2 This file is part of GNUnet.
3 (C) 2010, 2011, 2012 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file vpn/gnunet-service-vpn.c
23 * @brief service that opens a virtual interface and allows its clients
24 * to allocate IPs on the virtual interface and to then redirect
25 * IP traffic received on those IPs via the GNUnet mesh
26 * @author Philipp Toelke
27 * @author Christian Grothoff
30 * - create secondary mesh tunnels if needed / check overall tunnel creation/management code!
32 * - better message queue management (bounded state, drop oldest/RED?)
33 * - improve support for deciding which tunnels to keep and which ones to destroy
34 * - add back ICMP support (especially needed for IPv6)
35 * - consider moving IP-header building / checksumming code into shared library
36 * with dns/exit/vpn (libgnunettun_tcpip?)
39 #include "gnunet_util_lib.h"
40 #include "gnunet_common.h"
41 #include "gnunet_protocols.h"
42 #include "gnunet_applications.h"
43 #include "gnunet_mesh_service.h"
44 #include "gnunet_constants.h"
45 #include "tcpip_tun.h"
50 * Information we track for each IP address to determine which tunnel
51 * to send the traffic over to the destination.
53 struct DestinationEntry
56 * Information about the tunnel to use, NULL if no tunnel
57 * is available right now.
59 struct GNUNET_MESH_Tunnel *tunnel;
62 * Entry for this entry in the destination_heap.
64 struct GNUNET_CONTAINER_HeapNode *heap_node;
67 * GNUNET_NO if this is a tunnel to an Internet-exit,
68 * GNUNET_YES if this tunnel is to a service.
73 * Details about the connection (depending on is_service).
81 * The description of the service (only used for service tunnels).
83 GNUNET_HashCode service_descriptor;
86 * Peer offering the service.
88 struct GNUNET_PeerIdentity target;
90 } service_destination;
96 * Address family used (AF_INET or AF_INET6).
101 * IP address of the ultimate destination (only used for exit tunnels).
106 * Address if af is AF_INET.
111 * Address if af is AF_INET6.
124 * A messages we have in queue for a particular tunnel.
126 struct TunnelMessageQueueEntry
129 * This is a doubly-linked list.
131 struct TunnelMessageQueueEntry *next;
134 * This is a doubly-linked list.
136 struct TunnelMessageQueueEntry *prev;
139 * Number of bytes in 'msg'.
144 * Message to transmit, allocated at the end of this struct.
151 * State we keep for each of our tunnels.
156 * Active transmission handle, NULL for none.
158 struct GNUNET_MESH_TransmitHandle *th;
161 * Entry for this entry in the tunnel_heap, NULL as long as this
162 * tunnel state is not fully bound.
164 struct GNUNET_CONTAINER_HeapNode *heap_node;
167 * Head of list of messages scheduled for transmission.
169 struct TunnelMessageQueueEntry *head;
172 * Tail of list of messages scheduled for transmission.
174 struct TunnelMessageQueueEntry *tail;
177 * Client that needs to be notified about the tunnel being
178 * up as soon as a peer is connected; NULL for none.
180 struct GNUNET_SERVER_Client *client;
183 * ID of the client request that caused us to setup this entry.
188 * Destination to which this tunnel leads. Note that
189 * this struct is NOT in the destination_map (but a
190 * local copy) and that the 'heap_node' should always
193 struct DestinationEntry destination;
196 * GNUNET_NO if this is a tunnel to an Internet-exit,
197 * GNUNET_YES if this tunnel is to a service.
202 * Addess family used for this tunnel on the local TUN interface.
207 * IP address of the source on our end, initially uninitialized.
212 * Address if af is AF_INET.
217 * Address if af is AF_INET6.
224 * Destination IP address used by the source on our end (this is the IP
225 * that we pick freely within the VPN's tunnel IP range).
230 * Address if af is AF_INET.
235 * Address if af is AF_INET6.
242 * Source port used by the sender on our end; 0 for uninitialized.
244 uint16_t source_port;
247 * Destination port used by the sender on our end; 0 for uninitialized.
249 uint16_t destination_port;
255 * Configuration we use.
257 static const struct GNUNET_CONFIGURATION_Handle *cfg;
260 * Handle to the mesh service.
262 static struct GNUNET_MESH_Handle *mesh_handle;
265 * Map from IP address to destination information (possibly with a
266 * MESH tunnel handle for fast setup).
268 static struct GNUNET_CONTAINER_MultiHashMap *destination_map;
271 * Min-Heap sorted by activity time to expire old mappings.
273 static struct GNUNET_CONTAINER_Heap *destination_heap;
276 * Map from source and destination address (IP+port) to connection
277 * information (mostly with the respective MESH tunnel handle).
279 static struct GNUNET_CONTAINER_MultiHashMap *tunnel_map;
282 * Min-Heap sorted by activity time to expire old mappings.
284 static struct GNUNET_CONTAINER_Heap *tunnel_heap;
287 * The handle to the VPN helper process "gnunet-helper-vpn".
289 static struct GNUNET_HELPER_Handle *helper_handle;
292 * Arguments to the vpn helper.
294 static char *vpn_argv[7];
297 * Length of the prefix of the VPN's IPv6 network.
299 static unsigned long long ipv6prefix;
302 * Notification context for sending replies to clients.
304 static struct GNUNET_SERVER_NotificationContext *nc;
307 * If there are more than this number of address-mappings, old ones
310 static unsigned long long max_destination_mappings;
313 * If there are more than this number of open tunnels, old ones
316 static unsigned long long max_tunnel_mappings;
320 * Compute the key under which we would store an entry in the
321 * destination_map for the given IP address.
323 * @param af address family (AF_INET or AF_INET6)
324 * @param address IP address, struct in_addr or struct in6_addr
325 * @param key where to store the key
328 get_destination_key_from_ip (int af,
330 GNUNET_HashCode *key)
335 GNUNET_CRYPTO_hash (address,
336 sizeof (struct in_addr),
340 GNUNET_CRYPTO_hash (address,
341 sizeof (struct in6_addr),
352 * Compute the key under which we would store an entry in the
353 * tunnel_map for the given socket address pair.
