summaryrefslogtreecommitdiff
path: root/src/gns
diff options
context:
space:
mode:
authorMartin Schanzenbach <schanzen@gnunet.org>2022-02-03 22:47:03 +0100
committerMartin Schanzenbach <schanzen@gnunet.org>2022-02-03 22:47:03 +0100
commitf3eaf5dae9a14fc62109b6e7c69571a068301fed (patch)
treecec115818f7e41db3f5d6eccd1b04ed5b0b96fec /src/gns
parentafd2cb5db220ce528b6222340b31b8a1a365c8e4 (diff)
GNS: Move VPN to DNS2GNS. Fixes #7171
Diffstat (limited to 'src/gns')
-rw-r--r--src/gns/Makefile.am2
-rw-r--r--src/gns/gnunet-dns2gns.c209
-rw-r--r--src/gns/gnunet-service-gns_resolver.c204
3 files changed, 213 insertions, 202 deletions
diff --git a/src/gns/Makefile.am b/src/gns/Makefile.am
index 315b4dbf3..c21f37ca1 100644
--- a/src/gns/Makefile.am
+++ b/src/gns/Makefile.am
@@ -155,6 +155,7 @@ gnunet_dns2gns_LDADD = \
$(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
libgnunetgns.la \
$(top_builddir)/src/util/libgnunetutil.la \
+ $(USE_VPN) \
$(top_builddir)/src/identity/libgnunetidentity.la \
$(GN_LIBINTL)
@@ -218,7 +219,6 @@ gnunet_service_gns_LDADD = \
$(top_builddir)/src/dht/libgnunetdht.la \
$(top_builddir)/src/namecache/libgnunetnamecache.la \
$(LIBIDN) $(LIBIDN2) \
- $(USE_VPN) \
$(GN_LIBINTL)
diff --git a/src/gns/gnunet-dns2gns.c b/src/gns/gnunet-dns2gns.c
index 06f4c9841..46659cdda 100644
--- a/src/gns/gnunet-dns2gns.c
+++ b/src/gns/gnunet-dns2gns.c
@@ -27,6 +27,7 @@
#include <gnunet_dnsparser_lib.h>
#include <gnunet_gns_service.h>
#include <gnunet_dnsstub_lib.h>
+#include "gnunet_vpn_service.h"
#include "gns.h"
/**
@@ -35,6 +36,46 @@
#define TIMEOUT GNUNET_TIME_UNIT_MINUTES
/**
+ * Default timeout for VPN redirections.
+ */
+#define VPN_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 30)
+
+
+struct Request;
+
+/**
+ * Closure for #vpn_allocation_cb.
+ */
+struct VpnContext
+{
+ /**
+ * Which resolution process are we processing.
+ */
+ struct Request *request;
+
+ /**
+ * Handle to the VPN request that we were performing.
+ */
+ struct GNUNET_VPN_RedirectionRequest *vpn_request;
+
+ /**
+ * Number of records serialized in @e rd_data.
+ */
+ unsigned int rd_count;
+
+ /**
+ * Serialized records.
+ */
+ char *rd_data;
+
+ /**
+ * Number of bytes in @e rd_data.
+ */
+ ssize_t rd_data_size;
+};
+
+
+/**
* Data kept per request.
*/
struct Request
@@ -72,6 +113,11 @@ struct Request
struct GNUNET_SCHEDULER_Task *timeout_task;
/**
+ * Vpn resulution context
+ */
+ struct VpnContext *vpn_ctx;
+
+ /**
* Original UDP request message.
*/
char *udp_msg;
@@ -90,6 +136,7 @@ struct Request
* ID of the original request.
