2 This file is part of GNUnet.
3 (C) 2010, 2011, 2012 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file vpn/gnunet-service-vpn.c
23 * @brief service that opens a virtual interface and allows its clients
24 * to allocate IPs on the virtual interface and to then redirect
25 * IP traffic received on those IPs via the GNUnet mesh
26 * @author Philipp Toelke
27 * @author Christian Grothoff
34 * - add back ICMP support (especially needed for IPv6)
37 #include "gnunet_util_lib.h"
38 #include "gnunet_common.h"
39 #include "gnunet_protocols.h"
40 #include "gnunet_applications.h"
41 #include "gnunet_mesh_service.h"
42 #include "gnunet_statistics_service.h"
43 #include "gnunet_constants.h"
44 #include "gnunet_tun_lib.h"
50 * Maximum number of messages we allow in the queue for mesh.
52 #define MAX_MESSAGE_QUEUE_SIZE 4
56 * State we keep for each of our tunnels.
62 * Information we track for each IP address to determine which tunnel
63 * to send the traffic over to the destination.
65 struct DestinationEntry
69 * Key under which this entry is in the 'destination_map' (only valid
70 * if 'heap_node != NULL').
75 * Pre-allocated tunnel for this destination, or NULL for none.
77 struct TunnelState *ts;
80 * Entry for this entry in the destination_heap.
82 struct GNUNET_CONTAINER_HeapNode *heap_node;
85 * GNUNET_NO if this is a tunnel to an Internet-exit,
86 * GNUNET_YES if this tunnel is to a service.
91 * Details about the connection (depending on is_service).
99 * The description of the service (only used for service tunnels).
101 GNUNET_HashCode service_descriptor;
104 * Peer offering the service.
106 struct GNUNET_PeerIdentity target;
108 } service_destination;
114 * Address family used (AF_INET or AF_INET6).
119 * IP address of the ultimate destination (only used for exit tunnels).
124 * Address if af is AF_INET.
129 * Address if af is AF_INET6.
142 * A messages we have in queue for a particular tunnel.
144 struct TunnelMessageQueueEntry
147 * This is a doubly-linked list.
149 struct TunnelMessageQueueEntry *next;
152 * This is a doubly-linked list.
154 struct TunnelMessageQueueEntry *prev;
157 * Number of bytes in 'msg'.
162 * Message to transmit, allocated at the end of this struct.
169 * State we keep for each of our tunnels.
175 * Information about the tunnel to use, NULL if no tunnel
176 * is available right now.
178 struct GNUNET_MESH_Tunnel *tunnel;
181 * Active transmission handle, NULL for none.
183 struct GNUNET_MESH_TransmitHandle *th;
186 * Entry for this entry in the tunnel_heap, NULL as long as this
187 * tunnel state is not fully bound.
189 struct GNUNET_CONTAINER_HeapNode *heap_node;
192 * Head of list of messages scheduled for transmission.
194 struct TunnelMessageQueueEntry *tmq_head;
197 * Tail of list of messages scheduled for transmission.
199 struct TunnelMessageQueueEntry *tmq_tail;
202 * Client that needs to be notified about the tunnel being
203 * up as soon as a peer is connected; NULL for none.
205 struct GNUNET_SERVER_Client *client;
208 * Destination entry that has a pointer to this tunnel state;
209 * NULL if this tunnel state is in the tunnel map.
211 struct DestinationEntry *destination_container;
214 * ID of the client request that caused us to setup this entry.
219 * Destination to which this tunnel leads. Note that
220 * this struct is NOT in the destination_map (but a
221 * local copy) and that the 'heap_node' should always
224 struct DestinationEntry destination;
227 * Task scheduled to destroy the tunnel (or NO_TASK).
229 GNUNET_SCHEDULER_TaskIdentifier destroy_task;
232 * Addess family used for this tunnel on the local TUN interface.
237 * Length of the doubly linked 'tmq_head/tmq_tail' list.
239 unsigned int tmq_length;
242 * IPPROTO_TCP or IPPROTO_UDP once bound.
247 * IP address of the source on our end, initially uninitialized.
252 * Address if af is AF_INET.
257 * Address if af is AF_INET6.
264 * Destination IP address used by the source on our end (this is the IP
265 * that we pick freely within the VPN's tunnel IP range).
270 * Address if af is AF_INET.
275 * Address if af is AF_INET6.
282 * Source port used by the sender on our end; 0 for uninitialized.
284 uint16_t source_port;
287 * Destination port used by the sender on our end; 0 for uninitialized.
289 uint16_t destination_port;
295 * Configuration we use.
297 static const struct GNUNET_CONFIGURATION_Handle *cfg;
300 * Handle to the mesh service.
302 static struct GNUNET_MESH_Handle *mesh_handle;
305 * Map from IP address to destination information (possibly with a
306 * MESH tunnel handle for fast setup).
308 static struct GNUNET_CONTAINER_MultiHashMap *destination_map;
311 * Min-Heap sorted by activity time to expire old mappings.
313 static struct GNUNET_CONTAINER_Heap *destination_heap;
316 * Map from source and destination address (IP+port) to connection
317 * information (mostly with the respective MESH tunnel handle).
319 static struct GNUNET_CONTAINER_MultiHashMap *tunnel_map;
322 * Min-Heap sorted by activity time to expire old mappings; values are
323 * of type 'struct TunnelState'.
325 static struct GNUNET_CONTAINER_Heap *tunnel_heap;
330 static struct GNUNET_STATISTICS_Handle *stats;
333 * The handle to the VPN helper process "gnunet-helper-vpn".
335 static struct GNUNET_HELPER_Handle *helper_handle;
338 * Arguments to the vpn helper.
340 static char *vpn_argv[7];
343 * Length of the prefix of the VPN's IPv6 network.
345 static unsigned long long ipv6prefix;
348 * Notification context for sending replies to clients.
350 static struct GNUNET_SERVER_NotificationContext *nc;
353 * If there are more than this number of address-mappings, old ones
356 static unsigned long long max_destination_mappings;
359 * If there are more than this number of open tunnels, old ones
362 static unsigned long long max_tunnel_mappings;
366 * Compute the key under which we would store an entry in the
367 * destination_map for the given IP address.
369 * @param af address family (AF_INET or AF_INET6)
370 * @param address IP address, struct in_addr or struct in6_addr
371 * @param key where to store the key
374 get_destination_key_from_ip (int af,
376 GNUNET_HashCode *key)
381 GNUNET_CRYPTO_hash (address,
382 sizeof (struct in_addr),
386 GNUNET_CRYPTO_hash (address,
387 sizeof (struct in6_addr),
398 * Compute the key under which we would store an entry in the
399 * tunnel_map for the given socket address pair.
401 * @param af address family (AF_INET or AF_INET6)
402 * @param protocol IPPROTO_TCP or IPPROTO_UDP
403 * @param source_ip sender's source IP, struct in_addr or struct in6_addr
404 * @param source_port sender's source port
405 * @param destination_ip sender's destination IP, struct in_addr or struct in6_addr
406 * @param destination_port sender's destination port
407 * @param key where to store the key
410 get_tunnel_key_from_ips (int af,
412 const void *source_ip,
413 uint16_t source_port,
414 const void *destination_ip,
415 uint16_t destination_port,
416 GNUNET_HashCode *key)
420 memset (key, 0, sizeof (GNUNET_HashCode));
421 /* the GNUnet hashmap only uses the first sizeof(unsigned int) of the hash,
422 so we put the ports in there (and hope for few collisions) */
424 memcpy (off, &source_port, sizeof (uint16_t));
425 off += sizeof (uint16_t);
426 memcpy (off, &destination_port, sizeof (uint16_t));
427 off += sizeof (uint16_t);
431 memcpy (off, source_ip, sizeof (struct in_addr));
432 off += sizeof (struct in_addr);
433 memcpy (off, destination_ip, sizeof (struct in_addr));
434 off += sizeof (struct in_addr);
437 memcpy (off, source_ip, sizeof (struct in6_addr));
438 off += sizeof (struct in6_addr);
439 memcpy (off, destination_ip, sizeof (struct in6_addr));
440 off += sizeof (struct in6_addr);
446 memcpy (off, &protocol, sizeof (uint8_t));
447 off += sizeof (uint8_t);
452 * Notify the client about the result of its request.
