2 This file is part of GNUnet.
3 (C) 2010, 2011, 2012 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file vpn/gnunet-service-vpn.c
23 * @brief service that opens a virtual interface and allows its clients
24 * to allocate IPs on the virtual interface and to then redirect
25 * IP traffic received on those IPs via the GNUnet mesh
26 * @author Philipp Toelke
27 * @author Christian Grothoff
32 * - better message queue management (bounded state, drop oldest/RED?)
33 * - actually destroy "stale" tunnels once we have too many!
36 * - add back ICMP support (especially needed for IPv6)
39 * - consider moving IP-header building / checksumming code into shared library
40 * with dns/exit/vpn (libgnunettun_tcpip?)
43 #include "gnunet_util_lib.h"
44 #include "gnunet_common.h"
45 #include "gnunet_protocols.h"
46 #include "gnunet_applications.h"
47 #include "gnunet_mesh_service.h"
48 #include "gnunet_statistics_service.h"
49 #include "gnunet_constants.h"
50 #include "tcpip_tun.h"
56 * State we keep for each of our tunnels.
62 * Information we track for each IP address to determine which tunnel
63 * to send the traffic over to the destination.
65 struct DestinationEntry
69 * Key under which this entry is in the 'destination_map' (only valid
70 * if 'heap_node != NULL'.
75 * Pre-allocated tunnel for this destination, or NULL for none.
77 struct TunnelState *ts;
80 * Entry for this entry in the destination_heap.
82 struct GNUNET_CONTAINER_HeapNode *heap_node;
85 * GNUNET_NO if this is a tunnel to an Internet-exit,
86 * GNUNET_YES if this tunnel is to a service.
91 * Details about the connection (depending on is_service).
99 * The description of the service (only used for service tunnels).
101 GNUNET_HashCode service_descriptor;
104 * Peer offering the service.
106 struct GNUNET_PeerIdentity target;
108 } service_destination;
114 * Address family used (AF_INET or AF_INET6).
119 * IP address of the ultimate destination (only used for exit tunnels).
124 * Address if af is AF_INET.
129 * Address if af is AF_INET6.
142 * A messages we have in queue for a particular tunnel.
144 struct TunnelMessageQueueEntry
147 * This is a doubly-linked list.
149 struct TunnelMessageQueueEntry *next;
152 * This is a doubly-linked list.
154 struct TunnelMessageQueueEntry *prev;
157 * Number of bytes in 'msg'.
162 * Message to transmit, allocated at the end of this struct.
169 * State we keep for each of our tunnels.
174 * Information about the tunnel to use, NULL if no tunnel
175 * is available right now.
177 struct GNUNET_MESH_Tunnel *tunnel;
180 * Active transmission handle, NULL for none.
182 struct GNUNET_MESH_TransmitHandle *th;
185 * Entry for this entry in the tunnel_heap, NULL as long as this
186 * tunnel state is not fully bound.
188 struct GNUNET_CONTAINER_HeapNode *heap_node;
191 * Head of list of messages scheduled for transmission.
193 struct TunnelMessageQueueEntry *head;
196 * Tail of list of messages scheduled for transmission.
198 struct TunnelMessageQueueEntry *tail;
201 * Client that needs to be notified about the tunnel being
202 * up as soon as a peer is connected; NULL for none.
204 struct GNUNET_SERVER_Client *client;
207 * ID of the client request that caused us to setup this entry.
212 * Destination to which this tunnel leads. Note that
213 * this struct is NOT in the destination_map (but a
214 * local copy) and that the 'heap_node' should always
217 struct DestinationEntry destination;
220 * Destination entry that has a pointer to this tunnel state;
221 * NULL if this tunnel state is in the tunnel map.
223 struct DestinationEntry *destination_container;
226 * Addess family used for this tunnel on the local TUN interface.
231 * IPPROTO_TCP or IPPROTO_UDP once bound.
236 * IP address of the source on our end, initially uninitialized.
241 * Address if af is AF_INET.
246 * Address if af is AF_INET6.
253 * Destination IP address used by the source on our end (this is the IP
254 * that we pick freely within the VPN's tunnel IP range).
259 * Address if af is AF_INET.
264 * Address if af is AF_INET6.
271 * Source port used by the sender on our end; 0 for uninitialized.
273 uint16_t source_port;
276 * Destination port used by the sender on our end; 0 for uninitialized.
278 uint16_t destination_port;
284 * Configuration we use.
286 static const struct GNUNET_CONFIGURATION_Handle *cfg;
289 * Handle to the mesh service.
291 static struct GNUNET_MESH_Handle *mesh_handle;
294 * Map from IP address to destination information (possibly with a
295 * MESH tunnel handle for fast setup).
297 static struct GNUNET_CONTAINER_MultiHashMap *destination_map;
300 * Min-Heap sorted by activity time to expire old mappings.
302 static struct GNUNET_CONTAINER_Heap *destination_heap;
305 * Map from source and destination address (IP+port) to connection
306 * information (mostly with the respective MESH tunnel handle).
308 static struct GNUNET_CONTAINER_MultiHashMap *tunnel_map;
311 * Min-Heap sorted by activity time to expire old mappings; values are
312 * of type 'struct TunnelState'.
314 static struct GNUNET_CONTAINER_Heap *tunnel_heap;
319 static struct GNUNET_STATISTICS_Handle *stats;
322 * The handle to the VPN helper process "gnunet-helper-vpn".
324 static struct GNUNET_HELPER_Handle *helper_handle;
327 * Arguments to the vpn helper.
329 static char *vpn_argv[7];
332 * Length of the prefix of the VPN's IPv6 network.
334 static unsigned long long ipv6prefix;
337 * Notification context for sending replies to clients.
339 static struct GNUNET_SERVER_NotificationContext *nc;
342 * If there are more than this number of address-mappings, old ones
345 static unsigned long long max_destination_mappings;
348 * If there are more than this number of open tunnels, old ones
351 static unsigned long long max_tunnel_mappings;
355 * Compute the key under which we would store an entry in the
356 * destination_map for the given IP address.
358 * @param af address family (AF_INET or AF_INET6)
359 * @param address IP address, struct in_addr or struct in6_addr
360 * @param key where to store the key
363 get_destination_key_from_ip (int af,
365 GNUNET_HashCode *key)
370 GNUNET_CRYPTO_hash (address,
371 sizeof (struct in_addr),
375 GNUNET_CRYPTO_hash (address,
376 sizeof (struct in6_addr),
387 * Compute the key under which we would store an entry in the
388 * tunnel_map for the given socket address pair.
390 * @param af address family (AF_INET or AF_INET6)
391 * @param protocol IPPROTO_TCP or IPPROTO_UDP
392 * @param source_ip sender's source IP, struct in_addr or struct in6_addr
393 * @param source_port sender's source port
394 * @param destination_ip sender's destination IP, struct in_addr or struct in6_addr
395 * @param destination_port sender's destination port
396 * @param key where to store the key
399 get_tunnel_key_from_ips (int af,
401 const void *source_ip,
402 uint16_t source_port,
403 const void *destination_ip,
404 uint16_t destination_port,
405 GNUNET_HashCode *key)
409 memset (key, 0, sizeof (GNUNET_HashCode));
410 /* the GNUnet hashmap only uses the first sizeof(unsigned int) of the hash,
411 so we put the ports in there (and hope for few collisions) */
413 memcpy (off, &source_port, sizeof (uint16_t));
414 off += sizeof (uint16_t);
415 memcpy (off, &destination_port, sizeof (uint16_t));
416 off += sizeof (uint16_t);
420 memcpy (off, source_ip, sizeof (struct in_addr));
421 off += sizeof (struct in_addr);
422 memcpy (off, destination_ip, sizeof (struct in_addr));
423 off += sizeof (struct in_addr);
426 memcpy (off, source_ip, sizeof (struct in6_addr));
427 off += sizeof (struct in6_addr);
428 memcpy (off, destination_ip, sizeof (struct in6_addr));
429 off += sizeof (struct in6_addr);
435 memcpy (off, &protocol, sizeof (uint8_t));
436 off += sizeof (uint8_t);
441 * Notify the client about the result of its request.