*/
uint16_t original_request_id;
+
};
/**
@@ -109,6 +156,11 @@ static struct in6_addr address6;
struct GNUNET_GNS_Handle *gns;
/**
+ * Our handle to the vpn service
+ */
+static struct GNUNET_VPN_Handle *vpn_handle;
+
+/**
* Stub resolver
*/
struct GNUNET_DNSSTUB_Context *dns_stub;
@@ -183,6 +235,11 @@ do_shutdown (void *cls)
GNUNET_GNS_disconnect (gns);
gns = NULL;
}
+ if (NULL != vpn_handle)
+ {
+ GNUNET_VPN_disconnect (vpn_handle);
+ vpn_handle = NULL;
+ }
if (NULL != dns_stub)
{
GNUNET_DNSSTUB_stop (dns_stub);
@@ -269,6 +326,7 @@ static void
do_timeout (void *cls)
{
struct Request *request = cls;
+ struct VpnContext *vpn_ctx;
if (NULL != request->packet)
GNUNET_DNSPARSER_free_packet (request->packet);
@@ -277,6 +335,12 @@ do_timeout (void *cls)
if (NULL != request->dns_lookup)
GNUNET_DNSSTUB_resolve_cancel (request->dns_lookup);
GNUNET_free (request->udp_msg);
+ if (NULL != (vpn_ctx = request->vpn_ctx))
+ {
+ GNUNET_VPN_cancel_request (vpn_ctx->vpn_request);
+ GNUNET_free (vpn_ctx->rd_data);
+ GNUNET_free (vpn_ctx);
+ }
GNUNET_free (request);
}
@@ -321,6 +385,79 @@ dns_result_processor (void *cls,
send_response (request);
}
+/**
+ * Callback invoked from the VPN service once a redirection is
+ * available. Provides the IP address that can now be used to
+ * reach the requested destination. Replaces the "VPN" record
+ * with the respective A/AAAA record and continues processing.
+ *
+ * @param cls closure
+ * @param af address family, AF_INET or AF_INET6; AF_UNSPEC on error;
+ * will match 'result_af' from the request
+ * @param address IP address (struct in_addr or struct in_addr6, depending on 'af')
+ * that the VPN allocated for the redirection;
+ * traffic to this IP will now be redirected to the
+ * specified target peer; NULL on error
+ */
+static void
+vpn_allocation_cb (void *cls,
+ int af,
+ const void *address)
+{
+ struct VpnContext *vpn_ctx = cls;
+ struct Request *request = vpn_ctx->request;
+ struct GNUNET_GNSRECORD_Data rd[vpn_ctx->rd_count];
+ unsigned int i;
+
+ vpn_ctx->vpn_request = NULL;
+ request->vpn_ctx = NULL;
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_GNSRECORD_records_deserialize (
+ (size_t) vpn_ctx->rd_data_size,
+ vpn_ctx->rd_data,
+ vpn_ctx->rd_count,
+ rd));
+ for (i = 0; i < vpn_ctx->rd_count; i++)
+ {
+ if (GNUNET_GNSRECORD_TYPE_VPN == rd[i].record_type)
+ {
+ switch (af)
+ {
+ case AF_INET:
+ rd[i].record_type = GNUNET_DNSPARSER_TYPE_A;
+ rd[i].data_size = sizeof(struct in_addr);
+ rd[i].expiration_time = GNUNET_TIME_relative_to_absolute (
+ VPN_TIMEOUT).abs_value_us;
+ rd[i].flags = 0;
+ rd[i].data = address;
+ break;
+
+ case AF_INET6:
+ rd[i].record_type = GNUNET_DNSPARSER_TYPE_AAAA;
+ rd[i].expiration_time = GNUNET_TIME_relative_to_absolute (
+ VPN_TIMEOUT).abs_value_us;
+ rd[i].flags = 0;
+ rd[i].data = address;
+ rd[i].data_size = sizeof(struct in6_addr);
+ break;
+
+ default:
+ GNUNET_assert (0);
+ }
+ break;
+ }
+ }
+ GNUNET_assert (i < vpn_ctx->rd_count);
+ if (0 == vpn_ctx->rd_count)
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ _ ("VPN returned empty result for `%s'\n"),
+ request->packet->queries[0].name);
+ send_response (request);
+ GNUNET_free (vpn_ctx->rd_data);
+ GNUNET_free (vpn_ctx);
+}
+
+
/**
* Iterator called on obtained result for a GNS lookup.