454 * @param client client to notify
455 * @param request_id original request ID to include in response
456 * @param result_af resulting address family
457 * @param addr resulting IP address
460 send_client_reply (struct GNUNET_SERVER_Client *client,
465 char buf[sizeof (struct RedirectToIpResponseMessage) + sizeof (struct in6_addr)];
466 struct RedirectToIpResponseMessage *res;
472 rlen = sizeof (struct in_addr);
475 rlen = sizeof (struct in6_addr);
484 res = (struct RedirectToIpResponseMessage *) buf;
485 res->header.size = htons (sizeof (struct RedirectToIpResponseMessage) + rlen);
486 res->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_CLIENT_USE_IP);
487 res->result_af = htonl (result_af);
488 res->request_id = request_id;
489 memcpy (&res[1], addr, rlen);
490 GNUNET_SERVER_notification_context_add (nc, client);
491 GNUNET_SERVER_notification_context_unicast (nc,
499 * Free resources associated with a tunnel state.
501 * @param ts state to free
504 free_tunnel_state (struct TunnelState *ts)
507 struct TunnelMessageQueueEntry *tnq;
508 struct GNUNET_MESH_Tunnel *tunnel;
510 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
511 "Cleaning up tunnel state\n");
512 GNUNET_STATISTICS_update (stats,
513 gettext_noop ("# Active tunnels"),
515 while (NULL != (tnq = ts->tmq_head))
517 GNUNET_CONTAINER_DLL_remove (ts->tmq_head,
523 GNUNET_assert (0 == ts->tmq_length);
524 if (NULL != ts->client)
526 GNUNET_SERVER_client_drop (ts->client);
531 GNUNET_MESH_notify_transmit_ready_cancel (ts->th);
534 GNUNET_assert (NULL == ts->destination.heap_node);
535 if (NULL != (tunnel = ts->tunnel))
538 GNUNET_MESH_tunnel_destroy (tunnel);
540 if (GNUNET_SCHEDULER_NO_TASK != ts->destroy_task)
542 GNUNET_SCHEDULER_cancel (ts->destroy_task);
543 ts->destroy_task = GNUNET_SCHEDULER_NO_TASK;
545 if (NULL != ts->heap_node)
547 GNUNET_CONTAINER_heap_remove_node (ts->heap_node);
548 ts->heap_node = NULL;
549 get_tunnel_key_from_ips (ts->af,
554 ts->destination_port,
556 GNUNET_assert (GNUNET_YES ==
557 GNUNET_CONTAINER_multihashmap_remove (tunnel_map,
561 if (NULL != ts->destination_container)
563 GNUNET_assert (ts == ts->destination_container->ts);
564 ts->destination_container->ts = NULL;
565 ts->destination_container = NULL;
572 * Destroy the mesh tunnel.
574 * @param cls the 'struct TunnelState' with the tunnel to destroy
575 * @param ts schedule context
578 destroy_tunnel_task (void *cls,
579 const struct GNUNET_SCHEDULER_TaskContext *tc)
581 struct TunnelState *ts = cls;
582 struct GNUNET_MESH_Tunnel *tunnel;
584 ts->destroy_task = GNUNET_SCHEDULER_NO_TASK;
585 GNUNET_assert (NULL != ts->tunnel);
588 GNUNET_MESH_tunnel_destroy (tunnel);
589 free_tunnel_state (ts);
594 * Method called whenever a peer has disconnected from the tunnel.
597 * @param peer peer identity the tunnel stopped working with
600 tunnel_peer_disconnect_handler (void *cls,
602 GNUNET_PeerIdentity * peer)
604 struct TunnelState *ts = cls;
606 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
607 "Peer %s disconnected from tunnel.\n",
609 GNUNET_STATISTICS_update (stats,
610 gettext_noop ("# Peers connected to mesh tunnels"),
614 GNUNET_MESH_notify_transmit_ready_cancel (ts->th);
617 if (ts->destination.is_service)
618 return; /* hope for reconnect eventually */
619 /* as we are most likely going to change the exit node now,
620 we should just destroy the tunnel entirely... */
621 if (GNUNET_SCHEDULER_NO_TASK == ts->destroy_task)
622 ts->destroy_task = GNUNET_SCHEDULER_add_now (&destroy_tunnel_task, ts);
627 * Method called whenever a peer has connected to the tunnel. Notifies
628 * the waiting client that the tunnel is now up.
631 * @param peer peer identity the tunnel was created to, NULL on timeout
632 * @param atsi performance data for the connection
635 tunnel_peer_connect_handler (void *cls,
636 const struct GNUNET_PeerIdentity
639 GNUNET_ATS_Information * atsi)
641 struct TunnelState *ts = cls;
643 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
644 "Peer %s connected to tunnel.\n",
646 GNUNET_STATISTICS_update (stats,
647 gettext_noop ("# Peers connected to mesh tunnels"),
649 if (NULL == ts->client)
650 return; /* nothing to do */
651 send_client_reply (ts->client,
654 &ts->destination_ip);
655 GNUNET_SERVER_client_drop (ts->client);
661 * Send a message from the message queue via mesh.
663 * @param cls the 'struct TunnelState' with the message queue
664 * @param size number of bytes available in buf
665 * @param buf where to copy the message
666 * @return number of bytes copied to buf
669 send_to_peer_notify_callback (void *cls, size_t size, void *buf)
671 struct TunnelState *ts = cls;
672 struct TunnelMessageQueueEntry *tnq;
679 GNUNET_assert (NULL != tnq);
680 GNUNET_assert (size >= tnq->len);
681 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
682 "Sending %u bytes via mesh tunnel\n",
684 GNUNET_CONTAINER_DLL_remove (ts->tmq_head,
688 memcpy (buf, tnq->msg, tnq->len);
691 if (NULL != (tnq = ts->tmq_head))
692 ts->th = GNUNET_MESH_notify_transmit_ready (ts->tunnel,
693 GNUNET_NO /* cork */,
695 GNUNET_TIME_UNIT_FOREVER_REL,
698 &send_to_peer_notify_callback,
700 GNUNET_STATISTICS_update (stats,
701 gettext_noop ("# Bytes given to mesh for transmission"),
708 * Add the given message to the given tunnel and trigger the
709 * transmission process.
711 * @param tnq message to queue
712 * @param ts tunnel to queue the message for
715 send_to_tunnel (struct TunnelMessageQueueEntry *tnq,
716 struct TunnelState *ts)
718 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
719 "Queueing %u bytes for transmission via mesh tunnel\n",
721 GNUNET_assert (NULL != ts->tunnel);
722 GNUNET_CONTAINER_DLL_insert_tail (ts->tmq_head,
726 if (ts->tmq_length > MAX_MESSAGE_QUEUE_SIZE)
728 struct TunnelMessageQueueEntry *dq;
731 GNUNET_assert (dq != tnq);
732 GNUNET_CONTAINER_DLL_remove (ts->tmq_head,
735 GNUNET_MESH_notify_transmit_ready_cancel (ts->th);
737 GNUNET_STATISTICS_update (stats,
738 gettext_noop ("# Bytes dropped in mesh queue (overflow)"),
744 ts->th = GNUNET_MESH_notify_transmit_ready (ts->tunnel,
745 GNUNET_NO /* cork */,
747 GNUNET_TIME_UNIT_FOREVER_REL,
750 &send_to_peer_notify_callback,
756 * Initialize the given destination entry's mesh tunnel.
758 * @param de destination entry for which we need to setup a tunnel
759 * @param client client to notify on successful tunnel setup, or NULL for none
760 * @param request_id request ID to send in client notification (unused if client is NULL)
761 * @return tunnel state of the tunnel that was created
763 static struct TunnelState *
764 create_tunnel_to_destination (struct DestinationEntry *de,
765 struct GNUNET_SERVER_Client *client,
768 struct TunnelState *ts;
770 GNUNET_STATISTICS_update (stats,
771 gettext_noop ("# Mesh tunnels created"),
773 GNUNET_assert (NULL == de->ts);
774 ts = GNUNET_malloc (sizeof (struct TunnelState));
777 ts->request_id = request_id;
779 GNUNET_SERVER_client_keep (client);
781 ts->destination = *de;
782 ts->destination.heap_node = NULL; /* copy is NOT in destination heap */
784 ts->destination_container = de; /* we are referenced from de */
785 ts->af = AF_UNSPEC; /* so far, unknown */
786 ts->tunnel = GNUNET_MESH_tunnel_create (mesh_handle,
788 &tunnel_peer_connect_handler,
789 &tunnel_peer_disconnect_handler,
791 if (NULL == ts->tunnel)
793 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
794 _("Failed to setup mesh tunnel!\n"));
796 GNUNET_SERVER_client_drop (client);
802 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
803 "Creating tunnel to peer %s offering service %s\n",
804 GNUNET_i2s (&de->details.service_destination.target),
805 GNUNET_h2s (&de->details.service_destination.service_descriptor));
806 GNUNET_MESH_peer_request_connect_add (ts->tunnel,
807 &de->details.service_destination.target);
811 switch (de->details.exit_destination.af)
814 GNUNET_MESH_peer_request_connect_by_type (ts->tunnel,
815 GNUNET_APPLICATION_TYPE_IPV4_GATEWAY);
816 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
817 "Creating tunnel to exit peer for %s\n",
821 GNUNET_MESH_peer_request_connect_by_type (ts->tunnel,
822 GNUNET_APPLICATION_TYPE_IPV6_GATEWAY);
823 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
824 "Creating tunnel to exit peer for %s\n",
837 * We have too many active tunnels. Clean up the oldest tunnel.
