2 This file is part of GNUnet.
3 (C) 2010, 2011, 2012 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file vpn/gnunet-service-vpn.c
23 * @brief service that opens a virtual interface and allows its clients
24 * to allocate IPs on the virtual interface and to then redirect
25 * IP traffic received on those IPs via the GNUnet mesh
26 * @author Philipp Toelke
27 * @author Christian Grothoff
30 * - implement service message handlers
31 * - define mesh message formats between VPN and EXIT!
32 * - build mesh messages
33 * - parse mesh replies
34 * - build IP messages from mesh replies
35 * - create secondary mesh tunnels if needed
36 * - fully implement shutdown code
37 * - better message queue management (bounded state, drop oldest/RED?)
38 * - imrpove support for deciding which tunnels to keep and which ones to destroy
39 * - add back ICMP support (especially needed for IPv6)
42 #include "gnunet_util_lib.h"
43 #include "gnunet_common.h"
44 #include "gnunet_protocols.h"
45 #include "gnunet_applications.h"
46 #include "gnunet_mesh_service.h"
47 #include "gnunet_constants.h"
48 #include "tcpip_tun.h"
53 * Information we track for each IP address to determine which tunnel
54 * to send the traffic over to the destination.
56 struct DestinationEntry
59 * Information about the tunnel to use, NULL if no tunnel
60 * is available right now.
62 struct GNUNET_MESH_Tunnel *tunnel;
65 * Entry for this entry in the destination_heap.
67 struct GNUNET_CONTAINER_HeapNode *heap_node;
70 * GNUNET_NO if this is a tunnel to an Internet-exit,
71 * GNUNET_YES if this tunnel is to a service.
76 * Address family used (AF_INET or AF_INET6).
81 * Details about the connection (depending on is_service).
86 * The description of the service (only used for service tunnels).
91 * IP address of the ultimate destination (only used for exit tunnels).
96 * Address if af is AF_INET.
101 * Address if af is AF_INET6.
112 * A messages we have in queue for a particular tunnel.
114 struct TunnelMessageQueueEntry
117 * This is a doubly-linked list.
119 struct TunnelMessageQueueEntry *next;
122 * This is a doubly-linked list.
124 struct TunnelMessageQueueEntry *prev;
127 * Number of bytes in 'msg'.
132 * Message to transmit, allocated at the end of this struct.
139 * State we keep for each of our tunnels.
144 * Active transmission handle, NULL for none.
146 struct GNUNET_MESH_TransmitHandle *th;
149 * Entry for this entry in the tunnel_heap, NULL as long as this
150 * tunnel state is not fully bound.
152 struct GNUNET_CONTAINER_HeapNode *heap_node;
155 * Head of list of messages scheduled for transmission.
157 struct TunnelMessageQueueEntry *head;
160 * Tail of list of messages scheduled for transmission.
162 struct TunnelMessageQueueEntry *tail;
165 * Client that needs to be notified about the tunnel being
166 * up as soon as a peer is connected; NULL for none.
168 struct GNUNET_SERVER_Client *client;
171 * ID of the client request that caused us to setup this entry.
176 * Destination to which this tunnel leads. Note that
177 * this struct is NOT in the destination_map (but a
178 * local copy) and that the 'heap_node' should always
181 struct DestinationEntry destination;
184 * GNUNET_NO if this is a tunnel to an Internet-exit,
185 * GNUNET_YES if this tunnel is to a service.
190 * Addess family used for this tunnel on the local TUN interface.
195 * IP address of the source on our end, initially uninitialized.
200 * Address if af is AF_INET.
205 * Address if af is AF_INET6.
212 * Destination IP address used by the source on our end (this is the IP
213 * that we pick freely within the VPN's tunnel IP range).
218 * Address if af is AF_INET.
223 * Address if af is AF_INET6.
230 * Source port used by the sender on our end; 0 for uninitialized.
232 uint16_t source_port;
235 * Destination port used by the sender on our end; 0 for uninitialized.
237 uint16_t destination_port;
243 * Configuration we use.
245 static const struct GNUNET_CONFIGURATION_Handle *cfg;
248 * Handle to the mesh service.
250 static struct GNUNET_MESH_Handle *mesh_handle;
253 * Map from IP address to destination information (possibly with a
254 * MESH tunnel handle for fast setup).
256 static struct GNUNET_CONTAINER_MultiHashMap *destination_map;
259 * Min-Heap sorted by activity time to expire old mappings.
261 static struct GNUNET_CONTAINER_Heap *destination_heap;
264 * Map from source and destination address (IP+port) to connection
265 * information (mostly with the respective MESH tunnel handle).
267 static struct GNUNET_CONTAINER_MultiHashMap *tunnel_map;
270 * Min-Heap sorted by activity time to expire old mappings.
272 static struct GNUNET_CONTAINER_Heap *tunnel_heap;
275 * The handle to the VPN helper process "gnunet-helper-vpn".
277 static struct GNUNET_HELPER_Handle *helper_handle;
280 * Arguments to the vpn helper.
282 static char *vpn_argv[7];
285 * Notification context for sending replies to clients.
