-convert vpn/exit/pt to use new CADET ports

author: Christian Grothoff <christian@grothoff.org> 2016-08-11 13:02:01 +0000
committer: Christian Grothoff <christian@grothoff.org> 2016-08-11 13:02:01 +0000
commit: 2a6e6e1654af25646b0f0812595ecf8e4319f643 (patch)
tree: 4ab2e8ba0283c540a1759f3ed3da346efd40ba54 /src/exit
parent: 666c8fa4c8e4ff13487dca37f26c26663adff579 (diff)
download: gnunet-2a6e6e1654af25646b0f0812595ecf8e4319f643.tar.gz
gnunet-2a6e6e1654af25646b0f0812595ecf8e4319f643.zip
1 files changed, 250 insertions, 169 deletions
diff --git a/src/exit/gnunet-daemon-exit.c b/src/exit/gnunet-daemon-exit.c
index 2b9ddc722..c8a2e85ef 100644
--- a/src/exit/gnunet-daemon-exit.c
+++ b/src/exit/gnunet-daemon-exit.c
@@ -3480,81 +3480,30 @@ do_dht_put (void *cls)
                            sizeof (struct GNUNET_DNS_Advertisement),
                            &dns_advertisement,
                            expiration,
-                            &dht_put_cont, NULL);
+                            &dht_put_cont,
+                            NULL);
 }
 /**
- * @brief Main function that will be run by the scheduler.
+ * Figure out which IP versions we should support (and which
- *
+ * are supported by the OS) according to our configuration.
- * @param cls closure
- * @param args remaining command-line arguments
- * @param cfgfile name of the configuration file used (for saving, can be NULL!)
- * @param cfg_ configuration
 */
 static void
-run (void *cls,
+parse_ip_options ()
-     char *const *args,
-     const char *cfgfile,
-     const struct GNUNET_CONFIGURATION_Handle *cfg_)
 {
-  static struct GNUNET_CADET_MessageHandler handlers[] = {
+  ipv4_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg,
-    {&receive_icmp_service, GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_SERVICE, 0},
+                                                    "exit",
-    {&receive_icmp_remote, GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_INTERNET, 0},
+                                                    "EXIT_IPV4");
-    {&receive_udp_service, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_SERVICE, 0},
+  ipv6_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg,
-    {&receive_udp_remote, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_INTERNET, 0},
+                                                    "exit",
-    {&receive_tcp_service, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_SERVICE_START, 0},
+                                                    "EXIT_IPV6");
-    {&receive_tcp_remote, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_INTERNET_START, 0},
+  ipv4_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg,
-    {&receive_tcp_data, GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_EXIT, 0},
+                                                       "exit",
-    {&receive_dns_request, GNUNET_MESSAGE_TYPE_VPN_DNS_TO_INTERNET, 0},
+                                                       "ENABLE_IPV4");
-    {NULL, 0, 0}
+  ipv6_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg,
-  };
+                                                       "exit",
+                                                       "ENABLE_IPV6");
-  static uint32_t apptypes[] = {
-    GNUNET_APPLICATION_TYPE_END,
-    GNUNET_APPLICATION_TYPE_END,
-    GNUNET_APPLICATION_TYPE_END,
-    GNUNET_APPLICATION_TYPE_END
-  };
-  unsigned int app_idx;
-  char *exit_ifname;
-  char *tun_ifname;
-  char *policy;
-  char *ipv6addr;
-  char *ipv6prefix_s;
-  char *ipv4addr;
-  char *ipv4mask;
-  char *binary;
-  char *regex;
-  char *prefixed_regex;
-  struct in_addr dns_exit4;
-  struct in6_addr dns_exit6;
-  char *dns_exit;
-  cfg = cfg_;
-  ipv4_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV4");
-  ipv6_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV6");
-  ipv4_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV4");
-  ipv6_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV6");
-  if ( (ipv4_exit) || (ipv6_exit) )
-  {
-    binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-exit");
-    if (GNUNET_YES !=
-        GNUNET_OS_check_helper_binary (binary, GNUNET_YES, "-d gnunet-vpn - - - 169.1.3.3.7 255.255.255.0")) //no nat, ipv4 only
-    {
-      GNUNET_free (binary);
-      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                  _("`%s' must be installed SUID, EXIT will not work\n"),
-                  "gnunet-helper-exit");
-      GNUNET_SCHEDULER_add_shutdown (&dummy_task,
-                                     NULL);
-      global_ret = 1;
-      return;
-    }
-    GNUNET_free (binary);
-  }
-  stats = GNUNET_STATISTICS_create ("exit", cfg);
  if ( (ipv4_exit || ipv4_enabled) &&
       GNUNET_OK != GNUNET_NETWORK_test_pf (PF_INET))
  {
@@ -3583,83 +3532,110 @@ run (void *cls,
                _("Cannot enable IPv6 exit but disable IPv6 on TUN interface, will use ENABLE_IPv6=YES\n"));
    ipv6_enabled = GNUNET_YES;
  }
-  if (! (ipv4_enabled || ipv6_enabled))
+}
-  {
-    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                _("No useful service enabled.  Exiting.\n"));
+/**
-    GNUNET_SCHEDULER_shutdown ();
+ * Helper function to open the CADET port for DNS exits and to
-    return;
+ * advertise the DNS exit (if applicable).