443 * @param client client to notify
444 * @param request_id original request ID to include in response
445 * @param result_af resulting address family
446 * @param addr resulting IP address
449 send_client_reply (struct GNUNET_SERVER_Client *client,
454 char buf[sizeof (struct RedirectToIpResponseMessage) + sizeof (struct in6_addr)];
455 struct RedirectToIpResponseMessage *res;
461 rlen = sizeof (struct in_addr);
464 rlen = sizeof (struct in6_addr);
473 res = (struct RedirectToIpResponseMessage *) buf;
474 res->header.size = htons (sizeof (struct RedirectToIpResponseMessage) + rlen);
475 res->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_CLIENT_USE_IP);
476 res->result_af = htonl (result_af);
477 res->request_id = request_id;
478 memcpy (&res[1], addr, rlen);
479 GNUNET_SERVER_notification_context_add (nc, client);
480 GNUNET_SERVER_notification_context_unicast (nc,
488 * Method called whenever a peer has disconnected from the tunnel.
491 * @param peer peer identity the tunnel stopped working with
494 tunnel_peer_disconnect_handler (void *cls,
496 GNUNET_PeerIdentity * peer)
498 struct TunnelState *ts = cls;
500 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
501 "Peer %s disconnected from tunnel.\n",
503 GNUNET_STATISTICS_update (stats,
504 gettext_noop ("# Peers connected to mesh tunnels"),
508 GNUNET_MESH_notify_transmit_ready_cancel (ts->th);
511 if (ts->destination.is_service)
512 return; /* hope for reconnect eventually */
513 /* as we are most likely going to change the exit node now,
514 we should just destroy the tunnel entirely... */
515 GNUNET_MESH_tunnel_destroy (ts->tunnel);
520 * Method called whenever a peer has connected to the tunnel. Notifies
521 * the waiting client that the tunnel is now up.
524 * @param peer peer identity the tunnel was created to, NULL on timeout
525 * @param atsi performance data for the connection
528 tunnel_peer_connect_handler (void *cls,
529 const struct GNUNET_PeerIdentity
532 GNUNET_ATS_Information * atsi)
534 struct TunnelState *ts = cls;
536 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
537 "Peer %s connected to tunnel.\n",
539 GNUNET_STATISTICS_update (stats,
540 gettext_noop ("# Peers connected to mesh tunnels"),
542 if (NULL == ts->client)
543 return; /* nothing to do */
544 send_client_reply (ts->client,
547 &ts->destination_ip);
548 GNUNET_SERVER_client_drop (ts->client);
554 * Send a message from the message queue via mesh.
556 * @param cls the 'struct TunnelState' with the message queue
557 * @param size number of bytes available in buf
558 * @param buf where to copy the message
559 * @return number of bytes copied to buf
562 send_to_peer_notify_callback (void *cls, size_t size, void *buf)
564 struct TunnelState *ts = cls;
565 struct TunnelMessageQueueEntry *tnq;
572 GNUNET_assert (NULL != tnq);
573 GNUNET_assert (size >= tnq->len);
574 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
575 "Sending %u bytes via mesh tunnel\n",
577 GNUNET_CONTAINER_DLL_remove (ts->head,
580 memcpy (buf, tnq->msg, tnq->len);
583 if (NULL != (tnq = ts->head))
584 ts->th = GNUNET_MESH_notify_transmit_ready (ts->tunnel,
585 GNUNET_NO /* cork */,
587 GNUNET_TIME_UNIT_FOREVER_REL,
590 &send_to_peer_notify_callback,
592 GNUNET_STATISTICS_update (stats,
593 gettext_noop ("# Bytes given to mesh for transmission"),
600 * Add the given message to the given tunnel and trigger the
601 * transmission process.
603 * FIXME: bound queue length!
605 * @param tnq message to queue
606 * @param ts tunnel to queue the message for
609 send_to_tunnel (struct TunnelMessageQueueEntry *tnq,
610 struct TunnelState *ts)
612 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
613 "Queueing %u bytes for transmission via mesh tunnel\n",
615 GNUNET_CONTAINER_DLL_insert_tail (ts->head,
619 ts->th = GNUNET_MESH_notify_transmit_ready (ts->tunnel,
620 GNUNET_NO /* cork */,
622 GNUNET_TIME_UNIT_FOREVER_REL,
625 &send_to_peer_notify_callback,
631 * Initialize the given destination entry's mesh tunnel.
633 * @param de destination entry for which we need to setup a tunnel
634 * @param client client to notify on successful tunnel setup, or NULL for none
635 * @param request_id request ID to send in client notification (unused if client is NULL)
636 * @return tunnel state of the tunnel that was created
638 static struct TunnelState *
639 create_tunnel_to_destination (struct DestinationEntry *de,
640 struct GNUNET_SERVER_Client *client,
643 struct TunnelState *ts;
645 GNUNET_STATISTICS_update (stats,
646 gettext_noop ("# Mesh tunnels created"),
648 GNUNET_assert (NULL == de->ts);
649 ts = GNUNET_malloc (sizeof (struct TunnelState));
652 ts->request_id = request_id;
654 GNUNET_SERVER_client_keep (client);
656 ts->destination = *de;
657 ts->destination.heap_node = NULL; /* copy is NOT in destination heap */
659 ts->destination_container = de; /* we are referenced from de */
660 ts->af = AF_UNSPEC; /* so far, unknown */
661 ts->tunnel = GNUNET_MESH_tunnel_create (mesh_handle,
663 &tunnel_peer_connect_handler,
664 &tunnel_peer_disconnect_handler,
668 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
669 "Creating tunnel to peer %s offering service %s\n",
670 GNUNET_i2s (&de->details.service_destination.target),
671 GNUNET_h2s (&de->details.service_destination.service_descriptor));
672 GNUNET_MESH_peer_request_connect_add (ts->tunnel,
673 &de->details.service_destination.target);
677 switch (de->details.exit_destination.af)
680 GNUNET_MESH_peer_request_connect_by_type (ts->tunnel,
681 GNUNET_APPLICATION_TYPE_IPV4_GATEWAY);
682 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
683 "Creating tunnel to exit peer for %s\n",
687 GNUNET_MESH_peer_request_connect_by_type (ts->tunnel,
688 GNUNET_APPLICATION_TYPE_IPV6_GATEWAY);
689 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
690 "Creating tunnel to exit peer for %s\n",
703 * Route a packet via mesh to the given destination.
