH_tunnel_destroy (tunnel);
593 free_tunnel_state (ts);
598 * Method called whenever a peer has disconnected from the tunnel.
601 * @param peer peer identity the tunnel stopped working with
604 tunnel_peer_disconnect_handler (void *cls,
606 GNUNET_PeerIdentity * peer)
608 struct TunnelState *ts = cls;
610 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
611 "Peer %s disconnected from tunnel.\n",
613 GNUNET_STATISTICS_update (stats,
614 gettext_noop ("# Peers connected to mesh tunnels"),
618 GNUNET_MESH_notify_transmit_ready_cancel (ts->th);
621 if (ts->destination.is_service)
622 return; /* hope for reconnect eventually */
623 /* as we are most likely going to change the exit node now,
624 we should just destroy the tunnel entirely... */
625 if (GNUNET_SCHEDULER_NO_TASK == ts->destroy_task)
626 ts->destroy_task = GNUNET_SCHEDULER_add_now (&destroy_tunnel_task, ts);
631 * Method called whenever a peer has connected to the tunnel. Notifies
632 * the waiting client that the tunnel is now up.
635 * @param peer peer identity the tunnel was created to, NULL on timeout
636 * @param atsi performance data for the connection
639 tunnel_peer_connect_handler (void *cls,
640 const struct GNUNET_PeerIdentity
643 GNUNET_ATS_Information * atsi)
645 struct TunnelState *ts = cls;
647 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
648 "Peer %s connected to tunnel.\n",
650 GNUNET_STATISTICS_update (stats,
651 gettext_noop ("# Peers connected to mesh tunnels"),
653 if (NULL == ts->client)
654 return; /* nothing to do */
655 send_client_reply (ts->client,
658 &ts->destination_ip);
659 GNUNET_SERVER_client_drop (ts->client);
665 * Send a message from the message queue via mesh.
667 * @param cls the 'struct TunnelState' with the message queue
668 * @param size number of bytes available in buf
669 * @param buf where to copy the message
670 * @return number of bytes copied to buf
673 send_to_peer_notify_callback (void *cls, size_t size, void *buf)
675 struct TunnelState *ts = cls;
676 struct TunnelMessageQueueEntry *tnq;
683 GNUNET_assert (NULL != tnq);
684 GNUNET_assert (size >= tnq->len);
685 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
686 "Sending %u bytes via mesh tunnel\n",
688 GNUNET_CONTAINER_DLL_remove (ts->tmq_head,
692 memcpy (buf, tnq->msg, tnq->len);
695 if (NULL != (tnq = ts->tmq_head))
696 ts->th = GNUNET_MESH_notify_transmit_ready (ts->tunnel,
697 GNUNET_NO /* cork */,
699 GNUNET_TIME_UNIT_FOREVER_REL,
702 &send_to_peer_notify_callback,
704 GNUNET_STATISTICS_update (stats,
705 gettext_noop ("# Bytes given to mesh for transmission"),
712 * Add the given message to the given tunnel and trigger the
713 * transmission process.
715 * @param tnq message to queue
716 * @param ts tunnel to queue the message for
719 send_to_tunnel (struct TunnelMessageQueueEntry *tnq,
720 struct TunnelState *ts)
722 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
723 "Queueing %u bytes for transmission via mesh tunnel\n",
725 GNUNET_assert (NULL != ts->tunnel);
726 GNUNET_CONTAINER_DLL_insert_tail (ts->tmq_head,
730 if (ts->tmq_length > MAX_MESSAGE_QUEUE_SIZE)
732 struct TunnelMessageQueueEntry *dq;
735 GNUNET_assert (dq != tnq);
736 GNUNET_CONTAINER_DLL_remove (ts->tmq_head,
739 GNUNET_MESH_notify_transmit_ready_cancel (ts->th);
741 GNUNET_STATISTICS_update (stats,
742 gettext_noop ("# Bytes dropped in mesh queue (overflow)"),
748 ts->th = GNUNET_MESH_notify_transmit_ready (ts->tunnel,
749 GNUNET_NO /* cork */,
751 GNUNET_TIME_UNIT_FOREVER_REL,
754 &send_to_peer_notify_callback,
760 * Initialize the given destination entry's mesh tunnel.
762 * @param de destination entry for which we need to setup a tunnel
763 * @param client client to notify on successful tunnel setup, or NULL for none
764 * @param request_id request ID to send in client notification (unused if client is NULL)
765 * @return tunnel state of the tunnel that was created
767 static struct TunnelState *
768 create_tunnel_to_destination (struct DestinationEntry *de,
769 struct GNUNET_SERVER_Client *client,
772 struct TunnelState *ts;
774 GNUNET_STATISTICS_update (stats,
775 gettext_noop ("# Mesh tunnels created"),
777 GNUNET_assert (NULL == de->ts);
778 ts = GNUNET_malloc (sizeof (struct TunnelState));
781 ts->request_id = request_id;
783 GNUNET_SERVER_client_keep (client);
785 ts->destination = *de;
786 ts->destination.heap_node = NULL; /* copy is NOT in destination heap */
788 ts->destination_container = de; /* we are referenced from de */
789 ts->af = AF_UNSPEC; /* so far, unknown */
790 ts->tunnel = GNUNET_MESH_tunnel_create (mesh_handle,
792 &tunnel_peer_connect_handler,
793 &tunnel_peer_disconnect_handler,
795 if (NULL == ts->tunnel)
797 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
798 _("Failed to setup mesh tunnel!\n"));
800 GNUNET_SERVER_client_drop (client);
806 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
807 "Creating tunnel to peer %s offering service %s\n",
808 GNUNET_i2s (&de->details.service_destination.target),
809 GNUNET_h2s (&de->details.service_destination.service_descriptor));
810 GNUNET_MESH_peer_request_connect_add (ts->tunnel,
811 &de->details.service_destination.target);
815 switch (de->details.exit_destination.af)
818 GNUNET_MESH_peer_request_connect_by_type (ts->tunnel,
819 GNUNET_APPLICATION_TYPE_IPV4_GATEWAY);
820 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
821 "Creating tunnel to exit peer for %s\n",
825 GNUNET_MESH_peer_request_connect_by_type (ts->tunnel,
826 GNUNET_APPLICATION_TYPE_IPV6_GATEWAY);
827 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
828 "Creating tunnel to exit peer for %s\n",
841 * We have too many active tunnels. Clean up the oldest tunnel.
843 * @param except tunnel that must NOT be cleaned up, even if it is the oldest
846 expire_tunnel (struct TunnelState *except)
848 struct TunnelState *ts;
850 ts = GNUNET_CONTAINER_heap_peek (tunnel_heap);
852 return; /* can't do this */
853 free_tunnel_state (ts);
858 * Route a packet via mesh to the given destination.