355 * @param af address family (AF_INET or AF_INET6)
356 * @param protocol IPPROTO_TCP or IPPROTO_UDP
357 * @param source_ip sender's source IP, struct in_addr or struct in6_addr
358 * @param source_port sender's source port
359 * @param destination_ip sender's destination IP, struct in_addr or struct in6_addr
360 * @param destination_port sender's destination port
361 * @param key where to store the key
364 get_tunnel_key_from_ips (int af,
366 const void *source_ip,
367 uint16_t source_port,
368 const void *destination_ip,
369 uint16_t destination_port,
370 GNUNET_HashCode *key)
374 memset (key, 0, sizeof (GNUNET_HashCode));
375 /* the GNUnet hashmap only uses the first sizeof(unsigned int) of the hash,
376 so we put the ports in there (and hope for few collisions) */
378 memcpy (off, &source_port, sizeof (uint16_t));
379 off += sizeof (uint16_t);
380 memcpy (off, &destination_port, sizeof (uint16_t));
381 off += sizeof (uint16_t);
385 memcpy (off, source_ip, sizeof (struct in_addr));
386 off += sizeof (struct in_addr);
387 memcpy (off, destination_ip, sizeof (struct in_addr));
388 off += sizeof (struct in_addr);
391 memcpy (off, source_ip, sizeof (struct in6_addr));
392 off += sizeof (struct in6_addr);
393 memcpy (off, destination_ip, sizeof (struct in6_addr));
394 off += sizeof (struct in6_addr);
400 memcpy (off, &protocol, sizeof (uint8_t));
401 off += sizeof (uint8_t);
406 * Notify the client about the result of its request.
408 * @param client client to notify
409 * @param request_id original request ID to include in response
410 * @param result_af resulting address family
411 * @param addr resulting IP address
414 send_client_reply (struct GNUNET_SERVER_Client *client,
419 char buf[sizeof (struct RedirectToIpResponseMessage) + sizeof (struct in6_addr)];
420 struct RedirectToIpResponseMessage *res;
426 rlen = sizeof (struct in_addr);
429 rlen = sizeof (struct in6_addr);
438 res = (struct RedirectToIpResponseMessage *) buf;
439 res->header.size = htons (sizeof (struct RedirectToIpResponseMessage) + rlen);
440 res->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_CLIENT_USE_IP);
441 res->result_af = htonl (result_af);
442 res->request_id = request_id;
443 memcpy (&res[1], addr, rlen);
444 GNUNET_SERVER_notification_context_add (nc, client);
445 GNUNET_SERVER_notification_context_unicast (nc,
453 * Method called whenever a peer has disconnected from the tunnel.
456 * @param peer peer identity the tunnel stopped working with
459 tunnel_peer_disconnect_handler (void *cls,
461 GNUNET_PeerIdentity * peer)
463 /* FIXME: should we do anything here?
464 - stop transmitting to the tunnel (start queueing?)
465 - possibly destroy the tunnel entirely (unless service tunnel?)
471 * Method called whenever a peer has connected to the tunnel. Notifies
472 * the waiting client that the tunnel is now up.
475 * @param peer peer identity the tunnel was created to, NULL on timeout
476 * @param atsi performance data for the connection
479 tunnel_peer_connect_handler (void *cls,
480 const struct GNUNET_PeerIdentity
483 GNUNET_ATS_Information * atsi)
485 struct TunnelState *ts = cls;
487 if (NULL == ts->client)
488 return; /* nothing to do */
489 send_client_reply (ts->client,
492 &ts->destination_ip);
493 GNUNET_SERVER_client_drop (ts->client);
499 * Send a message from the message queue via mesh.
501 * @param cls the 'struct TunnelState' with the message queue
502 * @param size number of bytes available in buf
503 * @param buf where to copy the message
504 * @return number of bytes copied to buf
507 send_to_peer_notify_callback (void *cls, size_t size, void *buf)
509 struct TunnelState *ts = cls;
510 struct TunnelMessageQueueEntry *tnq;
517 GNUNET_assert (NULL != tnq);
518 GNUNET_assert (size >= tnq->len);
519 GNUNET_CONTAINER_DLL_remove (ts->head,
522 memcpy (buf, tnq->msg, tnq->len);
525 if (NULL != (tnq = ts->head))
526 ts->th = GNUNET_MESH_notify_transmit_ready (ts->destination.tunnel,
527 GNUNET_NO /* cork */,
529 GNUNET_TIME_UNIT_FOREVER_REL,
532 &send_to_peer_notify_callback,
539 * Add the given message to the given tunnel and
540 * trigger the transmission process.
542 * @param tnq message to queue
543 * @param ts tunnel to queue the message for
546 send_to_tunnel (struct TunnelMessageQueueEntry *tnq,
547 struct TunnelState *ts)
549 GNUNET_CONTAINER_DLL_insert_tail (ts->head,
553 ts->th = GNUNET_MESH_notify_transmit_ready (ts->destination.tunnel,
554 GNUNET_NO /* cork */,
556 GNUNET_TIME_UNIT_FOREVER_REL,
559 &send_to_peer_notify_callback,
565 * Route a packet via mesh to the given destination.
567 * @param destination description of the destination
568 * @param af address family on this end (AF_INET or AF_INET6)
569 * @param protocol IPPROTO_TCP or IPPROTO_UDP
570 * @param source_ip source IP used by the sender (struct in_addr or struct in6_addr)
571 * @param destination_ip destination IP used by the sender (struct in_addr or struct in6_addr)
572 * @param payload payload of the packet after the IP header
573 * @param payload_length number of bytes in payload
576 route_packet (struct DestinationEntry *destination,
579 const void *source_ip,
580 const void *destination_ip,
582 size_t payload_length)
585 struct TunnelState *ts;
586 struct TunnelMessageQueueEntry *tnq;
589 GNUNET_MESH_ApplicationType app_type;
591 const struct udp_packet *udp;
592 const struct tcp_packet *tcp;
598 if (payload_length < sizeof (struct udp_packet))
605 get_tunnel_key_from_ips (af,
616 if (payload_length < sizeof (struct tcp_packet))
623 get_tunnel_key_from_ips (af,
633 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
634 _("Protocol %u not supported, dropping\n"),
635 (unsigned int) protocol);
639 if (! destination->is_service)
641 switch (destination->details.exit_destination.af)
644 alen = sizeof (struct in_addr);
645 app_type = GNUNET_APPLICATION_TYPE_IPV4_GATEWAY;
648 alen = sizeof (struct in6_addr);
649 app_type = GNUNET_APPLICATION_TYPE_IPV6_GATEWAY;
658 /* make compiler happy */
663 // FIXME: something is horrifically wrong here about
664 // how we lookup 'ts', match it and how we decide about
665 // creating new tunnels!