-  }
+ */
+static void
+advertise_dns_exit ()
+{
+  char *dns_exit;
+  struct GNUNET_HashCode port;
+  struct in_addr dns_exit4;
+  struct in6_addr dns_exit6;
-  dns_exit = NULL;
+  if (GNUNET_YES !=
-  if ( (GNUNET_YES ==
+      GNUNET_CONFIGURATION_get_value_yesno (cfg,
-        GNUNET_CONFIGURATION_get_value_yesno (cfg_, "exit", "EXIT_DNS")) &&
+                                            "exit",
-       ( (GNUNET_OK !=
+                                            "EXIT_DNS"))
-          GNUNET_CONFIGURATION_get_value_string (cfg, "exit",
+    return;
-                                                 "DNS_RESOLVER",
+  if ( (GNUNET_OK !=
-                                                 &dns_exit)) ||
+        GNUNET_CONFIGURATION_get_value_string (cfg,
-         ( (1 != inet_pton (AF_INET, dns_exit, &dns_exit4)) &&
+                                               "exit",
-           (1 != inet_pton (AF_INET6, dns_exit, &dns_exit6)) ) ) )
+                                               "DNS_RESOLVER",
+                                               &dns_exit)) ||
+       ( (1 != inet_pton (AF_INET,
+                          dns_exit,
+                          &dns_exit4)) &&
+         (1 != inet_pton (AF_INET6,
+                          dns_exit,
+                          &dns_exit6)) ) )
  {
    GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
-                               "dns", "DNS_RESOLVER",
+                               "dns",
+                               "DNS_RESOLVER",
                               _("need a valid IPv4 or IPv6 address\n"));
-    GNUNET_free_non_null (dns_exit);
+    return;
-    dns_exit = NULL;
+  }
-  }
+  /* open port */
-  app_idx = 0;
+  GNUNET_CRYPTO_hash (GNUNET_APPLICATION_PORT_INTERNET_RESOLVER,
-  if (GNUNET_YES == ipv4_exit)
+                      strlen (GNUNET_APPLICATION_PORT_INTERNET_RESOLVER),
-  {
+                      &port);
-    apptypes[app_idx] = GNUNET_APPLICATION_TYPE_IPV4_GATEWAY;
+  GNUNET_CADET_open_port (cadet_handle,
-    app_idx++;
+                          &port,
-  }
+                          &new_channel,
-  if (GNUNET_YES == ipv6_exit)
+                          NULL);
-  {
+  /* advertise exit */
-    apptypes[app_idx] = GNUNET_APPLICATION_TYPE_IPV6_GATEWAY;
+  dht = GNUNET_DHT_connect (cfg,
-    app_idx++;
+                            1);
-  }
+  peer_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg);
-  if (NULL != dns_exit)
+  GNUNET_CRYPTO_eddsa_key_get_public (peer_key,
-  {
+                                      &dns_advertisement.peer.public_key);
-    dht = GNUNET_DHT_connect (cfg, 1);
+  dns_advertisement.purpose.size = htonl (sizeof (struct GNUNET_DNS_Advertisement) -
-    peer_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg);
+                                          sizeof (struct GNUNET_CRYPTO_EddsaSignature));
-    GNUNET_CRYPTO_eddsa_key_get_public (peer_key,
+  dns_advertisement.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DNS_RECORD);
-                                                    &dns_advertisement.peer.public_key);
+  GNUNET_CRYPTO_hash ("dns",
-    dns_advertisement.purpose.size = htonl (sizeof (struct GNUNET_DNS_Advertisement) -
+                      strlen ("dns"),
-                                            sizeof (struct GNUNET_CRYPTO_EddsaSignature));
+                      &dht_put_key);
-    dns_advertisement.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DNS_RECORD);
+  dht_task = GNUNET_SCHEDULER_add_now (&do_dht_put,
-    GNUNET_CRYPTO_hash ("dns",
+                                       NULL);
-                        strlen ("dns"),
+  GNUNET_free (dns_exit);
-                        &dht_put_key);
+}
-    dht_task = GNUNET_SCHEDULER_add_now (&do_dht_put,
-                                         NULL);
-    apptypes[app_idx] = GNUNET_APPLICATION_TYPE_INTERNET_RESOLVER;
+/**
-    app_idx++;
+ * Initialize #exit_argv.
-  }
+ *
-  GNUNET_free_non_null (dns_exit);
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR if we should shutdown
-  GNUNET_SCHEDULER_add_shutdown (&cleanup,
+ */
-                                 NULL);
+static int
+setup_exit_helper_args ()
+{
+  char *exit_ifname;
+  char *tun_ifname;
+  char *ipv6addr;
+  char *ipv6prefix_s;
+  char *ipv4addr;
+  char *ipv4mask;
-  if (GNUNET_OK !=
-      GNUNET_CONFIGURATION_get_value_number (cfg, "exit", "MAX_CONNECTIONS",
-                                             &max_connections))
-    max_connections = 1024;
  exit_argv[0] = GNUNET_strdup ("exit-gnunet");
  if (GNUNET_SYSERR ==
-      GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "TUN_IFNAME", &tun_ifname))
+      GNUNET_CONFIGURATION_get_value_string (cfg,
+                                             "exit",
+                                             "TUN_IFNAME",
+                                             &tun_ifname))
  {
-    GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "EXIT", "TUN_IFNAME");
+    GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
-    GNUNET_SCHEDULER_shutdown ();
+                               "EXIT",
-    return;
+                               "TUN_IFNAME");
+    return GNUNET_SYSERR;
  }
  exit_argv[1] = tun_ifname;
  if (ipv4_enabled)
  {
    if (GNUNET_SYSERR ==
-        GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "EXIT_IFNAME", &exit_ifname))
+        GNUNET_CONFIGURATION_get_value_string (cfg,
+                                               "exit",
+                                               "EXIT_IFNAME",
+                                               &exit_ifname))
    {
-      GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "EXIT", "EXIT_IFNAME");
+      GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
-      GNUNET_SCHEDULER_shutdown ();
+                                 "EXIT",
-      return;
