diff options
Diffstat (limited to 'src/service/exit/gnunet-daemon-exit.c')
-rw-r--r-- | src/service/exit/gnunet-daemon-exit.c | 4121 |
1 files changed, 4121 insertions, 0 deletions
diff --git a/src/service/exit/gnunet-daemon-exit.c b/src/service/exit/gnunet-daemon-exit.c new file mode 100644 index 000000000..eb2380439 --- /dev/null +++ b/src/service/exit/gnunet-daemon-exit.c | |||
@@ -0,0 +1,4121 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2010-2013, 2017 Christian Grothoff | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file exit/gnunet-daemon-exit.c | ||
23 | * @brief tool to allow IP traffic exit from the GNUnet cadet to the Internet | ||
24 | * @author Philipp Toelke | ||
25 | * @author Christian Grothoff | ||
26 | * | ||
27 | * TODO: | ||
28 | * - test | ||
29 | * | ||
30 | * Design: | ||
31 | * - which code should advertise services? the service model is right | ||
32 | * now a bit odd, especially as this code DOES the exit and knows | ||
33 | * the DNS "name", but OTOH this is clearly NOT the place to advertise | ||
34 | * the service's existence; maybe the daemon should turn into a | ||
35 | * service with an API to add local-exit services dynamically? | ||
36 | */ | ||
37 | #include "platform.h" | ||
38 | #include "gnunet_util_lib.h" | ||
39 | #include "gnunet_protocols.h" | ||
40 | #include "gnunet_applications.h" | ||
41 | #include "gnunet_dht_service.h" | ||
42 | #include "gnunet_cadet_service.h" | ||
43 | #include "gnunet_statistics_service.h" | ||
44 | #include "gnunet_constants.h" | ||
45 | #include "gnunet_signatures.h" | ||
46 | #include "gnunet_regex_service.h" | ||
47 | #include "exit.h" | ||
48 | #include "block_dns.h" | ||
49 | |||
50 | |||
51 | /** | ||
52 | * Maximum path compression length for cadet regex announcing for IPv4 address | ||
53 | * based regex. | ||
54 | */ | ||
55 | #define REGEX_MAX_PATH_LEN_IPV4 4 | ||
56 | |||
57 | /** | ||
58 | * Maximum path compression length for cadet regex announcing for IPv6 address | ||
59 | * based regex. | ||
60 | */ | ||
61 | #define REGEX_MAX_PATH_LEN_IPV6 8 | ||
62 | |||
63 | /** | ||
64 | * How frequently do we re-announce the regex for the exit? | ||
65 | */ | ||
66 | #define REGEX_REFRESH_FREQUENCY GNUNET_TIME_relative_multiply ( \ | ||
67 | GNUNET_TIME_UNIT_MINUTES, 30) | ||
68 | |||
69 | /** | ||
70 | * How frequently do we re-announce the DNS exit in the DHT? | ||
71 | */ | ||
72 | #define DHT_PUT_FREQUENCY GNUNET_TIME_relative_multiply ( \ | ||
73 | GNUNET_TIME_UNIT_MINUTES, 15) | ||
74 | |||
75 | /** | ||
76 | * How long do we typically sign the DNS exit advertisement for? | ||
77 | */ | ||
78 | #define DNS_ADVERTISEMENT_TIMEOUT GNUNET_TIME_relative_multiply ( \ | ||
79 | GNUNET_TIME_UNIT_HOURS, 3) | ||
80 | |||
81 | |||
82 | /** | ||
83 | * Generic logging shorthand | ||
84 | */ | ||
85 | #define LOG(kind, ...) \ | ||
86 | GNUNET_log_from (kind, "exit", __VA_ARGS__); | ||
87 | |||
88 | |||
89 | /** | ||
90 | * Information about an address. | ||
91 | */ | ||
92 | struct SocketAddress | ||
93 | { | ||
94 | /** | ||
95 | * AF_INET or AF_INET6. | ||
96 | */ | ||
97 | int af; | ||
98 | |||
99 | /** | ||
100 | * Remote address information. | ||
101 | */ | ||
102 | union | ||
103 | { | ||
104 | /** | ||
105 | * Address, if af is AF_INET. | ||
106 | */ | ||
107 | struct in_addr ipv4; | ||
108 | |||
109 | /** | ||
110 | * Address, if af is AF_INET6. | ||
111 | */ | ||
112 | struct in6_addr ipv6; | ||
113 | } address; | ||
114 | |||
115 | /** | ||
116 | * IPPROTO_TCP or IPPROTO_UDP; | ||
117 | */ | ||
118 | uint8_t proto; | ||
119 | |||
120 | /** | ||
121 | * Remote port, in host byte order! | ||