668 ts = GNUNET_CONTAINER_multihashmap_get (tunnel_map,
672 /* create new tunnel */
674 ts = GNUNET_malloc (sizeof (struct TunnelState));
675 ts->destination.tunnel = GNUNET_MESH_tunnel_create (mesh_handle,
677 &tunnel_peer_connect_handler,
678 &tunnel_peer_disconnect_handler,
680 if (destination->is_service)
681 GNUNET_MESH_peer_request_connect_add (ts->destination.tunnel,
682 &destination->details.service_destination.target);
684 GNUNET_MESH_peer_request_connect_by_type (ts->destination.tunnel,
688 /* send via tunnel */
692 if (destination->is_service)
694 struct GNUNET_EXIT_UdpServiceMessage *usm;
696 mlen = sizeof (struct GNUNET_EXIT_UdpServiceMessage) +
697 payload_length - sizeof (struct udp_packet);
698 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
703 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) + mlen);
704 usm = (struct GNUNET_EXIT_UdpServiceMessage *) &tnq[1];
705 usm->header.size = htons ((uint16_t) mlen);
706 usm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_UDP_TO_SERVICE);
707 /* if the source port is below 32000, we assume it has a special
708 meaning; if not, we pick a random port (this is a heuristic) */
709 usm->source_port = (ntohs (udp->spt) < 32000) ? udp->spt : 0;
710 usm->destination_port = udp->dpt;
711 usm->service_descriptor = destination->details.service_destination.service_descriptor;
714 payload_length - sizeof (struct udp_packet));
718 struct GNUNET_EXIT_UdpInternetMessage *uim;
719 struct in_addr *ip4dst;
720 struct in6_addr *ip6dst;
723 mlen = sizeof (struct GNUNET_EXIT_UdpInternetMessage) +
724 alen + payload_length - sizeof (struct udp_packet);
725 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
730 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) +
732 uim = (struct GNUNET_EXIT_UdpInternetMessage *) &tnq[1];
733 uim->header.size = htons ((uint16_t) mlen);
734 uim->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_UDP_TO_INTERNET);
735 uim->af = htonl (destination->details.exit_destination.af);
736 uim->source_port = (ntohs (udp->spt) < 32000) ? udp->spt : 0;
737 uim->destination_port = udp->dpt;
738 switch (destination->details.exit_destination.af)
741 ip4dst = (struct in_addr *) &uim[1];
742 *ip4dst = destination->details.exit_destination.ip.v4;
743 payload = &ip4dst[1];
746 ip6dst = (struct in6_addr *) &uim[1];
747 *ip6dst = destination->details.exit_destination.ip.v6;
748 payload = &ip6dst[1];
755 payload_length - sizeof (struct udp_packet));
761 if (destination->is_service)
763 struct GNUNET_EXIT_TcpServiceStartMessage *tsm;
765 mlen = sizeof (struct GNUNET_EXIT_TcpServiceStartMessage) +
766 payload_length - sizeof (struct tcp_packet);
767 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
772 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) + mlen);
773 tsm = (struct GNUNET_EXIT_TcpServiceStartMessage *) &tnq[1];
774 tsm->header.size = htons ((uint16_t) mlen);
775 tsm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_TCP_TO_SERVICE_START);
776 tsm->reserved = htonl (0);
777 tsm->service_descriptor = destination->details.service_destination.service_descriptor;
778 tsm->tcp_header = *tcp;
781 payload_length - sizeof (struct tcp_packet));
785 struct GNUNET_EXIT_TcpInternetStartMessage *tim;
786 struct in_addr *ip4dst;
787 struct in6_addr *ip6dst;
790 mlen = sizeof (struct GNUNET_EXIT_TcpInternetStartMessage) +
791 alen + payload_length - sizeof (struct tcp_packet);
792 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
797 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) + mlen);
798 tim = (struct GNUNET_EXIT_TcpInternetStartMessage *) &tnq[1];
799 tim->header.size = htons ((uint16_t) mlen);
800 tim->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_TCP_TO_INTERNET_START);
801 tim->af = htonl (destination->details.exit_destination.af);
802 tim->tcp_header = *tcp;
803 switch (destination->details.exit_destination.af)
806 ip4dst = (struct in_addr *) &tim[1];
807 *ip4dst = destination->details.exit_destination.ip.v4;
808 payload = &ip4dst[1];
811 ip6dst = (struct in6_addr *) &tim[1];
812 *ip6dst = destination->details.exit_destination.ip.v6;
813 payload = &ip6dst[1];
820 payload_length - sizeof (struct tcp_packet));
825 struct GNUNET_EXIT_TcpDataMessage *tdm;
827 mlen = sizeof (struct GNUNET_EXIT_TcpDataMessage) +
828 alen + payload_length - sizeof (struct tcp_packet);
829 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
834 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) + mlen);
835 tdm = (struct GNUNET_EXIT_TcpDataMessage *) &tnq[1];
836 tdm->header.size = htons ((uint16_t) mlen);
837 tdm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_TCP_DATA);
838 tdm->reserved = htonl (0);
839 tdm->tcp_header = *tcp;
842 payload_length - sizeof (struct tcp_packet));
846 /* not supported above, how can we get here !? */
850 send_to_tunnel (tnq, ts);
855 * Receive packets from the helper-process (someone send to the local
856 * virtual tunnel interface). Find the destination mapping, and if it
857 * exists, identify the correct MESH tunnel (or possibly create it)
858 * and forward the packet.
860 * @param cls closure, NULL
862 * @param message message we got from the client (VPN tunnel interface)
865 message_token (void *cls GNUNET_UNUSED, void *client GNUNET_UNUSED,
866 const struct GNUNET_MessageHeader *message)
868 const struct tun_header *tun;
871 struct DestinationEntry *de;
873 mlen = ntohs (message->size);
874 if ( (ntohs (message->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER) ||
875 (mlen < sizeof (struct GNUNET_MessageHeader) + sizeof (struct tun_header)) )
880 tun = (const struct tun_header *) &message[1];
881 mlen -= (sizeof (struct GNUNET_MessageHeader) + sizeof (struct tun_header));
882 switch (ntohs (tun->proto))
886 const struct ip6_header *pkt6;
888 if (mlen < sizeof (struct ip6_header))
894 pkt6 = (const struct ip6_header *) &tun[1];
895 get_destination_key_from_ip (AF_INET6,
896 &pkt6->destination_address,
898 de = GNUNET_CONTAINER_multihashmap_get (destination_map, &key);
899 /* FIXME: do we need to guard against hash collision? */
902 char buf[INET6_ADDRSTRLEN];
904 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
905 _("Packet received for unmapped destination `%s' (dropping it)\n"),
907 &pkt6->destination_address,
915 &pkt6->source_address,
916 &pkt6->destination_address,
918 mlen - sizeof (struct ip6_header));
923 struct ip4_header *pkt4;
925 if (mlen < sizeof (struct ip4_header))
931 pkt4 = (struct ip4_header *) &tun[1];
932 get_destination_key_from_ip (AF_INET,
933 &pkt4->destination_address,
935 de = GNUNET_CONTAINER_multihashmap_get (destination_map, &key);
936 /* FIXME: do we need to guard against hash collision? */
939 char buf[INET_ADDRSTRLEN];
941 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
942 _("Packet received for unmapped destination `%s' (dropping it)\n"),
944 &pkt4->destination_address,
949 if (pkt4->header_length * 4 != sizeof (struct ip4_header))
951 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
952 _("Received IPv4 packet with options (dropping it)\n"));
958 &pkt4->source_address,
959 &pkt4->destination_address,
961 mlen - sizeof (struct ip4_header));
965 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
966 _("Received packet of unknown protocol %d from TUN (dropping it)\n"),
967 (unsigned int) ntohs (tun->proto));
974 * We got a UDP packet back from the MESH tunnel. Pass it on to the
975 * local virtual interface via the helper.