839 * @param except tunnel that must NOT be cleaned up, even if it is the oldest
842 expire_tunnel (struct TunnelState *except)
844 struct TunnelState *ts;
846 ts = GNUNET_CONTAINER_heap_peek (tunnel_heap);
848 return; /* can't do this */
849 free_tunnel_state (ts);
854 * Route a packet via mesh to the given destination.
856 * @param destination description of the destination
857 * @param af address family on this end (AF_INET or AF_INET6)
858 * @param protocol IPPROTO_TCP or IPPROTO_UDP
859 * @param source_ip source IP used by the sender (struct in_addr or struct in6_addr)
860 * @param destination_ip destination IP used by the sender (struct in_addr or struct in6_addr)
861 * @param payload payload of the packet after the IP header
862 * @param payload_length number of bytes in payload
865 route_packet (struct DestinationEntry *destination,
868 const void *source_ip,
869 const void *destination_ip,
871 size_t payload_length)
874 struct TunnelState *ts;
875 struct TunnelMessageQueueEntry *tnq;
879 const struct GNUNET_TUN_UdpHeader *udp;
880 const struct GNUNET_TUN_TcpHeader *tcp;
881 const struct GNUNET_TUN_IcmpHeader *icmp;
889 if (payload_length < sizeof (struct GNUNET_TUN_UdpHeader))
896 spt = ntohs (udp->spt);
897 dpt = ntohs (udp->dpt);
898 get_tunnel_key_from_ips (af,
909 if (payload_length < sizeof (struct GNUNET_TUN_TcpHeader))
916 spt = ntohs (tcp->spt);
917 dpt = ntohs (tcp->dpt);
918 get_tunnel_key_from_ips (af,
929 if (payload_length < sizeof (struct GNUNET_TUN_IcmpHeader))
938 get_tunnel_key_from_ips (af,
948 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
949 _("Protocol %u not supported, dropping\n"),
950 (unsigned int) protocol);
953 if (! destination->is_service)
955 switch (destination->details.exit_destination.af)
958 alen = sizeof (struct in_addr);
961 alen = sizeof (struct in6_addr);
969 char sbuf[INET6_ADDRSTRLEN];
970 char dbuf[INET6_ADDRSTRLEN];
971 char xbuf[INET6_ADDRSTRLEN];
973 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
974 "Routing %s packet from %s:%u -> %s:%u to destination %s:%u\n",
975 (protocol == IPPROTO_TCP) ? "TCP" : "UDP",
976 inet_ntop (af, source_ip, sbuf, sizeof (sbuf)),
978 inet_ntop (af, destination_ip, dbuf, sizeof (dbuf)),
980 inet_ntop (destination->details.exit_destination.af,
981 &destination->details.exit_destination.ip,
982 xbuf, sizeof (xbuf)),
988 /* make compiler happy */
991 char sbuf[INET6_ADDRSTRLEN];
992 char dbuf[INET6_ADDRSTRLEN];
994 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
995 "Routing %s packet from %s:%u -> %s:%u to service %s at peer %s\n",
996 (protocol == IPPROTO_TCP) ? "TCP" : "UDP",
997 inet_ntop (af, source_ip, sbuf, sizeof (sbuf)),
999 inet_ntop (af, destination_ip, dbuf, sizeof (dbuf)),
1001 GNUNET_h2s (&destination->details.service_destination.service_descriptor),
1002 GNUNET_i2s (&destination->details.service_destination.target));
1007 /* see if we have an existing tunnel for this destination */
1008 ts = GNUNET_CONTAINER_multihashmap_get (tunnel_map,
1012 /* need to either use the existing tunnel from the destination (if still
1013 available) or create a fresh one */
1014 is_new = GNUNET_YES;
1015 if (NULL == destination->ts)
1016 ts = create_tunnel_to_destination (destination, NULL, 0);
1018 ts = destination->ts;
1021 destination->ts = NULL;
1022 ts->destination_container = NULL; /* no longer 'contained' */
1023 /* now bind existing "unbound" tunnel to our IP/port tuple */
1024 ts->protocol = protocol;
1028 ts->source_ip.v4 = * (const struct in_addr *) source_ip;
1029 ts->destination_ip.v4 = * (const struct in_addr *) destination_ip;
1033 ts->source_ip.v6 = * (const struct in6_addr *) source_ip;
1034 ts->destination_ip.v6 = * (const struct in6_addr *) destination_ip;
1036 ts->source_port = spt;
1037 ts->destination_port = dpt;
1038 ts->heap_node = GNUNET_CONTAINER_heap_insert (tunnel_heap,
1040 GNUNET_TIME_absolute_get ().abs_value);
1041 GNUNET_assert (GNUNET_YES ==
1042 GNUNET_CONTAINER_multihashmap_put (tunnel_map,
1045 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
1046 GNUNET_STATISTICS_update (stats,
1047 gettext_noop ("# Active tunnels"),
1049 while (GNUNET_CONTAINER_multihashmap_size (tunnel_map) > max_tunnel_mappings)
1055 GNUNET_CONTAINER_heap_update_cost (tunnel_heap,
1057 GNUNET_TIME_absolute_get ().abs_value);
1059 GNUNET_assert (NULL != ts->tunnel);
1061 /* send via tunnel */
1065 if (destination->is_service)
1067 struct GNUNET_EXIT_UdpServiceMessage *usm;
1069 mlen = sizeof (struct GNUNET_EXIT_UdpServiceMessage) +
1070 payload_length - sizeof (struct GNUNET_TUN_UdpHeader);
1071 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1076 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) + mlen);
1079 usm = (struct GNUNET_EXIT_UdpServiceMessage *) &tnq[1];
1080 usm->header.size = htons ((uint16_t) mlen);
1081 usm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_UDP_TO_SERVICE);
1082 /* if the source port is below 32000, we assume it has a special
1083 meaning; if not, we pick a random port (this is a heuristic) */
1084 usm->source_port = (ntohs (udp->spt) < 32000) ? udp->spt : 0;
1085 usm->destination_port = udp->dpt;
1086 usm->service_descriptor = destination->details.service_destination.service_descriptor;
1089 payload_length - sizeof (struct GNUNET_TUN_UdpHeader));
1093 struct GNUNET_EXIT_UdpInternetMessage *uim;
1094 struct in_addr *ip4dst;
1095 struct in6_addr *ip6dst;
1098 mlen = sizeof (struct GNUNET_EXIT_UdpInternetMessage) +
1099 alen + payload_length - sizeof (struct GNUNET_TUN_UdpHeader);
1100 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1105 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) +
1109 uim = (struct GNUNET_EXIT_UdpInternetMessage *) &tnq[1];
1110 uim->header.size = htons ((uint16_t) mlen);
1111 uim->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_UDP_TO_INTERNET);
1112 uim->af = htonl (destination->details.exit_destination.af);
1113 uim->source_port = (ntohs (udp->spt) < 32000) ? udp->spt : 0;
1114 uim->destination_port = udp->dpt;
1115 switch (destination->details.exit_destination.af)
1118 ip4dst = (struct in_addr *) &uim[1];
1119 *ip4dst = destination->details.exit_destination.ip.v4;
1120 payload = &ip4dst[1];
1123 ip6dst = (struct in6_addr *) &uim[1];
1124 *ip6dst = destination->details.exit_destination.ip.v6;
1125 payload = &ip6dst[1];
1132 payload_length - sizeof (struct GNUNET_TUN_UdpHeader));
1138 if (destination->is_service)
1140 struct GNUNET_EXIT_TcpServiceStartMessage *tsm;
1142 mlen = sizeof (struct GNUNET_EXIT_TcpServiceStartMessage) +
1143 payload_length - sizeof (struct GNUNET_TUN_TcpHeader);
1144 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1149 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) + mlen);
1152 tsm = (struct GNUNET_EXIT_TcpServiceStartMessage *) &tnq[1];
1153 tsm->header.size = htons ((uint16_t) mlen);
1154 tsm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_TCP_TO_SERVICE_START);
1155 tsm->reserved = htonl (0);
1156 tsm->service_descriptor = destination->details.service_destination.service_descriptor;
1157 tsm->tcp_header = *tcp;
1160 payload_length - sizeof (struct GNUNET_TUN_TcpHeader));