860 * @param destination description of the destination
861 * @param af address family on this end (AF_INET or AF_INET6)
862 * @param protocol IPPROTO_TCP or IPPROTO_UDP
863 * @param source_ip source IP used by the sender (struct in_addr or struct in6_addr)
864 * @param destination_ip destination IP used by the sender (struct in_addr or struct in6_addr)
865 * @param payload payload of the packet after the IP header
866 * @param payload_length number of bytes in payload
869 route_packet (struct DestinationEntry *destination,
872 const void *source_ip,
873 const void *destination_ip,
875 size_t payload_length)
878 struct TunnelState *ts;
879 struct TunnelMessageQueueEntry *tnq;
883 const struct GNUNET_TUN_UdpHeader *udp;
884 const struct GNUNET_TUN_TcpHeader *tcp;
892 if (payload_length < sizeof (struct GNUNET_TUN_UdpHeader))
899 spt = ntohs (udp->spt);
900 dpt = ntohs (udp->dpt);
901 get_tunnel_key_from_ips (af,
912 if (payload_length < sizeof (struct GNUNET_TUN_TcpHeader))
919 spt = ntohs (tcp->spt);
920 dpt = ntohs (tcp->dpt);
921 get_tunnel_key_from_ips (af,
931 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
932 _("Protocol %u not supported, dropping\n"),
933 (unsigned int) protocol);
936 if (! destination->is_service)
938 switch (destination->details.exit_destination.af)
941 alen = sizeof (struct in_addr);
944 alen = sizeof (struct in6_addr);
952 char sbuf[INET6_ADDRSTRLEN];
953 char dbuf[INET6_ADDRSTRLEN];
954 char xbuf[INET6_ADDRSTRLEN];
956 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
957 "Routing %s packet from %s:%u -> %s:%u to destination %s:%u\n",
958 (protocol == IPPROTO_TCP) ? "TCP" : "UDP",
959 inet_ntop (af, source_ip, sbuf, sizeof (sbuf)),
961 inet_ntop (af, destination_ip, dbuf, sizeof (dbuf)),
963 inet_ntop (destination->details.exit_destination.af,
964 &destination->details.exit_destination.ip,
965 xbuf, sizeof (xbuf)),
971 /* make compiler happy */
974 char sbuf[INET6_ADDRSTRLEN];
975 char dbuf[INET6_ADDRSTRLEN];
977 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
978 "Routing %s packet from %s:%u -> %s:%u to service %s at peer %s\n",
979 (protocol == IPPROTO_TCP) ? "TCP" : "UDP",
980 inet_ntop (af, source_ip, sbuf, sizeof (sbuf)),
982 inet_ntop (af, destination_ip, dbuf, sizeof (dbuf)),
984 GNUNET_h2s (&destination->details.service_destination.service_descriptor),
985 GNUNET_i2s (&destination->details.service_destination.target));
990 /* see if we have an existing tunnel for this destination */
991 ts = GNUNET_CONTAINER_multihashmap_get (tunnel_map,
995 /* need to either use the existing tunnel from the destination (if still
996 available) or create a fresh one */
998 if (NULL == destination->ts)
999 ts = create_tunnel_to_destination (destination, NULL, 0);
1001 ts = destination->ts;
1004 destination->ts = NULL;
1005 ts->destination_container = NULL; /* no longer 'contained' */
1006 /* now bind existing "unbound" tunnel to our IP/port tuple */
1007 ts->protocol = protocol;
1011 ts->source_ip.v4 = * (const struct in_addr *) source_ip;
1012 ts->destination_ip.v4 = * (const struct in_addr *) destination_ip;
1016 ts->source_ip.v6 = * (const struct in6_addr *) source_ip;
1017 ts->destination_ip.v6 = * (const struct in6_addr *) destination_ip;
1019 ts->source_port = spt;
1020 ts->destination_port = dpt;
1021 ts->heap_node = GNUNET_CONTAINER_heap_insert (tunnel_heap,
1023 GNUNET_TIME_absolute_get ().abs_value);
1024 GNUNET_assert (GNUNET_YES ==
1025 GNUNET_CONTAINER_multihashmap_put (tunnel_map,
1028 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
1029 GNUNET_STATISTICS_update (stats,
1030 gettext_noop ("# Active tunnels"),
1032 while (GNUNET_CONTAINER_multihashmap_size (tunnel_map) > max_tunnel_mappings)
1038 GNUNET_CONTAINER_heap_update_cost (tunnel_heap,
1040 GNUNET_TIME_absolute_get ().abs_value);
1042 GNUNET_assert (NULL != ts->tunnel);
1044 /* send via tunnel */
1048 if (destination->is_service)
1050 struct GNUNET_EXIT_UdpServiceMessage *usm;
1052 mlen = sizeof (struct GNUNET_EXIT_UdpServiceMessage) +
1053 payload_length - sizeof (struct GNUNET_TUN_UdpHeader);
1054 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1059 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) + mlen);
1062 usm = (struct GNUNET_EXIT_UdpServiceMessage *) &tnq[1];
1063 usm->header.size = htons ((uint16_t) mlen);
1064 usm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_UDP_TO_SERVICE);
1065 /* if the source port is below 32000, we assume it has a special
1066 meaning; if not, we pick a random port (this is a heuristic) */
1067 usm->source_port = (ntohs (udp->spt) < 32000) ? udp->spt : 0;
1068 usm->destination_port = udp->dpt;
1069 usm->service_descriptor = destination->details.service_destination.service_descriptor;
1072 payload_length - sizeof (struct GNUNET_TUN_UdpHeader));
1076 struct GNUNET_EXIT_UdpInternetMessage *uim;
1077 struct in_addr *ip4dst;
1078 struct in6_addr *ip6dst;
1081 mlen = sizeof (struct GNUNET_EXIT_UdpInternetMessage) +
1082 alen + payload_length - sizeof (struct GNUNET_TUN_UdpHeader);
1083 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1088 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) +
1092 uim = (struct GNUNET_EXIT_UdpInternetMessage *) &tnq[1];
1093 uim->header.size = htons ((uint16_t) mlen);
1094 uim->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_UDP_TO_INTERNET);
1095 uim->af = htonl (destination->details.exit_destination.af);
1096 uim->source_port = (ntohs (udp->spt) < 32000) ? udp->spt : 0;
1097 uim->destination_port = udp->dpt;
1098 switch (destination->details.exit_destination.af)
1101 ip4dst = (struct in_addr *) &uim[1];
1102 *ip4dst = destination->details.exit_destination.ip.v4;
1103 payload = &ip4dst[1];
1106 ip6dst = (struct in6_addr *) &uim[1];
1107 *ip6dst = destination->details.exit_destination.ip.v6;
1108 payload = &ip6dst[1];
1115 payload_length - sizeof (struct GNUNET_TUN_UdpHeader));