705 * @param destination description of the destination
706 * @param af address family on this end (AF_INET or AF_INET6)
707 * @param protocol IPPROTO_TCP or IPPROTO_UDP
708 * @param source_ip source IP used by the sender (struct in_addr or struct in6_addr)
709 * @param destination_ip destination IP used by the sender (struct in_addr or struct in6_addr)
710 * @param payload payload of the packet after the IP header
711 * @param payload_length number of bytes in payload
714 route_packet (struct DestinationEntry *destination,
717 const void *source_ip,
718 const void *destination_ip,
720 size_t payload_length)
723 struct TunnelState *ts;
724 struct TunnelMessageQueueEntry *tnq;
728 const struct udp_packet *udp;
729 const struct tcp_packet *tcp;
737 if (payload_length < sizeof (struct udp_packet))
744 spt = ntohs (udp->spt);
745 dpt = ntohs (udp->dpt);
746 get_tunnel_key_from_ips (af,
757 if (payload_length < sizeof (struct tcp_packet))
764 spt = ntohs (tcp->spt);
765 dpt = ntohs (tcp->dpt);
766 get_tunnel_key_from_ips (af,
776 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
777 _("Protocol %u not supported, dropping\n"),
778 (unsigned int) protocol);
781 if (! destination->is_service)
783 switch (destination->details.exit_destination.af)
786 alen = sizeof (struct in_addr);
789 alen = sizeof (struct in6_addr);
797 char sbuf[INET6_ADDRSTRLEN];
798 char dbuf[INET6_ADDRSTRLEN];
799 char xbuf[INET6_ADDRSTRLEN];
801 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
802 "Routing %s packet from %s:%u -> %s:%u to destination %s:%u\n",
803 (protocol == IPPROTO_TCP) ? "TCP" : "UDP",
804 inet_ntop (af, source_ip, sbuf, sizeof (sbuf)),
806 inet_ntop (af, destination_ip, dbuf, sizeof (dbuf)),
808 inet_ntop (destination->details.exit_destination.af,
809 &destination->details.exit_destination.ip,
810 xbuf, sizeof (xbuf)));
815 /* make compiler happy */
818 char sbuf[INET6_ADDRSTRLEN];
819 char dbuf[INET6_ADDRSTRLEN];
821 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
822 "Routing %s packet from %s:%u -> %s:%u to service %s at peer %s\n",
823 (protocol == IPPROTO_TCP) ? "TCP" : "UDP",
824 inet_ntop (af, source_ip, sbuf, sizeof (sbuf)),
826 inet_ntop (af, destination_ip, dbuf, sizeof (dbuf)),
828 GNUNET_h2s (&destination->details.service_destination.service_descriptor),
829 GNUNET_i2s (&destination->details.service_destination.target));
834 /* see if we have an existing tunnel for this destination */
835 ts = GNUNET_CONTAINER_multihashmap_get (tunnel_map,
839 /* need to either use the existing tunnel from the destination (if still
840 available) or create a fresh one */
842 if (NULL == destination->ts)
843 ts = create_tunnel_to_destination (destination, NULL, 0);
845 ts = destination->ts;
846 destination->ts = NULL;
847 ts->destination_container = NULL; /* no longer 'contained' */
848 /* now bind existing "unbound" tunnel to our IP/port tuple */
849 ts->protocol = protocol;
853 ts->source_ip.v4 = * (const struct in_addr *) source_ip;
854 ts->destination_ip.v4 = * (const struct in_addr *) destination_ip;
858 ts->source_ip.v6 = * (const struct in6_addr *) source_ip;
859 ts->destination_ip.v6 = * (const struct in6_addr *) destination_ip;
861 ts->source_port = spt;
862 ts->destination_port = dpt;
863 ts->heap_node = GNUNET_CONTAINER_heap_insert (tunnel_heap,
865 GNUNET_TIME_absolute_get ().abs_value);
866 GNUNET_assert (GNUNET_YES ==
867 GNUNET_CONTAINER_multihashmap_put (tunnel_map,
870 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
871 GNUNET_STATISTICS_update (stats,
872 gettext_noop ("# Active tunnels"),
874 /* FIXME: expire OLD tunnels if we have too many! */
879 GNUNET_CONTAINER_heap_update_cost (tunnel_heap,
881 GNUNET_TIME_absolute_get ().abs_value);
884 /* send via tunnel */
888 if (destination->is_service)
890 struct GNUNET_EXIT_UdpServiceMessage *usm;
892 mlen = sizeof (struct GNUNET_EXIT_UdpServiceMessage) +
893 payload_length - sizeof (struct udp_packet);
894 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
899 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) + mlen);
902 usm = (struct GNUNET_EXIT_UdpServiceMessage *) &tnq[1];
903 usm->header.size = htons ((uint16_t) mlen);
904 usm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_UDP_TO_SERVICE);
905 /* if the source port is below 32000, we assume it has a special
906 meaning; if not, we pick a random port (this is a heuristic) */
907 usm->source_port = (ntohs (udp->spt) < 32000) ? udp->spt : 0;
908 usm->destination_port = udp->dpt;
909 usm->service_descriptor = destination->details.service_destination.service_descriptor;
912 payload_length - sizeof (struct udp_packet));
916 struct GNUNET_EXIT_UdpInternetMessage *uim;
917 struct in_addr *ip4dst;
918 struct in6_addr *ip6dst;
921 mlen = sizeof (struct GNUNET_EXIT_UdpInternetMessage) +
922 alen + payload_length - sizeof (struct udp_packet);
923 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
928 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) +
932 uim = (struct GNUNET_EXIT_UdpInternetMessage *) &tnq[1];
933 uim->header.size = htons ((uint16_t) mlen);
934 uim->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_UDP_TO_INTERNET);
935 uim->af = htonl (destination->details.exit_destination.af);
936 uim->source_port = (ntohs (udp->spt) < 32000) ? udp->spt : 0;
937 uim->destination_port = udp->dpt;
938 switch (destination->details.exit_destination.af)
941 ip4dst = (struct in_addr *) &uim[1];
942 *ip4dst = destination->details.exit_destination.ip.v4;
943 payload = &ip4dst[1];
946 ip6dst = (struct in6_addr *) &uim[1];
947 *ip6dst = destination->details.exit_destination.ip.v6;
948 payload = &ip6dst[1];
955 payload_length - sizeof (struct udp_packet));
961 if (destination->is_service)
963 struct GNUNET_EXIT_TcpServiceStartMessage *tsm;
965 mlen = sizeof (struct GNUNET_EXIT_TcpServiceStartMessage) +
966 payload_length - sizeof (struct tcp_packet);
967 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
972 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) + mlen);
975 tsm = (struct GNUNET_EXIT_TcpServiceStartMessage *) &tnq[1];
976 tsm->header.size = htons ((uint16_t) mlen);
977 tsm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_TCP_TO_SERVICE_START);
978 tsm->reserved = htonl (0);
979 tsm->service_descriptor = destination->details.service_destination.service_descriptor;
980 tsm->tcp_header = *tcp;
983 payload_length - sizeof (struct tcp_packet));
987 struct GNUNET_EXIT_TcpInternetStartMessage *tim;
988 struct in_addr *ip4dst;
989 struct in6_addr *ip6dst;
992 mlen = sizeof (struct GNUNET_EXIT_TcpInternetStartMessage) +
993 alen + payload_length - sizeof (struct tcp_packet);
994 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
999 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) + mlen);
1002 tim = (struct GNUNET_EXIT_TcpInternetStartMessage *) &tnq[1];
1003 tim->header.size = htons ((uint16_t) mlen);
1004 tim->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_TCP_TO_INTERNET_START);
1005 tim->af = htonl (destination->details.exit_destination.af);
1006 tim->tcp_header = *tcp;
1007 switch (destination->details.exit_destination.af)
1010 ip4dst = (struct in_addr *) &tim[1];
1011 *ip4dst = destination->details.exit_destination.ip.v4;
1012 payload = &ip4dst[1];
1015 ip6dst = (struct in6_addr *) &tim[1];
1016 *ip6dst = destination->details.exit_destination.ip.v6;
1017 payload = &ip6dst[1];
1024 payload_length - sizeof (struct tcp_packet));
1029 struct GNUNET_EXIT_TcpDataMessage *tdm;
1031 mlen = sizeof (struct GNUNET_EXIT_TcpDataMessage) +
1032 alen + payload_length - sizeof (struct tcp_packet);
1033 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1038 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) + mlen);
1041 tdm = (struct GNUNET_EXIT_TcpDataMessage *) &tnq[1];
1042 tdm->header.size = htons ((uint16_t) mlen);
1043 tdm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_TCP_DATA);
1044 tdm->reserved = htonl (0);
1045 tdm->tcp_header = *tcp;
1048 payload_length - sizeof (struct tcp_packet));
1052 /* not supported above, how can we get here !? */
1056 send_to_tunnel (tnq, ts);
1061 * Receive packets from the helper-process (someone send to the local
1062 * virtual tunnel interface). Find the destination mapping, and if it
1063 * exists, identify the correct MESH tunnel (or possibly create it)
1064 * and forward the packet.