287 static struct GNUNET_SERVER_NotificationContext *nc;
290 * If there are more than this number of address-mappings, old ones
293 static unsigned long long max_destination_mappings;
296 * If there are more than this number of open tunnels, old ones
299 static unsigned long long max_tunnel_mappings;
303 * Compute the key under which we would store an entry in the
304 * destination_map for the given IP address.
306 * @param af address family (AF_INET or AF_INET6)
307 * @param address IP address, struct in_addr or struct in6_addr
308 * @param key where to store the key
311 get_destination_key_from_ip (int af,
313 GNUNET_HashCode *key)
318 GNUNET_CRYPTO_hash (address,
319 sizeof (struct in_addr),
323 GNUNET_CRYPTO_hash (address,
324 sizeof (struct in6_addr),
335 * Compute the key under which we would store an entry in the
336 * tunnel_map for the given socket address pair.
338 * @param af address family (AF_INET or AF_INET6)
339 * @param protocol IPPROTO_TCP or IPPROTO_UDP
340 * @param source_ip sender's source IP, struct in_addr or struct in6_addr
341 * @param source_port sender's source port
342 * @param destination_ip sender's destination IP, struct in_addr or struct in6_addr
343 * @param destination_port sender's destination port
344 * @param key where to store the key
347 get_tunnel_key_from_ips (int af,
349 const void *source_ip,
350 uint16_t source_port,
351 const void *destination_ip,
352 uint16_t destination_port,
353 GNUNET_HashCode *key)
357 memset (key, 0, sizeof (GNUNET_HashCode));
358 /* the GNUnet hashmap only uses the first sizeof(unsigned int) of the hash,
359 so we put the ports in there (and hope for few collisions) */
361 memcpy (off, &source_port, sizeof (uint16_t));
362 off += sizeof (uint16_t);
363 memcpy (off, &destination_port, sizeof (uint16_t));
364 off += sizeof (uint16_t);
368 memcpy (off, source_ip, sizeof (struct in_addr));
369 off += sizeof (struct in_addr);
370 memcpy (off, destination_ip, sizeof (struct in_addr));
371 off += sizeof (struct in_addr);
374 memcpy (off, source_ip, sizeof (struct in6_addr));
375 off += sizeof (struct in6_addr);
376 memcpy (off, destination_ip, sizeof (struct in6_addr));
377 off += sizeof (struct in6_addr);
383 memcpy (off, &protocol, sizeof (uint8_t));
384 off += sizeof (uint8_t);
389 * Send a message from the message queue via mesh.
391 * @param cls the 'struct TunnelState' with the message queue
392 * @param size number of bytes available in buf
393 * @param buf where to copy the message
394 * @return number of bytes copied to buf
397 send_to_peer_notify_callback (void *cls, size_t size, void *buf)
399 struct TunnelState *ts = cls;
400 struct TunnelMessageQueueEntry *tnq;
407 GNUNET_assert (NULL != tnq);
408 GNUNET_assert (size >= tnq->len);
409 GNUNET_CONTAINER_DLL_remove (ts->head,
412 memcpy (buf, tnq->msg, tnq->len);
415 if (NULL != (tnq = ts->head))
416 ts->th = GNUNET_MESH_notify_transmit_ready (ts->destination.tunnel,
417 GNUNET_NO /* cork */,
419 GNUNET_TIME_UNIT_FOREVER_REL,
422 &send_to_peer_notify_callback,
429 * Add the given message to the given tunnel and
430 * trigger the transmission process.
432 * @param tnq message to queue
433 * @param ts tunnel to queue the message for
436 send_to_tunnel (struct TunnelMessageQueueEntry *tnq,
437 struct TunnelState *ts)
439 GNUNET_CONTAINER_DLL_insert_tail (ts->head,
443 ts->th = GNUNET_MESH_notify_transmit_ready (ts->destination.tunnel,
444 GNUNET_NO /* cork */,
446 GNUNET_TIME_UNIT_FOREVER_REL,
449 &send_to_peer_notify_callback,
455 * Route a packet via mesh to the given destination.
457 * @param destination description of the destination
458 * @param af address family on this end (AF_INET or AF_INET6)
459 * @param protocol IPPROTO_TCP or IPPROTO_UDP
460 * @param source_ip source IP used by the sender (struct in_addr or struct in6_addr)
461 * @param destination_ip destination IP used by the sender (struct in_addr or struct in6_addr)
462 * @param payload payload of the packet after the IP header
463 * @param payload_length number of bytes in payload
466 route_packet (struct DestinationEntry *destination,
469 const void *source_ip,
470 const void *destination_ip,
472 size_t payload_length)
475 struct TunnelState *ts;
476 struct TunnelMessageQueueEntry *tnq;
482 const struct udp_packet *udp;
484 if (payload_length < sizeof (struct udp_packet))
491 get_tunnel_key_from_ips (af,
502 const struct tcp_packet *tcp;
504 if (payload_length < sizeof (struct tcp_packet))
511 get_tunnel_key_from_ips (af,
521 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
522 _("Protocol %u not supported, dropping\n"),
523 (unsigned int) protocol);
528 ts = GNUNET_CONTAINER_multihashmap_get (tunnel_map,
532 /* create new tunnel */
533 // FIXME: create tunnel!