977 * @param cls closure, NULL
978 * @param tunnel connection to the other end
979 * @param tunnel_ctx pointer to our 'struct TunnelState *'
980 * @param sender who sent the message
981 * @param message the actual message
982 * @param atsi performance data for the connection
983 * @return GNUNET_OK to keep the connection open,
984 * GNUNET_SYSERR to close it (signal serious error)
987 receive_udp_back (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
988 void **tunnel_ctx, const struct GNUNET_PeerIdentity *sender,
989 const struct GNUNET_MessageHeader *message,
990 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
992 struct TunnelState *ts = *tunnel_ctx;
993 const struct GNUNET_EXIT_UdpReplyMessage *reply;
996 mlen = ntohs (message->size);
997 if (mlen < sizeof (struct GNUNET_EXIT_UdpReplyMessage))
1000 return GNUNET_SYSERR;
1002 if (NULL == ts->heap_node)
1004 GNUNET_break_op (0);
1005 return GNUNET_SYSERR;
1007 reply = (const struct GNUNET_EXIT_UdpReplyMessage *) message;
1008 mlen -= sizeof (struct GNUNET_EXIT_UdpReplyMessage);
1013 size_t size = sizeof (struct ip4_header)
1014 + sizeof (struct udp_packet)
1015 + sizeof (struct GNUNET_MessageHeader) +
1016 sizeof (struct tun_header) +
1020 struct GNUNET_MessageHeader *msg = (struct GNUNET_MessageHeader *) buf;
1021 struct tun_header *tun = (struct tun_header*) &msg[1];
1022 struct ip4_header *ipv4 = (struct ip4_header *) &tun[1];
1023 struct udp_packet *udp = (struct udp_packet *) &ipv4[1];
1024 msg->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1025 msg->size = htons (size);
1026 tun->flags = htons (0);
1027 tun->proto = htons (ETH_P_IPV4);
1029 ipv4->header_length = sizeof (struct ip4_header) / 4;
1030 ipv4->diff_serv = 0;
1031 ipv4->total_length = htons (sizeof (struct ip4_header) +
1032 sizeof (struct udp_packet) +
1034 ipv4->identification = (uint16_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1037 ipv4->fragmentation_offset = 0;
1039 ipv4->protocol = IPPROTO_UDP;
1041 ipv4->source_address = ts->destination_ip.v4;
1042 ipv4->destination_address = ts->source_ip.v4;
1044 GNUNET_CRYPTO_crc16_n (ipv4, sizeof (struct ip4_header));
1045 if (0 == ntohs (reply->source_port))
1046 udp->spt = htons (ts->destination_port);
1048 udp->spt = reply->source_port;
1049 if (0 == ntohs (reply->destination_port))
1050 udp->dpt = htons (ts->source_port);
1052 udp->dpt = reply->destination_port;
1053 udp->len = htons (mlen + sizeof (struct udp_packet));
1054 udp->crc = 0; // FIXME: optional, but we might want to calculate this one anyway
1058 (void) GNUNET_HELPER_send (helper_handle,
1067 size_t size = sizeof (struct ip6_header)
1068 + sizeof (struct udp_packet)
1069 + sizeof (struct GNUNET_MessageHeader) +
1070 sizeof (struct tun_header) +
1074 struct GNUNET_MessageHeader *msg = (struct GNUNET_MessageHeader *) buf;
1075 struct tun_header *tun = (struct tun_header*) &msg[1];
1076 struct ip6_header *ipv6 = (struct ip6_header *) &tun[1];
1077 struct udp_packet *udp = (struct udp_packet *) &ipv6[1];
1078 msg->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1079 msg->size = htons (size);
1080 tun->flags = htons (0);
1081 tun->proto = htons (ETH_P_IPV6);
1082 ipv6->traffic_class_h = 0;
1084 ipv6->traffic_class_l = 0;
1085 ipv6->flow_label = 0;
1086 ipv6->payload_length = htons (sizeof (struct udp_packet) + sizeof (struct ip6_header) + mlen);
1087 ipv6->next_header = IPPROTO_UDP;
1088 ipv6->hop_limit = 255;
1089 ipv6->source_address = ts->destination_ip.v6;
1090 ipv6->destination_address = ts->source_ip.v6;
1091 if (0 == ntohs (reply->source_port))
1092 udp->spt = htons (ts->destination_port);
1094 udp->spt = reply->source_port;
1095 if (0 == ntohs (reply->destination_port))
1096 udp->dpt = htons (ts->source_port);
1098 udp->dpt = reply->destination_port;
1099 udp->len = htons (mlen + sizeof (struct udp_packet));
1107 GNUNET_CRYPTO_crc16_step (sum, &ipv6->source_address,
1108 sizeof (struct in6_addr) * 2);
1109 uint32_t tmp = udp->len;
1110 sum = GNUNET_CRYPTO_crc16_step (sum, &tmp, sizeof (uint32_t));
1111 tmp = htons (IPPROTO_UDP);
1112 sum = GNUNET_CRYPTO_crc16_step (sum, &tmp, sizeof (uint32_t));
1113 sum = GNUNET_CRYPTO_crc16_step (sum,
1116 udp->crc = GNUNET_CRYPTO_crc16_finish (sum);
1118 (void) GNUNET_HELPER_send (helper_handle,
1129 // FIXME: refresh entry to avoid expiration...