122 | */ | ||
123 | uint16_t port; | ||
124 | }; | ||
125 | |||
126 | |||
127 | /** | ||
128 | * This struct is saved into the services-hashmap to represent | ||
129 | * a service this peer is specifically offering an exit for | ||
130 | * (for a specific domain name). | ||
131 | */ | ||
132 | struct LocalService | ||
133 | { | ||
134 | /** | ||
135 | * Remote address to use for the service. | ||
136 | */ | ||
137 | struct SocketAddress address; | ||
138 | |||
139 | /** | ||
140 | * Descriptor for the service (CADET port). | ||
141 | */ | ||
142 | struct GNUNET_HashCode descriptor; | ||
143 | |||
144 | /** | ||
145 | * DNS name of the service. | ||
146 | */ | ||
147 | char *name; | ||
148 | |||
149 | /** | ||
150 | * Open port with CADET. | ||
151 | */ | ||
152 | struct GNUNET_CADET_Port *port; | ||
153 | |||
154 | /** | ||
155 | * #GNUNET_YES if this is a UDP service, otherwise TCP. | ||
156 | */ | ||
157 | int16_t is_udp; | ||
158 | }; | ||
159 | |||
160 | |||
161 | /** | ||
162 | * Information we use to track a connection (the classical 6-tuple of | ||
163 | * IP-version, protocol, source-IP, destination-IP, source-port and | ||
164 | * destinatin-port. | ||
165 | */ | ||
166 | struct RedirectInformation | ||
167 | { | ||
168 | /** | ||
169 | * Address information for the other party (equivalent of the | ||
170 | * arguments one would give to "connect"). | ||
171 | */ | ||
172 | struct SocketAddress remote_address; | ||
173 | |||
174 | /** | ||
175 | * Address information we used locally (AF and proto must match | ||
176 | * "remote_address"). Equivalent of the arguments one would give to | ||
177 | * "bind". | ||
178 | */ | ||
179 | struct SocketAddress local_address; | ||
180 | |||
181 | /* | ||
182 | Note 1: additional information might be added here in the | ||
183 | future to support protocols that require special handling, | ||
184 | such as ftp/tftp | ||
185 | |||
186 | Note 2: we might also sometimes not match on all components | ||
187 | of the tuple, to support protocols where things do not always | ||
188 | fully map. | ||
189 | */ | ||
190 | }; | ||
191 | |||
192 | |||
193 | /** | ||
194 | * This struct is saved into #connections_map to allow finding the | ||
195 | * right channel given an IP packet from TUN. It is also associated | ||
196 | * with the channel's closure so we can find it again for the next | ||
197 | * message from the channel. | ||
198 | */ | ||
199 | struct ChannelState | ||
200 | { | ||
201 | /** | ||
202 | * Cadet channel that is used for this connection. | ||
203 | */ | ||
204 | struct GNUNET_CADET_Channel *channel; | ||
205 | |||
206 | /** | ||
207 | * Who is the other end of this channel. | ||
208 | * FIXME is this needed? Only used for debugging messages | ||
209 | */ | ||
210 | struct GNUNET_PeerIdentity peer; | ||
211 | |||
212 | /** | ||
213 | * #GNUNET_NO if this is a channel for TCP/UDP, | ||
214 | * #GNUNET_YES if this is a channel for DNS, | ||
215 | * #GNUNET_SYSERR if the channel is not yet initialized. | ||
216 | */ | ||
217 | int is_dns; | ||
218 | |||
219 | union | ||
220 | { | ||
221 | struct | ||
222 | { | ||
223 | /** | ||
224 | * Heap node for this state in the connections_heap. | ||
225 | */ | ||
226 | struct GNUNET_CONTAINER_HeapNode *heap_node; | ||
227 | |||
228 | /** | ||
229 | * Key this state has in the #connections_map. | ||
230 | */ | ||
231 | struct GNUNET_HashCode state_key; | ||
232 | |||
233 | /** | ||
234 | * Associated service record, or NULL for no service. | ||
235 | */ | ||
236 | struct LocalService *serv; | ||
237 | |||
238 | /** | ||
239 | * Primary redirection information for this connection. | ||