536 GNUNET_MESH_tunnel_create (mesh_handle,
537 initialize_tunnel_state (16, NULL),
538 &send_pkt_to_peer, NULL, cls);
540 GNUNET_MESH_peer_request_connect_add (*cls,
541 (struct GNUNET_PeerIdentity *)
547 /* send via tunnel */
551 if (destination->is_service)
553 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) + 42);
554 // FIXME: build message!
558 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) + 42);
559 // FIXME: build message!
563 if (destination->is_service)
565 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) + 42);
566 // FIXME: build message!
570 tnq = GNUNET_malloc (sizeof (struct TunnelMessageQueueEntry) + 42);
571 // FIXME: build message!
575 /* not supported above, how can we get here !? */
579 send_to_tunnel (tnq, ts);
585 * Receive packets from the helper-process (someone send to the local
586 * virtual tunnel interface). Find the destination mapping, and if it
587 * exists, identify the correct MESH tunnel (or possibly create it)
588 * and forward the packet.
590 * @param cls closure, NULL
592 * @param message message we got from the client (VPN tunnel interface)
595 message_token (void *cls GNUNET_UNUSED, void *client GNUNET_UNUSED,
596 const struct GNUNET_MessageHeader *message)
598 const struct tun_header *tun;
601 struct DestinationEntry *de;
603 mlen = ntohs (message->size);
604 if ( (ntohs (message->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER) ||
605 (mlen < sizeof (struct GNUNET_MessageHeader) + sizeof (struct tun_header)) )
610 tun = (const struct tun_header *) &message[1];
611 mlen -= (sizeof (struct GNUNET_MessageHeader) + sizeof (struct tun_header));
612 switch (ntohs (tun->proto))
616 const struct ip6_header *pkt6;
618 if (mlen < sizeof (struct ip6_header))
624 pkt6 = (const struct ip6_header *) &tun[1];
625 get_destination_key_from_ip (AF_INET6,
626 &pkt6->destination_address,
628 de = GNUNET_CONTAINER_multihashmap_get (destination_map, &key);
629 /* FIXME: do we need to guard against hash collision? */
632 char buf[INET6_ADDRSTRLEN];
634 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
635 _("Packet received for unmapped destination `%s' (dropping it)\n"),
637 &pkt6->destination_address,
645 &pkt6->source_address,
646 &pkt6->destination_address,
648 mlen - sizeof (struct ip6_header));
653 struct ip4_header *pkt4;
655 if (mlen < sizeof (struct ip4_header))
661 pkt4 = (struct ip4_header *) &tun[1];
662 get_destination_key_from_ip (AF_INET,
663 &pkt4->destination_address,
665 de = GNUNET_CONTAINER_multihashmap_get (destination_map, &key);
666 /* FIXME: do we need to guard against hash collision? */
669 char buf[INET_ADDRSTRLEN];
671 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
672 _("Packet received for unmapped destination `%s' (dropping it)\n"),
674 &pkt4->destination_address,
679 if (pkt4->header_length * 4 != sizeof (struct ip4_header))
681 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
682 _("Received IPv4 packet with options (dropping it)\n"));
688 &pkt4->source_address,
689 &pkt4->destination_address,
691 mlen - sizeof (struct ip4_header));
695 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
696 _("Received packet of unknown protocol %d from TUN (dropping it)\n"),
697 (unsigned int) ntohs (tun->proto));
704 * We got a UDP packet back from the MESH tunnel. Pass it on to the
705 * local virtual interface via the helper.
707 * @param cls closure, NULL
708 * @param tunnel connection to the other end
709 * @param tunnel_ctx pointer to our 'struct TunnelState *'
710 * @param sender who sent the message
711 * @param message the actual message
712 * @param atsi performance data for the connection
713 * @return GNUNET_OK to keep the connection open,
714 * GNUNET_SYSERR to close it (signal serious error)
717 receive_udp_back (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
718 void **tunnel_ctx, const struct GNUNET_PeerIdentity *sender,
719 const struct GNUNET_MessageHeader *message,
720 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
722 // FIXME: parse message, build IP packet, give to TUN!