1066 * @param cls closure, NULL
1067 * @param client NULL
1068 * @param message message we got from the client (VPN tunnel interface)
1071 message_token (void *cls GNUNET_UNUSED, void *client GNUNET_UNUSED,
1072 const struct GNUNET_MessageHeader *message)
1074 const struct tun_header *tun;
1076 GNUNET_HashCode key;
1077 struct DestinationEntry *de;
1079 GNUNET_STATISTICS_update (stats,
1080 gettext_noop ("# Packets received from TUN interface"),
1082 mlen = ntohs (message->size);
1083 if ( (ntohs (message->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER) ||
1084 (mlen < sizeof (struct GNUNET_MessageHeader) + sizeof (struct tun_header)) )
1089 tun = (const struct tun_header *) &message[1];
1090 mlen -= (sizeof (struct GNUNET_MessageHeader) + sizeof (struct tun_header));
1091 switch (ntohs (tun->proto))
1095 const struct ip6_header *pkt6;
1097 if (mlen < sizeof (struct ip6_header))
1103 pkt6 = (const struct ip6_header *) &tun[1];
1104 get_destination_key_from_ip (AF_INET6,
1105 &pkt6->destination_address,
1107 de = GNUNET_CONTAINER_multihashmap_get (destination_map, &key);
1108 /* FIXME: do we need to guard against hash collision?
1109 (if so, we need to also store the local destination IP in the
1110 destination entry and then compare here; however, the risk
1111 of collision seems minimal AND the impact is unlikely to be
1112 super-problematic as well... */
1115 char buf[INET6_ADDRSTRLEN];
1117 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1118 _("Packet received for unmapped destination `%s' (dropping it)\n"),
1119 inet_ntop (AF_INET6,
1120 &pkt6->destination_address,
1128 &pkt6->source_address,
1129 &pkt6->destination_address,
1131 mlen - sizeof (struct ip6_header));
1136 struct ip4_header *pkt4;
1138 if (mlen < sizeof (struct ip4_header))
1144 pkt4 = (struct ip4_header *) &tun[1];
1145 get_destination_key_from_ip (AF_INET,
1146 &pkt4->destination_address,
1148 de = GNUNET_CONTAINER_multihashmap_get (destination_map, &key);
1149 /* FIXME: do we need to guard against hash collision?
1150 (if so, we need to also store the local destination IP in the
1151 destination entry and then compare here; however, the risk
1152 of collision seems minimal AND the impact is unlikely to be
1153 super-problematic as well... */
1156 char buf[INET_ADDRSTRLEN];
1158 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1159 _("Packet received for unmapped destination `%s' (dropping it)\n"),
1161 &pkt4->destination_address,
1166 if (pkt4->header_length * 4 != sizeof (struct ip4_header))
1168 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1169 _("Received IPv4 packet with options (dropping it)\n"));
1175 &pkt4->source_address,
1176 &pkt4->destination_address,
1178 mlen - sizeof (struct ip4_header));
1182 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1183 _("Received packet of unknown protocol %d from TUN (dropping it)\n"),
1184 (unsigned int) ntohs (tun->proto));
1191 * We got a UDP packet back from the MESH tunnel. Pass it on to the
1192 * local virtual interface via the helper.
1194 * @param cls closure, NULL
1195 * @param tunnel connection to the other end
1196 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1197 * @param sender who sent the message
1198 * @param message the actual message
1199 * @param atsi performance data for the connection
1200 * @return GNUNET_OK to keep the connection open,
1201 * GNUNET_SYSERR to close it (signal serious error)
1204 receive_udp_back (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1205 void **tunnel_ctx, const struct GNUNET_PeerIdentity *sender,
1206 const struct GNUNET_MessageHeader *message,
1207 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1209 struct TunnelState *ts = *tunnel_ctx;
1210 const struct GNUNET_EXIT_UdpReplyMessage *reply;
1213 GNUNET_STATISTICS_update (stats,
1214 gettext_noop ("# UDP packets received from mesh"),
1216 mlen = ntohs (message->size);
1217 if (mlen < sizeof (struct GNUNET_EXIT_UdpReplyMessage))
1219 GNUNET_break_op (0);
1220 return GNUNET_SYSERR;
1222 if (NULL == ts->heap_node)
1224 GNUNET_break_op (0);
1225 return GNUNET_SYSERR;
1227 if (AF_UNSPEC == ts->af)
1229 GNUNET_break_op (0);
1230 return GNUNET_SYSERR;
1232 reply = (const struct GNUNET_EXIT_UdpReplyMessage *) message;
1233 mlen -= sizeof (struct GNUNET_EXIT_UdpReplyMessage);
1235 char sbuf[INET6_ADDRSTRLEN];
1236 char dbuf[INET6_ADDRSTRLEN];
1238 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1239 "Received UDP reply from mesh, sending %u bytes from %s:%u -> %s:%u via TUN\n",
1240 (unsigned int) mlen,
1241 inet_ntop (ts->af, &ts->destination_ip, sbuf, sizeof (sbuf)),
1242 ts->destination_port,
1243 inet_ntop (ts->af, &ts->source_ip, dbuf, sizeof (dbuf)),
1250 size_t size = sizeof (struct ip4_header)
1251 + sizeof (struct udp_packet)
1252 + sizeof (struct GNUNET_MessageHeader) +
1253 sizeof (struct tun_header) +
1257 struct GNUNET_MessageHeader *msg = (struct GNUNET_MessageHeader *) buf;
1258 struct tun_header *tun = (struct tun_header*) &msg[1];
1259 struct ip4_header *ipv4 = (struct ip4_header *) &tun[1];
1260 struct udp_packet *udp = (struct udp_packet *) &ipv4[1];
1261 msg->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1262 msg->size = htons (size);
1263 tun->flags = htons (0);
1264 tun->proto = htons (ETH_P_IPV4);
1266 ipv4->header_length = sizeof (struct ip4_header) / 4;
1267 ipv4->diff_serv = 0;
1268 ipv4->total_length = htons (sizeof (struct ip4_header) +
1269 sizeof (struct udp_packet) +
1271 ipv4->identification = (uint16_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1274 ipv4->fragmentation_offset = 0;
1276 ipv4->protocol = IPPROTO_UDP;
1278 ipv4->source_address = ts->destination_ip.v4;
1279 ipv4->destination_address = ts->source_ip.v4;
1281 GNUNET_CRYPTO_crc16_n (ipv4, sizeof (struct ip4_header));
1282 if (0 == ntohs (reply->source_port))
1283 udp->spt = htons (ts->destination_port);
1285 udp->spt = reply->source_port;
1286 if (0 == ntohs (reply->destination_port))
1287 udp->dpt = htons (ts->source_port);
1289 udp->dpt = reply->destination_port;
1290 udp->len = htons (mlen + sizeof (struct udp_packet));
1291 udp->crc = 0; // FIXME: optional, but we might want to calculate this one anyway
1295 (void) GNUNET_HELPER_send (helper_handle,
1304 size_t size = sizeof (struct ip6_header)
1305 + sizeof (struct udp_packet)
1306 + sizeof (struct GNUNET_MessageHeader) +
1307 sizeof (struct tun_header) +
1311 struct GNUNET_MessageHeader *msg = (struct GNUNET_MessageHeader *) buf;
1312 struct tun_header *tun = (struct tun_header*) &msg[1];