+                                 "EXIT_IFNAME");
+      return GNUNET_SYSERR;
    }
    exit_argv[2] = exit_ifname;
  }
@@ -3668,7 +3644,6 @@ run (void *cls,
    exit_argv[2] = GNUNET_strdup ("-");
  }
  if (GNUNET_YES == ipv6_enabled)
  {
    ipv6addr = NULL;
@@ -3677,33 +3652,41 @@ run (void *cls,
                                                 "exit",
                                                 "IPV6ADDR",
                                                 &ipv6addr) ||
-          (1 != inet_pton (AF_INET6, ipv6addr, &exit_ipv6addr))) )
+          (1 != inet_pton (AF_INET6,
+                           ipv6addr,
+                           &exit_ipv6addr))) )
    {
-      GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "EXIT", "IPV6ADDR");
+      GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
-      GNUNET_SCHEDULER_shutdown ();
+                                 "EXIT",
+                                 "IPV6ADDR");
      GNUNET_free_non_null (ipv6addr);
-      return;
+      return GNUNET_SYSERR;
    }
    exit_argv[3] = ipv6addr;
    if (GNUNET_SYSERR ==
-        GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6PREFIX",
+        GNUNET_CONFIGURATION_get_value_string (cfg,
+                                               "exit",
+                                               "IPV6PREFIX",
                                               &ipv6prefix_s))
    {
-      GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "EXIT", "IPV6PREFIX");
+      GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
-      GNUNET_SCHEDULER_shutdown ();
+                                 "EXIT",
-      return;
+                                 "IPV6PREFIX");
+      return GNUNET_SYSERR;
    }
    exit_argv[4] = ipv6prefix_s;
    if ( (GNUNET_OK !=
-          GNUNET_CONFIGURATION_get_value_number (cfg, "exit",
+          GNUNET_CONFIGURATION_get_value_number (cfg,
+                                                 "exit",
                                                 "IPV6PREFIX",
                                                 &ipv6prefix)) ||
         (ipv6prefix >= 127) )
    {
-      GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, "EXIT", "IPV6PREFIX",
+      GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+                                 "EXIT",
+                                 "IPV6PREFIX",
                                 _("Must be a number"));
-      GNUNET_SCHEDULER_shutdown ();
+      return GNUNET_SYSERR;
-      return;
    }
  }
  else
@@ -3716,26 +3699,36 @@ run (void *cls,
  {
    ipv4addr = NULL;
    if ( (GNUNET_SYSERR ==
-          GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4ADDR",
+          GNUNET_CONFIGURATION_get_value_string (cfg,
+                                                 "exit",
+                                                 "IPV4ADDR",
                                                 &ipv4addr) ||
-          (1 != inet_pton (AF_INET, ipv4addr, &exit_ipv4addr))) )
+          (1 != inet_pton (AF_INET,
+                           ipv4addr,
+                           &exit_ipv4addr))) )
      {
-        GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "EXIT", "IPV4ADDR");
+        GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
-        GNUNET_SCHEDULER_shutdown ();
+                                   "EXIT",
+                                   "IPV4ADDR");
        GNUNET_free_non_null (ipv4addr);
-        return;
+        return GNUNET_SYSERR;
      }
    exit_argv[5] = ipv4addr;
    ipv4mask = NULL;
    if ( (GNUNET_SYSERR ==
-          GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4MASK",
+          GNUNET_CONFIGURATION_get_value_string (cfg,
+                                                 "exit",
+                                                 "IPV4MASK",
                                                 &ipv4mask) ||
-          (1 != inet_pton (AF_INET, ipv4mask, &exit_ipv4mask))) )
+          (1 != inet_pton (AF_INET,
+                           ipv4mask,
+                           &exit_ipv4mask))) )
    {
-      GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "EXIT", "IPV4MASK");
+      GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
-      GNUNET_SCHEDULER_shutdown ();
+                                 "EXIT",
+                                 "IPV4MASK");
      GNUNET_free_non_null (ipv4mask);
-      return;
+      return GNUNET_SYSERR;
    }
    exit_argv[6] = ipv4mask;
  }
@@ -3746,38 +3739,119 @@ run (void *cls,
    exit_argv[6] = GNUNET_strdup ("-");
  }
  exit_argv[7] = NULL;
+  return GNUNET_OK;
+}
-  udp_services = GNUNET_CONTAINER_multihashmap_create (65536, GNUNET_NO);
-  tcp_services = GNUNET_CONTAINER_multihashmap_create (65536, GNUNET_NO);
-  GNUNET_CONFIGURATION_iterate_sections (cfg, &read_service_conf, NULL);
-  connections_map = GNUNET_CONTAINER_multihashmap_create (65536, GNUNET_NO);
+/**
-  connections_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
+ * @brief Main function that will be run by the scheduler.
-  if (0 == app_idx)
+ *
+ * @param cls closure
+ * @param args remaining command-line arguments
+ * @param cfgfile name of the configuration file used (for saving, can be NULL!)
+ * @param cfg_ configuration
+ */
+static void
+run (void *cls,
+     char *const *args,
+     const char *cfgfile,
+     const struct GNUNET_CONFIGURATION_Handle *cfg_)
+{
+  static struct GNUNET_CADET_MessageHandler handlers[] = {
+    {&receive_icmp_service, GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_SERVICE, 0},
+    {&receive_icmp_remote, GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_INTERNET, 0},
+    {&receive_udp_service, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_SERVICE, 0},
+    {&receive_udp_remote, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_INTERNET, 0},