724 GNUNET_HashCode *desc = (GNUNET_HashCode *) (message + 1);
725 struct remote_addr *s = (struct remote_addr *) desc;
726 struct udp_pkt *pkt = (struct udp_pkt *) (desc + 1);
727 const struct GNUNET_PeerIdentity *other = sender;
728 struct TunnelState *ts = *tunnel_ctx;
730 if (16 == ts->addrlen)
733 sizeof (struct ip6_udp) + ntohs (pkt->len) - 1 -
734 sizeof (struct udp_pkt);
736 struct ip6_udp *pkt6 = alloca (size);
738 GNUNET_assert (pkt6 != NULL);
740 if (ntohs (message->type) == GNUNET_MESSAGE_TYPE_VPN_SERVICE_UDP_BACK)
741 new_ip6addr (&pkt6->ip6_hdr.sadr, &other->hashPubKey, desc);
743 new_ip6addr_remote (&pkt6->ip6_hdr.sadr, s->addr, s->addrlen);
745 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
746 "Relaying calc:%d gnu:%d udp:%d bytes!\n", size,
747 ntohs (message->size), ntohs (pkt->len));
749 pkt6->shdr.type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
750 pkt6->shdr.size = htons (size);
753 pkt6->tun.type = htons (0x86dd);
755 pkt6->ip6_hdr.version = 6;
756 pkt6->ip6_hdr.tclass_h = 0;
757 pkt6->ip6_hdr.tclass_l = 0;
758 pkt6->ip6_hdr.flowlbl = 0;
759 pkt6->ip6_hdr.paylgth = pkt->len;
760 pkt6->ip6_hdr.nxthdr = IPPROTO_UDP;
761 pkt6->ip6_hdr.hoplmt = 0xff;
766 GNUNET_assert (GNUNET_OK ==
767 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn",
770 inet_pton (AF_INET6, ipv6addr, &pkt6->ip6_hdr.dadr);
771 GNUNET_free (ipv6addr);
773 memcpy (&pkt6->udp_hdr, pkt, ntohs (pkt->len));
775 GNUNET_HashCode *key = address6_mapping_exists (&pkt6->ip6_hdr.sadr);
777 GNUNET_assert (key != NULL);
779 struct map_entry *me = GNUNET_CONTAINER_multihashmap_get (hashmap, key);
781 GNUNET_CONTAINER_heap_update_cost (heap, me->heap_node,
782 GNUNET_TIME_absolute_get ().abs_value);
786 GNUNET_assert (me != NULL);
788 pkt6->udp_hdr.crc = 0;
792 GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & pkt6->ip6_hdr.sadr, 16);
794 GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & pkt6->ip6_hdr.dadr, 16);
795 uint32_t tmp = (pkt6->udp_hdr.len & 0xffff);
797 sum = GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & tmp, 4);
798 tmp = htons (((pkt6->ip6_hdr.nxthdr & 0x00ff)));
799 sum = GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & tmp, 4);
802 GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & pkt6->udp_hdr,
804 pkt6->udp_hdr.crc = GNUNET_CRYPTO_crc16_finish (sum);
806 (void) GNUNET_HELPER_send (helper_handle,
814 sizeof (struct ip_udp) + ntohs (pkt->len) - 1 - sizeof (struct udp_pkt);
816 struct ip_udp *pkt4 = alloca (size);
818 GNUNET_assert (pkt4 != NULL);
820 GNUNET_assert (ntohs (message->type) ==
821 GNUNET_MESSAGE_TYPE_VPN_REMOTE_UDP_BACK);
824 new_ip4addr_remote ((unsigned char *) &sadr, s->addr, s->addrlen);
825 pkt4->ip_hdr.sadr.s_addr = sadr;
827 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
828 "Relaying calc:%d gnu:%d udp:%d bytes!\n", size,
829 ntohs (message->size), ntohs (pkt->len));
831 pkt4->shdr.type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
832 pkt4->shdr.size = htons (size);
835 pkt4->tun.type = htons (0x0800);
837 pkt4->ip_hdr.version = 4;
838 pkt4->ip_hdr.hdr_lngth = 5;
839 pkt4->ip_hdr.diff_serv = 0;
840 pkt4->ip_hdr.tot_lngth = htons (20 + ntohs (pkt->len));
841 pkt4->ip_hdr.ident = 0;
842 pkt4->ip_hdr.flags = 0;
843 pkt4->ip_hdr.frag_off = 0;
844 pkt4->ip_hdr.ttl = 255;
845 pkt4->ip_hdr.proto = IPPROTO_UDP;
846 pkt4->ip_hdr.chks = 0; /* Will be calculated later */
852 GNUNET_assert (GNUNET_OK ==
853 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn",
856 inet_pton (AF_INET, ipv4addr, &dadr);
857 GNUNET_free (ipv4addr);
858 pkt4->ip_hdr.dadr.s_addr = dadr;
860 memcpy (&pkt4->udp_hdr, pkt, ntohs (pkt->len));
862 GNUNET_HashCode *key = address4_mapping_exists (pkt4->ip_hdr.sadr.s_addr);
864 GNUNET_assert (key != NULL);
866 struct map_entry *me = GNUNET_CONTAINER_multihashmap_get (hashmap, key);
868 GNUNET_CONTAINER_heap_update_cost (heap, me->heap_node,
869 GNUNET_TIME_absolute_get ().abs_value);
873 GNUNET_assert (me != NULL);
875 pkt4->udp_hdr.crc = 0; /* Optional for IPv4 */
878 GNUNET_CRYPTO_crc16_n ((uint16_t *) & pkt4->ip_hdr, 5 * 4);
880 (void) GNUNET_HELPER_send (helper_handle,
891 * We got a TCP packet back from the MESH tunnel. Pass it on to the
892 * local virtual interface via the helper.
894 * @param cls closure, NULL
895 * @param tunnel connection to the other end
896 * @param tunnel_ctx pointer to our 'struct TunnelState *'
897 * @param sender who sent the message
898 * @param message the actual message
899 * @param atsi performance data for the connection
900 * @return GNUNET_OK to keep the connection open,
901 * GNUNET_SYSERR to close it (signal serious error)
904 receive_tcp_back (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
906 const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
907 const struct GNUNET_MessageHeader *message,
908 const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
910 // FIXME: parse message, build IP packet, give to TUN!