240 | */ | ||
241 | struct RedirectInformation ri; | ||
242 | } tcp_udp; | ||
243 | |||
244 | struct | ||
245 | { | ||
246 | /** | ||
247 | * Socket we are using to transmit this request (must match if we receive | ||
248 | * a response). | ||
249 | */ | ||
250 | struct GNUNET_DNSSTUB_RequestSocket *rs; | ||
251 | |||
252 | /** | ||
253 | * Original DNS request ID as used by the client. | ||
254 | */ | ||
255 | uint16_t original_id; | ||
256 | |||
257 | /** | ||
258 | * DNS request ID that we used for forwarding. | ||
259 | */ | ||
260 | uint16_t my_id; | ||
261 | } dns; | ||
262 | } specifics; | ||
263 | }; | ||
264 | |||
265 | |||
266 | /** | ||
267 | * Return value from 'main'. | ||
268 | */ | ||
269 | static int global_ret; | ||
270 | |||
271 | /** | ||
272 | * Handle to our regex announcement for IPv4. | ||
273 | */ | ||
274 | static struct GNUNET_REGEX_Announcement *regex4; | ||
275 | |||
276 | /** | ||
277 | * Handle to our regex announcement for IPv4. | ||
278 | */ | ||
279 | static struct GNUNET_REGEX_Announcement *regex6; | ||
280 | |||
281 | /** | ||
282 | * The handle to the configuration used throughout the process | ||
283 | */ | ||
284 | static const struct GNUNET_CONFIGURATION_Handle *cfg; | ||
285 | |||
286 | /** | ||
287 | * The handle to the helper | ||
288 | */ | ||
289 | static struct GNUNET_HELPER_Handle *helper_handle; | ||
290 | |||
291 | /** | ||
292 | * Arguments to the exit helper. | ||
293 | */ | ||
294 | static char *exit_argv[8]; | ||
295 | |||
296 | /** | ||
297 | * IPv6 address of our TUN interface. | ||
298 | */ | ||
299 | static struct in6_addr exit_ipv6addr; | ||
300 | |||
301 | /** | ||
302 | * IPv6 prefix (0..127) from configuration file. | ||
303 | */ | ||
304 | static unsigned long long ipv6prefix; | ||
305 | |||
306 | /** | ||
307 | * IPv4 address of our TUN interface. | ||
308 | */ | ||
309 | static struct in_addr exit_ipv4addr; | ||
310 | |||
311 | /** | ||
312 | * IPv4 netmask of our TUN interface. | ||
313 | */ | ||
314 | static struct in_addr exit_ipv4mask; | ||
315 | |||
316 | /** | ||
317 | * Statistics. | ||
318 | */ | ||
319 | static struct GNUNET_STATISTICS_Handle *stats; | ||
320 | |||
321 | /** | ||
322 | * The handle to cadet | ||
323 | */ | ||
324 | static struct GNUNET_CADET_Handle *cadet_handle; | ||
325 | |||
326 | /** | ||
327 | * This hashmaps contains the mapping from peer, service-descriptor, | ||
328 | * source-port and destination-port to a struct ChannelState | ||
329 | */ | ||
330 | static struct GNUNET_CONTAINER_MultiHashMap *connections_map; | ||
331 | |||
332 | /** | ||
333 | * Heap so we can quickly find "old" connections. | ||
334 | */ | ||
335 | static struct GNUNET_CONTAINER_Heap *connections_heap; | ||
336 | |||
337 | /** | ||
338 | * If there are at least this many connections, old ones will be removed | ||
339 | */ | ||
340 | static unsigned long long max_connections; | ||
341 | |||
342 | /** | ||
343 | * This hashmaps saves interesting things about the configured services | ||
344 | */ | ||
345 | static struct GNUNET_CONTAINER_MultiHashMap *services; | ||
346 | |||
347 | /** | ||
348 | * Array of all open DNS requests from channels. | ||
349 | */ | ||
350 | static struct ChannelState *channels[UINT16_MAX + 1]; | ||
351 | |||
352 | /** | ||
353 | * Handle to the DNS Stub resolver. | ||
354 | */ | ||
355 | static struct GNUNET_DNSSTUB_Context *dnsstub; | ||
356 | |||
357 | /** | ||
358 | * Handle for ongoing DHT PUT operations to advertise exit service. | ||
359 | */ | ||
360 | static struct GNUNET_DHT_PutHandle *dht_put; | ||
361 | |||
362 | /** | ||