1164 struct GNUNET_EXIT_TcpInternetStartMessage *tim;
1165 struct in_addr *ip4dst;
1166 struct in6_addr *ip6dst;
1169 mlen = sizeof (struct GNUNET_EXIT_TcpInternetStartMessage) +
1170 alen + payload_length - sizeof (struct GNUNET_TUN_TcpHeader);
1171 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1176 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) + mlen);
1179 tim = (struct GNUNET_EXIT_TcpInternetStartMessage *) &tnq[1];
1180 tim->header.size = htons ((uint16_t) mlen);
1181 tim->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_TCP_TO_INTERNET_START);
1182 tim->af = htonl (destination->details.exit_destination.af);
1183 tim->tcp_header = *tcp;
1184 switch (destination->details.exit_destination.af)
1187 ip4dst = (struct in_addr *) &tim[1];
1188 *ip4dst = destination->details.exit_destination.ip.v4;
1189 payload = &ip4dst[1];
1192 ip6dst = (struct in6_addr *) &tim[1];
1193 *ip6dst = destination->details.exit_destination.ip.v6;
1194 payload = &ip6dst[1];
1201 payload_length - sizeof (struct GNUNET_TUN_TcpHeader));
1206 struct GNUNET_EXIT_TcpDataMessage *tdm;
1208 mlen = sizeof (struct GNUNET_EXIT_TcpDataMessage) +
1209 payload_length - sizeof (struct GNUNET_TUN_TcpHeader);
1210 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1215 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) + mlen);
1218 tdm = (struct GNUNET_EXIT_TcpDataMessage *) &tnq[1];
1219 tdm->header.size = htons ((uint16_t) mlen);
1220 tdm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_EXIT);
1221 tdm->reserved = htonl (0);
1222 tdm->tcp_header = *tcp;
1225 payload_length - sizeof (struct GNUNET_TUN_TcpHeader));
1229 if (destination->is_service)
1231 struct GNUNET_EXIT_IcmpServiceMessage *ism;
1233 mlen = sizeof (struct GNUNET_EXIT_IcmpServiceMessage) +
1234 payload_length - sizeof (struct GNUNET_TUN_IcmpHeader);
1235 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1240 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) + mlen);
1243 ism = (struct GNUNET_EXIT_IcmpServiceMessage *) &tnq[1];
1244 ism->header.size = htons ((uint16_t) mlen);
1245 ism->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_SERVICE);
1246 ism->af = htonl (af); /* need to tell destination ICMP protocol family! */
1247 ism->service_descriptor = destination->details.service_destination.service_descriptor;
1248 ism->icmp_header = *icmp;
1251 payload_length - sizeof (struct GNUNET_TUN_IcmpHeader));
1255 struct GNUNET_EXIT_IcmpInternetMessage *iim;
1256 struct in_addr *ip4dst;
1257 struct in6_addr *ip6dst;
1260 mlen = sizeof (struct GNUNET_EXIT_IcmpInternetMessage) +
1261 alen + payload_length - sizeof (struct GNUNET_TUN_IcmpHeader);
1262 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1267 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) +
1271 iim = (struct GNUNET_EXIT_IcmpInternetMessage *) &tnq[1];
1272 iim->header.size = htons ((uint16_t) mlen);
1273 iim->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_INTERNET);
1274 iim->af = htonl (af); /* need to tell destination ICMP protocol family! */
1275 iim->icmp_header = *icmp;
1276 if (af != destination->details.exit_destination.af)
1278 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1279 _("AF-translation for ICMP not implemented\n"));
1282 switch (destination->details.exit_destination.af)
1285 ip4dst = (struct in_addr *) &iim[1];
1286 *ip4dst = destination->details.exit_destination.ip.v4;
1287 payload = &ip4dst[1];
1290 ip6dst = (struct in6_addr *) &iim[1];
1291 *ip6dst = destination->details.exit_destination.ip.v6;
1292 payload = &ip6dst[1];
1299 payload_length - sizeof (struct GNUNET_TUN_IcmpHeader));
1303 /* not supported above, how can we get here !? */
1307 send_to_tunnel (tnq, ts);
1312 * Receive packets from the helper-process (someone send to the local
1313 * virtual tunnel interface). Find the destination mapping, and if it
1314 * exists, identify the correct MESH tunnel (or possibly create it)
1315 * and forward the packet.
1317 * @param cls closure, NULL
1318 * @param client NULL
1319 * @param message message we got from the client (VPN tunnel interface)
1322 message_token (void *cls GNUNET_UNUSED, void *client GNUNET_UNUSED,
1323 const struct GNUNET_MessageHeader *message)
1325 const struct GNUNET_TUN_Layer2PacketHeader *tun;
1327 GNUNET_HashCode key;
1328 struct DestinationEntry *de;
1330 GNUNET_STATISTICS_update (stats,
1331 gettext_noop ("# Packets received from TUN interface"),
1333 mlen = ntohs (message->size);
1334 if ( (ntohs (message->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER) ||
1335 (mlen < sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader)) )
1340 tun = (const struct GNUNET_TUN_Layer2PacketHeader *) &message[1];
1341 mlen -= (sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader));
1342 switch (ntohs (tun->proto))
1346 const struct GNUNET_TUN_IPv6Header *pkt6;
1348 if (mlen < sizeof (struct GNUNET_TUN_IPv6Header))
1354 pkt6 = (const struct GNUNET_TUN_IPv6Header *) &tun[1];
1355 get_destination_key_from_ip (AF_INET6,
1356 &pkt6->destination_address,
1358 de = GNUNET_CONTAINER_multihashmap_get (destination_map, &key);
1359 /* FIXME: do we need to guard against hash collision?
1360 (if so, we need to also store the local destination IP in the
1361 destination entry and then compare here; however, the risk
1362 of collision seems minimal AND the impact is unlikely to be
1363 super-problematic as well... */
1366 char buf[INET6_ADDRSTRLEN];
1368 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1369 _("Packet received for unmapped destination `%s' (dropping it)\n"),
1370 inet_ntop (AF_INET6,
1371 &pkt6->destination_address,
1379 &pkt6->source_address,
1380 &pkt6->destination_address,
1382 mlen - sizeof (struct GNUNET_TUN_IPv6Header));
1387 struct GNUNET_TUN_IPv4Header *pkt4;
1389 if (mlen < sizeof (struct GNUNET_TUN_IPv4Header))
1395 pkt4 = (struct GNUNET_TUN_IPv4Header *) &tun[1];
1396 get_destination_key_from_ip (AF_INET,
1397 &pkt4->destination_address,
1399 de = GNUNET_CONTAINER_multihashmap_get (destination_map, &key);
1400 /* FIXME: do we need to guard against hash collision?
1401 (if so, we need to also store the local destination IP in the
1402 destination entry and then compare here; however, the risk
1403 of collision seems minimal AND the impact is unlikely to be
1404 super-problematic as well... */
1407 char buf[INET_ADDRSTRLEN];
1409 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1410 _("Packet received for unmapped destination `%s' (dropping it)\n"),
1412 &pkt4->destination_address,
1417 if (pkt4->header_length * 4 != sizeof (struct GNUNET_TUN_IPv4Header))
1419 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1420 _("Received IPv4 packet with options (dropping it)\n"));
1426 &pkt4->source_address,
1427 &pkt4->destination_address,
1429 mlen - sizeof (struct GNUNET_TUN_IPv4Header));
1433 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1434 _("Received packet of unknown protocol %d from TUN (dropping it)\n"),
1435 (unsigned int) ntohs (tun->proto));
1442 * We got an ICMP packet back from the MESH tunnel. Pass it on to the
1443 * local virtual interface via the helper.