1121 if (destination->is_service)
1123 struct GNUNET_EXIT_TcpServiceStartMessage *tsm;
1125 mlen = sizeof (struct GNUNET_EXIT_TcpServiceStartMessage) +
1126 payload_length - sizeof (struct GNUNET_TUN_TcpHeader);
1127 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1132 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) + mlen);
1135 tsm = (struct GNUNET_EXIT_TcpServiceStartMessage *) &tnq[1];
1136 tsm->header.size = htons ((uint16_t) mlen);
1137 tsm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_TCP_TO_SERVICE_START);
1138 tsm->reserved = htonl (0);
1139 tsm->service_descriptor = destination->details.service_destination.service_descriptor;
1140 tsm->tcp_header = *tcp;
1143 payload_length - sizeof (struct GNUNET_TUN_TcpHeader));
1147 struct GNUNET_EXIT_TcpInternetStartMessage *tim;
1148 struct in_addr *ip4dst;
1149 struct in6_addr *ip6dst;
1152 mlen = sizeof (struct GNUNET_EXIT_TcpInternetStartMessage) +
1153 alen + payload_length - sizeof (struct GNUNET_TUN_TcpHeader);
1154 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1159 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) + mlen);
1162 tim = (struct GNUNET_EXIT_TcpInternetStartMessage *) &tnq[1];
1163 tim->header.size = htons ((uint16_t) mlen);
1164 tim->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_TCP_TO_INTERNET_START);
1165 tim->af = htonl (destination->details.exit_destination.af);
1166 tim->tcp_header = *tcp;
1167 switch (destination->details.exit_destination.af)
1170 ip4dst = (struct in_addr *) &tim[1];
1171 *ip4dst = destination->details.exit_destination.ip.v4;
1172 payload = &ip4dst[1];
1175 ip6dst = (struct in6_addr *) &tim[1];
1176 *ip6dst = destination->details.exit_destination.ip.v6;
1177 payload = &ip6dst[1];
1184 payload_length - sizeof (struct GNUNET_TUN_TcpHeader));
1189 struct GNUNET_EXIT_TcpDataMessage *tdm;
1191 mlen = sizeof (struct GNUNET_EXIT_TcpDataMessage) +
1192 alen + payload_length - sizeof (struct GNUNET_TUN_TcpHeader);
1193 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1198 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) + mlen);
1201 tdm = (struct GNUNET_EXIT_TcpDataMessage *) &tnq[1];
1202 tdm->header.size = htons ((uint16_t) mlen);
1203 tdm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_TCP_DATA);
1204 tdm->reserved = htonl (0);
1205 tdm->tcp_header = *tcp;
1208 payload_length - sizeof (struct GNUNET_TUN_TcpHeader));
1212 /* not supported above, how can we get here !? */
1216 send_to_tunnel (tnq, ts);
1221 * Receive packets from the helper-process (someone send to the local
1222 * virtual tunnel interface). Find the destination mapping, and if it
1223 * exists, identify the correct MESH tunnel (or possibly create it)
1224 * and forward the packet.
1226 * @param cls closure, NULL
1227 * @param client NULL
1228 * @param message message we got from the client (VPN tunnel interface)
1231 message_token (void *cls GNUNET_UNUSED, void *client GNUNET_UNUSED,
1232 const struct GNUNET_MessageHeader *message)
1234 const struct GNUNET_TUN_Layer2PacketHeader *tun;
1236 GNUNET_HashCode key;
1237 struct DestinationEntry *de;
1239 GNUNET_STATISTICS_update (stats,
1240 gettext_noop ("# Packets received from TUN interface"),
1242 mlen = ntohs (message->size);
1243 if ( (ntohs (message->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER) ||
1244 (mlen < sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader)) )
1249 tun = (const struct GNUNET_TUN_Layer2PacketHeader *) &message[1];
1250 mlen -= (sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader));
1251 switch (ntohs (tun->proto))
1255 const struct GNUNET_TUN_IPv6Header *pkt6;
1257 if (mlen < sizeof (struct GNUNET_TUN_IPv6Header))
1263 pkt6 = (const struct GNUNET_TUN_IPv6Header *) &tun[1];
1264 get_destination_key_from_ip (AF_INET6,
1265 &pkt6->destination_address,
1267 de = GNUNET_CONTAINER_multihashmap_get (destination_map, &key);
1268 /* FIXME: do we need to guard against hash collision?
1269 (if so, we need to also store the local destination IP in the
1270 destination entry and then compare here; however, the risk
1271 of collision seems minimal AND the impact is unlikely to be
1272 super-problematic as well... */
1275 char buf[INET6_ADDRSTRLEN];
1277 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1278 _("Packet received for unmapped destination `%s' (dropping it)\n"),
1279 inet_ntop (AF_INET6,
1280 &pkt6->destination_address,
1288 &pkt6->source_address,
1289 &pkt6->destination_address,
1291 mlen - sizeof (struct GNUNET_TUN_IPv6Header));
1296 struct GNUNET_TUN_IPv4Header *pkt4;
1298 if (mlen < sizeof (struct GNUNET_TUN_IPv4Header))
1304 pkt4 = (struct GNUNET_TUN_IPv4Header *) &tun[1];
1305 get_destination_key_from_ip (AF_INET,
1306 &pkt4->destination_address,
1308 de = GNUNET_CONTAINER_multihashmap_get (destination_map, &key);
1309 /* FIXME: do we need to guard against hash collision?
1310 (if so, we need to also store the local destination IP in the
1311 destination entry and then compare here; however, the risk
1312 of collision seems minimal AND the impact is unlikely to be
1313 super-problematic as well... */
1316 char buf[INET_ADDRSTRLEN];
1318 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1319 _("Packet received for unmapped destination `%s' (dropping it)\n"),
1321 &pkt4->destination_address,
1326 if (pkt4->header_length * 4 != sizeof (struct GNUNET_TUN_IPv4Header))
1328 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1329 _("Received IPv4 packet with options (dropping it)\n"));
1335 &pkt4->source_address,
1336 &pkt4->destination_address,
1338 mlen - sizeof (struct GNUNET_TUN_IPv4Header));
1342 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1343 _("Received packet of unknown protocol %d from TUN (dropping it)\n"),
1344 (unsigned int) ntohs (tun->proto));
1351 * We got a UDP packet back from the MESH tunnel. Pass it on to the
1352 * local virtual interface via the helper.