1130 struct map_entry *me = GNUNET_CONTAINER_multihashmap_get (hashmap, key);
1132 GNUNET_CONTAINER_heap_update_cost (heap, me->heap_node,
1133 GNUNET_TIME_absolute_get ().abs_value);
1141 * We got a TCP packet back from the MESH tunnel. Pass it on to the
1142 * local virtual interface via the helper.
1144 * @param cls closure, NULL
1145 * @param tunnel connection to the other end
1146 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1147 * @param sender who sent the message
1148 * @param message the actual message
1149 * @param atsi performance data for the connection
1150 * @return GNUNET_OK to keep the connection open,
1151 * GNUNET_SYSERR to close it (signal serious error)
1154 receive_tcp_back (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1156 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1157 const struct GNUNET_MessageHeader *message,
1158 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1160 struct TunnelState *ts = *tunnel_ctx;
1161 const struct GNUNET_EXIT_TcpDataMessage *data;
1164 mlen = ntohs (message->size);
1165 if (mlen < sizeof (struct GNUNET_EXIT_TcpDataMessage))
1167 GNUNET_break_op (0);
1168 return GNUNET_SYSERR;
1170 if (NULL == ts->heap_node)
1172 GNUNET_break_op (0);
1173 return GNUNET_SYSERR;
1175 data = (const struct GNUNET_EXIT_TcpDataMessage *) message;
1176 mlen -= sizeof (struct GNUNET_EXIT_TcpDataMessage);
1181 size_t size = sizeof (struct ip4_header)
1182 + sizeof (struct tcp_packet)
1183 + sizeof (struct GNUNET_MessageHeader) +
1184 sizeof (struct tun_header) +
1188 struct GNUNET_MessageHeader *msg = (struct GNUNET_MessageHeader *) buf;
1189 struct tun_header *tun = (struct tun_header*) &msg[1];
1190 struct ip4_header *ipv4 = (struct ip4_header *) &tun[1];
1191 struct tcp_packet *tcp = (struct tcp_packet *) &ipv4[1];
1192 msg->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1193 msg->size = htons (size);
1194 tun->flags = htons (0);
1195 tun->proto = htons (ETH_P_IPV4);
1197 ipv4->header_length = sizeof (struct ip4_header) / 4;
1198 ipv4->diff_serv = 0;
1199 ipv4->total_length = htons (sizeof (struct ip4_header) +
1200 sizeof (struct tcp_packet) +
1202 ipv4->identification = (uint16_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1205 ipv4->fragmentation_offset = 0;
1207 ipv4->protocol = IPPROTO_TCP;
1209 ipv4->source_address = ts->destination_ip.v4;
1210 ipv4->destination_address = ts->source_ip.v4;
1212 GNUNET_CRYPTO_crc16_n (ipv4, sizeof (struct ip4_header));
1213 *tcp = data->tcp_header;
1214 tcp->spt = htons (ts->destination_port);
1215 tcp->dpt = htons (ts->source_port);
1224 sum = GNUNET_CRYPTO_crc16_step (sum,
1225 &ipv4->source_address,
1226 2 * sizeof (struct in_addr));
1227 tmp = htonl ((IPPROTO_TCP << 16) | (mlen + sizeof (struct tcp_packet)));
1228 sum = GNUNET_CRYPTO_crc16_step (sum, &tmp, sizeof (uint32_t));
1229 sum = GNUNET_CRYPTO_crc16_step (sum, tcp, mlen + sizeof (struct tcp_packet));
1230 tcp->crc = GNUNET_CRYPTO_crc16_finish (sum);
1232 (void) GNUNET_HELPER_send (helper_handle,
1241 size_t size = sizeof (struct ip6_header)
1242 + sizeof (struct tcp_packet)
1243 + sizeof (struct GNUNET_MessageHeader) +
1244 sizeof (struct tun_header) +
1248 struct GNUNET_MessageHeader *msg = (struct GNUNET_MessageHeader *) buf;
1249 struct tun_header *tun = (struct tun_header*) &msg[1];
1250 struct ip6_header *ipv6 = (struct ip6_header *) &tun[1];
1251 struct tcp_packet *tcp = (struct tcp_packet *) &ipv6[1];
1252 msg->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1253 msg->size = htons (size);
1254 tun->flags = htons (0);
1255 tun->proto = htons (ETH_P_IPV6);
1256 ipv6->traffic_class_h = 0;
1258 ipv6->traffic_class_l = 0;
1259 ipv6->flow_label = 0;
1260 ipv6->payload_length = htons (sizeof (struct tcp_packet) + sizeof (struct ip6_header) + mlen);
1261 ipv6->next_header = IPPROTO_TCP;
1262 ipv6->hop_limit = 255;
1263 ipv6->source_address = ts->destination_ip.v6;
1264 ipv6->destination_address = ts->source_ip.v6;
1265 tcp->spt = htons (ts->destination_port);
1266 tcp->dpt = htons (ts->source_port);
1272 sum = GNUNET_CRYPTO_crc16_step (sum, &ipv6->source_address, 2 * sizeof (struct in6_addr));
1273 tmp = htonl (sizeof (struct tcp_packet) + mlen);
1274 sum = GNUNET_CRYPTO_crc16_step (sum, &tmp, sizeof (uint32_t));
1275 tmp = htonl (IPPROTO_TCP);
1276 sum = GNUNET_CRYPTO_crc16_step (sum, &tmp, sizeof (uint32_t));
1277 sum = GNUNET_CRYPTO_crc16_step (sum, tcp,
1278 sizeof (struct tcp_packet) + mlen);
1279 tcp->crc = GNUNET_CRYPTO_crc16_finish (sum);
1281 (void) GNUNET_HELPER_send (helper_handle,
1291 // FIXME: refresh entry to avoid expiration...
1292 struct map_entry *me = GNUNET_CONTAINER_multihashmap_get (hashmap, key);
1294 GNUNET_CONTAINER_heap_update_cost (heap, me->heap_node,
1295 GNUNET_TIME_absolute_get ().abs_value);
1303 * Allocate an IPv4 address from the range of the tunnel
1304 * for a new redirection.