1313 struct ip6_header *ipv6 = (struct ip6_header *) &tun[1];
1314 struct udp_packet *udp = (struct udp_packet *) &ipv6[1];
1315 msg->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1316 msg->size = htons (size);
1317 tun->flags = htons (0);
1318 tun->proto = htons (ETH_P_IPV6);
1319 ipv6->traffic_class_h = 0;
1321 ipv6->traffic_class_l = 0;
1322 ipv6->flow_label = 0;
1323 ipv6->payload_length = htons (sizeof (struct udp_packet) + sizeof (struct ip6_header) + mlen);
1324 ipv6->next_header = IPPROTO_UDP;
1325 ipv6->hop_limit = 255;
1326 ipv6->source_address = ts->destination_ip.v6;
1327 ipv6->destination_address = ts->source_ip.v6;
1328 if (0 == ntohs (reply->source_port))
1329 udp->spt = htons (ts->destination_port);
1331 udp->spt = reply->source_port;
1332 if (0 == ntohs (reply->destination_port))
1333 udp->dpt = htons (ts->source_port);
1335 udp->dpt = reply->destination_port;
1336 udp->len = htons (mlen + sizeof (struct udp_packet));
1344 GNUNET_CRYPTO_crc16_step (sum, &ipv6->source_address,
1345 sizeof (struct in6_addr) * 2);
1346 uint32_t tmp = udp->len;
1347 sum = GNUNET_CRYPTO_crc16_step (sum, &tmp, sizeof (uint32_t));
1348 tmp = htons (IPPROTO_UDP);
1349 sum = GNUNET_CRYPTO_crc16_step (sum, &tmp, sizeof (uint32_t));
1350 sum = GNUNET_CRYPTO_crc16_step (sum,
1353 udp->crc = GNUNET_CRYPTO_crc16_finish (sum);
1355 (void) GNUNET_HELPER_send (helper_handle,
1365 GNUNET_CONTAINER_heap_update_cost (tunnel_heap,
1367 GNUNET_TIME_absolute_get ().abs_value);
1373 * We got a TCP packet back from the MESH tunnel. Pass it on to the
1374 * local virtual interface via the helper.
1376 * @param cls closure, NULL
1377 * @param tunnel connection to the other end
1378 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1379 * @param sender who sent the message
1380 * @param message the actual message
1381 * @param atsi performance data for the connection
1382 * @return GNUNET_OK to keep the connection open,
1383 * GNUNET_SYSERR to close it (signal serious error)
1386 receive_tcp_back (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1388 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1389 const struct GNUNET_MessageHeader *message,
1390 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1392 struct TunnelState *ts = *tunnel_ctx;
1393 const struct GNUNET_EXIT_TcpDataMessage *data;
1396 GNUNET_STATISTICS_update (stats,
1397 gettext_noop ("# TCP packets received from mesh"),
1399 mlen = ntohs (message->size);
1400 if (mlen < sizeof (struct GNUNET_EXIT_TcpDataMessage))
1402 GNUNET_break_op (0);
1403 return GNUNET_SYSERR;
1405 if (NULL == ts->heap_node)
1407 GNUNET_break_op (0);
1408 return GNUNET_SYSERR;
1410 data = (const struct GNUNET_EXIT_TcpDataMessage *) message;
1411 mlen -= sizeof (struct GNUNET_EXIT_TcpDataMessage);
1413 char sbuf[INET6_ADDRSTRLEN];
1414 char dbuf[INET6_ADDRSTRLEN];
1416 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1417 "Received TCP reply from mesh, sending %u bytes from %s:%u -> %s:%u via TUN\n",
1418 (unsigned int) mlen,
1419 inet_ntop (ts->af, &ts->destination_ip, sbuf, sizeof (sbuf)),
1420 ts->destination_port,
1421 inet_ntop (ts->af, &ts->source_ip, dbuf, sizeof (dbuf)),
1428 size_t size = sizeof (struct ip4_header)
1429 + sizeof (struct tcp_packet)
1430 + sizeof (struct GNUNET_MessageHeader) +
1431 sizeof (struct tun_header) +
1435 struct GNUNET_MessageHeader *msg = (struct GNUNET_MessageHeader *) buf;
1436 struct tun_header *tun = (struct tun_header*) &msg[1];
1437 struct ip4_header *ipv4 = (struct ip4_header *) &tun[1];
1438 struct tcp_packet *tcp = (struct tcp_packet *) &ipv4[1];
1439 msg->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1440 msg->size = htons (size);
1441 tun->flags = htons (0);
1442 tun->proto = htons (ETH_P_IPV4);
1444 ipv4->header_length = sizeof (struct ip4_header) / 4;
1445 ipv4->diff_serv = 0;
1446 ipv4->total_length = htons (sizeof (struct ip4_header) +
1447 sizeof (struct tcp_packet) +
1449 ipv4->identification = (uint16_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1452 ipv4->fragmentation_offset = 0;
1454 ipv4->protocol = IPPROTO_TCP;
1456 ipv4->source_address = ts->destination_ip.v4;
1457 ipv4->destination_address = ts->source_ip.v4;
1459 GNUNET_CRYPTO_crc16_n (ipv4, sizeof (struct ip4_header));
1460 *tcp = data->tcp_header;
1461 tcp->spt = htons (ts->destination_port);
1462 tcp->dpt = htons (ts->source_port);
1471 sum = GNUNET_CRYPTO_crc16_step (sum,
1472 &ipv4->source_address,
1473 2 * sizeof (struct in_addr));
1474 tmp = htonl ((IPPROTO_TCP << 16) | (mlen + sizeof (struct tcp_packet)));
1475 sum = GNUNET_CRYPTO_crc16_step (sum, &tmp, sizeof (uint32_t));
1476 sum = GNUNET_CRYPTO_crc16_step (sum, tcp, mlen + sizeof (struct tcp_packet));
1477 tcp->crc = GNUNET_CRYPTO_crc16_finish (sum);
1479 (void) GNUNET_HELPER_send (helper_handle,
1488 size_t size = sizeof (struct ip6_header)
1489 + sizeof (struct tcp_packet)
1490 + sizeof (struct GNUNET_MessageHeader) +
1491 sizeof (struct tun_header) +
1495 struct GNUNET_MessageHeader *msg = (struct GNUNET_MessageHeader *) buf;
1496 struct tun_header *tun = (struct tun_header*) &msg[1];
1497 struct ip6_header *ipv6 = (struct ip6_header *) &tun[1];
1498 struct tcp_packet *tcp = (struct tcp_packet *) &ipv6[1];
1499 msg->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1500 msg->size = htons (size);
1501 tun->flags = htons (0);
1502 tun->proto = htons (ETH_P_IPV6);
1503 ipv6->traffic_class_h = 0;
1505 ipv6->traffic_class_l = 0;
1506 ipv6->flow_label = 0;
1507 ipv6->payload_length = htons (sizeof (struct tcp_packet) + sizeof (struct ip6_header) + mlen);
1508 ipv6->next_header = IPPROTO_TCP;
1509 ipv6->hop_limit = 255;
1510 ipv6->source_address = ts->destination_ip.v6;
1511 ipv6->destination_address = ts->source_ip.v6;
1512 tcp->spt = htons (ts->destination_port);
1513 tcp->dpt = htons (ts->source_port);
1519 sum = GNUNET_CRYPTO_crc16_step (sum, &ipv6->source_address, 2 * sizeof (struct in6_addr));
1520 tmp = htonl (sizeof (struct tcp_packet) + mlen);
1521 sum = GNUNET_CRYPTO_crc16_step (sum, &tmp, sizeof (uint32_t));
1522 tmp = htonl (IPPROTO_TCP);
1523 sum = GNUNET_CRYPTO_crc16_step (sum, &tmp, sizeof (uint32_t));
1524 sum = GNUNET_CRYPTO_crc16_step (sum, tcp,
1525 sizeof (struct tcp_packet) + mlen);
1526 tcp->crc = GNUNET_CRYPTO_crc16_finish (sum);
1528 (void) GNUNET_HELPER_send (helper_handle,
1536 GNUNET_CONTAINER_heap_update_cost (tunnel_heap,
1538 GNUNET_TIME_absolute_get ().abs_value);
1544 * Allocate an IPv4 address from the range of the tunnel
1545 * for a new redirection.