1354 * @param cls closure, NULL
1355 * @param tunnel connection to the other end
1356 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1357 * @param sender who sent the message
1358 * @param message the actual message
1359 * @param atsi performance data for the connection
1360 * @return GNUNET_OK to keep the connection open,
1361 * GNUNET_SYSERR to close it (signal serious error)
1364 receive_udp_back (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1365 void **tunnel_ctx, const struct GNUNET_PeerIdentity *sender,
1366 const struct GNUNET_MessageHeader *message,
1367 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1369 struct TunnelState *ts = *tunnel_ctx;
1370 const struct GNUNET_EXIT_UdpReplyMessage *reply;
1373 GNUNET_STATISTICS_update (stats,
1374 gettext_noop ("# UDP packets received from mesh"),
1376 mlen = ntohs (message->size);
1377 if (mlen < sizeof (struct GNUNET_EXIT_UdpReplyMessage))
1379 GNUNET_break_op (0);
1380 return GNUNET_SYSERR;
1382 if (NULL == ts->heap_node)
1384 GNUNET_break_op (0);
1385 return GNUNET_SYSERR;
1387 if (AF_UNSPEC == ts->af)
1389 GNUNET_break_op (0);
1390 return GNUNET_SYSERR;
1392 reply = (const struct GNUNET_EXIT_UdpReplyMessage *) message;
1393 mlen -= sizeof (struct GNUNET_EXIT_UdpReplyMessage);
1395 char sbuf[INET6_ADDRSTRLEN];
1396 char dbuf[INET6_ADDRSTRLEN];
1398 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1399 "Received UDP reply from mesh, sending %u bytes from %s:%u -> %s:%u via TUN\n",
1400 (unsigned int) mlen,
1401 inet_ntop (ts->af, &ts->destination_ip, sbuf, sizeof (sbuf)),
1402 ts->destination_port,
1403 inet_ntop (ts->af, &ts->source_ip, dbuf, sizeof (dbuf)),
1410 size_t size = sizeof (struct GNUNET_TUN_IPv4Header)
1411 + sizeof (struct GNUNET_TUN_UdpHeader)
1412 + sizeof (struct GNUNET_MessageHeader) +
1413 sizeof (struct GNUNET_TUN_Layer2PacketHeader) +
1417 struct GNUNET_MessageHeader *msg = (struct GNUNET_MessageHeader *) buf;
1418 struct GNUNET_TUN_Layer2PacketHeader *tun = (struct GNUNET_TUN_Layer2PacketHeader*) &msg[1];
1419 struct GNUNET_TUN_IPv4Header *ipv4 = (struct GNUNET_TUN_IPv4Header *) &tun[1];
1420 struct GNUNET_TUN_UdpHeader *udp = (struct GNUNET_TUN_UdpHeader *) &ipv4[1];
1421 msg->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1422 msg->size = htons (size);
1423 tun->flags = htons (0);
1424 tun->proto = htons (ETH_P_IPV4);
1426 ipv4->header_length = sizeof (struct GNUNET_TUN_IPv4Header) / 4;
1427 ipv4->diff_serv = 0;
1428 ipv4->total_length = htons (sizeof (struct GNUNET_TUN_IPv4Header) +
1429 sizeof (struct GNUNET_TUN_UdpHeader) +
1431 ipv4->identification = (uint16_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1434 ipv4->fragmentation_offset = 0;
1436 ipv4->protocol = IPPROTO_UDP;
1438 ipv4->source_address = ts->destination_ip.v4;
1439 ipv4->destination_address = ts->source_ip.v4;
1441 GNUNET_CRYPTO_crc16_n (ipv4, sizeof (struct GNUNET_TUN_IPv4Header));
1442 if (0 == ntohs (reply->source_port))
1443 udp->spt = htons (ts->destination_port);
1445 udp->spt = reply->source_port;
1446 if (0 == ntohs (reply->destination_port))
1447 udp->dpt = htons (ts->source_port);
1449 udp->dpt = reply->destination_port;
1450 udp->len = htons (mlen + sizeof (struct GNUNET_TUN_UdpHeader));
1451 udp->crc = 0; // FIXME: optional, but we might want to calculate this one anyway
1455 (void) GNUNET_HELPER_send (helper_handle,
1464 size_t size = sizeof (struct GNUNET_TUN_IPv6Header)
1465 + sizeof (struct GNUNET_TUN_UdpHeader)
1466 + sizeof (struct GNUNET_MessageHeader) +
1467 sizeof (struct GNUNET_TUN_Layer2PacketHeader) +
1471 struct GNUNET_MessageHeader *msg = (struct GNUNET_MessageHeader *) buf;
1472 struct GNUNET_TUN_Layer2PacketHeader *tun = (struct GNUNET_TUN_Layer2PacketHeader*) &msg[1];
1473 struct GNUNET_TUN_IPv6Header *ipv6 = (struct GNUNET_TUN_IPv6Header *) &tun[1];
1474 struct GNUNET_TUN_UdpHeader *udp = (struct GNUNET_TUN_UdpHeader *) &ipv6[1];
1475 msg->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1476 msg->size = htons (size);
1477 tun->flags = htons (0);
1478 tun->proto = htons (ETH_P_IPV6);
1479 ipv6->traffic_class_h = 0;
1481 ipv6->traffic_class_l = 0;
1482 ipv6->flow_label = 0;
1483 ipv6->payload_length = htons (sizeof (struct GNUNET_TUN_UdpHeader) + sizeof (struct GNUNET_TUN_IPv6Header) + mlen);
1484 ipv6->next_header = IPPROTO_UDP;
1485 ipv6->hop_limit = 255;
1486 ipv6->source_address = ts->destination_ip.v6;
1487 ipv6->destination_address = ts->source_ip.v6;
1488 if (0 == ntohs (reply->source_port))
1489 udp->spt = htons (ts->destination_port);
1491 udp->spt = reply->source_port;
1492 if (0 == ntohs (reply->destination_port))
1493 udp->dpt = htons (ts->source_port);
1495 udp->dpt = reply->destination_port;
1496 udp->len = htons (mlen + sizeof (struct GNUNET_TUN_UdpHeader));
1504 GNUNET_CRYPTO_crc16_step (sum, &ipv6->source_address,
1505 sizeof (struct in6_addr) * 2);
1506 uint32_t tmp = udp->len;
1507 sum = GNUNET_CRYPTO_crc16_step (sum, &tmp, sizeof (uint32_t));
1508 tmp = htons (IPPROTO_UDP);
1509 sum = GNUNET_CRYPTO_crc16_step (sum, &tmp, sizeof (uint32_t));
1510 sum = GNUNET_CRYPTO_crc16_step (sum,
1513 udp->crc = GNUNET_CRYPTO_crc16_finish (sum);
1515 (void) GNUNET_HELPER_send (helper_handle,
1525 GNUNET_CONTAINER_heap_update_cost (tunnel_heap,
1527 GNUNET_TIME_absolute_get ().abs_value);
1533 * We got a TCP packet back from the MESH tunnel. Pass it on to the
1534 * local virtual interface via the helper.