363 | * Handle to the DHT. | ||
364 | */ | ||
365 | static struct GNUNET_DHT_Handle *dht; | ||
366 | |||
367 | /** | ||
368 | * Task for doing DHT PUTs to advertise exit service. | ||
369 | */ | ||
370 | static struct GNUNET_SCHEDULER_Task *dht_task; | ||
371 | |||
372 | /** | ||
373 | * Advertisement message we put into the DHT to advertise us | ||
374 | * as a DNS exit. | ||
375 | */ | ||
376 | static struct GNUNET_DNS_Advertisement dns_advertisement; | ||
377 | |||
378 | /** | ||
379 | * Key we store the DNS advertismenet under. | ||
380 | */ | ||
381 | static struct GNUNET_HashCode dht_put_key; | ||
382 | |||
383 | /** | ||
384 | * Private key for this peer. | ||
385 | */ | ||
386 | static struct GNUNET_CRYPTO_EddsaPrivateKey *peer_key; | ||
387 | |||
388 | /** | ||
389 | * Port for DNS exit. | ||
390 | */ | ||
391 | static struct GNUNET_CADET_Port *dns_port; | ||
392 | |||
393 | /** | ||
394 | * Port for IPv4 exit. | ||
395 | */ | ||
396 | static struct GNUNET_CADET_Port *cadet_port4; | ||
397 | |||
398 | /** | ||
399 | * Port for IPv6 exit. | ||
400 | */ | ||
401 | static struct GNUNET_CADET_Port *cadet_port6; | ||
402 | |||
403 | /** | ||
404 | * Are we an IPv4-exit? | ||
405 | */ | ||
406 | static int ipv4_exit; | ||
407 | |||
408 | /** | ||
409 | * Are we an IPv6-exit? | ||
410 | */ | ||
411 | static int ipv6_exit; | ||
412 | |||
413 | /** | ||
414 | * Do we support IPv4 at all on the TUN interface? | ||
415 | */ | ||
416 | static int ipv4_enabled; | ||
417 | |||
418 | /** | ||
419 | * Do we support IPv6 at all on the TUN interface? | ||
420 | */ | ||
421 | static int ipv6_enabled; | ||
422 | |||
423 | |||
424 | GNUNET_NETWORK_STRUCT_BEGIN | ||
425 | |||
426 | /** | ||
427 | * Message with a DNS response. | ||
428 | */ | ||
429 | struct DnsResponseMessage | ||
430 | { | ||
431 | /** | ||
432 | * GNUnet header, of type #GNUNET_MESSAGE_TYPE_VPN_DNS_FROM_INTERNET | ||
433 | */ | ||
434 | struct GNUNET_MessageHeader header; | ||
435 | |||
436 | /** | ||
437 | * DNS header. | ||
438 | */ | ||
439 | struct GNUNET_TUN_DnsHeader dns; | ||
440 | |||
441 | /* Followed by more DNS payload */ | ||
442 | }; | ||
443 | |||
444 | GNUNET_NETWORK_STRUCT_END | ||
445 | |||
446 | |||
447 | /** | ||
448 | * Callback called from DNSSTUB resolver when a resolution | ||
449 | * succeeded. | ||
450 | * | ||
451 | * @param cls NULL | ||
452 | * @param dns the response itself | ||
453 | * @param r number of bytes in @a dns | ||
454 | */ | ||
455 | static void | ||
456 | process_dns_result (void *cls, | ||
457 | const struct GNUNET_TUN_DnsHeader *dns, | ||
458 | size_t r) | ||
459 | { | ||
460 | struct ChannelState *ts; | ||
461 | struct GNUNET_MQ_Envelope *env; | ||
462 | struct DnsResponseMessage *resp; | ||
463 | |||
464 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
465 | "Processing DNS result from stub resolver\n"); | ||
466 | GNUNET_assert (NULL == cls); | ||
467 | if (NULL == dns) | ||
468 | return; | ||
469 | /* Handle case that this is a reply to a request from a CADET DNS channel */ | ||
470 | ts = channels[dns->id]; | ||
471 | if (NULL == ts) | ||
472 | return; | ||
473 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
474 | "Got a response from the stub resolver for DNS request received via CADET!\n"); | ||
475 | channels[dns->id] = NULL; | ||
476 | env = GNUNET_MQ_msg_extra (resp, | ||
477 | r - sizeof(struct GNUNET_TUN_DnsHeader), | ||
478 | GNUNET_MESSAGE_TYPE_VPN_DNS_FROM_INTERNET); | ||
479 | GNUNET_memcpy (&resp->dns, | ||
480 | dns, | ||
481 | r); | ||
482 | resp->dns.id = ts->specifics.dns.original_id; | ||
483 | GNUNET_MQ_send (GNUNET_CADET_get_mq (ts->channel), | ||