1445 * @param cls closure, NULL
1446 * @param tunnel connection to the other end
1447 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1448 * @param sender who sent the message
1449 * @param message the actual message
1450 * @param atsi performance data for the connection
1451 * @return GNUNET_OK to keep the connection open,
1452 * GNUNET_SYSERR to close it (signal serious error)
1455 receive_icmp_back (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1456 void **tunnel_ctx, const struct GNUNET_PeerIdentity *sender,
1457 const struct GNUNET_MessageHeader *message,
1458 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1460 struct TunnelState *ts = *tunnel_ctx;
1461 const struct GNUNET_EXIT_IcmpToVPNMessage *i2v;
1464 GNUNET_STATISTICS_update (stats,
1465 gettext_noop ("# ICMP packets received from mesh"),
1467 mlen = ntohs (message->size);
1468 if (mlen < sizeof (struct GNUNET_EXIT_IcmpToVPNMessage))
1470 GNUNET_break_op (0);
1471 return GNUNET_SYSERR;
1473 if (NULL == ts->heap_node)
1475 GNUNET_break_op (0);
1476 return GNUNET_SYSERR;
1478 if (AF_UNSPEC == ts->af)
1480 GNUNET_break_op (0);
1481 return GNUNET_SYSERR;
1483 i2v = (const struct GNUNET_EXIT_IcmpToVPNMessage *) message;
1484 mlen -= sizeof (struct GNUNET_EXIT_IcmpToVPNMessage);
1486 char sbuf[INET6_ADDRSTRLEN];
1487 char dbuf[INET6_ADDRSTRLEN];
1489 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1490 "Received ICMP packet from mesh, sending %u bytes from %s -> %s via TUN\n",
1491 (unsigned int) mlen,
1492 inet_ntop (ts->af, &ts->destination_ip, sbuf, sizeof (sbuf)),
1493 inet_ntop (ts->af, &ts->source_ip, dbuf, sizeof (dbuf)));
1499 size_t size = sizeof (struct GNUNET_TUN_IPv4Header)
1500 + sizeof (struct GNUNET_TUN_IcmpHeader)
1501 + sizeof (struct GNUNET_MessageHeader) +
1502 sizeof (struct GNUNET_TUN_Layer2PacketHeader) +
1506 struct GNUNET_MessageHeader *msg = (struct GNUNET_MessageHeader *) buf;
1507 struct GNUNET_TUN_Layer2PacketHeader *tun = (struct GNUNET_TUN_Layer2PacketHeader*) &msg[1];
1508 struct GNUNET_TUN_IPv4Header *ipv4 = (struct GNUNET_TUN_IPv4Header *) &tun[1];
1509 struct GNUNET_TUN_IcmpHeader *icmp = (struct GNUNET_TUN_IcmpHeader *) &ipv4[1];
1510 msg->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1511 msg->size = htons (size);
1512 tun->flags = htons (0);
1513 tun->proto = htons (ETH_P_IPV4);
1514 GNUNET_TUN_initialize_ipv4_header (ipv4,
1516 sizeof (struct GNUNET_TUN_IcmpHeader) + mlen,
1517 &ts->destination_ip.v4,
1519 *icmp = i2v->icmp_header;
1523 /* FIXME: for some ICMP types, we need to adjust the payload here... */
1524 GNUNET_TUN_calculate_icmp_checksum (icmp,
1527 (void) GNUNET_HELPER_send (helper_handle,
1536 size_t size = sizeof (struct GNUNET_TUN_IPv6Header)
1537 + sizeof (struct GNUNET_TUN_IcmpHeader)
1538 + sizeof (struct GNUNET_MessageHeader) +
1539 sizeof (struct GNUNET_TUN_Layer2PacketHeader) +
1543 struct GNUNET_MessageHeader *msg = (struct GNUNET_MessageHeader *) buf;
1544 struct GNUNET_TUN_Layer2PacketHeader *tun = (struct GNUNET_TUN_Layer2PacketHeader*) &msg[1];
1545 struct GNUNET_TUN_IPv6Header *ipv6 = (struct GNUNET_TUN_IPv6Header *) &tun[1];
1546 struct GNUNET_TUN_IcmpHeader *icmp = (struct GNUNET_TUN_IcmpHeader *) &ipv6[1];
1547 msg->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1548 msg->size = htons (size);
1549 tun->flags = htons (0);
1550 tun->proto = htons (ETH_P_IPV6);
1551 GNUNET_TUN_initialize_ipv6_header (ipv6,
1553 sizeof (struct GNUNET_TUN_IcmpHeader) + mlen,
1554 &ts->destination_ip.v6,
1556 *icmp = i2v->icmp_header;
1560 /* FIXME: for some ICMP types, we need to adjust the payload here... */
1561 GNUNET_TUN_calculate_icmp_checksum (icmp,
1563 (void) GNUNET_HELPER_send (helper_handle,
1573 GNUNET_CONTAINER_heap_update_cost (tunnel_heap,
1575 GNUNET_TIME_absolute_get ().abs_value);
1581 * We got a UDP packet back from the MESH tunnel. Pass it on to the
1582 * local virtual interface via the helper.
1584 * @param cls closure, NULL
1585 * @param tunnel connection to the other end
1586 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1587 * @param sender who sent the message
1588 * @param message the actual message
1589 * @param atsi performance data for the connection
1590 * @return GNUNET_OK to keep the connection open,
1591 * GNUNET_SYSERR to close it (signal serious error)
1594 receive_udp_back (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1595 void **tunnel_ctx, const struct GNUNET_PeerIdentity *sender,
1596 const struct GNUNET_MessageHeader *message,
1597 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1599 struct TunnelState *ts = *tunnel_ctx;
1600 const struct GNUNET_EXIT_UdpReplyMessage *reply;
1603 GNUNET_STATISTICS_update (stats,
1604 gettext_noop ("# UDP packets received from mesh"),
1606 mlen = ntohs (message->size);
1607 if (mlen < sizeof (struct GNUNET_EXIT_UdpReplyMessage))
1609 GNUNET_break_op (0);
1610 return GNUNET_SYSERR;
1612 if (NULL == ts->heap_node)
1614 GNUNET_break_op (0);
1615 return GNUNET_SYSERR;
1617 if (AF_UNSPEC == ts->af)
1619 GNUNET_break_op (0);
1620 return GNUNET_SYSERR;
1622 reply = (const struct GNUNET_EXIT_UdpReplyMessage *) message;
1623 mlen -= sizeof (struct GNUNET_EXIT_UdpReplyMessage);
1625 char sbuf[INET6_ADDRSTRLEN];
1626 char dbuf[INET6_ADDRSTRLEN];
1628 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1629 "Received UDP reply from mesh, sending %u bytes from %s:%u -> %s:%u via TUN\n",
1630 (unsigned int) mlen,
1631 inet_ntop (ts->af, &ts->destination_ip, sbuf, sizeof (sbuf)),
1632 ts->destination_port,
1633 inet_ntop (ts->af, &ts->source_ip, dbuf, sizeof (dbuf)),
1640 size_t size = sizeof (struct GNUNET_TUN_IPv4Header)
1641 + sizeof (struct GNUNET_TUN_UdpHeader)
1642 + sizeof (struct GNUNET_MessageHeader) +
1643 sizeof (struct GNUNET_TUN_Layer2PacketHeader) +
1647 struct GNUNET_MessageHeader *msg = (struct GNUNET_MessageHeader *) buf;
1648 struct GNUNET_TUN_Layer2PacketHeader *tun = (struct GNUNET_TUN_Layer2PacketHeader*) &msg[1];
1649 struct GNUNET_TUN_IPv4Header *ipv4 = (struct GNUNET_TUN_IPv4Header *) &tun[1];
1650 struct GNUNET_TUN_UdpHeader *udp = (struct GNUNET_TUN_UdpHeader *) &ipv4[1];
1651 msg->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1652 msg->size = htons (size);
1653 tun->flags = htons (0);
1654 tun->proto = htons (ETH_P_IPV4);
1655 GNUNET_TUN_initialize_ipv4_header (ipv4,
1657 sizeof (struct GNUNET_TUN_UdpHeader) + mlen,
1658 &ts->destination_ip.v4,
1660 if (0 == ntohs (reply->source_port))
1661 udp->spt = htons (ts->destination_port);
1663 udp->spt = reply->source_port;
1664 if (0 == ntohs (reply->destination_port))
1665 udp->dpt = htons (ts->source_port);
1667 udp->dpt = reply->destination_port;
1668 udp->len = htons (mlen + sizeof (struct GNUNET_TUN_UdpHeader));
1669 GNUNET_TUN_calculate_udp4_checksum (ipv4,
1676 (void) GNUNET_HELPER_send (helper_handle,
1685 size_t size = sizeof (struct GNUNET_TUN_IPv6Header)
1686 + sizeof (struct GNUNET_TUN_UdpHeader)
1687 + sizeof (struct GNUNET_MessageHeader) +
1688 sizeof (struct GNUNET_TUN_Layer2PacketHeader) +
1692 struct GNUNET_MessageHeader *msg = (struct GNUNET_MessageHeader *) buf;
1693 struct GNUNET_TUN_Layer2PacketHeader *tun = (struct GNUNET_TUN_Layer2PacketHeader*) &msg[1];
1694 struct GNUNET_TUN_IPv6Header *ipv6 = (struct GNUNET_TUN_IPv6Header *) &tun[1];
1695 struct GNUNET_TUN_UdpHeader *udp = (struct GNUNET_TUN_UdpHeader *) &ipv6[1];
1696 msg->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1697 msg->size = htons (size);
1698 tun->flags = htons (0);
1699 tun->proto = htons (ETH_P_IPV6);
1700 GNUNET_TUN_initialize_ipv6_header (ipv6,
1702 sizeof (struct GNUNET_TUN_UdpHeader) + mlen,
1703 &ts->destination_ip.v6,
1705 if (0 == ntohs (reply->source_port))
1706 udp->spt = htons (ts->destination_port);
1708 udp->spt = reply->source_port;
1709 if (0 == ntohs (reply->destination_port))
1710 udp->dpt = htons (ts->source_port);
1712 udp->dpt = reply->destination_port;
1713 udp->len = htons (mlen + sizeof (struct GNUNET_TUN_UdpHeader));
1714 GNUNET_TUN_calculate_udp6_checksum (ipv6,
1720 (void) GNUNET_HELPER_send (helper_handle,
1730 GNUNET_CONTAINER_heap_update_cost (tunnel_heap,
1732 GNUNET_TIME_absolute_get ().abs_value);
1738 * We got a TCP packet back from the MESH tunnel. Pass it on to the
1739 * local virtual interface via the helper.