912 GNUNET_HashCode *desc = (GNUNET_HashCode *) (message + 1);
913 struct remote_addr *s = (struct remote_addr *) desc;
914 struct tcp_pkt *pkt = (struct tcp_pkt *) (desc + 1);
915 const struct GNUNET_PeerIdentity *other = sender;
916 struct TunnelState *ts = *tunnel_ctx;
919 ntohs (message->size) - sizeof (struct GNUNET_MessageHeader) -
920 sizeof (GNUNET_HashCode);
922 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
923 "Received TCP-Packet back, addrlen = %d\n", s->addrlen);
925 if (ntohs (message->type) == GNUNET_MESSAGE_TYPE_VPN_SERVICE_TCP_BACK ||
928 size_t size = pktlen + sizeof (struct ip6_tcp) - 1;
930 struct ip6_tcp *pkt6 = alloca (size);
932 memset (pkt6, 0, size);
934 GNUNET_assert (pkt6 != NULL);
936 if (ntohs (message->type) == GNUNET_MESSAGE_TYPE_VPN_SERVICE_TCP_BACK)
937 new_ip6addr (&pkt6->ip6_hdr.sadr, &other->hashPubKey, desc);
939 new_ip6addr_remote (&pkt6->ip6_hdr.sadr, s->addr, s->addrlen);
941 pkt6->shdr.type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
942 pkt6->shdr.size = htons (size);
945 pkt6->tun.type = htons (0x86dd);
947 pkt6->ip6_hdr.version = 6;
948 pkt6->ip6_hdr.tclass_h = 0;
949 pkt6->ip6_hdr.tclass_l = 0;
950 pkt6->ip6_hdr.flowlbl = 0;
951 pkt6->ip6_hdr.paylgth = htons (pktlen);
952 pkt6->ip6_hdr.nxthdr = IPPROTO_TCP;
953 pkt6->ip6_hdr.hoplmt = 0xff;
958 GNUNET_assert (GNUNET_OK ==
959 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn",
962 inet_pton (AF_INET6, ipv6addr, &pkt6->ip6_hdr.dadr);
963 GNUNET_free (ipv6addr);
965 memcpy (&pkt6->tcp_hdr, pkt, pktlen);
967 GNUNET_HashCode *key = address6_mapping_exists (&pkt6->ip6_hdr.sadr);
969 GNUNET_assert (key != NULL);
971 struct map_entry *me = GNUNET_CONTAINER_multihashmap_get (hashmap, key);
973 GNUNET_CONTAINER_heap_update_cost (heap, me->heap_node,
974 GNUNET_TIME_absolute_get ().abs_value);
978 GNUNET_assert (me != NULL);
980 pkt6->tcp_hdr.crc = 0;
985 GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & pkt6->ip6_hdr.sadr, 16);
987 GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & pkt6->ip6_hdr.dadr, 16);
988 tmp = htonl (pktlen);
989 sum = GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & tmp, 4);
990 tmp = htonl (((pkt6->ip6_hdr.nxthdr & 0x000000ff)));
991 sum = GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & tmp, 4);
994 GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & pkt6->tcp_hdr,
995 ntohs (pkt6->ip6_hdr.paylgth));
996 pkt6->tcp_hdr.crc = GNUNET_CRYPTO_crc16_finish (sum);
998 (void) GNUNET_HELPER_send (helper_handle,
1005 size_t size = pktlen + sizeof (struct ip_tcp) - 1;
1007 struct ip_tcp *pkt4 = alloca (size);
1009 GNUNET_assert (pkt4 != NULL);
1010 memset (pkt4, 0, size);
1012 GNUNET_assert (ntohs (message->type) ==
1013 GNUNET_MESSAGE_TYPE_VPN_REMOTE_TCP_BACK);
1016 new_ip4addr_remote ((unsigned char *) &sadr, s->addr, s->addrlen);
1017 pkt4->ip_hdr.sadr.s_addr = sadr;
1019 pkt4->shdr.type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1020 pkt4->shdr.size = htons (size);
1022 pkt4->tun.flags = 0;
1023 pkt4->tun.type = htons (0x0800);
1025 pkt4->ip_hdr.version = 4;
1026 pkt4->ip_hdr.hdr_lngth = 5;
1027 pkt4->ip_hdr.diff_serv = 0;
1028 pkt4->ip_hdr.tot_lngth = htons (20 + pktlen);
1029 pkt4->ip_hdr.ident = 0;
1030 pkt4->ip_hdr.flags = 0;
1031 pkt4->ip_hdr.frag_off = 0;
1032 pkt4->ip_hdr.ttl = 255;
1033 pkt4->ip_hdr.proto = IPPROTO_TCP;
1034 pkt4->ip_hdr.chks = 0; /* Will be calculated later */
1040 GNUNET_assert (GNUNET_OK ==
1041 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn",
1044 inet_pton (AF_INET, ipv4addr, &dadr);
1045 GNUNET_free (ipv4addr);
1046 pkt4->ip_hdr.dadr.s_addr = dadr;
1049 memcpy (&pkt4->tcp_hdr, pkt, pktlen);
1051 GNUNET_HashCode *key = address4_mapping_exists (pkt4->ip_hdr.sadr.s_addr);
1053 GNUNET_assert (key != NULL);
1055 struct map_entry *me = GNUNET_CONTAINER_multihashmap_get (hashmap, key);
1057 GNUNET_CONTAINER_heap_update_cost (heap, me->heap_node,
1058 GNUNET_TIME_absolute_get ().abs_value);
1062 GNUNET_assert (me != NULL);
1063 pkt4->tcp_hdr.crc = 0;
1067 sum = GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) &pkt4->ip_hdr.sadr, 4);
1068 sum = GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) &pkt4->ip_hdr.dadr, 4);
1070 tmp = (0x06 << 16) | (0xffff & pktlen); // 0x06 for TCP?