1306 * @param v4 where to store the address
1307 * @return GNUNET_OK on success,
1308 * GNUNET_SYSERR on error
1311 allocate_v4_address (struct in_addr *v4)
1313 const char *ipv4addr = vpn_argv[4];
1314 const char *ipv4mask = vpn_argv[5];
1315 struct in_addr addr;
1316 struct in_addr mask;
1318 GNUNET_HashCode key;
1321 GNUNET_assert (1 == inet_pton (AF_INET, ipv4addr, &addr));
1322 GNUNET_assert (1 == inet_pton (AF_INET, ipv4mask, &mask));
1323 /* Given 192.168.0.1/255.255.0.0, we want a mask
1324 of '192.168.255.255', thus: */
1325 mask.s_addr = addr.s_addr | ~mask.s_addr;
1332 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1333 _("Failed to find unallocated IPv4 address in VPN's range\n"));
1334 return GNUNET_SYSERR;
1336 /* Pick random IPv4 address within the subnet, except 'addr' or 'mask' itself */
1337 rnd.s_addr = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1339 v4->s_addr = (addr.s_addr | rnd.s_addr) & mask.s_addr;
1340 get_destination_key_from_ip (AF_INET,
1344 while ( (GNUNET_YES ==
1345 GNUNET_CONTAINER_multihashmap_contains (destination_map,
1347 (v4->s_addr == addr.s_addr) ||
1348 (v4->s_addr == mask.s_addr) );
1354 * Allocate an IPv6 address from the range of the tunnel
1355 * for a new redirection.
1357 * @param v6 where to store the address
1358 * @return GNUNET_OK on success,
1359 * GNUNET_SYSERR on error
1362 allocate_v6_address (struct in6_addr *v6)
1364 const char *ipv6addr = vpn_argv[2];
1365 struct in6_addr addr;
1366 struct in6_addr mask;
1367 struct in6_addr rnd;
1369 GNUNET_HashCode key;
1372 GNUNET_assert (1 == inet_pton (AF_INET6, ipv6addr, &addr));
1373 GNUNET_assert (ipv6prefix < 128);
1374 /* Given ABCD::/96, we want a mask of 'ABCD::FFFF:FFFF,
1377 for (i=127;i>=128-ipv6prefix;i--)
1378 mask.s6_addr[i / 8] |= (1 << (i % 8));
1380 /* Pick random IPv6 address within the subnet, except 'addr' or 'mask' itself */
1387 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1388 _("Failed to find unallocated IPv6 address in VPN's range\n"));
1389 return GNUNET_SYSERR;
1394 rnd.s6_addr[i] = (unsigned char) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1397 = (addr.s6_addr[i] | rnd.s6_addr[i]) & mask.s6_addr[i];
1399 get_destination_key_from_ip (AF_INET6,
1403 while ( (GNUNET_YES ==
1404 GNUNET_CONTAINER_multihashmap_contains (destination_map,
1408 sizeof (struct in6_addr))) ||
1411 sizeof (struct in6_addr))) );
1417 * A client asks us to setup a redirection via some exit
1418 * node to a particular IP. Setup the redirection and
1419 * give the client the allocated IP.
1422 * @param client requesting client
1423 * @param message redirection request (a 'struct RedirectToIpRequestMessage')
1426 service_redirect_to_ip (void *cls GNUNET_UNUSED, struct GNUNET_SERVER_Client *client,
1427 const struct GNUNET_MessageHeader *message)
1431 const struct RedirectToIpRequestMessage *msg;
1437 struct DestinationEntry *de;
1438 GNUNET_HashCode key;
1439 struct TunnelState *ts;
1440 GNUNET_MESH_ApplicationType app_type;
1442 /* validate and parse request */
1443 mlen = ntohs (message->size);
1444 if (mlen < sizeof (struct RedirectToIpRequestMessage))
1447 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1450 alen = mlen - sizeof (struct RedirectToIpRequestMessage);
1451 msg = (const struct RedirectToIpRequestMessage *) message;
1452 addr_af = (int) htonl (msg->addr_af);
1456 if (alen != sizeof (struct in_addr))
1459 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1462 app_type = GNUNET_APPLICATION_TYPE_IPV4_GATEWAY;
1465 if (alen != sizeof (struct in6_addr))
1468 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1471 app_type = GNUNET_APPLICATION_TYPE_IPV6_GATEWAY;
1475 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1479 /* allocate response IP */
1481 result_af = (int) htonl (msg->result_af);
1486 allocate_v4_address (&v4))
1487 result_af = AF_UNSPEC;
1493 allocate_v6_address (&v6))
1494 result_af = AF_UNSPEC;
1500 allocate_v4_address (&v4))
1503 result_af = AF_INET;
1505 else if (GNUNET_OK ==
1506 allocate_v6_address (&v6))
1509 result_af = AF_INET6;
1514 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1517 if ( (result_af == AF_UNSPEC) ||
1518 (GNUNET_NO == ntohl (msg->nac)) )
1520 /* send reply "instantly" */
1521 send_client_reply (client,
1526 if (result_af == AF_UNSPEC)
1528 /* failure, we're done */
1529 GNUNET_SERVER_receive_done (client, GNUNET_OK);
1533 /* setup destination record */
1534 de = GNUNET_malloc (sizeof (struct DestinationEntry));
1535 de->is_service = GNUNET_NO;
1536 de->details.exit_destination.af = addr_af;
1537 memcpy (&de->details.exit_destination.ip,
1540 get_destination_key_from_ip (result_af,
1543 GNUNET_assert (GNUNET_OK ==
1544 GNUNET_CONTAINER_multihashmap_put (destination_map,
1547 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE));
1548 de->heap_node = GNUNET_CONTAINER_heap_insert (destination_heap,
1550 GNUNET_TIME_absolute_ntoh (msg->expiration_time).abs_value);
1551 /* setup tunnel to destination */
1552 ts = GNUNET_malloc (sizeof (struct TunnelState));
1553 if (GNUNET_NO != ntohl (msg->nac))
1555 ts->request_id = msg->request_id;
1556 ts->client = client;
1557 GNUNET_SERVER_client_keep (client);
1559 ts->destination = *de;
1560 ts->destination.heap_node = NULL;
1561 ts->is_service = GNUNET_NO;
1563 if (result_af == AF_INET)
1564 ts->destination_ip.v4 = v4;
1566 ts->destination_ip.v6 = v6;
1567 de->tunnel = GNUNET_MESH_tunnel_create (mesh_handle,
1569 &tunnel_peer_connect_handler,
1570 &tunnel_peer_disconnect_handler,
1572 GNUNET_MESH_peer_request_connect_by_type (de->tunnel,
1575 GNUNET_SERVER_receive_done (client, GNUNET_OK);
1580 * A client asks us to setup a redirection to a particular peer
1581 * offering a service. Setup the redirection and give the client the
1585 * @param client requesting client