+    {&receive_tcp_service, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_SERVICE_START, 0},
+    {&receive_tcp_remote, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_INTERNET_START, 0},
+    {&receive_tcp_data, GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_EXIT, 0},
+    {&receive_dns_request, GNUNET_MESSAGE_TYPE_VPN_DNS_TO_INTERNET, 0},
+    {NULL, 0, 0}
+  };
+  struct GNUNET_HashCode port;
+  char *policy;
+  char *binary;
+  char *regex;
+  char *prefixed_regex;
+  cfg = cfg_;
+  if (GNUNET_OK !=
+      GNUNET_CONFIGURATION_get_value_number (cfg,
+                                             "exit",
+                                             "MAX_CONNECTIONS",
+                                             &max_connections))
+    max_connections = 1024;
+  parse_ip_options ();
+  if ( (ipv4_exit) || (ipv6_exit) )
+  {
+    binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-exit");
+    if (GNUNET_YES !=
+        GNUNET_OS_check_helper_binary (binary,
+                                       GNUNET_YES,
+                                       "-d gnunet-vpn - - - 169.1.3.3.7 255.255.255.0")) //no nat, ipv4 only
+    {
+      GNUNET_free (binary);
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  _("`%s' must be installed SUID, EXIT will not work\n"),
+                  "gnunet-helper-exit");
+      GNUNET_SCHEDULER_add_shutdown (&dummy_task,
+                                     NULL);
+      global_ret = 1;
+      return;
+    }
+    GNUNET_free (binary);
+  }
+  if (! (ipv4_enabled || ipv6_enabled))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                _("No useful service enabled.  Exiting.\n"));
    GNUNET_SCHEDULER_shutdown ();
    return;
  }
-  cadet_handle = GNUNET_CADET_connect (cfg, NULL, &clean_channel, handlers);
+  GNUNET_SCHEDULER_add_shutdown (&cleanup,
+                                 NULL);
+  stats = GNUNET_STATISTICS_create ("exit",
+                                    cfg);
+  cadet_handle = GNUNET_CADET_connect (cfg,
+                                       NULL,
+                                       &clean_channel,
+                                       handlers);
  if (NULL == cadet_handle)
  {
    GNUNET_SCHEDULER_shutdown ();
    return;
  }
-  for (int i = 0;
+  advertise_dns_exit ();
-       GNUNET_APPLICATION_TYPE_END != apptypes[i]
+  if (GNUNET_OK !=
-       && i < sizeof (apptypes)/sizeof (*apptypes);
+      setup_exit_helper_args ())
-       i++)
  {
-    GNUNET_CADET_open_port (cadet_handle, GC_u2h (apptypes[i]),
+    GNUNET_SCHEDULER_shutdown ();
-                            &new_channel, NULL);
+    return;
  }
-  /* Cadet handle acquired, now announce regular expressions matching our exit */
+  udp_services = GNUNET_CONTAINER_multihashmap_create (65536,
+                                                       GNUNET_NO);
+  tcp_services = GNUNET_CONTAINER_multihashmap_create (65536,
+                                                       GNUNET_NO);
+  connections_map = GNUNET_CONTAINER_multihashmap_create (65536,
+                                                          GNUNET_NO);
+  connections_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
+  GNUNET_CONFIGURATION_iterate_sections (cfg,
+                                         &read_service_conf,
+                                         NULL);
+  /* Cadet handle acquired, now open ports and announce regular
+     expressions matching our exit */
  if ( (GNUNET_YES == ipv4_enabled) && (GNUNET_YES == ipv4_exit) )
  {
+    GNUNET_CRYPTO_hash (GNUNET_APPLICATION_PORT_IPV4_GATEWAY,
+                        strlen (GNUNET_APPLICATION_PORT_IPV4_GATEWAY),
+                        &port);
+    GNUNET_CADET_open_port (cadet_handle,
+                            &port,
+                            &new_channel,
+                            NULL);
    policy = NULL;
    if (GNUNET_OK !=
        GNUNET_CONFIGURATION_get_value_string (cfg,
@@ -3803,8 +3877,15 @@ run (void *cls,
    }
  }
-  if (GNUNET_YES == ipv6_enabled && GNUNET_YES == ipv6_exit)
+  if ( (GNUNET_YES == ipv6_enabled) && (GNUNET_YES == ipv6_exit) )
  {
+    GNUNET_CRYPTO_hash (GNUNET_APPLICATION_PORT_IPV6_GATEWAY,
+                        strlen (GNUNET_APPLICATION_PORT_IPV6_GATEWAY),
+                        &port);
+    GNUNET_CADET_open_port (cadet_handle,
+                            &port,
+                            &new_channel,
+                            NULL);
    policy = NULL;
    if (GNUNET_OK !=
        GNUNET_CONFIGURATION_get_value_string (cfg,
author	Christian Grothoff <christian@grothoff.org>	2016-08-11 13:02:01 +0000
committer	Christian Grothoff <christian@grothoff.org>	2016-08-11 13:02:01 +0000
commit	2a6e6e1654af25646b0f0812595ecf8e4319f643 (patch)
tree	4ab2e8ba0283c540a1759f3ed3da346efd40ba54 /src/exit
parent	666c8fa4c8e4ff13487dca37f26c26663adff579 (diff)
download	gnunet-2a6e6e1654af25646b0f0812595ecf8e4319f643.tar.gz gnunet-2a6e6e1654af25646b0f0812595ecf8e4319f643.zip

diff --git a/src/exit/gnunet-daemon-exit.c b/src/exit/gnunet-daemon-exit.c index 2b9ddc722..c8a2e85ef 100644 --- a/src/exit/gnunet-daemon-exit.c +++ b/src/exit/gnunet-daemon-exit.c
@@ -3480,81 +3480,30 @@ do_dht_put (void *cls)
3480	sizeof (struct GNUNET_DNS_Advertisement),	3480	sizeof (struct GNUNET_DNS_Advertisement),
3481	&dns_advertisement,	3481	&dns_advertisement,
3482	expiration,	3482	expiration,
3483	&dht_put_cont, NULL);	3483	&dht_put_cont,
		3484	NULL);
3484	}	3485	}
3485		3486
3486		3487
3487	/**	3488	/**
3488	* @brief Main function that will be run by the scheduler.	3489	* Figure out which IP versions we should support (and which
3489	*	3490	* are supported by the OS) according to our configuration.
3490	* @param cls closure
3491	* @param args remaining command-line arguments
3492	* @param cfgfile name of the configuration file used (for saving, can be NULL!)