1536 * @param cls closure, NULL
1537 * @param tunnel connection to the other end
1538 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1539 * @param sender who sent the message
1540 * @param message the actual message
1541 * @param atsi performance data for the connection
1542 * @return GNUNET_OK to keep the connection open,
1543 * GNUNET_SYSERR to close it (signal serious error)
1546 receive_tcp_back (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1548 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1549 const struct GNUNET_MessageHeader *message,
1550 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1552 struct TunnelState *ts = *tunnel_ctx;
1553 const struct GNUNET_EXIT_TcpDataMessage *data;
1556 GNUNET_STATISTICS_update (stats,
1557 gettext_noop ("# TCP packets received from mesh"),
1559 mlen = ntohs (message->size);
1560 if (mlen < sizeof (struct GNUNET_EXIT_TcpDataMessage))
1562 GNUNET_break_op (0);
1563 return GNUNET_SYSERR;
1565 if (NULL == ts->heap_node)
1567 GNUNET_break_op (0);
1568 return GNUNET_SYSERR;
1570 data = (const struct GNUNET_EXIT_TcpDataMessage *) message;
1571 mlen -= sizeof (struct GNUNET_EXIT_TcpDataMessage);
1573 char sbuf[INET6_ADDRSTRLEN];
1574 char dbuf[INET6_ADDRSTRLEN];
1576 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1577 "Received TCP reply from mesh, sending %u bytes from %s:%u -> %s:%u via TUN\n",
1578 (unsigned int) mlen,
1579 inet_ntop (ts->af, &ts->destination_ip, sbuf, sizeof (sbuf)),
1580 ts->destination_port,
1581 inet_ntop (ts->af, &ts->source_ip, dbuf, sizeof (dbuf)),
1588 size_t size = sizeof (struct GNUNET_TUN_IPv4Header)
1589 + sizeof (struct GNUNET_TUN_TcpHeader)
1590 + sizeof (struct GNUNET_MessageHeader) +
1591 sizeof (struct GNUNET_TUN_Layer2PacketHeader) +
1595 struct GNUNET_MessageHeader *msg = (struct GNUNET_MessageHeader *) buf;
1596 struct GNUNET_TUN_Layer2PacketHeader *tun = (struct GNUNET_TUN_Layer2PacketHeader*) &msg[1];
1597 struct GNUNET_TUN_IPv4Header *ipv4 = (struct GNUNET_TUN_IPv4Header *) &tun[1];
1598 struct GNUNET_TUN_TcpHeader *tcp = (struct GNUNET_TUN_TcpHeader *) &ipv4[1];
1599 msg->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1600 msg->size = htons (size);
1601 tun->flags = htons (0);
1602 tun->proto = htons (ETH_P_IPV4);
1604 ipv4->header_length = sizeof (struct GNUNET_TUN_IPv4Header) / 4;
1605 ipv4->diff_serv = 0;
1606 ipv4->total_length = htons (sizeof (struct GNUNET_TUN_IPv4Header) +
1607 sizeof (struct GNUNET_TUN_TcpHeader) +
1609 ipv4->identification = (uint16_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1612 ipv4->fragmentation_offset = 0;
1614 ipv4->protocol = IPPROTO_TCP;
1616 ipv4->source_address = ts->destination_ip.v4;
1617 ipv4->destination_address = ts->source_ip.v4;
1619 GNUNET_CRYPTO_crc16_n (ipv4, sizeof (struct GNUNET_TUN_IPv4Header));
1620 *tcp = data->tcp_header;
1621 tcp->spt = htons (ts->destination_port);
1622 tcp->dpt = htons (ts->source_port);
1631 sum = GNUNET_CRYPTO_crc16_step (sum,
1632 &ipv4->source_address,
1633 2 * sizeof (struct in_addr));
1634 tmp = htonl ((IPPROTO_TCP << 16) | (mlen + sizeof (struct GNUNET_TUN_TcpHeader)));
1635 sum = GNUNET_CRYPTO_crc16_step (sum, &tmp, sizeof (uint32_t));
1636 sum = GNUNET_CRYPTO_crc16_step (sum, tcp, mlen + sizeof (struct GNUNET_TUN_TcpHeader));
1637 tcp->crc = GNUNET_CRYPTO_crc16_finish (sum);
1639 (void) GNUNET_HELPER_send (helper_handle,
1648 size_t size = sizeof (struct GNUNET_TUN_IPv6Header)
1649 + sizeof (struct GNUNET_TUN_TcpHeader)
1650 + sizeof (struct GNUNET_MessageHeader) +
1651 sizeof (struct GNUNET_TUN_Layer2PacketHeader) +
1655 struct GNUNET_MessageHeader *msg = (struct GNUNET_MessageHeader *) buf;
1656 struct GNUNET_TUN_Layer2PacketHeader *tun = (struct GNUNET_TUN_Layer2PacketHeader*) &msg[1];
1657 struct GNUNET_TUN_IPv6Header *ipv6 = (struct GNUNET_TUN_IPv6Header *) &tun[1];
1658 struct GNUNET_TUN_TcpHeader *tcp = (struct GNUNET_TUN_TcpHeader *) &ipv6[1];
1659 msg->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1660 msg->size = htons (size);
1661 tun->flags = htons (0);
1662 tun->proto = htons (ETH_P_IPV6);
1663 ipv6->traffic_class_h = 0;
1665 ipv6->traffic_class_l = 0;
1666 ipv6->flow_label = 0;
1667 ipv6->payload_length = htons (sizeof (struct GNUNET_TUN_TcpHeader) + sizeof (struct GNUNET_TUN_IPv6Header) + mlen);
1668 ipv6->next_header = IPPROTO_TCP;
1669 ipv6->hop_limit = 255;
1670 ipv6->source_address = ts->destination_ip.v6;
1671 ipv6->destination_address = ts->source_ip.v6;
1672 tcp->spt = htons (ts->destination_port);
1673 tcp->dpt = htons (ts->source_port);
1679 sum = GNUNET_CRYPTO_crc16_step (sum, &ipv6->source_address, 2 * sizeof (struct in6_addr));
1680 tmp = htonl (sizeof (struct GNUNET_TUN_TcpHeader) + mlen);
1681 sum = GNUNET_CRYPTO_crc16_step (sum, &tmp, sizeof (uint32_t));
1682 tmp = htonl (IPPROTO_TCP);
1683 sum = GNUNET_CRYPTO_crc16_step (sum, &tmp, sizeof (uint32_t));
1684 sum = GNUNET_CRYPTO_crc16_step (sum, tcp,
1685 sizeof (struct GNUNET_TUN_TcpHeader) + mlen);
1686 tcp->crc = GNUNET_CRYPTO_crc16_finish (sum);
1688 (void) GNUNET_HELPER_send (helper_handle,
1696 GNUNET_CONTAINER_heap_update_cost (tunnel_heap,
1698 GNUNET_TIME_absolute_get ().abs_value);
1704 * Allocate an IPv4 address from the range of the tunnel
1705 * for a new redirection.