1547 * @param v4 where to store the address
1548 * @return GNUNET_OK on success,
1549 * GNUNET_SYSERR on error
1552 allocate_v4_address (struct in_addr *v4)
1554 const char *ipv4addr = vpn_argv[4];
1555 const char *ipv4mask = vpn_argv[5];
1556 struct in_addr addr;
1557 struct in_addr mask;
1559 GNUNET_HashCode key;
1562 GNUNET_assert (1 == inet_pton (AF_INET, ipv4addr, &addr));
1563 GNUNET_assert (1 == inet_pton (AF_INET, ipv4mask, &mask));
1564 /* Given 192.168.0.1/255.255.0.0, we want a mask
1565 of '192.168.255.255', thus: */
1566 mask.s_addr = addr.s_addr | ~mask.s_addr;
1573 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1574 _("Failed to find unallocated IPv4 address in VPN's range\n"));
1575 return GNUNET_SYSERR;
1577 /* Pick random IPv4 address within the subnet, except 'addr' or 'mask' itself */
1578 rnd.s_addr = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1580 v4->s_addr = (addr.s_addr | rnd.s_addr) & mask.s_addr;
1581 get_destination_key_from_ip (AF_INET,
1585 while ( (GNUNET_YES ==
1586 GNUNET_CONTAINER_multihashmap_contains (destination_map,
1588 (v4->s_addr == addr.s_addr) ||
1589 (v4->s_addr == mask.s_addr) );
1595 * Allocate an IPv6 address from the range of the tunnel
1596 * for a new redirection.
1598 * @param v6 where to store the address
1599 * @return GNUNET_OK on success,
1600 * GNUNET_SYSERR on error
1603 allocate_v6_address (struct in6_addr *v6)
1605 const char *ipv6addr = vpn_argv[2];
1606 struct in6_addr addr;
1607 struct in6_addr mask;
1608 struct in6_addr rnd;
1610 GNUNET_HashCode key;
1613 GNUNET_assert (1 == inet_pton (AF_INET6, ipv6addr, &addr));
1614 GNUNET_assert (ipv6prefix < 128);
1615 /* Given ABCD::/96, we want a mask of 'ABCD::FFFF:FFFF,
1618 for (i=127;i>=128-ipv6prefix;i--)
1619 mask.s6_addr[i / 8] |= (1 << (i % 8));
1621 /* Pick random IPv6 address within the subnet, except 'addr' or 'mask' itself */
1628 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1629 _("Failed to find unallocated IPv6 address in VPN's range\n"));
1630 return GNUNET_SYSERR;
1635 rnd.s6_addr[i] = (unsigned char) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1638 = (addr.s6_addr[i] | rnd.s6_addr[i]) & mask.s6_addr[i];
1640 get_destination_key_from_ip (AF_INET6,
1644 while ( (GNUNET_YES ==
1645 GNUNET_CONTAINER_multihashmap_contains (destination_map,
1649 sizeof (struct in6_addr))) ||
1652 sizeof (struct in6_addr))) );
1658 * A client asks us to setup a redirection via some exit
1659 * node to a particular IP. Setup the redirection and
1660 * give the client the allocated IP.
1663 * @param client requesting client
1664 * @param message redirection request (a 'struct RedirectToIpRequestMessage')
1667 service_redirect_to_ip (void *cls GNUNET_UNUSED, struct GNUNET_SERVER_Client *client,
1668 const struct GNUNET_MessageHeader *message)
1672 const struct RedirectToIpRequestMessage *msg;
1678 struct DestinationEntry *de;
1679 GNUNET_HashCode key;
1681 /* validate and parse request */
1682 mlen = ntohs (message->size);
1683 if (mlen < sizeof (struct RedirectToIpRequestMessage))
1686 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1689 alen = mlen - sizeof (struct RedirectToIpRequestMessage);
1690 msg = (const struct RedirectToIpRequestMessage *) message;
1691 addr_af = (int) htonl (msg->addr_af);
1695 if (alen != sizeof (struct in_addr))
1698 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1703 if (alen != sizeof (struct in6_addr))
1706 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1712 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1716 /* allocate response IP */
1718 result_af = (int) htonl (msg->result_af);
1723 allocate_v4_address (&v4))
1724 result_af = AF_UNSPEC;
1730 allocate_v6_address (&v6))
1731 result_af = AF_UNSPEC;
1737 allocate_v4_address (&v4))
1740 result_af = AF_INET;
1742 else if (GNUNET_OK ==
1743 allocate_v6_address (&v6))
1746 result_af = AF_INET6;
1751 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1754 if ( (result_af == AF_UNSPEC) ||
1755 (GNUNET_NO == ntohl (msg->nac)) )
1757 /* send reply "instantly" */
1758 send_client_reply (client,
1763 if (result_af == AF_UNSPEC)
1765 /* failure, we're done */
1766 GNUNET_SERVER_receive_done (client, GNUNET_OK);
1771 char sbuf[INET6_ADDRSTRLEN];
1772 char dbuf[INET6_ADDRSTRLEN];
1774 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1775 "Allocated address %s for redirection via exit to %s\n",
1776 inet_ntop (result_af, addr, sbuf, sizeof (sbuf)),
1778 &msg[1], dbuf, sizeof (dbuf)));
1781 /* setup destination record */
1782 de = GNUNET_malloc (sizeof (struct DestinationEntry));
1783 de->is_service = GNUNET_NO;
1784 de->details.exit_destination.af = addr_af;
1785 memcpy (&de->details.exit_destination.ip,
1788 get_destination_key_from_ip (result_af,
1792 GNUNET_assert (GNUNET_OK ==
1793 GNUNET_CONTAINER_multihashmap_put (destination_map,
1796 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE));
1797 de->heap_node = GNUNET_CONTAINER_heap_insert (destination_heap,
1799 GNUNET_TIME_absolute_ntoh (msg->expiration_time).abs_value);
1800 GNUNET_STATISTICS_update (stats,
1801 gettext_noop ("# Active destinations"),
1804 /* FIXME: expire OLD destinations if we have too many! */
1805 /* setup tunnel to destination */
1806 (void) create_tunnel_to_destination (de,
1807 (GNUNET_NO == ntohl (msg->nac)) ? NULL : client,
1809 GNUNET_assert (NULL != de->ts);
1811 GNUNET_SERVER_receive_done (client, GNUNET_OK);
1816 * A client asks us to setup a redirection to a particular peer
1817 * offering a service. Setup the redirection and give the client the
1821 * @param client requesting client
1822 * @param message redirection request (a 'struct RedirectToPeerRequestMessage')
1825 service_redirect_to_service (void *cls GNUNET_UNUSED, struct GNUNET_SERVER_Client *client,
1826 const struct GNUNET_MessageHeader *message)
1828 const struct RedirectToServiceRequestMessage *msg;
1833 struct DestinationEntry *de;
1834 GNUNET_HashCode key;
1837 msg = (const struct RedirectToServiceRequestMessage *) message;
1839 /* allocate response IP */
1841 result_af = (int) htonl (msg->result_af);
1846 allocate_v4_address (&v4))
1847 result_af = AF_UNSPEC;
1853 allocate_v6_address (&v6))
1854 result_af = AF_UNSPEC;
1860 allocate_v4_address (&v4))
1863 result_af = AF_INET;
1865 else if (GNUNET_OK ==
1866 allocate_v6_address (&v6))
1869 result_af = AF_INET6;