3493	* @param cfg_ configuration
3494	*/	3491	*/
3495	static void	3492	static void
3496	run (void *cls,	3493	parse_ip_options ()
3497	char const args,
3498	const char *cfgfile,
3499	const struct GNUNET_CONFIGURATION_Handle *cfg_)
3500	{	3494	{
3501	static struct GNUNET_CADET_MessageHandler handlers[] = {	3495	ipv4_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg,
3502	{&receive_icmp_service, GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_SERVICE, 0},	3496	"exit",
3503	{&receive_icmp_remote, GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_INTERNET, 0},	3497	"EXIT_IPV4");
3504	{&receive_udp_service, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_SERVICE, 0},	3498	ipv6_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg,
3505	{&receive_udp_remote, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_INTERNET, 0},	3499	"exit",
3506	{&receive_tcp_service, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_SERVICE_START, 0},	3500	"EXIT_IPV6");
3507	{&receive_tcp_remote, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_INTERNET_START, 0},	3501	ipv4_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg,
3508	{&receive_tcp_data, GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_EXIT, 0},	3502	"exit",
3509	{&receive_dns_request, GNUNET_MESSAGE_TYPE_VPN_DNS_TO_INTERNET, 0},	3503	"ENABLE_IPV4");
3510	{NULL, 0, 0}	3504	ipv6_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg,
3511	};	3505	"exit",
3512		3506	"ENABLE_IPV6");
3513	static uint32_t apptypes[] = {
3514	GNUNET_APPLICATION_TYPE_END,
3515	GNUNET_APPLICATION_TYPE_END,
3516	GNUNET_APPLICATION_TYPE_END,
3517	GNUNET_APPLICATION_TYPE_END
3518	};
3519	unsigned int app_idx;
3520	char *exit_ifname;
3521	char *tun_ifname;
3522	char *policy;
3523	char *ipv6addr;
3524	char *ipv6prefix_s;
3525	char *ipv4addr;
3526	char *ipv4mask;
3527	char *binary;
3528	char *regex;
3529	char *prefixed_regex;
3530	struct in_addr dns_exit4;
3531	struct in6_addr dns_exit6;
3532	char *dns_exit;
3533
3534	cfg = cfg_;
3535	ipv4_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV4");
3536	ipv6_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV6");
3537	ipv4_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV4");
3538	ipv6_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "ENABLE_IPV6");
3539	if ( (ipv4_exit) \|\| (ipv6_exit) )
3540	{
3541	binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-exit");
3542	if (GNUNET_YES !=
3543	GNUNET_OS_check_helper_binary (binary, GNUNET_YES, "-d gnunet-vpn - - - 169.1.3.3.7 255.255.255.0")) //no nat, ipv4 only
3544	{
3545	GNUNET_free (binary);
3546	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3547	_("`%s' must be installed SUID, EXIT will not work\n"),
3548	"gnunet-helper-exit");
3549	GNUNET_SCHEDULER_add_shutdown (&dummy_task,
3550	NULL);
3551	global_ret = 1;
3552	return;
3553	}
3554	GNUNET_free (binary);
3555	}
3556	stats = GNUNET_STATISTICS_create ("exit", cfg);
3557
3558	if ( (ipv4_exit \|\| ipv4_enabled) &&	3507	if ( (ipv4_exit \|\| ipv4_enabled) &&
3559	GNUNET_OK != GNUNET_NETWORK_test_pf (PF_INET))	3508	GNUNET_OK != GNUNET_NETWORK_test_pf (PF_INET))
3560	{	3509	{
@@ -3583,83 +3532,110 @@ run (void *cls,
3583	_("Cannot enable IPv6 exit but disable IPv6 on TUN interface, will use ENABLE_IPv6=YES\n"));	3532	_("Cannot enable IPv6 exit but disable IPv6 on TUN interface, will use ENABLE_IPv6=YES\n"));
3584	ipv6_enabled = GNUNET_YES;	3533	ipv6_enabled = GNUNET_YES;
3585	}	3534	}
3586	if (! (ipv4_enabled \|\| ipv6_enabled))	3535	}
3587	{	3536
3588	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,	3537
3589	_("No useful service enabled. Exiting.\n"));	3538	/**
3590	GNUNET_SCHEDULER_shutdown ();	3539	* Helper function to open the CADET port for DNS exits and to
3591	return;	3540	* advertise the DNS exit (if applicable).
3592	}	3541	*/
		3542	static void
		3543	advertise_dns_exit ()
		3544	{
		3545	char *dns_exit;
		3546	struct GNUNET_HashCode port;
		3547	struct in_addr dns_exit4;
		3548	struct in6_addr dns_exit6;
3593		3549
3594	dns_exit = NULL;	3550	if (GNUNET_YES !=
3595	if ( (GNUNET_YES ==	3551	GNUNET_CONFIGURATION_get_value_yesno (cfg,
3596	GNUNET_CONFIGURATION_get_value_yesno (cfg_, "exit", "EXIT_DNS")) &&	3552	"exit",
3597	( (GNUNET_OK !=	3553	"EXIT_DNS"))
3598	GNUNET_CONFIGURATION_get_value_string (cfg, "exit",	3554	return;
3599	"DNS_RESOLVER",	3555	if ( (GNUNET_OK !=
3600	&dns_exit)) \|\|	3556	GNUNET_CONFIGURATION_get_value_string (cfg,
3601	( (1 != inet_pton (AF_INET, dns_exit, &dns_exit4)) &&	3557	"exit",
3602	(1 != inet_pton (AF_INET6, dns_exit, &dns_exit6)) ) ) )	3558	"DNS_RESOLVER",
		3559	&dns_exit)) \|\|