1741 * @param cls closure, NULL
1742 * @param tunnel connection to the other end
1743 * @param tunnel_ctx pointer to our 'struct TunnelState *'
1744 * @param sender who sent the message
1745 * @param message the actual message
1746 * @param atsi performance data for the connection
1747 * @return GNUNET_OK to keep the connection open,
1748 * GNUNET_SYSERR to close it (signal serious error)
1751 receive_tcp_back (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
1753 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
1754 const struct GNUNET_MessageHeader *message,
1755 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
1757 struct TunnelState *ts = *tunnel_ctx;
1758 const struct GNUNET_EXIT_TcpDataMessage *data;
1761 GNUNET_STATISTICS_update (stats,
1762 gettext_noop ("# TCP packets received from mesh"),
1764 mlen = ntohs (message->size);
1765 if (mlen < sizeof (struct GNUNET_EXIT_TcpDataMessage))
1767 GNUNET_break_op (0);
1768 return GNUNET_SYSERR;
1770 if (NULL == ts->heap_node)
1772 GNUNET_break_op (0);
1773 return GNUNET_SYSERR;
1775 data = (const struct GNUNET_EXIT_TcpDataMessage *) message;
1776 mlen -= sizeof (struct GNUNET_EXIT_TcpDataMessage);
1778 char sbuf[INET6_ADDRSTRLEN];
1779 char dbuf[INET6_ADDRSTRLEN];
1781 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1782 "Received TCP reply from mesh, sending %u bytes from %s:%u -> %s:%u via TUN\n",
1783 (unsigned int) mlen,
1784 inet_ntop (ts->af, &ts->destination_ip, sbuf, sizeof (sbuf)),
1785 ts->destination_port,
1786 inet_ntop (ts->af, &ts->source_ip, dbuf, sizeof (dbuf)),
1793 size_t size = sizeof (struct GNUNET_TUN_IPv4Header)
1794 + sizeof (struct GNUNET_TUN_TcpHeader)
1795 + sizeof (struct GNUNET_MessageHeader) +
1796 sizeof (struct GNUNET_TUN_Layer2PacketHeader) +
1800 struct GNUNET_MessageHeader *msg = (struct GNUNET_MessageHeader *) buf;
1801 struct GNUNET_TUN_Layer2PacketHeader *tun = (struct GNUNET_TUN_Layer2PacketHeader*) &msg[1];
1802 struct GNUNET_TUN_IPv4Header *ipv4 = (struct GNUNET_TUN_IPv4Header *) &tun[1];
1803 struct GNUNET_TUN_TcpHeader *tcp = (struct GNUNET_TUN_TcpHeader *) &ipv4[1];
1804 msg->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1805 msg->size = htons (size);
1806 tun->flags = htons (0);
1807 tun->proto = htons (ETH_P_IPV4);
1808 GNUNET_TUN_initialize_ipv4_header (ipv4,
1810 sizeof (struct GNUNET_TUN_TcpHeader) + mlen,
1811 &ts->destination_ip.v4,
1813 *tcp = data->tcp_header;
1814 tcp->spt = htons (ts->destination_port);
1815 tcp->dpt = htons (ts->source_port);
1816 GNUNET_TUN_calculate_tcp4_checksum (ipv4,
1823 (void) GNUNET_HELPER_send (helper_handle,
1832 size_t size = sizeof (struct GNUNET_TUN_IPv6Header)
1833 + sizeof (struct GNUNET_TUN_TcpHeader)
1834 + sizeof (struct GNUNET_MessageHeader) +
1835 sizeof (struct GNUNET_TUN_Layer2PacketHeader) +
1839 struct GNUNET_MessageHeader *msg = (struct GNUNET_MessageHeader *) buf;
1840 struct GNUNET_TUN_Layer2PacketHeader *tun = (struct GNUNET_TUN_Layer2PacketHeader*) &msg[1];
1841 struct GNUNET_TUN_IPv6Header *ipv6 = (struct GNUNET_TUN_IPv6Header *) &tun[1];
1842 struct GNUNET_TUN_TcpHeader *tcp = (struct GNUNET_TUN_TcpHeader *) &ipv6[1];
1843 msg->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1844 msg->size = htons (size);
1845 tun->flags = htons (0);
1846 tun->proto = htons (ETH_P_IPV6);
1847 GNUNET_TUN_initialize_ipv6_header (ipv6,
1849 sizeof (struct GNUNET_TUN_TcpHeader) + mlen,
1850 &ts->destination_ip.v6,
1852 tcp->spt = htons (ts->destination_port);
1853 tcp->dpt = htons (ts->source_port);
1854 GNUNET_TUN_calculate_tcp6_checksum (ipv6,
1858 (void) GNUNET_HELPER_send (helper_handle,
1866 GNUNET_CONTAINER_heap_update_cost (tunnel_heap,
1868 GNUNET_TIME_absolute_get ().abs_value);
1874 * Allocate an IPv4 address from the range of the tunnel
1875 * for a new redirection.
1877 * @param v4 where to store the address
1878 * @return GNUNET_OK on success,
1879 * GNUNET_SYSERR on error
1882 allocate_v4_address (struct in_addr *v4)
1884 const char *ipv4addr = vpn_argv[4];
1885 const char *ipv4mask = vpn_argv[5];
1886 struct in_addr addr;
1887 struct in_addr mask;
1889 GNUNET_HashCode key;
1892 GNUNET_assert (1 == inet_pton (AF_INET, ipv4addr, &addr));
1893 GNUNET_assert (1 == inet_pton (AF_INET, ipv4mask, &mask));
1894 /* Given 192.168.0.1/255.255.0.0, we want a mask
1895 of '192.168.255.255', thus: */
1896 mask.s_addr = addr.s_addr | ~mask.s_addr;
1903 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1904 _("Failed to find unallocated IPv4 address in VPN's range\n"));
1905 return GNUNET_SYSERR;
1907 /* Pick random IPv4 address within the subnet, except 'addr' or 'mask' itself */
1908 rnd.s_addr = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1910 v4->s_addr = (addr.s_addr | rnd.s_addr) & mask.s_addr;
1911 get_destination_key_from_ip (AF_INET,
1915 while ( (GNUNET_YES ==
1916 GNUNET_CONTAINER_multihashmap_contains (destination_map,
1918 (v4->s_addr == addr.s_addr) ||
1919 (v4->s_addr == mask.s_addr) );
1925 * Allocate an IPv6 address from the range of the tunnel
1926 * for a new redirection.
1928 * @param v6 where to store the address
1929 * @return GNUNET_OK on success,
1930 * GNUNET_SYSERR on error
1933 allocate_v6_address (struct in6_addr *v6)
1935 const char *ipv6addr = vpn_argv[2];
1936 struct in6_addr addr;
1937 struct in6_addr mask;
1938 struct in6_addr rnd;
1940 GNUNET_HashCode key;
1943 GNUNET_assert (1 == inet_pton (AF_INET6, ipv6addr, &addr));
1944 GNUNET_assert (ipv6prefix < 128);
1945 /* Given ABCD::/96, we want a mask of 'ABCD::FFFF:FFFF,
1948 for (i=127;i>=128-ipv6prefix;i--)
1949 mask.s6_addr[i / 8] |= (1 << (i % 8));
1951 /* Pick random IPv6 address within the subnet, except 'addr' or 'mask' itself */
1958 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1959 _("Failed to find unallocated IPv6 address in VPN's range\n"));
1960 return GNUNET_SYSERR;
1965 rnd.s6_addr[i] = (unsigned char) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1968 = (addr.s6_addr[i] | rnd.s6_addr[i]) & mask.s6_addr[i];
1970 get_destination_key_from_ip (AF_INET6,
1974 while ( (GNUNET_YES ==
1975 GNUNET_CONTAINER_multihashmap_contains (destination_map,
1979 sizeof (struct in6_addr))) ||
1982 sizeof (struct in6_addr))) );
1988 * Free resources occupied by a destination entry.