1586 * @param message redirection request (a 'struct RedirectToPeerRequestMessage')
1589 service_redirect_to_service (void *cls GNUNET_UNUSED, struct GNUNET_SERVER_Client *client,
1590 const struct GNUNET_MessageHeader *message)
1592 const struct RedirectToServiceRequestMessage *msg;
1597 struct DestinationEntry *de;
1598 GNUNET_HashCode key;
1599 struct TunnelState *ts;
1602 msg = (const struct RedirectToServiceRequestMessage *) message;
1604 /* allocate response IP */
1606 result_af = (int) htonl (msg->result_af);
1611 allocate_v4_address (&v4))
1612 result_af = AF_UNSPEC;
1618 allocate_v6_address (&v6))
1619 result_af = AF_UNSPEC;
1625 allocate_v4_address (&v4))
1628 result_af = AF_INET;
1630 else if (GNUNET_OK ==
1631 allocate_v6_address (&v6))
1634 result_af = AF_INET6;
1639 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1642 if ( (result_af == AF_UNSPEC) ||
1643 (GNUNET_NO == ntohl (msg->nac)) )
1645 /* send reply "instantly" */
1646 send_client_reply (client,
1651 if (result_af == AF_UNSPEC)
1653 /* failure, we're done */
1654 GNUNET_SERVER_receive_done (client, GNUNET_OK);
1658 /* setup destination record */
1659 de = GNUNET_malloc (sizeof (struct DestinationEntry));
1660 de->is_service = GNUNET_YES;
1661 de->details.service_destination.service_descriptor = msg->service_descriptor;
1662 de->details.service_destination.target = msg->target;
1663 get_destination_key_from_ip (result_af,
1666 GNUNET_assert (GNUNET_OK ==
1667 GNUNET_CONTAINER_multihashmap_put (destination_map,
1670 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE));
1671 de->heap_node = GNUNET_CONTAINER_heap_insert (destination_heap,
1673 GNUNET_TIME_absolute_ntoh (msg->expiration_time).abs_value);
1675 /* setup tunnel to destination */
1676 ts = GNUNET_malloc (sizeof (struct TunnelState));
1677 if (GNUNET_NO != ntohl (msg->nac))
1679 ts->request_id = msg->request_id;
1680 ts->client = client;
1681 GNUNET_SERVER_client_keep (client);
1683 ts->destination = *de;
1684 ts->destination.heap_node = NULL;
1685 ts->is_service = GNUNET_YES;
1687 if (result_af == AF_INET)
1688 ts->destination_ip.v4 = v4;
1690 ts->destination_ip.v6 = v6;
1691 de->tunnel = GNUNET_MESH_tunnel_create (mesh_handle,
1693 &tunnel_peer_connect_handler,
1694 &tunnel_peer_disconnect_handler,
1696 GNUNET_MESH_peer_request_connect_add (de->tunnel,
1699 GNUNET_SERVER_receive_done (client, GNUNET_OK);
1705 * Function called for inbound tunnels. As we don't offer
1706 * any mesh services, this function should never be called.
1708 * @param cls closure
1709 * @param tunnel new handle to the tunnel
1710 * @param initiator peer that started the tunnel
1711 * @param atsi performance information for the tunnel
1712 * @return initial tunnel context for the tunnel
1713 * (can be NULL -- that's not an error)
1716 inbound_tunnel_cb (void *cls, struct GNUNET_MESH_Tunnel *tunnel,
1717 const struct GNUNET_PeerIdentity *initiator,
1718 const struct GNUNET_ATS_Information *atsi)
1720 /* Why should anyone open an inbound tunnel to vpn? */
1727 * Function called whenever an inbound tunnel is destroyed. Should clean up
1728 * any associated state.
1730 * @param cls closure (set from GNUNET_MESH_connect)
1731 * @param tunnel connection to the other end (henceforth invalid)
1732 * @param tunnel_ctx place where local state associated
1733 * with the tunnel is stored
1736 tunnel_cleaner (void *cls, const struct GNUNET_MESH_Tunnel *tunnel, void *tunnel_ctx)
1738 /* FIXME: is this function called for outbound tunnels that go down?
1739 Should we clean up something here? */
1745 * Free memory occupied by an entry in the destination map.
1749 * @param value a 'struct DestinationEntry *'
1750 * @return GNUNET_OK (continue to iterate)
1753 cleanup_destination (void *cls,
1754 const GNUNET_HashCode *key,
1757 struct DestinationEntry *de = value;
1759 if (NULL != de->tunnel)
1761 GNUNET_MESH_tunnel_destroy (de->tunnel);
1765 if (NULL != ts->heap_node)
1767 GNUNET_CONTAINER_heap_remove_node (ts->heap_node);
1768 ts->heap_node = NULL;
1777 * Free memory occupied by an entry in the tunnel map.
1781 * @param value a 'struct TunnelState *'
1782 * @return GNUNET_OK (continue to iterate)
1785 cleanup_tunnel (void *cls,
1786 const GNUNET_HashCode *key,
1789 struct TunnelState *ts = value;
1790 struct TunnelMessageQueueEntry *tnq;
1792 while (NULL != (tnq = ts->head))
1794 GNUNET_CONTAINER_DLL_remove (ts->head,
1799 if (NULL != ts->client)
1801 GNUNET_SERVER_client_drop (ts->client);
1806 GNUNET_MESH_notify_transmit_ready_cancel (ts->th);
1809 if (NULL != ts->destination.tunnel)
1811 GNUNET_MESH_tunnel_destroy (ts->destination.tunnel);
1812 ts->destination.tunnel = NULL;
1814 if (NULL != ts->heap_node)
1816 GNUNET_CONTAINER_heap_remove_node (ts->heap_node);
1817 ts->heap_node = NULL;
1826 * Function scheduled as very last function, cleans up after us
1832 cleanup (void *cls GNUNET_UNUSED,
1833 const struct GNUNET_SCHEDULER_TaskContext *tc)
1837 if (NULL != destination_map)
1839 GNUNET_CONTAINER_multihashmap_iterate (destination_map,
1840 &cleanup_destination,
1842 GNUNET_CONTAINER_multihashmap_destroy (destination_map);
1843 destination_map = NULL;
1845 if (NULL != destination_heap)
1847 GNUNET_CONTAINER_heap_destroy (destination_heap);
1848 destination_heap = NULL;
1850 if (NULL != tunnel_map)
1852 GNUNET_CONTAINER_multihashmap_iterate (tunnel_map,
1855 GNUNET_CONTAINER_multihashmap_destroy (tunnel_map);
1858 if (NULL != tunnel_heap)
1860 GNUNET_CONTAINER_heap_destroy (tunnel_heap);
1863 if (NULL != mesh_handle)
1865 GNUNET_MESH_disconnect (mesh_handle);
1868 if (NULL != helper_handle)
1870 GNUNET_HELPER_stop (helper_handle);
1871 helper_handle = NULL;
1875 GNUNET_SERVER_notification_context_destroy (nc);
1879 GNUNET_free_non_null (vpn_argv[i]);
1884 * A client disconnected, clean up all references to it.