		3560	( (1 != inet_pton (AF_INET,
		3561	dns_exit,
		3562	&dns_exit4)) &&
		3563	(1 != inet_pton (AF_INET6,
		3564	dns_exit,
		3565	&dns_exit6)) ) )
3603	{	3566	{
3604	GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,	3567	GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
3605	"dns", "DNS_RESOLVER",	3568	"dns",
		3569	"DNS_RESOLVER",
3606	_("need a valid IPv4 or IPv6 address\n"));	3570	_("need a valid IPv4 or IPv6 address\n"));
3607	GNUNET_free_non_null (dns_exit);	3571	return;
3608	dns_exit = NULL;	3572	}
3609	}	3573	/* open port */
3610	app_idx = 0;	3574	GNUNET_CRYPTO_hash (GNUNET_APPLICATION_PORT_INTERNET_RESOLVER,
3611	if (GNUNET_YES == ipv4_exit)	3575	strlen (GNUNET_APPLICATION_PORT_INTERNET_RESOLVER),
3612	{	3576	&port);
3613	apptypes[app_idx] = GNUNET_APPLICATION_TYPE_IPV4_GATEWAY;	3577	GNUNET_CADET_open_port (cadet_handle,
3614	app_idx++;	3578	&port,
3615	}	3579	&new_channel,
3616	if (GNUNET_YES == ipv6_exit)	3580	NULL);
3617	{	3581	/* advertise exit */
3618	apptypes[app_idx] = GNUNET_APPLICATION_TYPE_IPV6_GATEWAY;	3582	dht = GNUNET_DHT_connect (cfg,
3619	app_idx++;	3583	1);
3620	}	3584	peer_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg);
3621	if (NULL != dns_exit)	3585	GNUNET_CRYPTO_eddsa_key_get_public (peer_key,
3622	{	3586	&dns_advertisement.peer.public_key);
3623	dht = GNUNET_DHT_connect (cfg, 1);	3587	dns_advertisement.purpose.size = htonl (sizeof (struct GNUNET_DNS_Advertisement) -
3624	peer_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg);	3588	sizeof (struct GNUNET_CRYPTO_EddsaSignature));
3625	GNUNET_CRYPTO_eddsa_key_get_public (peer_key,	3589	dns_advertisement.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DNS_RECORD);
3626	&dns_advertisement.peer.public_key);	3590	GNUNET_CRYPTO_hash ("dns",
3627	dns_advertisement.purpose.size = htonl (sizeof (struct GNUNET_DNS_Advertisement) -	3591	strlen ("dns"),
3628	sizeof (struct GNUNET_CRYPTO_EddsaSignature));	3592	&dht_put_key);
3629	dns_advertisement.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DNS_RECORD);	3593	dht_task = GNUNET_SCHEDULER_add_now (&do_dht_put,
3630	GNUNET_CRYPTO_hash ("dns",	3594	NULL);
3631	strlen ("dns"),	3595	GNUNET_free (dns_exit);
3632	&dht_put_key);	3596	}
3633	dht_task = GNUNET_SCHEDULER_add_now (&do_dht_put,	3597
3634	NULL);	3598
3635	apptypes[app_idx] = GNUNET_APPLICATION_TYPE_INTERNET_RESOLVER;	3599	/**
3636	app_idx++;	3600	* Initialize #exit_argv.
3637	}	3601	*
3638	GNUNET_free_non_null (dns_exit);	3602	* @return #GNUNET_OK on success, #GNUNET_SYSERR if we should shutdown
3639	GNUNET_SCHEDULER_add_shutdown (&cleanup,	3603	*/
3640	NULL);	3604	static int
		3605	setup_exit_helper_args ()
		3606	{
		3607	char *exit_ifname;
		3608	char *tun_ifname;
		3609	char *ipv6addr;
		3610	char *ipv6prefix_s;
		3611	char *ipv4addr;
		3612	char *ipv4mask;
3641		3613
3642	if (GNUNET_OK !=
3643	GNUNET_CONFIGURATION_get_value_number (cfg, "exit", "MAX_CONNECTIONS",
3644	&max_connections))
3645	max_connections = 1024;
3646	exit_argv[0] = GNUNET_strdup ("exit-gnunet");	3614	exit_argv[0] = GNUNET_strdup ("exit-gnunet");
3647	if (GNUNET_SYSERR ==	3615	if (GNUNET_SYSERR ==
3648	GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "TUN_IFNAME", &tun_ifname))	3616	GNUNET_CONFIGURATION_get_value_string (cfg,
		3617	"exit",
		3618	"TUN_IFNAME",
		3619	&tun_ifname))
3649	{	3620	{
3650	GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "EXIT", "TUN_IFNAME");	3621	GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
3651	GNUNET_SCHEDULER_shutdown ();	3622	"EXIT",
3652	return;	3623	"TUN_IFNAME");
		3624	return GNUNET_SYSERR;
3653	}	3625	}
3654	exit_argv[1] = tun_ifname;	3626	exit_argv[1] = tun_ifname;
3655	if (ipv4_enabled)	3627	if (ipv4_enabled)
3656	{	3628	{
3657	if (GNUNET_SYSERR ==	3629	if (GNUNET_SYSERR ==
3658	GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "EXIT_IFNAME", &exit_ifname))	3630	GNUNET_CONFIGURATION_get_value_string (cfg,
		3631	"exit",
		3632	"EXIT_IFNAME",
		3633	&exit_ifname))
3659	{	3634	{
3660	GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "EXIT", "EXIT_IFNAME");	3635	GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
3661	GNUNET_SCHEDULER_shutdown ();	3636	"EXIT",
3662	return;	3637	"EXIT_IFNAME");
		3638	return GNUNET_SYSERR;
3663	}	3639	}
3664	exit_argv[2] = exit_ifname;	3640	exit_argv[2] = exit_ifname;
3665	}	3641	}
@@ -3668,7 +3644,6 @@ run (void *cls,
3668	exit_argv[2] = GNUNET_strdup ("-");	3644	exit_argv[2] = GNUNET_strdup ("-");
3669	}	3645	}
3670		3646
3671
3672	if (GNUNET_YES == ipv6_enabled)	3647	if (GNUNET_YES == ipv6_enabled)
3673	{	3648	{
3674	ipv6addr = NULL;	3649	ipv6addr = NULL;