1074 sum = GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & tmp, 4);
1076 sum = GNUNET_CRYPTO_crc16_step (sum, (uint16_t *) & pkt4->tcp_hdr, pktlen);
1077 pkt4->tcp_hdr.crc = GNUNET_CRYPTO_crc16_finish (sum);
1080 GNUNET_CRYPTO_crc16_n ((uint16_t *) & pkt4->ip_hdr, 5 * 4);
1082 (void) GNUNET_HELPER_send (helper_handle,
1094 * Allocate an IPv4 address from the range of the tunnel
1095 * for a new redirection.
1097 * @param v4 where to store the address
1098 * @return GNUNET_OK on success,
1099 * GNUNET_SYSERR on error
1102 allocate_v4_address (struct in_addr *v4)
1104 // FIXME: implement!
1105 return GNUNET_SYSERR;
1110 * Allocate an IPv6 address from the range of the tunnel
1111 * for a new redirection.
1113 * @param v6 where to store the address
1114 * @return GNUNET_OK on success,
1115 * GNUNET_SYSERR on error
1118 allocate_v6_address (struct in6_addr *v4)
1120 // FIXME: implement!
1121 return GNUNET_SYSERR;
1126 * Notify the client about the result of its request.
1128 * @param client client to notify
1129 * @param request_id original request ID to include in response
1130 * @param result_af resulting address family
1131 * @param addr resulting IP address
1134 send_client_reply (struct GNUNET_SERVER_Client *client,
1135 uint64_t request_id,
1139 char buf[sizeof (struct RedirectToIpResponseMessage) + sizeof (struct in6_addr)];
1140 struct RedirectToIpResponseMessage *res;
1146 rlen = sizeof (struct in_addr);
1149 rlen = sizeof (struct in6_addr);
1158 res = (struct RedirectToIpResponseMessage *) buf;
1159 res->header.size = htons (sizeof (struct RedirectToIpResponseMessage) + rlen);
1160 res->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_CLIENT_USE_IP);
1161 res->result_af = htonl (result_af);
1162 res->request_id = request_id;
1163 memcpy (&res[1], addr, rlen);
1164 GNUNET_SERVER_notification_context_add (nc, client);
1165 GNUNET_SERVER_notification_context_unicast (nc,
1173 * Method called whenever a peer has disconnected from the tunnel.
1175 * @param cls closure
1176 * @param peer peer identity the tunnel stopped working with
1179 tunnel_peer_disconnect_handler (void *cls,
1181 GNUNET_PeerIdentity * peer)
1183 /* FIXME: should we do anything here?
1184 - stop transmitting to the tunnel (start queueing?)
1185 - possibly destroy the tunnel entirely (unless service tunnel?)
1191 * Method called whenever a peer has connected to the tunnel. Notifies
1192 * the waiting client that the tunnel is now up.
1194 * @param cls closure
1195 * @param peer peer identity the tunnel was created to, NULL on timeout
1196 * @param atsi performance data for the connection
1199 tunnel_peer_connect_handler (void *cls,
1200 const struct GNUNET_PeerIdentity
1203 GNUNET_ATS_Information * atsi)
1205 struct TunnelState *ts = cls;
1207 if (NULL == ts->client)
1208 return; /* nothing to do */
1209 send_client_reply (ts->client,
1212 &ts->destination_ip);
1213 GNUNET_SERVER_client_drop (ts->client);
1219 * A client asks us to setup a redirection via some exit
1220 * node to a particular IP. Setup the redirection and
1221 * give the client the allocated IP.
