X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=src%2Fexit%2Fgnunet-daemon-exit.c;h=92f38665b5e3a1d82b8d4aefb2d3334dc91a0367;hb=a250da032ba65252d9da96e8429b22e265c69980;hp=3bf26d7b8abb43e0a043a0aae57b73456aa1d582;hpb=73abffab0522085cc12ef2a29afdf669c6f54a41;p=oweals%2Fgnunet.git diff --git a/src/exit/gnunet-daemon-exit.c b/src/exit/gnunet-daemon-exit.c index 3bf26d7b8..92f38665b 100644 --- a/src/exit/gnunet-daemon-exit.c +++ b/src/exit/gnunet-daemon-exit.c @@ -39,11 +39,35 @@ #include "gnunet_protocols.h" #include "gnunet_applications.h" #include "gnunet_mesh_service.h" +#include "gnunet_dnsparser_lib.h" +#include "gnunet_dnsstub_lib.h" #include "gnunet_statistics_service.h" #include "gnunet_constants.h" #include "gnunet_tun_lib.h" +#include "gnunet_regex_lib.h" #include "exit.h" +/** + * Maximum path compression length for mesh regex announcing for IPv4 address + * based regex. + */ +#define REGEX_MAX_PATH_LEN_IPV4 4 + +/** + * Maximum path compression length for mesh regex announcing for IPv6 address + * based regex. + */ +#define REGEX_MAX_PATH_LEN_IPV6 8 + + +/** + * Generic logging shorthand + */ +#define LOG(kind, ...) \ + GNUNET_log_from (kind, "exit", __VA_ARGS__); + + + /** * Information about an address. */ @@ -182,39 +206,85 @@ struct TunnelState struct GNUNET_MESH_Tunnel *tunnel; /** - * Heap node for this state in the connections_heap. + * Active tunnel transmission request (or NULL). */ - struct GNUNET_CONTAINER_HeapNode *heap_node; + struct GNUNET_MESH_TransmitHandle *th; /** - * Key this state has in the connections_map. + * GNUNET_NO if this is a tunnel for TCP/UDP, + * GNUNET_YES if this is a tunnel for DNS, + * GNUNET_SYSERR if the tunnel is not yet initialized. */ - GNUNET_HashCode state_key; + int is_dns; - /** - * Associated service record, or NULL for no service. - */ - struct LocalService *serv; + union + { + struct + { - /** - * Head of DLL of messages for this tunnel. - */ - struct TunnelMessageQueue *head; + /** + * Heap node for this state in the connections_heap. + */ + struct GNUNET_CONTAINER_HeapNode *heap_node; + + /** + * Key this state has in the connections_map. + */ + struct GNUNET_HashCode state_key; + + /** + * Associated service record, or NULL for no service. + */ + struct LocalService *serv; + + /** + * Head of DLL of messages for this tunnel. + */ + struct TunnelMessageQueue *head; + + /** + * Tail of DLL of messages for this tunnel. + */ + struct TunnelMessageQueue *tail; + + /** + * Primary redirection information for this connection. + */ + struct RedirectInformation ri; + } tcp_udp; - /** - * Tail of DLL of messages for this tunnel. - */ - struct TunnelMessageQueue *tail; + struct + { - /** - * Active tunnel transmission request (or NULL). - */ - struct GNUNET_MESH_TransmitHandle *th; + /** + * DNS reply ready for transmission. + */ + char *reply; + + /** + * Socket we are using to transmit this request (must match if we receive + * a response). + */ + struct GNUNET_DNSSTUB_RequestSocket *rs; + + /** + * Number of bytes in 'reply'. + */ + size_t reply_length; + + /** + * Original DNS request ID as used by the client. + */ + uint16_t original_id; + + /** + * DNS request ID that we used for forwarding. + */ + uint16_t my_id; + + } dns; - /** - * Primary redirection information for this connection. - */ - struct RedirectInformation ri; + } specifics; }; @@ -259,7 +329,6 @@ static struct in_addr exit_ipv4addr; */ static struct in_addr exit_ipv4mask; - /** * Statistics. */ @@ -284,7 +353,7 @@ static struct GNUNET_CONTAINER_Heap *connections_heap; /** * If there are at least this many connections, old ones will be removed */ -static long long unsigned int max_connections; +static unsigned long long max_connections; /** * This hashmaps saves interesting things about the configured UDP services @@ -296,6 +365,16 @@ static struct GNUNET_CONTAINER_MultiHashMap *udp_services; */ static struct GNUNET_CONTAINER_MultiHashMap *tcp_services; +/** + * Array of all open DNS requests from tunnels. + */ +static struct TunnelState *tunnels[UINT16_MAX + 1]; + +/** + * Handle to the DNS Stub resolver. + */ +static struct GNUNET_DNSSTUB_Context *dnsstub; + /** * Are we an IPv4-exit? */ @@ -317,6 +396,160 @@ static int ipv4_enabled; static int ipv6_enabled; +/** + * We got a reply from DNS for a request of a MESH tunnel. Send it + * via the tunnel (after changing the request ID back). + * + * @param cls the 'struct TunnelState' + * @param size number of bytes available in buf + * @param buf where to copy the reply + * @return number of bytes written to buf + */ +static size_t +transmit_reply_to_mesh (void *cls, + size_t size, + void *buf) +{ + struct TunnelState *ts = cls; + size_t off; + size_t ret; + char *cbuf = buf; + struct GNUNET_MessageHeader hdr; + struct GNUNET_TUN_DnsHeader dns; + + GNUNET_assert (GNUNET_YES == ts->is_dns); + ts->th = NULL; + GNUNET_assert (ts->specifics.dns.reply != NULL); + if (size == 0) + return 0; + ret = sizeof (struct GNUNET_MessageHeader) + ts->specifics.dns.reply_length; + GNUNET_assert (ret <= size); + hdr.size = htons (ret); + hdr.type = htons (GNUNET_MESSAGE_TYPE_VPN_DNS_FROM_INTERNET); + memcpy (&dns, ts->specifics.dns.reply, sizeof (dns)); + dns.id = ts->specifics.dns.original_id; + off = 0; + memcpy (&cbuf[off], &hdr, sizeof (hdr)); + off += sizeof (hdr); + memcpy (&cbuf[off], &dns, sizeof (dns)); + off += sizeof (dns); + memcpy (&cbuf[off], &ts->specifics.dns.reply[sizeof (dns)], ts->specifics.dns.reply_length - sizeof (dns)); + off += ts->specifics.dns.reply_length - sizeof (dns); + GNUNET_free (ts->specifics.dns.reply); + ts->specifics.dns.reply = NULL; + ts->specifics.dns.reply_length = 0; + GNUNET_assert (ret == off); + return ret; +} + + +/** + * Callback called from DNSSTUB resolver when a resolution + * succeeded. + * + * @param cls NULL + * @param rs the socket that received the response + * @param dns the response itself + * @param r number of bytes in dns + */ +static void +process_dns_result (void *cls, + struct GNUNET_DNSSTUB_RequestSocket *rs, + const struct GNUNET_TUN_DnsHeader *dns, + size_t r) +{ + struct TunnelState *ts; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Processing DNS result from stub resolver\n"); + GNUNET_assert (NULL == cls); + /* Handle case that this is a reply to a request from a MESH DNS tunnel */ + ts = tunnels[dns->id]; + if ( (NULL == ts) || + (ts->specifics.dns.rs != rs) ) + return; + LOG (GNUNET_ERROR_TYPE_DEBUG, + "Got a response from the stub resolver for DNS request received via MESH!