1707 * @param v4 where to store the address
1708 * @return GNUNET_OK on success,
1709 * GNUNET_SYSERR on error
1712 allocate_v4_address (struct in_addr *v4)
1714 const char *ipv4addr = vpn_argv[4];
1715 const char *ipv4mask = vpn_argv[5];
1716 struct in_addr addr;
1717 struct in_addr mask;
1719 GNUNET_HashCode key;
1722 GNUNET_assert (1 == inet_pton (AF_INET, ipv4addr, &addr));
1723 GNUNET_assert (1 == inet_pton (AF_INET, ipv4mask, &mask));
1724 /* Given 192.168.0.1/255.255.0.0, we want a mask
1725 of '192.168.255.255', thus: */
1726 mask.s_addr = addr.s_addr | ~mask.s_addr;
1733 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1734 _("Failed to find unallocated IPv4 address in VPN's range\n"));
1735 return GNUNET_SYSERR;
1737 /* Pick random IPv4 address within the subnet, except 'addr' or 'mask' itself */
1738 rnd.s_addr = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1740 v4->s_addr = (addr.s_addr | rnd.s_addr) & mask.s_addr;
1741 get_destination_key_from_ip (AF_INET,
1745 while ( (GNUNET_YES ==
1746 GNUNET_CONTAINER_multihashmap_contains (destination_map,
1748 (v4->s_addr == addr.s_addr) ||
1749 (v4->s_addr == mask.s_addr) );
1755 * Allocate an IPv6 address from the range of the tunnel
1756 * for a new redirection.
1758 * @param v6 where to store the address
1759 * @return GNUNET_OK on success,
1760 * GNUNET_SYSERR on error
1763 allocate_v6_address (struct in6_addr *v6)
1765 const char *ipv6addr = vpn_argv[2];
1766 struct in6_addr addr;
1767 struct in6_addr mask;
1768 struct in6_addr rnd;
1770 GNUNET_HashCode key;
1773 GNUNET_assert (1 == inet_pton (AF_INET6, ipv6addr, &addr));
1774 GNUNET_assert (ipv6prefix < 128);
1775 /* Given ABCD::/96, we want a mask of 'ABCD::FFFF:FFFF,
1778 for (i=127;i>=128-ipv6prefix;i--)
1779 mask.s6_addr[i / 8] |= (1 << (i % 8));
1781 /* Pick random IPv6 address within the subnet, except 'addr' or 'mask' itself */
1788 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1789 _("Failed to find unallocated IPv6 address in VPN's range\n"));
1790 return GNUNET_SYSERR;
1795 rnd.s6_addr[i] = (unsigned char) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1798 = (addr.s6_addr[i] | rnd.s6_addr[i]) & mask.s6_addr[i];
1800 get_destination_key_from_ip (AF_INET6,
1804 while ( (GNUNET_YES ==
1805 GNUNET_CONTAINER_multihashmap_contains (destination_map,
1809 sizeof (struct in6_addr))) ||
1812 sizeof (struct in6_addr))) );
1818 * Free resources occupied by a destination entry.
1820 * @param de entry to free
1823 free_destination_entry (struct DestinationEntry *de)
1825 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1826 "Cleaning up destination entry\n");
1827 GNUNET_STATISTICS_update (stats,
1828 gettext_noop ("# Active destinations"),
1832 free_tunnel_state (de->ts);
1833 GNUNET_assert (NULL == de->ts);
1835 if (NULL != de->heap_node)
1837 GNUNET_CONTAINER_heap_remove_node (de->heap_node);
1838 de->heap_node = NULL;
1839 GNUNET_assert (GNUNET_YES ==
1840 GNUNET_CONTAINER_multihashmap_remove (destination_map,
1849 * We have too many active destinations. Clean up the oldest destination.
1851 * @param except destination that must NOT be cleaned up, even if it is the oldest
1854 expire_destination (struct DestinationEntry *except)
1856 struct DestinationEntry *de;
1858 de = GNUNET_CONTAINER_heap_peek (destination_heap);
1860 return; /* can't do this */
1861 free_destination_entry (de);
1866 * A client asks us to setup a redirection via some exit
1867 * node to a particular IP. Setup the redirection and
1868 * give the client the allocated IP.
1871 * @param client requesting client
1872 * @param message redirection request (a 'struct RedirectToIpRequestMessage')
1875 service_redirect_to_ip (void *cls GNUNET_UNUSED, struct GNUNET_SERVER_Client *client,
1876 const struct GNUNET_MessageHeader *message)
1880 const struct RedirectToIpRequestMessage *msg;
1886 struct DestinationEntry *de;
1887 GNUNET_HashCode key;
1889 /* validate and parse request */
1890 mlen = ntohs (message->size);
1891 if (mlen < sizeof (struct RedirectToIpRequestMessage))
1894 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1897 alen = mlen - sizeof (struct RedirectToIpRequestMessage);
1898 msg = (const struct RedirectToIpRequestMessage *) message;
1899 addr_af = (int) htonl (msg->addr_af);
1903 if (alen != sizeof (struct in_addr))
1906 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1911 if (alen != sizeof (struct in6_addr))
1914 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1920 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1924 /* allocate response IP */
1926 result_af = (int) htonl (msg->result_af);
1931 allocate_v4_address (&v4))
1932 result_af = AF_UNSPEC;
1938 allocate_v6_address (&v6))
1939 result_af = AF_UNSPEC;
1945 allocate_v4_address (&v4))
1948 result_af = AF_INET;
1950 else if (GNUNET_OK ==
1951 allocate_v6_address (&v6))
1954 result_af = AF_INET6;
1959 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1962 if ( (result_af == AF_UNSPEC) ||
1963 (GNUNET_NO == ntohl (msg->nac)) )
1965 /* send reply "instantly" */
1966 send_client_reply (client,
1971 if (result_af == AF_UNSPEC)
1973 /* failure, we're done */
1974 GNUNET_SERVER_receive_done (client, GNUNET_OK);
1979 char sbuf[INET6_ADDRSTRLEN];
1980 char dbuf[INET6_ADDRSTRLEN];
1982 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1983 "Allocated address %s for redirection via exit to %s\n",
1984 inet_ntop (result_af, addr, sbuf, sizeof (sbuf)),
1986 &msg[1], dbuf, sizeof (dbuf)));
1989 /* setup destination record */
1990 de = GNUNET_malloc (sizeof (struct DestinationEntry));
1991 de->is_service = GNUNET_NO;
1992 de->details.exit_destination.af = addr_af;
1993 memcpy (&de->details.exit_destination.ip,
1996 get_destination_key_from_ip (result_af,
2000 GNUNET_assert (GNUNET_OK ==
2001 GNUNET_CONTAINER_multihashmap_put (destination_map,
2004 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE));
2005 de->heap_node = GNUNET_CONTAINER_heap_insert (destination_heap,