1224 * @param client requesting client
1225 * @param message redirection request (a 'struct RedirectToIpRequestMessage')
1228 service_redirect_to_ip (void *cls GNUNET_UNUSED, struct GNUNET_SERVER_Client *client,
1229 const struct GNUNET_MessageHeader *message)
1233 const struct RedirectToIpRequestMessage *msg;
1239 struct DestinationEntry *de;
1240 GNUNET_HashCode key;
1241 struct TunnelState *ts;
1242 GNUNET_MESH_ApplicationType app_type;
1244 /* validate and parse request */
1245 mlen = ntohs (message->size);
1246 if (mlen < sizeof (struct RedirectToIpRequestMessage))
1249 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1252 alen = mlen - sizeof (struct RedirectToIpRequestMessage);
1253 msg = (const struct RedirectToIpRequestMessage *) message;
1254 addr_af = (int) htonl (msg->addr_af);
1258 if (alen != sizeof (struct in_addr))
1261 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1264 app_type = GNUNET_APPLICATION_TYPE_IPV4_GATEWAY;
1267 if (alen != sizeof (struct in6_addr))
1270 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1273 app_type = GNUNET_APPLICATION_TYPE_IPV6_GATEWAY;
1277 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1281 /* allocate response IP */
1283 result_af = (int) htonl (msg->result_af);
1288 allocate_v4_address (&v4))
1289 result_af = AF_UNSPEC;
1295 allocate_v6_address (&v6))
1296 result_af = AF_UNSPEC;
1302 allocate_v4_address (&v4))
1305 result_af = AF_INET;
1307 else if (GNUNET_OK ==
1308 allocate_v6_address (&v6))
1311 result_af = AF_INET6;
1316 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1319 if ( (result_af == AF_UNSPEC) ||
1320 (GNUNET_NO == ntohl (msg->nac)) )
1322 /* send reply "instantly" */
1323 send_client_reply (client,
1328 if (result_af == AF_UNSPEC)
1330 /* failure, we're done */
1331 GNUNET_SERVER_receive_done (client, GNUNET_OK);
1335 /* setup destination record */
1336 de = GNUNET_malloc (sizeof (struct DestinationEntry));
1337 de->is_service = GNUNET_NO;
1339 memcpy (&de->details.ip,
1342 get_destination_key_from_ip (result_af,
1345 GNUNET_assert (GNUNET_OK ==
1346 GNUNET_CONTAINER_multihashmap_put (destination_map,
1349 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE));
1350 de->heap_node = GNUNET_CONTAINER_heap_insert (destination_heap,
1352 GNUNET_TIME_absolute_ntoh (msg->expiration_time).abs_value);
1353 /* setup tunnel to destination */
1354 ts = GNUNET_malloc (sizeof (struct TunnelState));
1355 if (GNUNET_NO != ntohl (msg->nac))
1357 ts->request_id = msg->request_id;
1358 ts->client = client;
1359 GNUNET_SERVER_client_keep (client);
1361 ts->destination = *de;
1362 ts->destination.heap_node = NULL;
1363 ts->is_service = GNUNET_NO;
1365 if (result_af == AF_INET)
1366 ts->destination_ip.v4 = v4;
1368 ts->destination_ip.v6 = v6;
1369 de->tunnel = GNUNET_MESH_tunnel_create (mesh_handle,
1371 &tunnel_peer_connect_handler,
1372 &tunnel_peer_disconnect_handler,
1374 GNUNET_MESH_peer_request_connect_by_type (de->tunnel,
1377 GNUNET_SERVER_receive_done (client, GNUNET_OK);
1382 * A client asks us to setup a redirection to a particular peer
1383 * offering a service. Setup the redirection and give the client the
1387 * @param client requesting client
1388 * @param message redirection request (a 'struct RedirectToPeerRequestMessage')
1391 service_redirect_to_service (void *cls GNUNET_UNUSED, struct GNUNET_SERVER_Client *client,
1392 const struct GNUNET_MessageHeader *message)
1395 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
1401 * Function called for inbound tunnels. As we don't offer
1402 * any mesh services, this function should never be called.
1404 * @param cls closure
1405 * @param tunnel new handle to the tunnel
1406 * @param initiator peer that started the tunnel
1407 * @param atsi performance information for the tunnel
1408 * @return initial tunnel context for the tunnel
1409 * (can be NULL -- that's not an error)
1412 inbound_tunnel_cb (void *cls, struct GNUNET_MESH_Tunnel *tunnel,
1413 const struct GNUNET_PeerIdentity *initiator,
1414 const struct GNUNET_ATS_Information *atsi)
1416 /* Why should anyone open an inbound tunnel to vpn? */
1423 * Function called whenever an inbound tunnel is destroyed. Should clean up
1424 * any associated state.
1426 * @param cls closure (set from GNUNET_MESH_connect)
1427 * @param tunnel connection to the other end (henceforth invalid)
1428 * @param tunnel_ctx place where local state associated
1429 * with the tunnel is stored
1432 tunnel_cleaner (void *cls, const struct GNUNET_MESH_Tunnel *tunnel, void *tunnel_ctx)
1434 /* FIXME: is this function called for outbound tunnels that go down?
1435 Should we clean up something here? */
1441 * Function scheduled as very last function, cleans up after us
1444 cleanup (void *cls GNUNET_UNUSED,
1445 const struct GNUNET_SCHEDULER_TaskContext *tskctx)
1449 // FIXME: clean up heaps and maps!
1450 if (NULL != mesh_handle)
1452 GNUNET_MESH_disconnect (mesh_handle);
1455 if (NULL != helper_handle)
1457 GNUNET_HELPER_stop (helper_handle);
1458 helper_handle = NULL;
1462 GNUNET_SERVER_notification_context_destroy (nc);
1466 GNUNET_free_non_null (vpn_argv[i]);
1471 * A client has disconnected from us. If we are currently building
1472 * a tunnel for it, cancel the operation.
1475 * @param client handle to the client that disconnected
1478 client_disconnect (void *cls, struct GNUNET_SERVER_Client *client)
1480 // FIXME: find all TunnelState's and check if they point
1481 // to the client and if so, clean the reference up!
1486 * Main function that will be run by the scheduler.