@@ -339,6 +476,11 @@ result_processor (void *cls,
struct Request *request = cls;
struct GNUNET_DNSPARSER_Packet *packet;
struct GNUNET_DNSPARSER_Record rec;
+ struct VpnContext *vpn_ctx;
+ const struct GNUNET_TUN_GnsVpnRecord *vpn;
+ const char *vname;
+ struct GNUNET_HashCode vhash;
+ int af;
request->lookup = NULL;
if (GNUNET_NO == was_gns)
@@ -415,6 +557,67 @@ result_processor (void *cls,
packet->num_answers,
rec);
break;
+ case GNUNET_GNSRECORD_TYPE_VPN:
+ if ((GNUNET_DNSPARSER_TYPE_A != request->packet->queries[0].type) &&
+ (GNUNET_DNSPARSER_TYPE_AAAA != request->packet->queries[0].type))
+ break;
+ af = (GNUNET_DNSPARSER_TYPE_A == request->packet->queries[0].type) ? AF_INET :
+ AF_INET6;
+ if (sizeof(struct GNUNET_TUN_GnsVpnRecord) >
+ rd[i].data_size)
+ {
+ GNUNET_break_op (0);
+ break;
+ }
+ vpn = (const struct GNUNET_TUN_GnsVpnRecord *) rd[i].data;
+ vname = (const char *) &vpn[1];
+ if ('\0' != vname[rd[i].data_size - 1 - sizeof(struct
+ GNUNET_TUN_GnsVpnRecord)
+ ])
+ {
+ GNUNET_break_op (0);
+ break;
+ }
+ GNUNET_TUN_service_name_to_hash (vname,
+ &vhash);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Attempting VPN allocation for %s-%s (AF: %d, proto %d)\n",
+ GNUNET_i2s (&vpn->peer),
+ vname,
+ (int) af,
+ (int) ntohs (vpn->proto));
+ vpn_ctx = GNUNET_new (struct VpnContext);
+ request->vpn_ctx = vpn_ctx;
+ vpn_ctx->request = request;
+ vpn_ctx->rd_data_size = GNUNET_GNSRECORD_records_get_size (rd_count,
+ rd);
+ if (vpn_ctx->rd_data_size < 0)
+ {
+ GNUNET_break_op (0);
+ GNUNET_free (vpn_ctx);
+ break;
+ }
+ vpn_ctx->rd_data = GNUNET_malloc ((size_t) vpn_ctx->rd_data_size);
+ vpn_ctx->rd_count = rd_count;
+ GNUNET_assert (vpn_ctx->rd_data_size ==
+ GNUNET_GNSRECORD_records_serialize (rd_count,
+ rd,
+ (size_t) vpn_ctx
+ ->rd_data_size,
+ vpn_ctx->rd_data));
+ vpn_ctx->vpn_request = GNUNET_VPN_redirect_to_peer (vpn_handle,
+ af,
+ ntohs (
+ vpn->proto),
+ &vpn->peer,
+ &vhash,
+ GNUNET_TIME_relative_to_absolute (
+ VPN_TIMEOUT),
+ &
+ vpn_allocation_cb,
+ vpn_ctx);
+ return;
+
default:
/* skip */
@@ -641,6 +844,8 @@ run (void *cls,
NULL);
if (NULL == (gns = GNUNET_GNS_connect (cfg)))
return;
+ if (NULL == (vpn_handle = GNUNET_VPN_connect (cfg)))
+ return;
GNUNET_assert (NULL != (dns_stub = GNUNET_DNSSTUB_start (128)));
if (GNUNET_OK !=
GNUNET_DNSSTUB_add_dns_ip (dns_stub,
@@ -649,6 +854,8 @@ run (void *cls,
GNUNET_DNSSTUB_stop (dns_stub);
GNUNET_GNS_disconnect (gns);
gns = NULL;
+ GNUNET_VPN_disconnect (vpn_handle);
+ vpn_handle = NULL;
return;
}
@@ -750,6 +957,8 @@ run (void *cls,
{
GNUNET_GNS_disconnect (gns);
gns = NULL;
+ GNUNET_VPN_disconnect (vpn_handle);
+ vpn_handle = NULL;
GNUNET_DNSSTUB_stop (dns_stub);
dns_stub = NULL;
return;
diff --git a/src/gns/gnunet-service-gns_resolver.c b/src/gns/gnunet-service-gns_resolver.c
index 461257609..5573d072a 100644
--- a/src/gns/gnunet-service-gns_resolver.c
+++ b/src/gns/gnunet-service-gns_resolver.c
@@ -52,7 +52,6 @@
#include "gns.h"
#include "gnunet-service-gns.h"
#include "gnunet-service-gns_resolver.h"
-#include "gnunet_vpn_service.h"
/**
@@ -68,11 +67,6 @@
GNUNET_TIME_UNIT_SECONDS, 15)
/**
- * Default timeout for VPN redirections.
- */
-#define VPN_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 30)
-
-/**
* DHT replication level
*/
#define DHT_GNS_REPLICATION_LEVEL 10
@@ -255,38 +249,6 @@ struct DnsResult
/**
- * Closure for #vpn_allocation_cb.
- */
-struct VpnContext
-{
- /**
- * Which resolution process are we processing.
- */
- struct GNS_ResolverHandle *rh;
-
- /**
- * Handle to the VPN request that we were performing.
- */
- struct GNUNET_VPN_RedirectionRequest *vpn_request;
-
- /**
- * Number of records serialized in @e rd_data.