2007 GNUNET_TIME_absolute_ntoh (msg->expiration_time).abs_value);
2008 GNUNET_STATISTICS_update (stats,
2009 gettext_noop ("# Active destinations"),
2011 while (GNUNET_CONTAINER_multihashmap_size (destination_map) > max_destination_mappings)
2012 expire_destination (de);
2014 /* setup tunnel to destination */
2015 (void) create_tunnel_to_destination (de,
2016 (GNUNET_NO == ntohl (msg->nac)) ? NULL : client,
2019 GNUNET_SERVER_receive_done (client, GNUNET_OK);
2024 * A client asks us to setup a redirection to a particular peer
2025 * offering a service. Setup the redirection and give the client the
2029 * @param client requesting client
2030 * @param message redirection request (a 'struct RedirectToPeerRequestMessage')
2033 service_redirect_to_service (void *cls GNUNET_UNUSED, struct GNUNET_SERVER_Client *client,
2034 const struct GNUNET_MessageHeader *message)
2036 const struct RedirectToServiceRequestMessage *msg;
2041 struct DestinationEntry *de;
2042 GNUNET_HashCode key;
2045 msg = (const struct RedirectToServiceRequestMessage *) message;
2047 /* allocate response IP */
2049 result_af = (int) htonl (msg->result_af);
2054 allocate_v4_address (&v4))
2055 result_af = AF_UNSPEC;
2061 allocate_v6_address (&v6))
2062 result_af = AF_UNSPEC;
2068 allocate_v4_address (&v4))
2071 result_af = AF_INET;
2073 else if (GNUNET_OK ==
2074 allocate_v6_address (&v6))
2077 result_af = AF_INET6;
2082 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
2085 if ( (result_af == AF_UNSPEC) ||
2086 (GNUNET_NO == ntohl (msg->nac)) )
2088 /* send reply "instantly" */
2089 send_client_reply (client,
2094 if (result_af == AF_UNSPEC)
2096 /* failure, we're done */
2097 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2098 _("Failed to allocate IP address for new destination\n"));
2099 GNUNET_SERVER_receive_done (client, GNUNET_OK);
2104 char sbuf[INET6_ADDRSTRLEN];
2106 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2107 "Allocated address %s for redirection to service %s on peer %s\n",
2108 inet_ntop (result_af, addr, sbuf, sizeof (sbuf)),
2109 GNUNET_h2s (&msg->service_descriptor),
2110 GNUNET_i2s (&msg->target));
2113 /* setup destination record */
2114 de = GNUNET_malloc (sizeof (struct DestinationEntry));
2115 de->is_service = GNUNET_YES;
2116 de->details.service_destination.service_descriptor = msg->service_descriptor;
2117 de->details.service_destination.target = msg->target;
2118 get_destination_key_from_ip (result_af,
2122 GNUNET_assert (GNUNET_OK ==
2123 GNUNET_CONTAINER_multihashmap_put (destination_map,
2126 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE));
2127 de->heap_node = GNUNET_CONTAINER_heap_insert (destination_heap,
2129 GNUNET_TIME_absolute_ntoh (msg->expiration_time).abs_value);
2130 while (GNUNET_CONTAINER_multihashmap_size (destination_map) > max_destination_mappings)
2131 expire_destination (de);
2132 (void) create_tunnel_to_destination (de,
2133 (GNUNET_NO == ntohl (msg->nac)) ? NULL : client,
2136 GNUNET_SERVER_receive_done (client, GNUNET_OK);
2142 * Function called for inbound tunnels. As we don't offer
2143 * any mesh services, this function should never be called.
2145 * @param cls closure
2146 * @param tunnel new handle to the tunnel
2147 * @param initiator peer that started the tunnel
2148 * @param atsi performance information for the tunnel
2149 * @return initial tunnel context for the tunnel
2150 * (can be NULL -- that's not an error)
2153 inbound_tunnel_cb (void *cls, struct GNUNET_MESH_Tunnel *tunnel,
2154 const struct GNUNET_PeerIdentity *initiator,
2155 const struct GNUNET_ATS_Information *atsi)
2157 /* How can and why should anyone open an inbound tunnel to vpn? */
2164 * Function called whenever an inbound tunnel is destroyed. Should clean up
2165 * any associated state.
2167 * @param cls closure (set from GNUNET_MESH_connect)
2168 * @param tunnel connection to the other end (henceforth invalid)
2169 * @param tunnel_ctx place where local state associated
2170 * with the tunnel is stored (our 'struct TunnelState')
2173 tunnel_cleaner (void *cls, const struct GNUNET_MESH_Tunnel *tunnel, void *tunnel_ctx)
2175 struct TunnelState *ts = tunnel_ctx;
2182 GNUNET_assert (ts->tunnel == tunnel);
2184 free_tunnel_state (ts);
2189 * Free memory occupied by an entry in the destination map.
2193 * @param value a 'struct DestinationEntry *'
2194 * @return GNUNET_OK (continue to iterate)
2197 cleanup_destination (void *cls,
2198 const GNUNET_HashCode *key,
2201 struct DestinationEntry *de = value;
2203 free_destination_entry (de);
2209 * Free memory occupied by an entry in the tunnel map.
2213 * @param value a 'struct TunnelState *'
2214 * @return GNUNET_OK (continue to iterate)
2217 cleanup_tunnel (void *cls,
2218 const GNUNET_HashCode *key,
2221 struct TunnelState *ts = value;
2223 free_tunnel_state (ts);
2229 * Function scheduled as very last function, cleans up after us
2235 cleanup (void *cls GNUNET_UNUSED,
2236 const struct GNUNET_SCHEDULER_TaskContext *tc)
2240 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2241 "VPN is shutting down\n");
2242 if (NULL != destination_map)
2244 GNUNET_CONTAINER_multihashmap_iterate (destination_map,
2245 &cleanup_destination,
2247 GNUNET_CONTAINER_multihashmap_destroy (destination_map);
2248 destination_map = NULL;
2250 if (NULL != destination_heap)
2252 GNUNET_CONTAINER_heap_destroy (destination_heap);
2253 destination_heap = NULL;
2255 if (NULL != tunnel_map)
2257 GNUNET_CONTAINER_multihashmap_iterate (tunnel_map,
2260 GNUNET_CONTAINER_multihashmap_destroy (tunnel_map);
2263 if (NULL != tunnel_heap)
2265 GNUNET_CONTAINER_heap_destroy (tunnel_heap);
2268 if (NULL != mesh_handle)
2270 GNUNET_MESH_disconnect (mesh_handle);
2273 if (NULL != helper_handle)
2275 GNUNET_HELPER_stop (helper_handle);
2276 helper_handle = NULL;
2280 GNUNET_SERVER_notification_context_destroy (nc);
2285 GNUNET_STATISTICS_destroy (stats, GNUNET_YES);
2289 GNUNET_free_non_null (vpn_argv[i]);
2294 * A client disconnected, clean up all references to it.