\n"); + tunnels[dns->id] = NULL; + GNUNET_free_non_null (ts->specifics.dns.reply); + ts->specifics.dns.reply = GNUNET_malloc (r); + ts->specifics.dns.reply_length = r; + memcpy (ts->specifics.dns.reply, dns, r); + if (NULL != ts->th) + GNUNET_MESH_notify_transmit_ready_cancel (ts->th); + ts->th = GNUNET_MESH_notify_transmit_ready (ts->tunnel, + GNUNET_NO, + GNUNET_TIME_UNIT_FOREVER_REL, + NULL, + sizeof (struct GNUNET_MessageHeader) + r, + &transmit_reply_to_mesh, + ts); +} + + +/** + * Process a request via mesh to perform a DNS query. + * + * @param cls closure, NULL + * @param tunnel connection to the other end + * @param tunnel_ctx pointer to our 'struct TunnelState *' + * @param sender who sent the message + * @param message the actual message + * @param atsi performance data for the connection + * @return GNUNET_OK to keep the connection open, + * GNUNET_SYSERR to close it (signal serious error) + */ +static int +receive_dns_request (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, + void **tunnel_ctx, + const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED, + const struct GNUNET_MessageHeader *message, + const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED) +{ + struct TunnelState *ts = *tunnel_ctx; + const struct GNUNET_TUN_DnsHeader *dns; + size_t mlen = ntohs (message->size); + size_t dlen = mlen - sizeof (struct GNUNET_MessageHeader); + char buf[dlen] GNUNET_ALIGN; + struct GNUNET_TUN_DnsHeader *dout; + + if (NULL == dnsstub) + return GNUNET_SYSERR; + if (GNUNET_NO == ts->is_dns) + { + GNUNET_break_op (0); + return GNUNET_SYSERR; + } + if (GNUNET_SYSERR == ts->is_dns) + { + /* tunnel is DNS from now on */ + ts->is_dns = GNUNET_YES; + } + if (dlen < sizeof (struct GNUNET_TUN_DnsHeader)) + { + GNUNET_break_op (0); + return GNUNET_SYSERR; + } + dns = (const struct GNUNET_TUN_DnsHeader *) &message[1]; + ts->specifics.dns.original_id = dns->id; + if (tunnels[ts->specifics.dns.my_id] == ts) + tunnels[ts->specifics.dns.my_id] = NULL; + ts->specifics.dns.my_id = (uint16_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, + UINT16_MAX + 1); + tunnels[ts->specifics.dns.my_id] = ts; + memcpy (buf, dns, dlen); + dout = (struct GNUNET_TUN_DnsHeader *) buf; + dout->id = ts->specifics.dns.my_id; + ts->specifics.dns.rs = GNUNET_DNSSTUB_resolve2 (dnsstub, + buf, dlen, + &process_dns_result, + NULL); + if (NULL == ts->specifics.dns.rs) + return GNUNET_SYSERR; + return GNUNET_OK; +} + + /** * Given IP information about a connection, calculate the respective * hash we would use for the 'connections_map'. @@ -325,12 +558,12 @@ static int ipv6_enabled; * @param ri information about the connection */ static void -hash_redirect_info (GNUNET_HashCode *hash, +hash_redirect_info (struct GNUNET_HashCode *hash, const struct RedirectInformation *ri) { char *off; - memset (hash, 0, sizeof (GNUNET_HashCode)); + memset (hash, 0, sizeof (struct GNUNET_HashCode)); /* the GNUnet hashmap only uses the first sizeof(unsigned int) of the hash, so we put the IP address in there (and hope for few collisions) */ off = (char*) hash; @@ -389,10 +622,10 @@ get_redirect_state (int af, uint16_t destination_port, const void *local_ip, uint16_t local_port, - GNUNET_HashCode *state_key) + struct GNUNET_HashCode *state_key) { struct RedirectInformation ri; - GNUNET_HashCode key; + struct GNUNET_HashCode key; struct TunnelState *state; if ( ( (af == AF_INET) && (protocol == IPPROTO_ICMP) ) || @@ -425,7 +658,7 @@ get_redirect_state (int af, /* Mark this connection as freshly used */ if (NULL == state_key) GNUNET_CONTAINER_heap_update_cost (connections_heap, - state->heap_node, + state->specifics.tcp_udp.heap_node, GNUNET_TIME_absolute_get ().abs_value); return state; } @@ -442,15 +675,15 @@ get_redirect_state (int af, */ static struct LocalService * find_service (struct GNUNET_CONTAINER_MultiHashMap *service_map, - const GNUNET_HashCode *desc, + const struct GNUNET_HashCode *desc, uint16_t destination_port) { - char key[sizeof (GNUNET_HashCode) + sizeof (uint16_t)]; + char key[sizeof (struct GNUNET_HashCode) + sizeof (uint16_t)]; memcpy (&key[0], &destination_port, sizeof (uint16_t)); - memcpy (&key[sizeof(uint16_t)], desc, sizeof (GNUNET_HashCode)); + memcpy (&key[sizeof(uint16_t)], desc, sizeof (struct GNUNET_HashCode)); return GNUNET_CONTAINER_multihashmap_get (service_map, - (GNUNET_HashCode *) key); + (struct GNUNET_HashCode *) key); } @@ -464,7 +697,7 @@ find_service (struct GNUNET_CONTAINER_MultiHashMap *service_map, */ static int free_service_record (void *cls, - const GNUNET_HashCode *key, + const struct GNUNET_HashCode *key, void *value) { struct LocalService *service = value; @@ -490,20 +723,20 @@ store_service (struct GNUNET_CONTAINER_MultiHashMap *service_map, uint16_t destination_port, struct LocalService *service) { - char key[sizeof (GNUNET_HashCode) + sizeof (uint16_t)]; - GNUNET_HashCode desc; + char key[sizeof (struct GNUNET_HashCode) + sizeof (uint16_t)]; + struct GNUNET_HashCode desc; GNUNET_CRYPTO_hash (name, strlen (name) + 1, &desc); service->name = GNUNET_strdup (name); memcpy (&key[0], &destination_port, sizeof (uint16_t)); - memcpy (&key[sizeof(uint16_t)], &desc, sizeof (GNUNET_HashCode)); + memcpy (&key[sizeof(uint16_t)], &desc, sizeof (struct GNUNET_HashCode)); if (GNUNET_OK != GNUNET_CONTAINER_multihashmap_put (service_map, - (GNUNET_HashCode *) key, + (struct GNUNET_HashCode *) key, service, GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)) { - free_service_record (NULL, (GNUNET_HashCode *) key, service); + free_service_record (NULL, (struct GNUNET_HashCode *) key, service); GNUNET_log (GNUNET_ERROR_TYPE_WARNING, _("Got duplicate service records for `%s:%u'\n"), name, @@ -528,14 +761,13 @@ send_to_peer_notify_callback (void *cls, size_t size, void *buf) struct TunnelMessageQueue *tnq; s->th = NULL; - tnq = s->head; + tnq = s->specifics.tcp_udp.head; if (NULL == tnq) return 0; if (0 == size) { s->th = GNUNET_MESH_notify_transmit_ready (tunnel, GNUNET_NO /* corking */, - 0 /* priority */, GNUNET_TIME_UNIT_FOREVER_REL, NULL, tnq->len, @@ -546,14 +778,13 @@ send_to_peer_notify_callback (void *cls, size_t size, void *buf) GNUNET_assert (size >= tnq->len); memcpy (buf, tnq->payload, tnq->len); size = tnq->len; - GNUNET_CONTAINER_DLL_remove (s->head, - s->tail, + GNUNET_CONTAINER_DLL_remove (s->specifics.tcp_udp.head, + s->specifics.tcp_udp.tail, tnq); GNUNET_free (tnq); - if (NULL != (tnq = s->head)) + if (NULL != (tnq = s->specifics.tcp_udp.head)) s->th = GNUNET_MESH_notify_transmit_ready (tunnel, GNUNET_NO /* corking */, - 0 /* priority */, GNUNET_TIME_UNIT_FOREVER_REL, NULL, tnq->len, @@ -580,9 +811,10 @@ send_packet_to_mesh_tunnel (struct GNUNET_MESH_Tunnel *mesh_tunnel, s = GNUNET_MESH_tunnel_get_data (mesh_tunnel); GNUNET_assert (NULL != s); - GNUNET_CONTAINER_DLL_insert_tail (s->head, s->tail, tnq); + GNUNET_CONTAINER_DLL_insert_tail (s->specifics.tcp_udp.head, s->specifics.tcp_udp.tail, tnq); if (NULL == s->th) - s->th = GNUNET_MESH_notify_transmit_ready (mesh_tunnel, GNUNET_NO /* cork */, 0 /* priority */, + s->th = GNUNET_MESH_notify_transmit_ready (mesh_tunnel, + GNUNET_NO /* cork */, GNUNET_TIME_UNIT_FOREVER_REL, NULL, tnq->len, &send_to_peer_notify_callback, @@ -876,7 +1108,7 @@ tcp_from_helper (const struct GNUNET_TUN_TcpHeader *tcp, const void *source_ip) { struct TunnelState *state; - char buf[pktlen]; + char buf[pktlen] GNUNET_ALIGN; struct GNUNET_TUN_TcpHeader *mtcp; struct GNUNET_EXIT_TcpDataMessage *tdm; struct TunnelMessageQueue *tnq; @@ -953,7 +1185,7 @@ tcp_from_helper (const struct GNUNET_TUN_TcpHeader *tcp, * @param client unsued * @param message message received from helper */ -static void +static int message_token (void *cls GNUNET_UNUSED, void *client GNUNET_UNUSED, const struct GNUNET_MessageHeader *message) { @@ -970,13 +1202,13 @@ message_token (void *cls GNUNET_UNUSED, void *client GNUNET_UNUSED, if (ntohs (message->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER) { GNUNET_break (0); - return; + return GNUNET_OK; } size = ntohs (message->size); if (size < sizeof (struct GNUNET_TUN_Layer2PacketHeader) + sizeof (struct GNUNET_MessageHeader)) { GNUNET_break (0); - return; + return GNUNET_OK; } GNUNET_STATISTICS_update (stats, gettext_noop ("# Bytes received from TUN"), @@ -993,20 +1225,20 @@ message_token (void *cls GNUNET_UNUSED, void *client GNUNET_UNUSED, { /* Kernel to blame? */ GNUNET_break (0); - return; + return GNUNET_OK; } pkt4 = (const struct GNUNET_TUN_IPv4Header *) &pkt_tun[1]; if (size != ntohs (pkt4->total_length)) { /* Kernel to blame? */ GNUNET_break (0); - return; + return GNUNET_OK; } if (pkt4->header_length * 4 != sizeof (struct GNUNET_TUN_IPv4Header)) { GNUNET_log (GNUNET_ERROR_TYPE_WARNING, _("IPv4 packet options received. Ignored.\n")); - return; + return GNUNET_OK; } size -= sizeof (struct GNUNET_TUN_IPv4Header); @@ -1034,7 +1266,7 @@ message_token (void *cls GNUNET_UNUSED, void *client GNUNET_UNUSED, GNUNET_log (GNUNET_ERROR_TYPE_WARNING, _("IPv4 packet with unsupported next header %u received. Ignored.\n"), (int) pkt4->protocol); - return; + return GNUNET_OK; } } break; @@ -1046,14 +1278,14 @@ message_token (void *cls GNUNET_UNUSED, void *client GNUNET_UNUSED, { /* Kernel to blame? */ GNUNET_break (0); - return; + return GNUNET_OK; } pkt6 = (struct GNUNET_TUN_IPv6Header *) &pkt_tun[1]; if (size != ntohs (pkt6->payload_length) + sizeof (struct GNUNET_TUN_IPv6Header)) { /* Kernel to blame? */ GNUNET_break (0); - return; + return GNUNET_OK; } size -= sizeof (struct GNUNET_TUN_IPv6Header); switch (pkt6->next_header) @@ -1080,7 +1312,7 @@ message_token (void *cls GNUNET_UNUSED, void *client GNUNET_UNUSED, GNUNET_log (GNUNET_ERROR_TYPE_WARNING, _("IPv6 packet with unsupported next header %d received. Ignored.\n"), pkt6->next_header); - return; + return GNUNET_OK; } } break; @@ -1090,6 +1322,7 @@ message_token (void *cls GNUNET_UNUSED, void *client GNUNET_UNUSED, ntohs (pkt_tun->proto)); break; } + return GNUNET_OK; } @@ -1206,7 +1439,7 @@ setup_fresh_address (int af, * cleaning up 'old' states. * * @param state skeleton state to setup a record for; should - * 'state->ri.remote_address' filled in so that + * 'state->specifics.tcp_udp.ri.remote_address' filled in so that * this code can determine which AF/protocol is * going to be used (the 'tunnel' should also * already be set); after calling this function, @@ -1217,53 +1450,53 @@ setup_fresh_address (int af, static void setup_state_record (struct TunnelState *state) { - GNUNET_HashCode key; + struct GNUNET_HashCode key; struct TunnelState *s; /* generate fresh, unique address */ do { - if (NULL == state->serv) - setup_fresh_address (state->ri.remote_address.af, - state->ri.remote_address.proto, - &state->ri.local_address); + if (NULL == state->specifics.tcp_udp.serv) + setup_fresh_address (state->specifics.tcp_udp.ri.remote_address.af, + state->specifics.tcp_udp.ri.remote_address.proto, + &state->specifics.tcp_udp.ri.local_address); else - setup_fresh_address (state->serv->address.af, - state->serv->address.proto, - &state->ri.local_address); - } while (NULL != get_redirect_state (state->ri.remote_address.af, - state->ri.remote_address.proto, - &state->ri.remote_address.address, - state->ri.remote_address.port, - &state->ri.local_address.address, - state->ri.local_address.port, + setup_fresh_address (state->specifics.tcp_udp.serv->address.af, + state->specifics.tcp_udp.serv->address.proto, + &state->specifics.tcp_udp.ri.local_address); + } while (NULL != get_redirect_state (state->specifics.tcp_udp.ri.remote_address.af, + state->specifics.tcp_udp.ri.remote_address.proto, + &state->specifics.tcp_udp.ri.remote_address.address, + state->specifics.tcp_udp.ri.remote_address.port, + &state->specifics.tcp_udp.ri.local_address.address, + state->specifics.tcp_udp.ri.local_address.port, &key)); { char buf[INET6_ADDRSTRLEN]; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Picked local address %s:%u for new connection\n", - inet_ntop (state->ri.local_address.af, - &state->ri.local_address.address, + inet_ntop (state->specifics.tcp_udp.ri.local_address.af, + &state->specifics.tcp_udp.ri.local_address.address, buf, sizeof (buf)), - (unsigned int) state->ri.local_address.port); + (unsigned int) state->specifics.tcp_udp.ri.local_address.port); } - state->state_key = key; + state->specifics.tcp_udp.state_key = key; GNUNET_assert (GNUNET_OK == GNUNET_CONTAINER_multihashmap_put (connections_map, &key, state, GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); - state->heap_node = GNUNET_CONTAINER_heap_insert (connections_heap, + state->specifics.tcp_udp.heap_node = GNUNET_CONTAINER_heap_insert (connections_heap, state, GNUNET_TIME_absolute_get ().abs_value); while (GNUNET_CONTAINER_heap_get_size (connections_heap) > max_connections) { s = GNUNET_CONTAINER_heap_remove_root (connections_heap); GNUNET_assert (state != s); - s->heap_node = NULL; + s->specifics.tcp_udp.heap_node = NULL; GNUNET_MESH_tunnel_destroy (s->tunnel); GNUNET_assert (GNUNET_OK == GNUNET_CONTAINER_multihashmap_remove (connections_map, - &s->state_key, + &s->specifics.tcp_udp.state_key, s)); GNUNET_free (s); } @@ -1493,7 +1726,7 @@ send_tcp_packet_via_tun (const struct SocketAddress *destination_address, return; } { - char buf[len]; + char buf[len] GNUNET_ALIGN; struct GNUNET_MessageHeader *hdr; struct GNUNET_TUN_Layer2PacketHeader *tun; @@ -1534,10 +1767,11 @@ send_tcp_packet_via_tun (const struct SocketAddress *destination_address, GNUNET_assert (0); break; } - (void) GNUNET_HELPER_send (helper_handle, - (const struct GNUNET_MessageHeader*) buf, - GNUNET_YES, - NULL, NULL); + if (NULL != helper_handle) + (void) GNUNET_HELPER_send (helper_handle, + (const struct GNUNET_MessageHeader*) buf, + GNUNET_YES, + NULL, NULL); } } @@ -1566,6 +1800,16 @@ receive_tcp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, const struct GNUNET_EXIT_TcpServiceStartMessage *start; uint16_t pkt_len = ntohs (message->size); + if (GNUNET_YES == state->is_dns) + { + GNUNET_break_op (0); + return GNUNET_SYSERR; + } + if (GNUNET_SYSERR == state->is_dns) + { + /* tunnel is UDP/TCP from now on */ + state->is_dns = GNUNET_NO; + } GNUNET_STATISTICS_update (stats, gettext_noop ("# TCP service creation requests received via mesh"), 1, GNUNET_NO); @@ -1581,8 +1825,8 @@ receive_tcp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, start = (const struct GNUNET_EXIT_TcpServiceStartMessage*) message; pkt_len -= sizeof (struct GNUNET_EXIT_TcpServiceStartMessage); if ( (NULL == state) || - (NULL != state->serv) || - (NULL != state->heap_node) ) + (NULL != state->specifics.tcp_udp.serv) || + (NULL != state->specifics.tcp_udp.heap_node) ) { GNUNET_break_op (0); return GNUNET_SYSERR; @@ -1599,8 +1843,8 @@ receive_tcp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, GNUNET_i2s (sender), GNUNET_h2s (&start->service_descriptor), (unsigned int) ntohs (start->tcp_header.destination_port)); - if (NULL == (state->serv = find_service (tcp_services, &start->service_descriptor, - ntohs (start->tcp_header.destination_port)))) + if (NULL == (state->specifics.tcp_udp.serv = find_service (tcp_services, &start->service_descriptor, + ntohs (start->tcp_header.destination_port)))) { GNUNET_log (GNUNET_ERROR_TYPE_INFO, _("No service found for %s on port %d!\n"), @@ -1611,10 +1855,10 @@ receive_tcp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, 1, GNUNET_NO); return GNUNET_SYSERR; } - state->ri.remote_address = state->serv->address; + state->specifics.tcp_udp.ri.remote_address = state->specifics.tcp_udp.serv->address; setup_state_record (state); - send_tcp_packet_via_tun (&state->ri.remote_address, - &state->ri.local_address, + send_tcp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address, + &state->specifics.tcp_udp.ri.local_address, &start->tcp_header, &start[1], pkt_len); return GNUNET_YES; @@ -1648,6 +1892,16 @@ receive_tcp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, const void *payload; int af; + if (GNUNET_YES == state->is_dns) + { + GNUNET_break_op (0); + return GNUNET_SYSERR; + } + if (GNUNET_SYSERR == state->is_dns) + { + /* tunnel is UDP/TCP from now on */ + state->is_dns = GNUNET_NO; + } GNUNET_STATISTICS_update (stats, gettext_noop ("# Bytes received from MESH"), pkt_len, GNUNET_NO); @@ -1662,8 +1916,8 @@ receive_tcp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, start = (const struct GNUNET_EXIT_TcpInternetStartMessage*) message; pkt_len -= sizeof (struct GNUNET_EXIT_TcpInternetStartMessage); if ( (NULL == state) || - (NULL != state->serv) || - (NULL != state->heap_node) ) + (NULL != state->specifics.tcp_udp.serv) || + (NULL != state->specifics.tcp_udp.heap_node) ) { GNUNET_break_op (0); return GNUNET_SYSERR; @@ -1674,7 +1928,7 @@ receive_tcp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, return GNUNET_SYSERR; } af = (int) ntohl (start->af); - state->ri.remote_address.af = af; + state->specifics.tcp_udp.ri.remote_address.af = af; switch (af) { case AF_INET: @@ -1691,7 +1945,7 @@ receive_tcp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, v4 = (const struct in_addr*) &start[1]; payload = &v4[1]; pkt_len -= sizeof (struct in_addr); - state->ri.remote_address.address.ipv4 = *v4; + state->specifics.tcp_udp.ri.remote_address.address.ipv4 = *v4; break; case AF_INET6: if (pkt_len < sizeof (struct in6_addr)) @@ -1707,7 +1961,7 @@ receive_tcp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, v6 = (const struct in6_addr*) &start[1]; payload = &v6[1]; pkt_len -= sizeof (struct in6_addr); - state->ri.remote_address.address.ipv6 = *v6; + state->specifics.tcp_udp.ri.remote_address.address.ipv6 = *v6; break; default: GNUNET_break_op (0); @@ -1719,15 +1973,15 @@ receive_tcp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, "Received data from %s for starting TCP stream to %s:%u\n", GNUNET_i2s (sender), inet_ntop (af, - &state->ri.remote_address.address, + &state->specifics.tcp_udp.ri.remote_address.address, buf, sizeof (buf)), (unsigned int) ntohs (start->tcp_header.destination_port)); } - state->ri.remote_address.proto = IPPROTO_TCP; - state->ri.remote_address.port = ntohs (start->tcp_header.destination_port); + state->specifics.tcp_udp.ri.remote_address.proto = IPPROTO_TCP; + state->specifics.tcp_udp.ri.remote_address.port = ntohs (start->tcp_header.destination_port); setup_state_record (state); - send_tcp_packet_via_tun (&state->ri.remote_address, - &state->ri.local_address, + send_tcp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address, + &state->specifics.tcp_udp.ri.local_address, &start->tcp_header, payload, pkt_len); return GNUNET_YES; @@ -1758,6 +2012,16 @@ receive_tcp_data (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, const struct GNUNET_EXIT_TcpDataMessage *data; uint16_t pkt_len = ntohs (message->size); + if (GNUNET_YES == state->is_dns) + { + GNUNET_break_op (0); + return GNUNET_SYSERR; + } + if (GNUNET_SYSERR == state->is_dns) + { + /* tunnel is UDP/TCP from now on */ + state->is_dns = GNUNET_NO; + } GNUNET_STATISTICS_update (stats, gettext_noop ("# Bytes received from MESH"), pkt_len, GNUNET_NO); @@ -1772,7 +2036,7 @@ receive_tcp_data (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, data = (const struct GNUNET_EXIT_TcpDataMessage*) message; pkt_len -= sizeof (struct GNUNET_EXIT_TcpDataMessage); if ( (NULL == state) || - (NULL == state->heap_node) ) + (NULL == state->specifics.tcp_udp.heap_node) ) { /* connection should have been up! */ GNUNET_STATISTICS_update (stats, @@ -1793,14 +2057,14 @@ receive_tcp_data (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, "Received additional %u bytes of data from %s for TCP stream to %s:%u\n", pkt_len, GNUNET_i2s (sender), - inet_ntop (state->ri.remote_address.af, - &state->ri.remote_address.address, + inet_ntop (state->specifics.tcp_udp.ri.remote_address.af, + &state->specifics.tcp_udp.ri.remote_address.address, buf, sizeof (buf)), - (unsigned int) state->ri.remote_address.port); + (unsigned int) state->specifics.tcp_udp.ri.remote_address.port); } - send_tcp_packet_via_tun (&state->ri.remote_address, - &state->ri.local_address, + send_tcp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address, + &state->specifics.tcp_udp.ri.local_address, &data->tcp_header, &data[1], pkt_len); return GNUNET_YES; @@ -1852,7 +2116,7 @@ send_icmp_packet_via_tun (const struct SocketAddress *destination_address, return; } { - char buf[len]; + char buf[len] GNUNET_ALIGN; struct GNUNET_MessageHeader *hdr; struct GNUNET_TUN_Layer2PacketHeader *tun; @@ -1900,10 +2164,11 @@ send_icmp_packet_via_tun (const struct SocketAddress *destination_address, GNUNET_TUN_calculate_icmp_checksum (icmp, payload, payload_length); - (void) GNUNET_HELPER_send (helper_handle, - (const struct GNUNET_MessageHeader*) buf, - GNUNET_YES, - NULL, NULL); + if (NULL != helper_handle) + (void) GNUNET_HELPER_send (helper_handle, + (const struct GNUNET_MessageHeader*) buf, + GNUNET_YES, + NULL, NULL); } } @@ -1923,12 +2188,12 @@ make_up_icmpv4_payload (struct TunnelState *state, struct GNUNET_TUN_UdpHeader *udp) { GNUNET_TUN_initialize_ipv4_header (ipp, - state->ri.remote_address.proto, + state->specifics.tcp_udp.ri.remote_address.proto, sizeof (struct GNUNET_TUN_TcpHeader), - &state->ri.remote_address.address.ipv4, - &state->ri.local_address.address.ipv4); - udp->source_port = htons (state->ri.remote_address.port); - udp->destination_port = htons (state->ri.local_address.port); + &state->specifics.tcp_udp.ri.remote_address.address.ipv4, + &state->specifics.tcp_udp.ri.local_address.address.ipv4); + udp->source_port = htons (state->specifics.tcp_udp.ri.remote_address.port); + udp->destination_port = htons (state->specifics.tcp_udp.ri.local_address.port); udp->len = htons (0); udp->crc = htons (0); } @@ -1949,12 +2214,12 @@ make_up_icmpv6_payload (struct TunnelState *state, struct GNUNET_TUN_UdpHeader *udp) { GNUNET_TUN_initialize_ipv6_header (ipp, - state->ri.remote_address.proto, + state->specifics.tcp_udp.ri.remote_address.proto, sizeof (struct GNUNET_TUN_TcpHeader), - &state->ri.remote_address.address.ipv6, - &state->ri.local_address.address.ipv6); - udp->source_port = htons (state->ri.remote_address.port); - udp->destination_port = htons (state->ri.local_address.port); + &state->specifics.tcp_udp.ri.remote_address.address.ipv6, + &state->specifics.tcp_udp.ri.local_address.address.ipv6); + udp->source_port = htons (state->specifics.tcp_udp.ri.remote_address.port); + udp->destination_port = htons (state->specifics.tcp_udp.ri.local_address.port); udp->len = htons (0); udp->crc = htons (0); } @@ -1985,9 +2250,19 @@ receive_icmp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, const struct in_addr *v4; const struct in6_addr *v6; const void *payload; - char buf[sizeof (struct GNUNET_TUN_IPv6Header) + 8]; + char buf[sizeof (struct GNUNET_TUN_IPv6Header) + 8] GNUNET_ALIGN; int af; + if (GNUNET_YES == state->is_dns) + { + GNUNET_break_op (0); + return GNUNET_SYSERR; + } + if (GNUNET_SYSERR == state->is_dns) + { + /* tunnel is UDP/TCP from now on */ + state->is_dns = GNUNET_NO; + } GNUNET_STATISTICS_update (stats, gettext_noop ("# Bytes received from MESH"), pkt_len, GNUNET_NO); @@ -2003,8 +2278,8 @@ receive_icmp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, pkt_len -= sizeof (struct GNUNET_EXIT_IcmpInternetMessage); af = (int) ntohl (msg->af); - if ( (NULL != state->heap_node) && - (af != state->ri.remote_address.af) ) + if ( (NULL != state->specifics.tcp_udp.heap_node) && + (af != state->specifics.tcp_udp.ri.remote_address.af) ) { /* other peer switched AF on this tunnel; not allowed */ GNUNET_break_op (0); @@ -2027,11 +2302,11 @@ receive_icmp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, v4 = (const struct in_addr*) &msg[1]; payload = &v4[1]; pkt_len -= sizeof (struct in_addr); - state->ri.remote_address.address.ipv4 = *v4; - if (NULL == state->heap_node) + state->specifics.tcp_udp.ri.remote_address.address.ipv4 = *v4; + if (NULL == state->specifics.tcp_udp.heap_node) { - state->ri.remote_address.af = af; - state->ri.remote_address.proto = IPPROTO_ICMP; + state->specifics.tcp_udp.ri.remote_address.af = af; + state->specifics.tcp_udp.ri.remote_address.proto = IPPROTO_ICMP; setup_state_record (state); } /* check that ICMP type is something we want to support @@ -2085,11 +2360,11 @@ receive_icmp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, v6 = (const struct in6_addr*) &msg[1]; payload = &v6[1]; pkt_len -= sizeof (struct in6_addr); - state->ri.remote_address.address.ipv6 = *v6; - if (NULL == state->heap_node) + state->specifics.tcp_udp.ri.remote_address.address.ipv6 = *v6; + if (NULL == state->specifics.tcp_udp.heap_node) { - state->ri.remote_address.af = af; - state->ri.remote_address.proto = IPPROTO_ICMPV6; + state->specifics.tcp_udp.ri.remote_address.af = af; + state->specifics.tcp_udp.ri.remote_address.proto = IPPROTO_ICMPV6; setup_state_record (state); } /* check that ICMP type is something we want to support @@ -2142,11 +2417,11 @@ receive_icmp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, "Received ICMP data from %s for forwarding to %s\n", GNUNET_i2s (sender), inet_ntop (af, - &state->ri.remote_address.address, + &state->specifics.tcp_udp.ri.remote_address.address, buf, sizeof (buf))); } - send_icmp_packet_via_tun (&state->ri.remote_address, - &state->ri.local_address, + send_icmp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address, + &state->specifics.tcp_udp.ri.local_address, &msg->icmp_header, payload, pkt_len); return GNUNET_YES; @@ -2166,7 +2441,7 @@ static uint16_t make_up_icmp_service_payload (struct TunnelState *state, char *buf) { - switch (state->serv->address.af) + switch (state->specifics.tcp_udp.serv->address.af) { case AF_INET: { @@ -2227,9 +2502,19 @@ receive_icmp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel const struct GNUNET_EXIT_IcmpServiceMessage *msg; uint16_t pkt_len = ntohs (message->size); struct GNUNET_TUN_IcmpHeader icmp; - char buf[sizeof (struct GNUNET_TUN_IPv6Header) + 8]; + char buf[sizeof (struct GNUNET_TUN_IPv6Header) + 8] GNUNET_ALIGN; const void *payload; + if (GNUNET_YES == state->is_dns) + { + GNUNET_break_op (0); + return GNUNET_SYSERR; + } + if (GNUNET_SYSERR == state->is_dns) + { + /* tunnel is UDP/TCP from now on */ + state->is_dns = GNUNET_NO; + } GNUNET_STATISTICS_update (stats, gettext_noop ("# Bytes received from MESH"), pkt_len, GNUNET_NO); @@ -2248,7 +2533,7 @@ receive_icmp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel "Received data from %s for forwarding to ICMP service %s\n", GNUNET_i2s (sender), GNUNET_h2s (&msg->service_descriptor)); - if (NULL == state->serv) + if (NULL == state->specifics.tcp_udp.serv) { /* first packet to service must not be ICMP (cannot determine service!) */ GNUNET_break_op (0); @@ -2256,7 +2541,7 @@ receive_icmp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel } icmp = msg->icmp_header; payload = &msg[1]; - state->ri.remote_address = state->serv->address; + state->specifics.tcp_udp.ri.remote_address = state->specifics.tcp_udp.serv->address; setup_state_record (state); /* check that ICMP type is something we want to support, @@ -2267,15 +2552,15 @@ receive_icmp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel switch (msg->icmp_header.type) { case GNUNET_TUN_ICMPTYPE_ECHO_REPLY: - if (state->serv->address.af == AF_INET6) + if (state->specifics.tcp_udp.serv->address.af == AF_INET6) icmp.type = GNUNET_TUN_ICMPTYPE6_ECHO_REPLY; break; case GNUNET_TUN_ICMPTYPE_ECHO_REQUEST: - if (state->serv->address.af == AF_INET6) + if (state->specifics.tcp_udp.serv->address.af == AF_INET6) icmp.type = GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST; break; case GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE: - if (state->serv->address.af == AF_INET6) + if (state->specifics.tcp_udp.serv->address.af == AF_INET6) icmp.type = GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE; if (0 != pkt_len) { @@ -2286,7 +2571,7 @@ receive_icmp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel pkt_len = make_up_icmp_service_payload (state, buf); break; case GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED: - if (state->serv->address.af == AF_INET6) + if (state->specifics.tcp_udp.serv->address.af == AF_INET6) icmp.type = GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED; if (0 != pkt_len) { @@ -2297,7 +2582,7 @@ receive_icmp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel pkt_len = make_up_icmp_service_payload (state, buf); break; case GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH: - if (state->serv->address.af == AF_INET6) + if (state->specifics.tcp_udp.serv->address.af == AF_INET6) { GNUNET_STATISTICS_update (stats, gettext_noop ("# ICMPv4 packets dropped (impossible PT to v6)"), @@ -2325,15 +2610,15 @@ receive_icmp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel switch (msg->icmp_header.type) { case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY: - if (state->serv->address.af == AF_INET) + if (state->specifics.tcp_udp.serv->address.af == AF_INET) icmp.type = GNUNET_TUN_ICMPTYPE_ECHO_REPLY; break; case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST: - if (state->serv->address.af == AF_INET) + if (state->specifics.tcp_udp.serv->address.af == AF_INET) icmp.type = GNUNET_TUN_ICMPTYPE_ECHO_REQUEST; break; case GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE: - if (state->serv->address.af == AF_INET) + if (state->specifics.tcp_udp.serv->address.af == AF_INET) icmp.type = GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE; if (0 != pkt_len) { @@ -2344,7 +2629,7 @@ receive_icmp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel pkt_len = make_up_icmp_service_payload (state, buf); break; case GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED: - if (state->serv->address.af == AF_INET) + if (state->specifics.tcp_udp.serv->address.af == AF_INET) icmp.type = GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED; if (0 != pkt_len) { @@ -2356,7 +2641,7 @@ receive_icmp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel break; case GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG: case GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM: - if (state->serv->address.af == AF_INET) + if (state->specifics.tcp_udp.serv->address.af == AF_INET) { GNUNET_STATISTICS_update (stats, gettext_noop ("# ICMPv6 packets dropped (impossible PT to v4)"), @@ -2385,8 +2670,8 @@ receive_icmp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel return GNUNET_SYSERR; } - send_icmp_packet_via_tun (&state->ri.remote_address, - &state->ri.local_address, + send_icmp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address, + &state->specifics.tcp_udp.ri.local_address, &icmp, payload, pkt_len); return GNUNET_YES; @@ -2435,7 +2720,7 @@ send_udp_packet_via_tun (const struct SocketAddress *destination_address, return; } { - char buf[len]; + char buf[len] GNUNET_ALIGN; struct GNUNET_MessageHeader *hdr; struct GNUNET_TUN_Layer2PacketHeader *tun; @@ -2476,10 +2761,11 @@ send_udp_packet_via_tun (const struct SocketAddress *destination_address, GNUNET_assert (0); break; } - (void) GNUNET_HELPER_send (helper_handle, - (const struct GNUNET_MessageHeader*) buf, - GNUNET_YES, - NULL, NULL); + if (NULL != helper_handle) + (void) GNUNET_HELPER_send (helper_handle, + (const struct GNUNET_MessageHeader*) buf, + GNUNET_YES, + NULL, NULL); } } @@ -2511,6 +2797,16 @@ receive_udp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, const void *payload; int af; + if (GNUNET_YES == state->is_dns) + { + GNUNET_break_op (0); + return GNUNET_SYSERR; + } + if (GNUNET_SYSERR == state->is_dns) + { + /* tunnel is UDP/TCP from now on */ + state->is_dns = GNUNET_NO; + } GNUNET_STATISTICS_update (stats, gettext_noop ("# Bytes received from MESH"), pkt_len, GNUNET_NO); @@ -2525,7 +2821,7 @@ receive_udp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, msg = (const struct GNUNET_EXIT_UdpInternetMessage*) message; pkt_len -= sizeof (struct GNUNET_EXIT_UdpInternetMessage); af = (int) ntohl (msg->af); - state->ri.remote_address.af = af; + state->specifics.tcp_udp.ri.remote_address.af = af; switch (af) { case AF_INET: @@ -2542,7 +2838,7 @@ receive_udp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, v4 = (const struct in_addr*) &msg[1]; payload = &v4[1]; pkt_len -= sizeof (struct in_addr); - state->ri.remote_address.address.ipv4 = *v4; + state->specifics.tcp_udp.ri.remote_address.address.ipv4 = *v4; break; case AF_INET6: if (pkt_len < sizeof (struct in6_addr)) @@ -2558,7 +2854,7 @@ receive_udp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, v6 = (const struct in6_addr*) &msg[1]; payload = &v6[1]; pkt_len -= sizeof (struct in6_addr); - state->ri.remote_address.address.ipv6 = *v6; + state->specifics.tcp_udp.ri.remote_address.address.ipv6 = *v6; break; default: GNUNET_break_op (0); @@ -2570,18 +2866,18 @@ receive_udp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, "Received data from %s for forwarding to UDP %s:%u\n", GNUNET_i2s (sender), inet_ntop (af, - &state->ri.remote_address.address, + &state->specifics.tcp_udp.ri.remote_address.address, buf, sizeof (buf)), (unsigned int) ntohs (msg->destination_port)); } - state->ri.remote_address.proto = IPPROTO_UDP; - state->ri.remote_address.port = msg->destination_port; - if (NULL == state->heap_node) + state->specifics.tcp_udp.ri.remote_address.proto = IPPROTO_UDP; + state->specifics.tcp_udp.ri.remote_address.port = msg->destination_port; + if (NULL == state->specifics.tcp_udp.heap_node) setup_state_record (state); if (0 != ntohs (msg->source_port)) - state->ri.local_address.port = msg->source_port; - send_udp_packet_via_tun (&state->ri.remote_address, - &state->ri.local_address, + state->specifics.tcp_udp.ri.local_address.port = msg->source_port; + send_udp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address, + &state->specifics.tcp_udp.ri.local_address, payload, pkt_len); return GNUNET_YES; } @@ -2611,6 +2907,16 @@ receive_udp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, const struct GNUNET_EXIT_UdpServiceMessage *msg; uint16_t pkt_len = ntohs (message->size); + if (GNUNET_YES == state->is_dns) + { + GNUNET_break_op (0); + return GNUNET_SYSERR; + } + if (GNUNET_SYSERR == state->is_dns) + { + /* tunnel is UDP/TCP from now on */ + state->is_dns = GNUNET_NO; + } GNUNET_STATISTICS_update (stats, gettext_noop ("# Bytes received from MESH"), pkt_len, GNUNET_NO); @@ -2625,13 +2931,13 @@ receive_udp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, } msg = (const struct GNUNET_EXIT_UdpServiceMessage*) message; pkt_len -= sizeof (struct GNUNET_EXIT_UdpServiceMessage); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Received data from %s for forwarding to UDP service %s on port %u\n", - GNUNET_i2s (sender), - GNUNET_h2s (&msg->service_descriptor), - (unsigned int) ntohs (msg->destination_port)); - if (NULL == (state->serv = find_service (udp_services, &msg->service_descriptor, - ntohs (msg->destination_port)))) + LOG (GNUNET_ERROR_TYPE_DEBUG, + "Received data from %s for forwarding to UDP service %s on port %u\n", + GNUNET_i2s (sender), + GNUNET_h2s (&msg->service_descriptor), + (unsigned int) ntohs (msg->destination_port)); + if (NULL == (state->specifics.tcp_udp.serv = find_service (udp_services, &msg->service_descriptor, + ntohs (msg->destination_port)))) { GNUNET_log (GNUNET_ERROR_TYPE_INFO, _("No service found for %s on port %d!\n"), @@ -2642,12 +2948,12 @@ receive_udp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, 1, GNUNET_NO); return GNUNET_SYSERR; } - state->ri.remote_address = state->serv->address; + state->specifics.tcp_udp.ri.remote_address = state->specifics.tcp_udp.serv->address; setup_state_record (state); if (0 != ntohs (msg->source_port)) - state->ri.local_address.port = msg->source_port; - send_udp_packet_via_tun (&state->ri.remote_address, - &state->ri.local_address, + state->specifics.tcp_udp.ri.local_address.port = msg->source_port; + send_udp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address, + &state->specifics.tcp_udp.ri.local_address, &msg[1], pkt_len); return GNUNET_YES; } @@ -2669,6 +2975,7 @@ new_tunnel (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel, { struct TunnelState *s = GNUNET_malloc (sizeof (struct TunnelState)); + s->is_dns = GNUNET_SYSERR; GNUNET_STATISTICS_update (stats, gettext_noop ("# Inbound MESH tunnels created"), 1, GNUNET_NO); @@ -2696,23 +3003,37 @@ clean_tunnel (void *cls GNUNET_UNUSED, const struct GNUNET_MESH_Tunnel *tunnel, struct TunnelState *s = tunnel_ctx; struct TunnelMessageQueue *tnq; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Tunnel destroyed\n"); - while (NULL != (tnq = s->head)) + LOG (GNUNET_ERROR_TYPE_DEBUG, + "Tunnel destroyed\n"); + if (GNUNET_SYSERR == s->is_dns) { - GNUNET_CONTAINER_DLL_remove (s->head, - s->tail, - tnq); - GNUNET_free (tnq); + GNUNET_free (s); + return; } - if (s->heap_node != NULL) + if (GNUNET_YES == s->is_dns) { - GNUNET_assert (GNUNET_YES == - GNUNET_CONTAINER_multihashmap_remove (connections_map, - &s->state_key, - s)); - GNUNET_CONTAINER_heap_remove_node (s->heap_node); - s->heap_node = NULL; + if (tunnels[s->specifics.dns.my_id] == s) + tunnels[s->specifics.dns.my_id] = NULL; + GNUNET_free_non_null (s->specifics.dns.reply); + } + else + { + while (NULL != (tnq = s->specifics.tcp_udp.head)) + { + GNUNET_CONTAINER_DLL_remove (s->specifics.tcp_udp.head, + s->specifics.tcp_udp.tail, + tnq); + GNUNET_free (tnq); + } + if (NULL != s->specifics.tcp_udp.heap_node) + { + GNUNET_assert (GNUNET_YES == + GNUNET_CONTAINER_multihashmap_remove (connections_map, + &s->specifics.tcp_udp.state_key, + s)); + GNUNET_CONTAINER_heap_remove_node (s->specifics.tcp_udp.heap_node); + s->specifics.tcp_udp.heap_node = NULL; + } } if (NULL != s->th) { @@ -2732,7 +3053,7 @@ clean_tunnel (void *cls GNUNET_UNUSED, const struct GNUNET_MESH_Tunnel *tunnel, */ static int free_iterate (void *cls GNUNET_UNUSED, - const GNUNET_HashCode * hash GNUNET_UNUSED, void *value) + const struct GNUNET_HashCode * hash GNUNET_UNUSED, void *value) { GNUNET_free (value); return GNUNET_YES; @@ -2750,6 +3071,7 @@ cleanup (void *cls GNUNET_UNUSED, GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Exit service is shutting down now\n"); + if (helper_handle != NULL) { GNUNET_HELPER_stop (helper_handle); @@ -2783,6 +3105,11 @@ cleanup (void *cls GNUNET_UNUSED, GNUNET_CONTAINER_multihashmap_destroy (udp_services); udp_services = NULL; } + if (NULL != dnsstub) + { + GNUNET_DNSSTUB_stop (dnsstub); + dnsstub = NULL; + } if (stats != NULL) { GNUNET_STATISTICS_destroy (stats, GNUNET_NO); @@ -2853,18 +3180,19 @@ add_services (int proto, } serv = GNUNET_malloc (sizeof (struct LocalService)); + serv->address.proto = proto; serv->my_port = (uint16_t) local_port; serv->address.port = remote_port; if (0 == strcmp ("localhost4", hostname)) { - const char *ip4addr = exit_argv[4]; + const char *ip4addr = exit_argv[5]; serv->address.af = AF_INET; - GNUNET_assert (1 != inet_pton (AF_INET, ip4addr, &serv->address.address.ipv4)); + GNUNET_assert (1 == inet_pton (AF_INET, ip4addr, &serv->address.address.ipv4)); } else if (0 == strcmp ("localhost6", hostname)) { - const char *ip6addr = exit_argv[2]; + const char *ip6addr = exit_argv[3]; serv->address.af = AF_INET6; GNUNET_assert (1 == inet_pton (AF_INET6, ip6addr, &serv->address.address.ipv6)); @@ -2962,31 +3290,6 @@ read_service_conf (void *cls