1990 * @param de entry to free
1993 free_destination_entry (struct DestinationEntry *de)
1995 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1996 "Cleaning up destination entry\n");
1997 GNUNET_STATISTICS_update (stats,
1998 gettext_noop ("# Active destinations"),
2002 free_tunnel_state (de->ts);
2003 GNUNET_assert (NULL == de->ts);
2005 if (NULL != de->heap_node)
2007 GNUNET_CONTAINER_heap_remove_node (de->heap_node);
2008 de->heap_node = NULL;
2009 GNUNET_assert (GNUNET_YES ==
2010 GNUNET_CONTAINER_multihashmap_remove (destination_map,
2019 * We have too many active destinations. Clean up the oldest destination.
2021 * @param except destination that must NOT be cleaned up, even if it is the oldest
2024 expire_destination (struct DestinationEntry *except)
2026 struct DestinationEntry *de;
2028 de = GNUNET_CONTAINER_heap_peek (destination_heap);
2030 return; /* can't do this */
2031 free_destination_entry (de);
2036 * A client asks us to setup a redirection via some exit
2037 * node to a particular IP. Setup the redirection and
2038 * give the client the allocated IP.
2041 * @param client requesting client
2042 * @param message redirection request (a 'struct RedirectToIpRequestMessage')
2045 service_redirect_to_ip (void *cls GNUNET_UNUSED, struct GNUNET_SERVER_Client *client,
2046 const struct GNUNET_MessageHeader *message)
2050 const struct RedirectToIpRequestMessage *msg;
2056 struct DestinationEntry *de;
2057 GNUNET_HashCode key;
2059 /* validate and parse request */
2060 mlen = ntohs (message->size);
2061 if (mlen < sizeof (struct RedirectToIpRequestMessage))
2064 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
2067 alen = mlen - sizeof (struct RedirectToIpRequestMessage);
2068 msg = (const struct RedirectToIpRequestMessage *) message;
2069 addr_af = (int) htonl (msg->addr_af);
2073 if (alen != sizeof (struct in_addr))
2076 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
2081 if (alen != sizeof (struct in6_addr))
2084 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
2090 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
2094 /* allocate response IP */
2096 result_af = (int) htonl (msg->result_af);
2101 allocate_v4_address (&v4))
2102 result_af = AF_UNSPEC;
2108 allocate_v6_address (&v6))
2109 result_af = AF_UNSPEC;
2115 allocate_v4_address (&v4))
2118 result_af = AF_INET;
2120 else if (GNUNET_OK ==
2121 allocate_v6_address (&v6))
2124 result_af = AF_INET6;
2129 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
2132 if ( (result_af == AF_UNSPEC) ||
2133 (GNUNET_NO == ntohl (msg->nac)) )
2135 /* send reply "instantly" */
2136 send_client_reply (client,
2141 if (result_af == AF_UNSPEC)
2143 /* failure, we're done */
2144 GNUNET_SERVER_receive_done (client, GNUNET_OK);
2149 char sbuf[INET6_ADDRSTRLEN];
2150 char dbuf[INET6_ADDRSTRLEN];
2152 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2153 "Allocated address %s for redirection via exit to %s\n",
2154 inet_ntop (result_af, addr, sbuf, sizeof (sbuf)),
2156 &msg[1], dbuf, sizeof (dbuf)));
2159 /* setup destination record */
2160 de = GNUNET_malloc (sizeof (struct DestinationEntry));
2161 de->is_service = GNUNET_NO;
2162 de->details.exit_destination.af = addr_af;
2163 memcpy (&de->details.exit_destination.ip,
2166 get_destination_key_from_ip (result_af,
2170 GNUNET_assert (GNUNET_OK ==
2171 GNUNET_CONTAINER_multihashmap_put (destination_map,
2174 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE));
2175 de->heap_node = GNUNET_CONTAINER_heap_insert (destination_heap,
2177 GNUNET_TIME_absolute_ntoh (msg->expiration_time).abs_value);
2178 GNUNET_STATISTICS_update (stats,
2179 gettext_noop ("# Active destinations"),
2181 while (GNUNET_CONTAINER_multihashmap_size (destination_map) > max_destination_mappings)
2182 expire_destination (de);
2184 /* setup tunnel to destination */
2185 (void) create_tunnel_to_destination (de,
2186 (GNUNET_NO == ntohl (msg->nac)) ? NULL : client,
2189 GNUNET_SERVER_receive_done (client, GNUNET_OK);
2194 * A client asks us to setup a redirection to a particular peer
2195 * offering a service. Setup the redirection and give the client the
2199 * @param client requesting client
2200 * @param message redirection request (a 'struct RedirectToPeerRequestMessage')
2203 service_redirect_to_service (void *cls GNUNET_UNUSED, struct GNUNET_SERVER_Client *client,
2204 const struct GNUNET_MessageHeader *message)
2206 const struct RedirectToServiceRequestMessage *msg;
2211 struct DestinationEntry *de;
2212 GNUNET_HashCode key;
2215 msg = (const struct RedirectToServiceRequestMessage *) message;
2217 /* allocate response IP */
2219 result_af = (int) htonl (msg->result_af);
2224 allocate_v4_address (&v4))
2225 result_af = AF_UNSPEC;
2231 allocate_v6_address (&v6))
2232 result_af = AF_UNSPEC;
2238 allocate_v4_address (&v4))
2241 result_af = AF_INET;
2243 else if (GNUNET_OK ==
2244 allocate_v6_address (&v6))
2247 result_af = AF_INET6;
2252 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
2255 if ( (result_af == AF_UNSPEC) ||
2256 (GNUNET_NO == ntohl (msg->nac)) )
2258 /* send reply "instantly" */
2259 send_client_reply (client,
2264 if (result_af == AF_UNSPEC)
2266 /* failure, we're done */
2267 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2268 _("Failed to allocate IP address for new destination\n"));
2269 GNUNET_SERVER_receive_done (client, GNUNET_OK);
2274 char sbuf[INET6_ADDRSTRLEN];
2276 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2277 "Allocated address %s for redirection to service %s on peer %s\n",
2278 inet_ntop (result_af, addr, sbuf, sizeof (sbuf)),
2279 GNUNET_h2s (&msg->service_descriptor),
2280 GNUNET_i2s (&msg->target));
2283 /* setup destination record */
2284 de = GNUNET_malloc (sizeof (struct DestinationEntry));
2285 de->is_service = GNUNET_YES;
2286 de->details.service_destination.service_descriptor = msg->service_descriptor;
2287 de->details.service_destination.target = msg->target;
2288 get_destination_key_from_ip (result_af,
2292 GNUNET_assert (GNUNET_OK ==
2293 GNUNET_CONTAINER_multihashmap_put (destination_map,
2296 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE));
2297 de->heap_node = GNUNET_CONTAINER_heap_insert (destination_heap,
2299 GNUNET_TIME_absolute_ntoh (msg->expiration_time).abs_value);
2300 while (GNUNET_CONTAINER_multihashmap_size (destination_map) > max_destination_mappings)
2301 expire_destination (de);
2302 (void) create_tunnel_to_destination (de,
2303 (GNUNET_NO == ntohl (msg->nac)) ? NULL : client,
2306 GNUNET_SERVER_receive_done (client, GNUNET_OK);
2312 * Function called for inbound tunnels. As we don't offer
2313 * any mesh services, this function should never be called.
2315 * @param cls closure
2316 * @param tunnel new handle to the tunnel
2317 * @param initiator peer that started the tunnel
2318 * @param atsi performance information for the tunnel
2319 * @return initial tunnel context for the tunnel
2320 * (can be NULL -- that's not an error)
2323 inbound_tunnel_cb (void *cls, struct GNUNET_MESH_Tunnel *tunnel,
2324 const struct GNUNET_PeerIdentity *initiator,
2325 const struct GNUNET_ATS_Information *atsi)
2327 /* How can and why should anyone open an inbound tunnel to vpn? */
2334 * Function called whenever an inbound tunnel is destroyed. Should clean up
2335 * any associated state.
2337 * @param cls closure (set from GNUNET_MESH_connect)
2338 * @param tunnel connection to the other end (henceforth invalid)
2339 * @param tunnel_ctx place where local state associated
2340 * with the tunnel is stored (our 'struct TunnelState')
2343 tunnel_cleaner (void *cls, const struct GNUNET_MESH_Tunnel *tunnel, void *tunnel_ctx)
2345 /* we don't have inbound tunnels, so this function should never be called */
2351 * Free memory occupied by an entry in the destination map.