2296 * @param cls the client that disconnected
2298 * @param value a 'struct TunnelState *'
2299 * @return GNUNET_OK (continue to iterate)
2302 cleanup_tunnel_client (void *cls,
2303 const GNUNET_HashCode *key,
2306 struct GNUNET_SERVER_Client *client = cls;
2307 struct TunnelState *ts = value;
2309 if (client == ts->client)
2311 GNUNET_SERVER_client_drop (ts->client);
2319 * A client disconnected, clean up all references to it.
2321 * @param cls the client that disconnected
2323 * @param value a 'struct DestinationEntry *'
2324 * @return GNUNET_OK (continue to iterate)
2327 cleanup_destination_client (void *cls,
2328 const GNUNET_HashCode *key,
2331 struct GNUNET_SERVER_Client *client = cls;
2332 struct DestinationEntry *de = value;
2333 struct TunnelState *ts;
2335 if (NULL == (ts = de->ts))
2337 if (client == ts->client)
2339 GNUNET_SERVER_client_drop (ts->client);
2347 * A client has disconnected from us. If we are currently building
2348 * a tunnel for it, cancel the operation.
2351 * @param client handle to the client that disconnected
2354 client_disconnect (void *cls, struct GNUNET_SERVER_Client *client)
2356 if (NULL != tunnel_map)
2357 GNUNET_CONTAINER_multihashmap_iterate (tunnel_map,
2358 &cleanup_tunnel_client,
2360 if (NULL != destination_map)
2361 GNUNET_CONTAINER_multihashmap_iterate (destination_map,
2362 &cleanup_destination_client,
2368 * Main function that will be run by the scheduler.
2370 * @param cls closure
2371 * @param server the initialized server
2372 * @param cfg_ configuration
2376 struct GNUNET_SERVER_Handle *server,
2377 const struct GNUNET_CONFIGURATION_Handle *cfg_)
2379 static const struct GNUNET_SERVER_MessageHandler service_handlers[] = {
2380 /* callback, cls, type, size */
2381 {&service_redirect_to_ip, NULL, GNUNET_MESSAGE_TYPE_VPN_CLIENT_REDIRECT_TO_IP, 0},
2382 {&service_redirect_to_service, NULL,
2383 GNUNET_MESSAGE_TYPE_VPN_CLIENT_REDIRECT_TO_SERVICE,
2384 sizeof (struct RedirectToServiceRequestMessage) },
2387 static const struct GNUNET_MESH_MessageHandler mesh_handlers[] = {
2388 {receive_udp_back, GNUNET_MESSAGE_TYPE_VPN_SERVICE_UDP_BACK, 0},
2389 {receive_tcp_back, GNUNET_MESSAGE_TYPE_VPN_SERVICE_TCP_BACK, 0},
2390 {receive_udp_back, GNUNET_MESSAGE_TYPE_VPN_REMOTE_UDP_BACK, 0},
2391 {receive_tcp_back, GNUNET_MESSAGE_TYPE_VPN_REMOTE_TCP_BACK, 0},
2394 static const GNUNET_MESH_ApplicationType types[] = {
2395 GNUNET_APPLICATION_TYPE_END
2406 stats = GNUNET_STATISTICS_create ("vpn", cfg);
2408 GNUNET_CONFIGURATION_get_value_number (cfg, "vpn", "MAX_MAPPING",
2409 &max_destination_mappings))
2410 max_destination_mappings = 200;
2412 GNUNET_CONFIGURATION_get_value_number (cfg, "vpn", "MAX_TUNNELS",
2413 &max_tunnel_mappings))
2414 max_tunnel_mappings = 200;
2416 destination_map = GNUNET_CONTAINER_multihashmap_create (max_destination_mappings * 2);
2417 destination_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
2418 tunnel_map = GNUNET_CONTAINER_multihashmap_create (max_tunnel_mappings * 2);
2419 tunnel_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
2422 vpn_argv[0] = GNUNET_strdup ("vpn-gnunet");
2423 if (GNUNET_SYSERR ==
2424 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IFNAME", &ifname))
2426 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2427 "No entry 'IFNAME' in configuration!\n");
2428 GNUNET_SCHEDULER_shutdown ();
2431 vpn_argv[1] = ifname;
2432 if ( (GNUNET_SYSERR ==
2433 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IPV6ADDR",
2435 (1 != inet_pton (AF_INET6, ipv6addr, &v6))) )
2437 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2438 "No valid entry 'IPV6ADDR' in configuration!\n");
2439 GNUNET_SCHEDULER_shutdown ();
2442 vpn_argv[2] = ipv6addr;
2443 if (GNUNET_SYSERR ==
2444 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IPV6PREFIX",
2447 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2448 "No entry 'IPV6PREFIX' in configuration!\n");
2449 GNUNET_SCHEDULER_shutdown ();
2452 vpn_argv[3] = ipv6prefix_s;
2454 GNUNET_CONFIGURATION_get_value_number (cfg, "vpn",
2457 (ipv6prefix >= 127) )
2459 GNUNET_SCHEDULER_shutdown ();
2463 if ( (GNUNET_SYSERR ==
2464 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IPV4ADDR",
2466 (1 != inet_pton (AF_INET, ipv4addr, &v4))) )
2468 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2469 "No valid entry for 'IPV4ADDR' in configuration!\n");
2470 GNUNET_SCHEDULER_shutdown ();
2473 vpn_argv[4] = ipv4addr;
2474 if ( (GNUNET_SYSERR ==
2475 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IPV4MASK",
2477 (1 != inet_pton (AF_INET, ipv4mask, &v4))) )
2479 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2480 "No valid entry 'IPV4MASK' in configuration!\n");
2481 GNUNET_SCHEDULER_shutdown ();
2484 vpn_argv[5] = ipv4mask;
2488 GNUNET_MESH_connect (cfg_, 42 /* queue length */, NULL,
2493 helper_handle = GNUNET_HELPER_start ("gnunet-helper-vpn", vpn_argv,
2494 &message_token, NULL);
2495 nc = GNUNET_SERVER_notification_context_create (server, 1);
2496 GNUNET_SERVER_add_handlers (server, service_handlers);
2497 GNUNET_SERVER_disconnect_notify (server, &client_disconnect, NULL);
2498 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &cleanup, cls);
2503 * The main function of the VPN service.
2505 * @param argc number of arguments from the command line
2506 * @param argv command line arguments
2507 * @return 0 ok, 1 on error
2510 main (int argc, char *const *argv)
2512 return (GNUNET_OK ==
2513 GNUNET_SERVICE_run (argc, argv, "vpn",
2514 GNUNET_SERVICE_OPTION_NONE,
2515 &run, NULL)) ? 0 : 1;
2518 /* end of gnunet-service-vpn.c */