GNUNET_UNUSED, const char *section) } -/** - * Test if the given AF is supported by this system. - * - * @param af to test - * @return GNUNET_OK if the AF is supported - */ -static int -test_af (int af) -{ - int s; - - s = socket (af, SOCK_STREAM, 0); - if (-1 == s) - { - if (EAFNOSUPPORT == errno) - return GNUNET_NO; - GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, - "socket"); - return GNUNET_SYSERR; - } - close (s); - return GNUNET_OK; -} - - /** * @brief Main function that will be run by the scheduler. * @@ -3008,10 +3311,12 @@ run (void *cls, char *const *args GNUNET_UNUSED, {&receive_tcp_service, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_SERVICE_START, 0}, {&receive_tcp_remote, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_INTERNET_START, 0}, {&receive_tcp_data, GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_EXIT, 0}, + {&receive_dns_request, GNUNET_MESSAGE_TYPE_VPN_DNS_TO_INTERNET, 0}, {NULL, 0, 0} }; static GNUNET_MESH_ApplicationType apptypes[] = { + GNUNET_APPLICATION_TYPE_END, GNUNET_APPLICATION_TYPE_END, GNUNET_APPLICATION_TYPE_END, GNUNET_APPLICATION_TYPE_END @@ -3023,25 +3328,37 @@ run (void *cls, char *const *args GNUNET_UNUSED, char *ipv6prefix_s; char *ipv4addr; char *ipv4mask; + char *binary; + char *regex; + char *prefixed_regex; + struct in_addr dns_exit4; + struct in6_addr dns_exit6; + char *dns_exit; - if (GNUNET_YES != - GNUNET_OS_check_helper_binary ("gnunet-helper-exit")) - { - fprintf (stderr, - "`%s' is not SUID, refusing to run.\n", - "gnunet-helper-exit"); - global_ret = 1; - return; - } cfg = cfg_; - stats = GNUNET_STATISTICS_create ("exit", cfg); ipv4_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV4"); ipv6_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV6"); ipv4_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV4"); ipv6_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV6"); + if ( (ipv4_exit) || (ipv6_exit) ) + { + binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-exit"); + if (GNUNET_YES != + GNUNET_OS_check_helper_binary (binary)) + { + GNUNET_free (binary); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + _("`%s' must be installed SUID, refusing to run\n"), + "gnunet-helper-exit"); + global_ret = 1; + return; + } + GNUNET_free (binary); + } + stats = GNUNET_STATISTICS_create ("exit", cfg); if ( (ipv4_exit || ipv4_enabled) && - GNUNET_OK != test_af (AF_INET)) + GNUNET_OK != GNUNET_NETWORK_test_pf (PF_INET)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, _("This system does not support IPv4, will disable IPv4 functions despite them being enabled in the configuration\n")); @@ -3049,7 +3366,7 @@ run (void *cls, char *const *args GNUNET_UNUSED, ipv4_enabled = GNUNET_NO; } if ( (ipv6_exit || ipv6_enabled) && - GNUNET_OK != test_af (AF_INET6)) + GNUNET_OK != GNUNET_NETWORK_test_pf (PF_INET6)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, _("This system does not support IPv6, will disable IPv6 functions despite them being enabled in the configuration\n")); @@ -3075,6 +3392,26 @@ run (void *cls, char *const *args GNUNET_UNUSED, GNUNET_SCHEDULER_shutdown (); return; } + + dns_exit = NULL; + if ( (GNUNET_YES == + GNUNET_CONFIGURATION_get_value_yesno (cfg_, "exit", "ENABLE_DNS")) && + ( (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_string (cfg, "exit", + "DNS_RESOLVER", + &dns_exit)) || + ( (1 != inet_pton (AF_INET, dns_exit, &dns_exit4)) && + (1 != inet_pton (AF_INET6, dns_exit, &dns_exit6)) ) ) ) + { + GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, "dns", "DNS_RESOLVER", + _("need a valid IPv4 or IPv6 address\n")); + GNUNET_free_non_null (dns_exit); + dns_exit = NULL; + } + if (NULL != dns_exit) + dnsstub = GNUNET_DNSSTUB_start (dns_exit); + + app_idx = 0; if (GNUNET_YES == ipv4_exit) { @@ -3086,6 +3423,11 @@ run (void *cls, char *const *args GNUNET_UNUSED, apptypes[app_idx] = GNUNET_APPLICATION_TYPE_IPV6_GATEWAY; app_idx++; } + if (NULL != dns_exit) + { + apptypes[app_idx] = GNUNET_APPLICATION_TYPE_INTERNET_RESOLVER; + app_idx++; + } GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &cleanup, cls); @@ -3193,14 +3535,14 @@ run (void *cls, char *const *args GNUNET_UNUSED, } exit_argv[7] = NULL; - udp_services = GNUNET_CONTAINER_multihashmap_create (65536); - tcp_services = GNUNET_CONTAINER_multihashmap_create (65536); + udp_services = GNUNET_CONTAINER_multihashmap_create (65536, GNUNET_NO); + tcp_services = GNUNET_CONTAINER_multihashmap_create (65536, GNUNET_NO); GNUNET_CONFIGURATION_iterate_sections (cfg, &read_service_conf, NULL); - connections_map = GNUNET_CONTAINER_multihashmap_create (65536); + connections_map = GNUNET_CONTAINER_multihashmap_create (65536, GNUNET_NO); connections_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN); mesh_handle - = GNUNET_MESH_connect (cfg, 42 /* queue size */, NULL, + = GNUNET_MESH_connect (cfg, NULL, &new_tunnel, &clean_tunnel, handlers, apptypes); @@ -3209,9 +3551,49 @@ run (void *cls, char *const *args GNUNET_UNUSED, GNUNET_SCHEDULER_shutdown (); return; } - helper_handle = GNUNET_HELPER_start ("gnunet-helper-exit", - exit_argv, - &message_token, NULL); + + /* Mesh handle acquired, now announce regular expressions matching our exit */ + if ( (GNUNET_YES == ipv4_enabled) && (GNUNET_YES == ipv4_exit) ) + { + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_string (cfg, + "exit", + "EXIT_RANGE_IPV4_REGEX", + ®ex)) + regex = GNUNET_strdup ("(0|1)*"); + (void) GNUNET_asprintf (&prefixed_regex, "%s%s%s", + GNUNET_APPLICATION_TYPE_EXIT_REGEX_PREFIX, + "4", regex); + GNUNET_MESH_announce_regex (mesh_handle, + prefixed_regex, + REGEX_MAX_PATH_LEN_IPV4); + GNUNET_free (regex); + GNUNET_free (prefixed_regex); + } + + if (GNUNET_YES == ipv6_enabled && GNUNET_YES == ipv6_exit) + { + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_string (cfg, + "exit", + "EXIT_RANGE_IPV6_REGEX", + ®ex)) + regex = GNUNET_strdup ("(0|1)*"); + (void) GNUNET_asprintf (&prefixed_regex, "%s%s%s", + GNUNET_APPLICATION_TYPE_EXIT_REGEX_PREFIX, + "6", regex); + GNUNET_MESH_announce_regex (mesh_handle, + prefixed_regex, + REGEX_MAX_PATH_LEN_IPV6); + GNUNET_free (regex); + GNUNET_free (prefixed_regex); + } + if ((ipv4_exit) || (ipv6_exit)) + helper_handle = GNUNET_HELPER_start (GNUNET_NO, + "gnunet-helper-exit", + exit_argv, + &message_token, + NULL, NULL); } @@ -3229,6 +3611,9 @@ main (int argc, char *const *argv) GNUNET_GETOPT_OPTION_END }; + if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv)) + return 2; + return (GNUNET_OK == GNUNET_PROGRAM_run (argc, argv, "gnunet-daemon-exit", gettext_noop