1874 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1877 if ( (result_af == AF_UNSPEC) ||
1878 (GNUNET_NO == ntohl (msg->nac)) )
1880 /* send reply "instantly" */
1881 send_client_reply (client,
1886 if (result_af == AF_UNSPEC)
1888 /* failure, we're done */
1889 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1890 _("Failed to allocate IP address for new destination\n"));
1891 GNUNET_SERVER_receive_done (client, GNUNET_OK);
1896 char sbuf[INET6_ADDRSTRLEN];
1898 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1899 "Allocated address %s for redirection to service %s on peer %s\n",
1900 inet_ntop (result_af, addr, sbuf, sizeof (sbuf)),
1901 GNUNET_h2s (&msg->service_descriptor),
1902 GNUNET_i2s (&msg->target));
1905 /* setup destination record */
1906 de = GNUNET_malloc (sizeof (struct DestinationEntry));
1907 de->is_service = GNUNET_YES;
1908 de->details.service_destination.service_descriptor = msg->service_descriptor;
1909 de->details.service_destination.target = msg->target;
1910 get_destination_key_from_ip (result_af,
1914 GNUNET_assert (GNUNET_OK ==
1915 GNUNET_CONTAINER_multihashmap_put (destination_map,
1918 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE));
1919 de->heap_node = GNUNET_CONTAINER_heap_insert (destination_heap,
1921 GNUNET_TIME_absolute_ntoh (msg->expiration_time).abs_value);
1922 /* FIXME: expire OLD destinations if we have too many! */
1923 (void) create_tunnel_to_destination (de,
1924 (GNUNET_NO == ntohl (msg->nac)) ? NULL : client,
1927 GNUNET_SERVER_receive_done (client, GNUNET_OK);
1933 * Function called for inbound tunnels. As we don't offer
1934 * any mesh services, this function should never be called.
1936 * @param cls closure
1937 * @param tunnel new handle to the tunnel
1938 * @param initiator peer that started the tunnel
1939 * @param atsi performance information for the tunnel
1940 * @return initial tunnel context for the tunnel
1941 * (can be NULL -- that's not an error)
1944 inbound_tunnel_cb (void *cls, struct GNUNET_MESH_Tunnel *tunnel,
1945 const struct GNUNET_PeerIdentity *initiator,
1946 const struct GNUNET_ATS_Information *atsi)
1948 /* How can and why should anyone open an inbound tunnel to vpn? */
1955 * Free resources associated with a tunnel state.
1957 * @param ts state to free
1960 free_tunnel_state (struct TunnelState *ts)
1962 GNUNET_HashCode key;
1963 struct TunnelMessageQueueEntry *tnq;
1965 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1966 "Cleaning up tunnel state\n");
1967 GNUNET_STATISTICS_update (stats,
1968 gettext_noop ("# Active tunnels"),
1970 while (NULL != (tnq = ts->head))
1972 GNUNET_CONTAINER_DLL_remove (ts->head,
1977 if (NULL != ts->client)
1979 GNUNET_SERVER_client_drop (ts->client);
1984 GNUNET_MESH_notify_transmit_ready_cancel (ts->th);
1987 GNUNET_assert (NULL == ts->destination.heap_node);
1988 if (NULL != ts->tunnel)
1990 GNUNET_MESH_tunnel_destroy (ts->tunnel);
1993 if (NULL != ts->heap_node)
1995 GNUNET_CONTAINER_heap_remove_node (ts->heap_node);
1996 ts->heap_node = NULL;
1997 get_tunnel_key_from_ips (ts->af,
2001 &ts->destination_ip,
2002 ts->destination_port,
2004 GNUNET_assert (GNUNET_YES ==
2005 GNUNET_CONTAINER_multihashmap_remove (tunnel_map,
2009 if (NULL != ts->destination_container)
2011 GNUNET_assert (ts == ts->destination_container->ts);
2012 ts->destination_container->ts = NULL;
2013 ts->destination_container = NULL;
2020 * Free resources occupied by a destination entry.
2022 * @param de entry to free
2025 free_destination_entry (struct DestinationEntry *de)
2027 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2028 "Cleaning up destination entry\n");
2029 GNUNET_STATISTICS_update (stats,
2030 gettext_noop ("# Active destinations"),
2034 free_tunnel_state (de->ts);
2035 GNUNET_assert (NULL == de->ts);
2037 if (NULL != de->heap_node)
2039 GNUNET_CONTAINER_heap_remove_node (de->heap_node);
2040 de->heap_node = NULL;
2041 GNUNET_assert (GNUNET_YES ==
2042 GNUNET_CONTAINER_multihashmap_remove (destination_map,
2051 * Function called whenever an inbound tunnel is destroyed. Should clean up
2052 * any associated state.
2054 * @param cls closure (set from GNUNET_MESH_connect)
2055 * @param tunnel connection to the other end (henceforth invalid)
2056 * @param tunnel_ctx place where local state associated
2057 * with the tunnel is stored (our 'struct TunnelState')
2060 tunnel_cleaner (void *cls, const struct GNUNET_MESH_Tunnel *tunnel, void *tunnel_ctx)
2062 struct TunnelState *ts = tunnel_ctx;
2069 GNUNET_assert (ts->tunnel == tunnel);
2071 free_tunnel_state (ts);
2076 * Free memory occupied by an entry in the destination map.
2080 * @param value a 'struct DestinationEntry *'
2081 * @return GNUNET_OK (continue to iterate)
2084 cleanup_destination (void *cls,
2085 const GNUNET_HashCode *key,
2088 struct DestinationEntry *de = value;
2090 free_destination_entry (de);
2096 * Free memory occupied by an entry in the tunnel map.
2100 * @param value a 'struct TunnelState *'
2101 * @return GNUNET_OK (continue to iterate)
2104 cleanup_tunnel (void *cls,
2105 const GNUNET_HashCode *key,
2108 struct TunnelState *ts = value;
2110 free_tunnel_state (ts);
2116 * Function scheduled as very last function, cleans up after us
2122 cleanup (void *cls GNUNET_UNUSED,
2123 const struct GNUNET_SCHEDULER_TaskContext *tc)
2127 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2128 "VPN is shutting down\n");
2129 if (NULL != destination_map)
2131 GNUNET_CONTAINER_multihashmap_iterate (destination_map,
2132 &cleanup_destination,
2134 GNUNET_CONTAINER_multihashmap_destroy (destination_map);
2135 destination_map = NULL;
2137 if (NULL != destination_heap)
2139 GNUNET_CONTAINER_heap_destroy (destination_heap);
2140 destination_heap = NULL;
2142 if (NULL != tunnel_map)
2144 GNUNET_CONTAINER_multihashmap_iterate (tunnel_map,
2147 GNUNET_CONTAINER_multihashmap_destroy (tunnel_map);
2150 if (NULL != tunnel_heap)
2152 GNUNET_CONTAINER_heap_destroy (tunnel_heap);
2155 if (NULL != mesh_handle)
2157 GNUNET_MESH_disconnect (mesh_handle);
2160 if (NULL != helper_handle)
2162 GNUNET_HELPER_stop (helper_handle);
2163 helper_handle = NULL;
2167 GNUNET_SERVER_notification_context_destroy (nc);
2172 GNUNET_STATISTICS_destroy (stats, GNUNET_YES);
2176 GNUNET_free_non_null (vpn_argv[i]);
2181 * A client disconnected, clean up all references to it.