2355 * @param value a 'struct DestinationEntry *'
2356 * @return GNUNET_OK (continue to iterate)
2359 cleanup_destination (void *cls,
2360 const GNUNET_HashCode *key,
2363 struct DestinationEntry *de = value;
2365 free_destination_entry (de);
2371 * Free memory occupied by an entry in the tunnel map.
2375 * @param value a 'struct TunnelState *'
2376 * @return GNUNET_OK (continue to iterate)
2379 cleanup_tunnel (void *cls,
2380 const GNUNET_HashCode *key,
2383 struct TunnelState *ts = value;
2385 free_tunnel_state (ts);
2391 * Function scheduled as very last function, cleans up after us
2397 cleanup (void *cls GNUNET_UNUSED,
2398 const struct GNUNET_SCHEDULER_TaskContext *tc)
2402 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2403 "VPN is shutting down\n");
2404 if (NULL != destination_map)
2406 GNUNET_CONTAINER_multihashmap_iterate (destination_map,
2407 &cleanup_destination,
2409 GNUNET_CONTAINER_multihashmap_destroy (destination_map);
2410 destination_map = NULL;
2412 if (NULL != destination_heap)
2414 GNUNET_CONTAINER_heap_destroy (destination_heap);
2415 destination_heap = NULL;
2417 if (NULL != tunnel_map)
2419 GNUNET_CONTAINER_multihashmap_iterate (tunnel_map,
2422 GNUNET_CONTAINER_multihashmap_destroy (tunnel_map);
2425 if (NULL != tunnel_heap)
2427 GNUNET_CONTAINER_heap_destroy (tunnel_heap);
2430 if (NULL != mesh_handle)
2432 GNUNET_MESH_disconnect (mesh_handle);
2435 if (NULL != helper_handle)
2437 GNUNET_HELPER_stop (helper_handle);
2438 helper_handle = NULL;
2442 GNUNET_SERVER_notification_context_destroy (nc);
2447 GNUNET_STATISTICS_destroy (stats, GNUNET_YES);
2451 GNUNET_free_non_null (vpn_argv[i]);
2456 * A client disconnected, clean up all references to it.
2458 * @param cls the client that disconnected
2460 * @param value a 'struct TunnelState *'
2461 * @return GNUNET_OK (continue to iterate)
2464 cleanup_tunnel_client (void *cls,
2465 const GNUNET_HashCode *key,
2468 struct GNUNET_SERVER_Client *client = cls;
2469 struct TunnelState *ts = value;
2471 if (client == ts->client)
2473 GNUNET_SERVER_client_drop (ts->client);
2481 * A client disconnected, clean up all references to it.
2483 * @param cls the client that disconnected
2485 * @param value a 'struct DestinationEntry *'
2486 * @return GNUNET_OK (continue to iterate)
2489 cleanup_destination_client (void *cls,
2490 const GNUNET_HashCode *key,
2493 struct GNUNET_SERVER_Client *client = cls;
2494 struct DestinationEntry *de = value;
2495 struct TunnelState *ts;
2497 if (NULL == (ts = de->ts))
2499 if (client == ts->client)
2501 GNUNET_SERVER_client_drop (ts->client);
2509 * A client has disconnected from us. If we are currently building
2510 * a tunnel for it, cancel the operation.
2513 * @param client handle to the client that disconnected
2516 client_disconnect (void *cls, struct GNUNET_SERVER_Client *client)
2518 if (NULL != tunnel_map)
2519 GNUNET_CONTAINER_multihashmap_iterate (tunnel_map,
2520 &cleanup_tunnel_client,
2522 if (NULL != destination_map)
2523 GNUNET_CONTAINER_multihashmap_iterate (destination_map,
2524 &cleanup_destination_client,
2530 * Main function that will be run by the scheduler.
2532 * @param cls closure
2533 * @param server the initialized server
2534 * @param cfg_ configuration
2538 struct GNUNET_SERVER_Handle *server,
2539 const struct GNUNET_CONFIGURATION_Handle *cfg_)
2541 static const struct GNUNET_SERVER_MessageHandler service_handlers[] = {
2542 /* callback, cls, type, size */
2543 { &service_redirect_to_ip, NULL, GNUNET_MESSAGE_TYPE_VPN_CLIENT_REDIRECT_TO_IP, 0},
2544 { &service_redirect_to_service, NULL,
2545 GNUNET_MESSAGE_TYPE_VPN_CLIENT_REDIRECT_TO_SERVICE,
2546 sizeof (struct RedirectToServiceRequestMessage) },
2549 static const struct GNUNET_MESH_MessageHandler mesh_handlers[] = {
2550 { &receive_udp_back, GNUNET_MESSAGE_TYPE_VPN_UDP_REPLY, 0},
2551 { &receive_tcp_back, GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_VPN, 0},
2552 { &receive_icmp_back, GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_VPN, 0},
2555 static const GNUNET_MESH_ApplicationType types[] = {
2556 GNUNET_APPLICATION_TYPE_END
2567 stats = GNUNET_STATISTICS_create ("vpn", cfg);
2569 GNUNET_CONFIGURATION_get_value_number (cfg, "vpn", "MAX_MAPPING",
2570 &max_destination_mappings))
2571 max_destination_mappings = 200;
2573 GNUNET_CONFIGURATION_get_value_number (cfg, "vpn", "MAX_TUNNELS",
2574 &max_tunnel_mappings))
2575 max_tunnel_mappings = 200;
2577 destination_map = GNUNET_CONTAINER_multihashmap_create (max_destination_mappings * 2);
2578 destination_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
2579 tunnel_map = GNUNET_CONTAINER_multihashmap_create (max_tunnel_mappings * 2);
2580 tunnel_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
2583 vpn_argv[0] = GNUNET_strdup ("vpn-gnunet");
2584 if (GNUNET_SYSERR ==
2585 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IFNAME", &ifname))
2587 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2588 "No entry 'IFNAME' in configuration!\n");
2589 GNUNET_SCHEDULER_shutdown ();
2592 vpn_argv[1] = ifname;
2593 if ( (GNUNET_SYSERR ==
2594 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IPV6ADDR",
2596 (1 != inet_pton (AF_INET6, ipv6addr, &v6))) )
2598 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2599 "No valid entry 'IPV6ADDR' in configuration!\n");
2600 GNUNET_SCHEDULER_shutdown ();
2603 vpn_argv[2] = ipv6addr;
2604 if (GNUNET_SYSERR ==
2605 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IPV6PREFIX",
2608 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2609 "No entry 'IPV6PREFIX' in configuration!\n");
2610 GNUNET_SCHEDULER_shutdown ();
2613 vpn_argv[3] = ipv6prefix_s;
2615 GNUNET_CONFIGURATION_get_value_number (cfg, "vpn",
2618 (ipv6prefix >= 127) )
2620 GNUNET_SCHEDULER_shutdown ();
2624 if ( (GNUNET_SYSERR ==
2625 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IPV4ADDR",
2627 (1 != inet_pton (AF_INET, ipv4addr, &v4))) )
2629 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2630 "No valid entry for 'IPV4ADDR' in configuration!\n");
2631 GNUNET_SCHEDULER_shutdown ();
2634 vpn_argv[4] = ipv4addr;
2635 if ( (GNUNET_SYSERR ==
2636 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IPV4MASK",
2638 (1 != inet_pton (AF_INET, ipv4mask, &v4))) )
2640 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2641 "No valid entry 'IPV4MASK' in configuration!\n");
2642 GNUNET_SCHEDULER_shutdown ();
2645 vpn_argv[5] = ipv4mask;
2649 GNUNET_MESH_connect (cfg_, 42 /* queue length */, NULL,
2654 helper_handle = GNUNET_HELPER_start ("gnunet-helper-vpn", vpn_argv,
2655 &message_token, NULL);
2656 nc = GNUNET_SERVER_notification_context_create (server, 1);
2657 GNUNET_SERVER_add_handlers (server, service_handlers);
2658 GNUNET_SERVER_disconnect_notify (server, &client_disconnect, NULL);
2659 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &cleanup, cls);
2664 * The main function of the VPN service.
2666 * @param argc number of arguments from the command line
2667 * @param argv command line arguments
2668 * @return 0 ok, 1 on error
2671 main (int argc, char *const *argv)
2673 return (GNUNET_OK ==
2674 GNUNET_SERVICE_run (argc, argv, "vpn",
2675 GNUNET_SERVICE_OPTION_NONE,
2676 &run, NULL)) ? 0 : 1;
2679 /* end of gnunet-service-vpn.c */