- */
- unsigned int rd_count;
-
- /**
- * Serialized records.
- */
- char *rd_data;
-
- /**
- * Number of bytes in @e rd_data.
- */
- ssize_t rd_data_size;
-};
-
-
-/**
* Handle to a currently pending resolution. On result (positive or
* negative) the #GNS_ResultProcessor is called.
*/
@@ -322,10 +284,6 @@ struct GNS_ResolverHandle
*/
struct GNUNET_DHT_GetHandle *get_handle;
- /**
- * Handle to a VPN request, NULL if none is active.
- */
- struct VpnContext *vpn_ctx;
/**
* Socket for a DNS request, NULL if none is active.
@@ -463,11 +421,6 @@ struct CacheOps
static struct GNUNET_NAMECACHE_Handle *namecache_handle;
/**
- * Our handle to the vpn service
- */
-static struct GNUNET_VPN_Handle *vpn_handle;
-
-/**
* Resolver handle to the dht
*/
static struct GNUNET_DHT_Handle *dht_handle;
@@ -1425,80 +1378,6 @@ handle_gns_resolution_result (void *cls,
const struct GNUNET_GNSRECORD_Data *rd);
-/**
- * Callback invoked from the VPN service once a redirection is
- * available. Provides the IP address that can now be used to
- * reach the requested destination. Replaces the "VPN" record
- * with the respective A/AAAA record and continues processing.
- *
- * @param cls closure
- * @param af address family, AF_INET or AF_INET6; AF_UNSPEC on error;
- * will match 'result_af' from the request
- * @param address IP address (struct in_addr or struct in_addr6, depending on 'af')
- * that the VPN allocated for the redirection;
- * traffic to this IP will now be redirected to the
- * specified target peer; NULL on error
- */
-static void
-vpn_allocation_cb (void *cls,
- int af,
- const void *address)
-{
- struct VpnContext *vpn_ctx = cls;
- struct GNS_ResolverHandle *rh = vpn_ctx->rh;
- struct GNUNET_GNSRECORD_Data rd[vpn_ctx->rd_count];
- unsigned int i;
-
- vpn_ctx->vpn_request = NULL;
- rh->vpn_ctx = NULL;
- GNUNET_assert (GNUNET_OK ==
- GNUNET_GNSRECORD_records_deserialize (
- (size_t) vpn_ctx->rd_data_size,
- vpn_ctx->rd_data,
- vpn_ctx->rd_count,
- rd));
- for (i = 0; i < vpn_ctx->rd_count; i++)
- {
- if (GNUNET_GNSRECORD_TYPE_VPN == rd[i].record_type)
- {
- switch (af)
- {
- case AF_INET:
- rd[i].record_type = GNUNET_DNSPARSER_TYPE_A;
- rd[i].data_size = sizeof(struct in_addr);
- rd[i].expiration_time = GNUNET_TIME_relative_to_absolute (
- VPN_TIMEOUT).abs_value_us;
- rd[i].flags = 0;
- rd[i].data = address;
- break;
-
- case AF_INET6:
- rd[i].record_type = GNUNET_DNSPARSER_TYPE_AAAA;
- rd[i].expiration_time = GNUNET_TIME_relative_to_absolute (
- VPN_TIMEOUT).abs_value_us;
- rd[i].flags = 0;
- rd[i].data = address;
- rd[i].data_size = sizeof(struct in6_addr);
- break;
-
- default:
- GNUNET_assert (0);
- }
- break;
- }
- }
- GNUNET_assert (i < vpn_ctx->rd_count);
- if (0 == vpn_ctx->rd_count)
- GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
- _ ("VPN returned empty result for `%s'\n"),
- rh->name);
- handle_gns_resolution_result (rh,
- vpn_ctx->rd_count,
- rd);
- GNUNET_free (vpn_ctx->rd_data);
- GNUNET_free (vpn_ctx);
-}
-
/**
* We have resolved one or more of the nameservers for a
@@ -2016,10 +1895,6 @@ handle_gns_resolution_result (void *cls,
{
struct GNS_ResolverHandle *rh = cls;
char *cname;
- struct VpnContext *vpn_ctx;