1488 * @param cls closure
1489 * @param server the initialized server
1490 * @param cfg_ configuration
1494 struct GNUNET_SERVER_Handle *server,
1495 const struct GNUNET_CONFIGURATION_Handle *cfg_)
1497 static const struct GNUNET_SERVER_MessageHandler service_handlers[] = {
1498 /* callback, cls, type, size */
1499 {&service_redirect_to_ip, NULL, GNUNET_MESSAGE_TYPE_VPN_CLIENT_REDIRECT_TO_IP, 0},
1500 {&service_redirect_to_service, NULL,
1501 GNUNET_MESSAGE_TYPE_VPN_CLIENT_REDIRECT_TO_SERVICE,
1502 sizeof (struct RedirectToServiceRequestMessage) },
1505 static const struct GNUNET_MESH_MessageHandler mesh_handlers[] = {
1506 {receive_udp_back, GNUNET_MESSAGE_TYPE_VPN_SERVICE_UDP_BACK, 0},
1507 {receive_tcp_back, GNUNET_MESSAGE_TYPE_VPN_SERVICE_TCP_BACK, 0},
1508 {receive_udp_back, GNUNET_MESSAGE_TYPE_VPN_REMOTE_UDP_BACK, 0},
1509 {receive_tcp_back, GNUNET_MESSAGE_TYPE_VPN_REMOTE_TCP_BACK, 0},
1512 static const GNUNET_MESH_ApplicationType types[] = {
1513 GNUNET_APPLICATION_TYPE_END
1522 unsigned long long ipv6prefix;
1526 GNUNET_CONFIGURATION_get_value_number (cfg, "vpn", "MAX_MAPPING",
1527 &max_destination_mappings))
1528 max_destination_mappings = 200;
1530 GNUNET_CONFIGURATION_get_value_number (cfg, "vpn", "MAX_TUNNELS",
1531 &max_tunnel_mappings))
1532 max_tunnel_mappings = 200;
1534 destination_map = GNUNET_CONTAINER_multihashmap_create (max_destination_mappings * 2);
1535 destination_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
1536 tunnel_map = GNUNET_CONTAINER_multihashmap_create (max_tunnel_mappings * 2);
1537 tunnel_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
1540 vpn_argv[0] = GNUNET_strdup ("vpn-gnunet");
1541 if (GNUNET_SYSERR ==
1542 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IFNAME", &ifname))
1544 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1545 "No entry 'IFNAME' in configuration!\n");
1546 GNUNET_SCHEDULER_shutdown ();
1549 vpn_argv[1] = ifname;
1550 if ( (GNUNET_SYSERR ==
1551 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IPV6ADDR",
1553 (1 != inet_pton (AF_INET6, ipv6addr, &v6))) )
1555 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1556 "No valid entry 'IPV6ADDR' in configuration!\n");
1557 GNUNET_SCHEDULER_shutdown ();
1560 vpn_argv[2] = ipv6addr;
1561 if (GNUNET_SYSERR ==
1562 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IPV6PREFIX",
1565 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1566 "No entry 'IPV6PREFIX' in configuration!\n");
1567 GNUNET_SCHEDULER_shutdown ();
1570 vpn_argv[3] = ipv6prefix_s;
1572 GNUNET_CONFIGURATION_get_value_number (cfg, "vpn",
1575 (ipv6prefix >= 127) )
1577 GNUNET_SCHEDULER_shutdown ();
1581 if ( (GNUNET_SYSERR ==
1582 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IPV4ADDR",
1584 (1 != inet_pton (AF_INET, ipv4addr, &v4))) )
1586 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1587 "No valid entry for 'IPV4ADDR' in configuration!\n");
1588 GNUNET_SCHEDULER_shutdown ();
1591 vpn_argv[4] = ipv4addr;
1592 if ( (GNUNET_SYSERR ==
1593 GNUNET_CONFIGURATION_get_value_string (cfg, "vpn", "IPV4MASK",
1595 (1 != inet_pton (AF_INET, ipv4mask, &v4))) )
1597 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1598 "No valid entry 'IPV4MASK' in configuration!\n");
1599 GNUNET_SCHEDULER_shutdown ();
1602 vpn_argv[5] = ipv4mask;
1606 GNUNET_MESH_connect (cfg_, 42 /* queue length */, NULL,
1611 helper_handle = GNUNET_HELPER_start ("gnunet-helper-vpn", vpn_argv,
1612 &message_token, NULL);
1613 nc = GNUNET_SERVER_notification_context_create (server, 1);
1614 GNUNET_SERVER_add_handlers (server, service_handlers);
1615 GNUNET_SERVER_disconnect_notify (server, &client_disconnect, NULL);
1616 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &cleanup, cls);
1621 * The main function of the VPN service.
1623 * @param argc number of arguments from the command line
1624 * @param argv command line arguments
1625 * @return 0 ok, 1 on error
1628 main (int argc, char *const *argv)
1630 return (GNUNET_OK ==
1631 GNUNET_SERVICE_run (argc, argv, "vpn",
1632 GNUNET_SERVICE_OPTION_NONE,
1633 &run, NULL)) ? 0 : 1;
1636 /* end of gnunet-service-vpn.c */