@@ -3677,33 +3652,41 @@ run (void *cls,
3677	"exit",	3652	"exit",
3678	"IPV6ADDR",	3653	"IPV6ADDR",
3679	&ipv6addr) \|\|	3654	&ipv6addr) \|\|
3680	(1 != inet_pton (AF_INET6, ipv6addr, &exit_ipv6addr))) )	3655	(1 != inet_pton (AF_INET6,
		3656	ipv6addr,
		3657	&exit_ipv6addr))) )
3681	{	3658	{
3682	GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "EXIT", "IPV6ADDR");	3659	GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
3683	GNUNET_SCHEDULER_shutdown ();	3660	"EXIT",
		3661	"IPV6ADDR");
3684	GNUNET_free_non_null (ipv6addr);	3662	GNUNET_free_non_null (ipv6addr);
3685	return;	3663	return GNUNET_SYSERR;
3686	}	3664	}
3687	exit_argv[3] = ipv6addr;	3665	exit_argv[3] = ipv6addr;
3688	if (GNUNET_SYSERR ==	3666	if (GNUNET_SYSERR ==
3689	GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV6PREFIX",	3667	GNUNET_CONFIGURATION_get_value_string (cfg,
		3668	"exit",
		3669	"IPV6PREFIX",
3690	&ipv6prefix_s))	3670	&ipv6prefix_s))
3691	{	3671	{
3692	GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "EXIT", "IPV6PREFIX");	3672	GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
3693	GNUNET_SCHEDULER_shutdown ();	3673	"EXIT",
3694	return;	3674	"IPV6PREFIX");
		3675	return GNUNET_SYSERR;
3695	}	3676	}
3696	exit_argv[4] = ipv6prefix_s;	3677	exit_argv[4] = ipv6prefix_s;
3697	if ( (GNUNET_OK !=	3678	if ( (GNUNET_OK !=
3698	GNUNET_CONFIGURATION_get_value_number (cfg, "exit",	3679	GNUNET_CONFIGURATION_get_value_number (cfg,
		3680	"exit",
3699	"IPV6PREFIX",	3681	"IPV6PREFIX",
3700	&ipv6prefix)) \|\|	3682	&ipv6prefix)) \|\|
3701	(ipv6prefix >= 127) )	3683	(ipv6prefix >= 127) )
3702	{	3684	{
3703	GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, "EXIT", "IPV6PREFIX",	3685	GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
		3686	"EXIT",
		3687	"IPV6PREFIX",
3704	_("Must be a number"));	3688	_("Must be a number"));
3705	GNUNET_SCHEDULER_shutdown ();	3689	return GNUNET_SYSERR;
3706	return;
3707	}	3690	}
3708	}	3691	}
3709	else	3692	else
@@ -3716,26 +3699,36 @@ run (void *cls,
3716	{	3699	{
3717	ipv4addr = NULL;	3700	ipv4addr = NULL;
3718	if ( (GNUNET_SYSERR ==	3701	if ( (GNUNET_SYSERR ==
3719	GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4ADDR",	3702	GNUNET_CONFIGURATION_get_value_string (cfg,
		3703	"exit",
		3704	"IPV4ADDR",
3720	&ipv4addr) \|\|	3705	&ipv4addr) \|\|
3721	(1 != inet_pton (AF_INET, ipv4addr, &exit_ipv4addr))) )	3706	(1 != inet_pton (AF_INET,
		3707	ipv4addr,
		3708	&exit_ipv4addr))) )
3722	{	3709	{
3723	GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "EXIT", "IPV4ADDR");	3710	GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
3724	GNUNET_SCHEDULER_shutdown ();	3711	"EXIT",
		3712	"IPV4ADDR");
3725	GNUNET_free_non_null (ipv4addr);	3713	GNUNET_free_non_null (ipv4addr);
3726	return;	3714	return GNUNET_SYSERR;
3727	}	3715	}
3728	exit_argv[5] = ipv4addr;	3716	exit_argv[5] = ipv4addr;
3729	ipv4mask = NULL;	3717	ipv4mask = NULL;
3730	if ( (GNUNET_SYSERR ==	3718	if ( (GNUNET_SYSERR ==
3731	GNUNET_CONFIGURATION_get_value_string (cfg, "exit", "IPV4MASK",	3719	GNUNET_CONFIGURATION_get_value_string (cfg,
		3720	"exit",
		3721	"IPV4MASK",
3732	&ipv4mask) \|\|	3722	&ipv4mask) \|\|
3733	(1 != inet_pton (AF_INET, ipv4mask, &exit_ipv4mask))) )	3723	(1 != inet_pton (AF_INET,
		3724	ipv4mask,
		3725	&exit_ipv4mask))) )
3734	{	3726	{
3735	GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "EXIT", "IPV4MASK");	3727	GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
3736	GNUNET_SCHEDULER_shutdown ();	3728	"EXIT",
		3729	"IPV4MASK");
3737	GNUNET_free_non_null (ipv4mask);	3730	GNUNET_free_non_null (ipv4mask);
3738	return;	3731	return GNUNET_SYSERR;
3739	}	3732	}
3740	exit_argv[6] = ipv4mask;	3733	exit_argv[6] = ipv4mask;
3741	}	3734	}
@@ -3746,38 +3739,119 @@ run (void *cls,
3746	exit_argv[6] = GNUNET_strdup ("-");	3739	exit_argv[6] = GNUNET_strdup ("-");
3747	}	3740	}
3748	exit_argv[7] = NULL;	3741	exit_argv[7] = NULL;
		3742	return GNUNET_OK;
		3743	}
3749		3744
3750	udp_services = GNUNET_CONTAINER_multihashmap_create (65536, GNUNET_NO);
3751	tcp_services = GNUNET_CONTAINER_multihashmap_create (65536, GNUNET_NO);
3752	GNUNET_CONFIGURATION_iterate_sections (cfg, &read_service_conf, NULL);
3753		3745
3754	connections_map = GNUNET_CONTAINER_multihashmap_create (65536, GNUNET_NO);	3746	/**
3755	connections_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);	3747	* @brief Main function that will be run by the scheduler.
3756	if (0 == app_idx)	3748	*
		3749	* @param cls closure
		3750	* @param args remaining command-line arguments
		3751	* @param cfgfile name of the configuration file used (for saving, can be NULL!)