- const struct GNUNET_TUN_GnsVpnRecord *vpn;
- const char *vname;
- struct GNUNET_HashCode vhash;
int af;
char scratch[UINT16_MAX];
size_t scratch_off;
@@ -2076,8 +1951,8 @@ handle_gns_resolution_result (void *cls,
}
- /* If A/AAAA was requested, but we got a VPN
- record, we convert it to A/AAAA using GNUnet VPN */
+ /* If A/AAAA was requested,
+ * but we got a GNS2DNS record */
if ((GNUNET_DNSPARSER_TYPE_A == rh->record_type) ||
(GNUNET_DNSPARSER_TYPE_AAAA == rh->record_type))
{
@@ -2085,69 +1960,6 @@ handle_gns_resolution_result (void *cls,
{
switch (rd[i].record_type)
{
- case GNUNET_GNSRECORD_TYPE_VPN:
- {
- af = (GNUNET_DNSPARSER_TYPE_A == rh->record_type) ? AF_INET :
- AF_INET6;
- if (sizeof(struct GNUNET_TUN_GnsVpnRecord) >
- rd[i].data_size)
- {
- GNUNET_break_op (0);
- fail_resolution (rh);
- return;
- }
- vpn = (const struct GNUNET_TUN_GnsVpnRecord *) rd[i].data;
- vname = (const char *) &vpn[1];
- if ('\0' != vname[rd[i].data_size - 1 - sizeof(struct
- GNUNET_TUN_GnsVpnRecord)
- ])
- {
- GNUNET_break_op (0);
- fail_resolution (rh);
- return;
- }
- GNUNET_TUN_service_name_to_hash (vname,
- &vhash);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Attempting VPN allocation for %s-%s (AF: %d, proto %d)\n",
- GNUNET_i2s (&vpn->peer),
- vname,
- (int) af,
- (int) ntohs (vpn->proto));
- vpn_ctx = GNUNET_new (struct VpnContext);
- rh->vpn_ctx = vpn_ctx;
- vpn_ctx->rh = rh;
- vpn_ctx->rd_data_size = GNUNET_GNSRECORD_records_get_size (rd_count,
- rd);
- if (vpn_ctx->rd_data_size < 0)
- {
- GNUNET_break_op (0);
- GNUNET_free (vpn_ctx);
- fail_resolution (rh);
- return;
- }
- vpn_ctx->rd_data = GNUNET_malloc ((size_t) vpn_ctx->rd_data_size);
- vpn_ctx->rd_count = rd_count;
- GNUNET_assert (vpn_ctx->rd_data_size ==
- GNUNET_GNSRECORD_records_serialize (rd_count,
- rd,
- (size_t) vpn_ctx
- ->rd_data_size,
- vpn_ctx->rd_data));
- vpn_ctx->vpn_request = GNUNET_VPN_redirect_to_peer (vpn_handle,
- af,
- ntohs (
- vpn->proto),
- &vpn->peer,
- &vhash,
- GNUNET_TIME_relative_to_absolute (
- VPN_TIMEOUT),
- &
- vpn_allocation_cb,
- vpn_ctx);
- return;
- }
-
case GNUNET_GNSRECORD_TYPE_GNS2DNS:
{
/* delegation to DNS */
@@ -3014,7 +2826,6 @@ GNS_resolver_lookup_cancel (struct GNS_ResolverHandle *rh)
{
struct DnsResult *dr;
struct AuthorityChain *ac;
- struct VpnContext *vpn_ctx;
GNUNET_CONTAINER_DLL_remove (rlh_head,
rlh_tail,
@@ -3079,12 +2890,6 @@ GNS_resolver_lookup_cancel (struct GNS_ResolverHandle *rh)
GNUNET_CONTAINER_heap_remove_node (rh->dht_heap_node);
rh->dht_heap_node = NULL;
}
- if (NULL != (vpn_ctx = rh->vpn_ctx))
- {
- GNUNET_VPN_cancel_request (vpn_ctx->vpn_request);
- GNUNET_free (vpn_ctx->rd_data);
- GNUNET_free (vpn_ctx);
- }
if (NULL != rh->namecache_qe)
{
GNUNET_NAMECACHE_cancel (rh->namecache_qe);
@@ -3144,8 +2949,7 @@ GNS_resolver_init (struct GNUNET_NAMECACHE_Handle *nc,
if (GNUNET_YES == disable_cache)
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"Namecache disabled\n");
- vpn_handle = GNUNET_VPN_connect (cfg);
-}
+ }
/**
@@ -3175,8 +2979,6 @@ GNS_resolver_done ()
}
GNUNET_CONTAINER_heap_destroy (dht_lookup_heap);
dht_lookup_heap = NULL;
- GNUNET_VPN_disconnect (vpn_handle);
- vpn_handle = NULL;
dht_handle = NULL;
namecache_handle = NULL;
}