1886 * @param cls the client that disconnected
1888 * @param value a 'struct TunnelState *'
1889 * @return GNUNET_OK (continue to iterate)
1892 cleanup_tunnel_client (void *cls,
1893 const GNUNET_HashCode *key,
1896 struct GNUNET_SERVER_Client *client = cls;
1897 struct TunnelState *ts = value;
1899 if (client == ts->client)
1901 GNUNET_SERVER_client_drop (ts->client);
1909 * A client has disconnected from us. If we are currently building
1910 * a tunnel for it, cancel the operation.
1913 * @param client handle to the client that disconnected
1916 client_disconnect (void *cls, struct GNUNET_SERVER_Client *client)
1918 // FIXME: check that all truly all 'struct TunnelState's
1919 // with clients are always in the tunnel map!
1920 GNUNET_CONTAINER_multihashmap_iterate (tunnel_map,
1921 &cleanup_tunnel_client,
1927 * Main function that will be run by the scheduler.
1929 * @param cls closure
1930 * @param server the initialized server
1931 * @param cfg_ configuration
1935 struct GNUNET_SERVER_Handle *server,
1936 const struct GNUNET_CONFIGURATION_Handle *cfg_)
1938 static const struct GNUNET_SERVER_MessageHandler service_handlers[] = {
1939 /* callback, cls, type, size */
1940 {&service_redirect_to_ip, NULL, GNUNET_MESSAGE_TYPE_VPN_CLIENT_REDIRECT_TO_IP, 0},
1941 {&service_redirect_to_service, NULL,
1942 GNUNET_MESSAGE_TYPE_VPN_CLIENT_REDIRECT_TO_SERVICE,
1943 sizeof (struct RedirectToServiceRequestMessage) },
1946 static const struct GNUNET_MESH_MessageHandler mesh_handlers[] = {
1947 {receive_udp_back, GNUNET_MESSAGE_TYPE_VPN_SERVICE_UDP_BACK, 0},
1948 {receive_tcp_back, GNUNET_MESSAGE_TYPE_VPN_SERVICE_TCP_BACK, 0},
1949 {receive_udp_back, GNUNET_MESSAGE_TYPE_VPN_REMOTE_UDP_BACK, 0},
1950 {receive_tcp_back, GNUNET_MESSAGE_TYPE_VPN_REMOTE_TCP_BACK, 0},
1953 static const GNUNET_MESH_ApplicationType types[] = {
1954 GNUNET_APPLICATION_TYPE_END
1966 GNUNET_CONFIGURATION_get_value_number (cfg, "vpn", "MAX_MAPPING",
1967 &max_destination_mappings))
1968 max_destination_mappings = 200;
1970 GNUNET_CONFIGURATION_get_value_number (cfg, "vpn", "MAX_TUNNELS",
1971 &max_tunnel_mappings))
1972 max_tunnel_mappings = 200;
1974 destination_map = GNUNET_CONTAINER_multihashmap_create (max_destination_mappings * 2);
1975 destination_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
1976 tunnel_map = GNUNET_CONTAINER_multihashmap_create (max_tunnel_mappings * 2);
1977 tunnel_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
1980 vpn_argv[0] = GNUNET_strdup ("vpn-gnunet");
1981 if (GNUNET_SYSERR ==
1982 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IFNAME", &ifname))
1984 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1985 "No entry 'IFNAME' in configuration!\n");
1986 GNUNET_SCHEDULER_shutdown ();
1989 vpn_argv[1] = ifname;
1990 if ( (GNUNET_SYSERR ==
1991 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IPV6ADDR",
1993 (1 != inet_pton (AF_INET6, ipv6addr, &v6))) )
1995 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1996 "No valid entry 'IPV6ADDR' in configuration!\n");
1997 GNUNET_SCHEDULER_shutdown ();
2000 vpn_argv[2] = ipv6addr;
2001 if (GNUNET_SYSERR ==
2002 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IPV6PREFIX",
2005 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2006 "No entry 'IPV6PREFIX' in configuration!\n");
2007 GNUNET_SCHEDULER_shutdown ();
2010 vpn_argv[3] = ipv6prefix_s;
2012 GNUNET_CONFIGURATION_get_value_number (cfg, "vpn",
2015 (ipv6prefix >= 127) )
2017 GNUNET_SCHEDULER_shutdown ();
2021 if ( (GNUNET_SYSERR ==
2022 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IPV4ADDR",
2024 (1 != inet_pton (AF_INET, ipv4addr, &v4))) )
2026 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2027 "No valid entry for 'IPV4ADDR' in configuration!\n");
2028 GNUNET_SCHEDULER_shutdown ();
2031 vpn_argv[4] = ipv4addr;
2032 if ( (GNUNET_SYSERR ==
2033 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IPV4MASK",
2035 (1 != inet_pton (AF_INET, ipv4mask, &v4))) )
2037 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2038 "No valid entry 'IPV4MASK' in configuration!\n");
2039 GNUNET_SCHEDULER_shutdown ();
2042 vpn_argv[5] = ipv4mask;
2046 GNUNET_MESH_connect (cfg_, 42 /* queue length */, NULL,
2051 helper_handle = GNUNET_HELPER_start ("gnunet-helper-vpn", vpn_argv,
2052 &message_token, NULL);
2053 nc = GNUNET_SERVER_notification_context_create (server, 1);
2054 GNUNET_SERVER_add_handlers (server, service_handlers);
2055 GNUNET_SERVER_disconnect_notify (server, &client_disconnect, NULL);
2056 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &cleanup, cls);
2061 * The main function of the VPN service.
2063 * @param argc number of arguments from the command line
2064 * @param argv command line arguments
2065 * @return 0 ok, 1 on error
2068 main (int argc, char *const *argv)
2070 return (GNUNET_OK ==
2071 GNUNET_SERVICE_run (argc, argv, "vpn",
2072 GNUNET_SERVICE_OPTION_NONE,
2073 &run, NULL)) ? 0 : 1;
2076 /* end of gnunet-service-vpn.c */