2183 * @param cls the client that disconnected
2185 * @param value a 'struct TunnelState *'
2186 * @return GNUNET_OK (continue to iterate)
2189 cleanup_tunnel_client (void *cls,
2190 const GNUNET_HashCode *key,
2193 struct GNUNET_SERVER_Client *client = cls;
2194 struct TunnelState *ts = value;
2196 if (client == ts->client)
2198 GNUNET_SERVER_client_drop (ts->client);
2206 * A client disconnected, clean up all references to it.
2208 * @param cls the client that disconnected
2210 * @param value a 'struct DestinationEntry *'
2211 * @return GNUNET_OK (continue to iterate)
2214 cleanup_destination_client (void *cls,
2215 const GNUNET_HashCode *key,
2218 struct GNUNET_SERVER_Client *client = cls;
2219 struct DestinationEntry *de = value;
2220 struct TunnelState *ts;
2222 if (NULL == (ts = de->ts))
2224 if (client == ts->client)
2226 GNUNET_SERVER_client_drop (ts->client);
2234 * A client has disconnected from us. If we are currently building
2235 * a tunnel for it, cancel the operation.
2238 * @param client handle to the client that disconnected
2241 client_disconnect (void *cls, struct GNUNET_SERVER_Client *client)
2243 if (NULL != tunnel_map)
2244 GNUNET_CONTAINER_multihashmap_iterate (tunnel_map,
2245 &cleanup_tunnel_client,
2247 if (NULL != destination_map)
2248 GNUNET_CONTAINER_multihashmap_iterate (destination_map,
2249 &cleanup_destination_client,
2255 * Main function that will be run by the scheduler.
2257 * @param cls closure
2258 * @param server the initialized server
2259 * @param cfg_ configuration
2263 struct GNUNET_SERVER_Handle *server,
2264 const struct GNUNET_CONFIGURATION_Handle *cfg_)
2266 static const struct GNUNET_SERVER_MessageHandler service_handlers[] = {
2267 /* callback, cls, type, size */
2268 {&service_redirect_to_ip, NULL, GNUNET_MESSAGE_TYPE_VPN_CLIENT_REDIRECT_TO_IP, 0},
2269 {&service_redirect_to_service, NULL,
2270 GNUNET_MESSAGE_TYPE_VPN_CLIENT_REDIRECT_TO_SERVICE,
2271 sizeof (struct RedirectToServiceRequestMessage) },
2274 static const struct GNUNET_MESH_MessageHandler mesh_handlers[] = {
2275 {receive_udp_back, GNUNET_MESSAGE_TYPE_VPN_SERVICE_UDP_BACK, 0},
2276 {receive_tcp_back, GNUNET_MESSAGE_TYPE_VPN_SERVICE_TCP_BACK, 0},
2277 {receive_udp_back, GNUNET_MESSAGE_TYPE_VPN_REMOTE_UDP_BACK, 0},
2278 {receive_tcp_back, GNUNET_MESSAGE_TYPE_VPN_REMOTE_TCP_BACK, 0},
2281 static const GNUNET_MESH_ApplicationType types[] = {
2282 GNUNET_APPLICATION_TYPE_END
2293 stats = GNUNET_STATISTICS_create ("vpn", cfg);
2295 GNUNET_CONFIGURATION_get_value_number (cfg, "vpn", "MAX_MAPPING",
2296 &max_destination_mappings))
2297 max_destination_mappings = 200;
2299 GNUNET_CONFIGURATION_get_value_number (cfg, "vpn", "MAX_TUNNELS",
2300 &max_tunnel_mappings))
2301 max_tunnel_mappings = 200;
2303 destination_map = GNUNET_CONTAINER_multihashmap_create (max_destination_mappings * 2);
2304 destination_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
2305 tunnel_map = GNUNET_CONTAINER_multihashmap_create (max_tunnel_mappings * 2);
2306 tunnel_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
2309 vpn_argv[0] = GNUNET_strdup ("vpn-gnunet");
2310 if (GNUNET_SYSERR ==
2311 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IFNAME", &ifname))
2313 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2314 "No entry 'IFNAME' in configuration!\n");
2315 GNUNET_SCHEDULER_shutdown ();
2318 vpn_argv[1] = ifname;
2319 if ( (GNUNET_SYSERR ==
2320 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IPV6ADDR",
2322 (1 != inet_pton (AF_INET6, ipv6addr, &v6))) )
2324 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2325 "No valid entry 'IPV6ADDR' in configuration!\n");
2326 GNUNET_SCHEDULER_shutdown ();
2329 vpn_argv[2] = ipv6addr;
2330 if (GNUNET_SYSERR ==
2331 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IPV6PREFIX",
2334 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2335 "No entry 'IPV6PREFIX' in configuration!\n");
2336 GNUNET_SCHEDULER_shutdown ();
2339 vpn_argv[3] = ipv6prefix_s;
2341 GNUNET_CONFIGURATION_get_value_number (cfg, "vpn",
2344 (ipv6prefix >= 127) )
2346 GNUNET_SCHEDULER_shutdown ();
2350 if ( (GNUNET_SYSERR ==
2351 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IPV4ADDR",
2353 (1 != inet_pton (AF_INET, ipv4addr, &v4))) )
2355 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2356 "No valid entry for 'IPV4ADDR' in configuration!\n");
2357 GNUNET_SCHEDULER_shutdown ();
2360 vpn_argv[4] = ipv4addr;
2361 if ( (GNUNET_SYSERR ==
2362 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IPV4MASK",
2364 (1 != inet_pton (AF_INET, ipv4mask, &v4))) )
2366 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2367 "No valid entry 'IPV4MASK' in configuration!\n");
2368 GNUNET_SCHEDULER_shutdown ();
2371 vpn_argv[5] = ipv4mask;
2375 GNUNET_MESH_connect (cfg_, 42 /* queue length */, NULL,
2380 helper_handle = GNUNET_HELPER_start ("gnunet-helper-vpn", vpn_argv,
2381 &message_token, NULL);
2382 nc = GNUNET_SERVER_notification_context_create (server, 1);
2383 GNUNET_SERVER_add_handlers (server, service_handlers);
2384 GNUNET_SERVER_disconnect_notify (server, &client_disconnect, NULL);
2385 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &cleanup, cls);
2390 * The main function of the VPN service.
2392 * @param argc number of arguments from the command line
2393 * @param argv command line arguments
2394 * @return 0 ok, 1 on error
2397 main (int argc, char *const *argv)
2399 return (GNUNET_OK ==
2400 GNUNET_SERVICE_run (argc, argv, "vpn",
2401 GNUNET_SERVICE_OPTION_NONE,
2402 &run, NULL)) ? 0 : 1;
2405 /* end of gnunet-service-vpn.c */
projects / oweals / gnunet.git / blob