		3752	* @param cfg_ configuration
		3753	*/
		3754	static void
		3755	run (void *cls,
		3756	char const args,
		3757	const char *cfgfile,
		3758	const struct GNUNET_CONFIGURATION_Handle *cfg_)
		3759	{
		3760	static struct GNUNET_CADET_MessageHandler handlers[] = {
		3761	{&receive_icmp_service, GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_SERVICE, 0},
		3762	{&receive_icmp_remote, GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_INTERNET, 0},
		3763	{&receive_udp_service, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_SERVICE, 0},
		3764	{&receive_udp_remote, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_INTERNET, 0},
		3765	{&receive_tcp_service, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_SERVICE_START, 0},
		3766	{&receive_tcp_remote, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_INTERNET_START, 0},
		3767	{&receive_tcp_data, GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_EXIT, 0},
		3768	{&receive_dns_request, GNUNET_MESSAGE_TYPE_VPN_DNS_TO_INTERNET, 0},
		3769	{NULL, 0, 0}
		3770	};
		3771	struct GNUNET_HashCode port;
		3772	char *policy;
		3773	char *binary;
		3774	char *regex;
		3775	char *prefixed_regex;
		3776
		3777	cfg = cfg_;
		3778	if (GNUNET_OK !=
		3779	GNUNET_CONFIGURATION_get_value_number (cfg,
		3780	"exit",
		3781	"MAX_CONNECTIONS",
		3782	&max_connections))
		3783	max_connections = 1024;
		3784	parse_ip_options ();
		3785	if ( (ipv4_exit) \|\| (ipv6_exit) )
		3786	{
		3787	binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-exit");
		3788	if (GNUNET_YES !=
		3789	GNUNET_OS_check_helper_binary (binary,
		3790	GNUNET_YES,
		3791	"-d gnunet-vpn - - - 169.1.3.3.7 255.255.255.0")) //no nat, ipv4 only
		3792	{
		3793	GNUNET_free (binary);
		3794	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
		3795	_("`%s' must be installed SUID, EXIT will not work\n"),
		3796	"gnunet-helper-exit");
		3797	GNUNET_SCHEDULER_add_shutdown (&dummy_task,
		3798	NULL);
		3799	global_ret = 1;
		3800	return;
		3801	}
		3802	GNUNET_free (binary);
		3803	}
		3804	if (! (ipv4_enabled \|\| ipv6_enabled))
3757	{	3805	{
3758	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,	3806	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3759	_("No useful service enabled. Exiting.\n"));	3807	_("No useful service enabled. Exiting.\n"));
3760	GNUNET_SCHEDULER_shutdown ();	3808	GNUNET_SCHEDULER_shutdown ();
3761	return;	3809	return;
3762	}	3810	}
3763	cadet_handle = GNUNET_CADET_connect (cfg, NULL, &clean_channel, handlers);	3811
		3812	GNUNET_SCHEDULER_add_shutdown (&cleanup,
		3813	NULL);
		3814	stats = GNUNET_STATISTICS_create ("exit",
		3815	cfg);
		3816	cadet_handle = GNUNET_CADET_connect (cfg,
		3817	NULL,
		3818	&clean_channel,
		3819	handlers);
3764	if (NULL == cadet_handle)	3820	if (NULL == cadet_handle)
3765	{	3821	{
3766	GNUNET_SCHEDULER_shutdown ();	3822	GNUNET_SCHEDULER_shutdown ();
3767	return;	3823	return;
3768	}	3824	}
3769	for (int i = 0;	3825	advertise_dns_exit ();
3770	GNUNET_APPLICATION_TYPE_END != apptypes[i]	3826	if (GNUNET_OK !=
3771	&& i < sizeof (apptypes)/sizeof (*apptypes);	3827	setup_exit_helper_args ())
3772	i++)
3773	{	3828	{
3774	GNUNET_CADET_open_port (cadet_handle, GC_u2h (apptypes[i]),	3829	GNUNET_SCHEDULER_shutdown ();
3775	&new_channel, NULL);	3830	return;
3776	}	3831	}
3777		3832
3778	/* Cadet handle acquired, now announce regular expressions matching our exit */	3833	udp_services = GNUNET_CONTAINER_multihashmap_create (65536,
		3834	GNUNET_NO);
		3835	tcp_services = GNUNET_CONTAINER_multihashmap_create (65536,
		3836	GNUNET_NO);
		3837	connections_map = GNUNET_CONTAINER_multihashmap_create (65536,
		3838	GNUNET_NO);
		3839	connections_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
		3840	GNUNET_CONFIGURATION_iterate_sections (cfg,
		3841	&read_service_conf,
		3842	NULL);
		3843
		3844	/* Cadet handle acquired, now open ports and announce regular
		3845	expressions matching our exit */
3779	if ( (GNUNET_YES == ipv4_enabled) && (GNUNET_YES == ipv4_exit) )	3846	if ( (GNUNET_YES == ipv4_enabled) && (GNUNET_YES == ipv4_exit) )
3780	{	3847	{
		3848	GNUNET_CRYPTO_hash (GNUNET_APPLICATION_PORT_IPV4_GATEWAY,
		3849	strlen (GNUNET_APPLICATION_PORT_IPV4_GATEWAY),
		3850	&port);
		3851	GNUNET_CADET_open_port (cadet_handle,
		3852	&port,
		3853	&new_channel,
		3854	NULL);
3781	policy = NULL;	3855	policy = NULL;
3782	if (GNUNET_OK !=	3856	if (GNUNET_OK !=
3783	GNUNET_CONFIGURATION_get_value_string (cfg,	3857	GNUNET_CONFIGURATION_get_value_string (cfg,
@@ -3803,8 +3877,15 @@ run (void *cls,
3803	}	3877	}
3804	}	3878	}
3805		3879
3806	if (GNUNET_YES == ipv6_enabled && GNUNET_YES == ipv6_exit)	3880	if ( (GNUNET_YES == ipv6_enabled) && (GNUNET_YES == ipv6_exit) )
3807	{	3881	{
		3882	GNUNET_CRYPTO_hash (GNUNET_APPLICATION_PORT_IPV6_GATEWAY,
		3883	strlen (GNUNET_APPLICATION_PORT_IPV6_GATEWAY),
		3884	&port);
		3885	GNUNET_CADET_open_port (cadet_handle,
		3886	&port,
		3887	&new_channel,
		3888	NULL);
3808	policy = NULL;	3889	policy = NULL;
3809	if (GNUNET_OK !=	3890	if (GNUNET_OK !=
3810	GNUNET_CONFIGURATION_get_value_string (cfg,	3891	GNUNET_CONFIGURATION_get_value_string (cfg,