484 | env); | ||
485 | } | ||
486 | |||
487 | |||
488 | /** | ||
489 | * Check a request via cadet to perform a DNS query. | ||
490 | * | ||
491 | * @param cls our `struct ChannelState *` | ||
492 | * @param msg the actual message | ||
493 | * @return #GNUNET_OK to keep the connection open, | ||
494 | * #GNUNET_SYSERR to close it (signal serious error) | ||
495 | */ | ||
496 | static int | ||
497 | check_dns_request (void *cls, | ||
498 | const struct DnsResponseMessage *msg) | ||
499 | { | ||
500 | struct ChannelState *ts = cls; | ||
501 | |||
502 | if (NULL == dnsstub) | ||
503 | { | ||
504 | GNUNET_break (0); | ||
505 | return GNUNET_SYSERR; | ||
506 | } | ||
507 | if (GNUNET_NO == ts->is_dns) | ||
508 | { | ||
509 | GNUNET_break_op (0); | ||
510 | return GNUNET_SYSERR; | ||
511 | } | ||
512 | return GNUNET_OK; | ||
513 | } | ||
514 | |||
515 | |||
516 | /** | ||
517 | * Process a request via cadet to perform a DNS query. | ||
518 | * | ||
519 | * @param cls our `struct ChannelState *` | ||
520 | * @param msg the actual message | ||
521 | */ | ||
522 | static void | ||
523 | handle_dns_request (void *cls, | ||
524 | const struct DnsResponseMessage *msg) | ||
525 | { | ||
526 | struct ChannelState *ts = cls; | ||
527 | size_t mlen = ntohs (msg->header.size); | ||
528 | size_t dlen = mlen - sizeof(struct GNUNET_MessageHeader); | ||
529 | char buf[dlen] GNUNET_ALIGN; | ||
530 | struct GNUNET_TUN_DnsHeader *dns_out; | ||
531 | |||
532 | if (GNUNET_SYSERR == ts->is_dns) | ||
533 | { | ||
534 | /* channel is DNS from now on */ | ||
535 | ts->is_dns = GNUNET_YES; | ||
536 | } | ||
537 | ts->specifics.dns.original_id = msg->dns.id; | ||
538 | if (channels[ts->specifics.dns.my_id] == ts) | ||
539 | channels[ts->specifics.dns.my_id] = NULL; | ||
540 | ts->specifics.dns.my_id = (uint16_t) GNUNET_CRYPTO_random_u32 ( | ||
541 | GNUNET_CRYPTO_QUALITY_WEAK, | ||
542 | UINT16_MAX | ||
543 | + 1); | ||
544 | channels[ts->specifics.dns.my_id] = ts; | ||
545 | GNUNET_memcpy (buf, | ||
546 | &msg->dns, | ||
547 | dlen); | ||
548 | dns_out = (struct GNUNET_TUN_DnsHeader *) buf; | ||
549 | dns_out->id = ts->specifics.dns.my_id; | ||
550 | ts->specifics.dns.rs = GNUNET_DNSSTUB_resolve (dnsstub, | ||
551 | buf, | ||
552 | dlen, | ||
553 | &process_dns_result, | ||
554 | NULL); | ||
555 | if (NULL == ts->specifics.dns.rs) | ||
556 | { | ||
557 | GNUNET_break_op (0); | ||
558 | return; | ||
559 | } | ||
560 | GNUNET_CADET_receive_done (ts->channel); | ||
561 | } | ||
562 | |||
563 | |||
564 | /** | ||
565 | * Given IP information about a connection, calculate the respective | ||
566 | * hash we would use for the #connections_map. | ||
567 | * | ||
568 | * @param hash resulting hash | ||
569 | * @param ri information about the connection | ||
570 | */ | ||
571 | static void | ||
572 | hash_redirect_info (struct GNUNET_HashCode *hash, | ||
573 | const struct RedirectInformation *ri) | ||
574 | { | ||
575 | char *off; | ||
576 | |||
577 | memset (hash, | ||
578 | 0, | ||
579 | sizeof(struct GNUNET_HashCode)); | ||
580 | /* the GNUnet hashmap only uses the first sizeof(unsigned int) of the hash, | ||
581 | so we put the IP address in there (and hope for few collisions) */ | ||
582 | off = (char *) hash; | ||
583 | switch (ri->remote_address.af) | ||
584 | { | ||
585 | case AF_INET: | ||
586 | GNUNET_memcpy (off, | ||
587 | &ri->remote_address.address.ipv4, | ||
588 | sizeof(struct in_addr)); | ||
589 | off += sizeof(struct in_addr); | ||
590 | break; | ||
591 | |||
592 | case AF_INET6: | ||
593 | GNUNET_memcpy (off, | ||
594 | &ri->remote_address.address.ipv6, | ||
595 | sizeof(struct in6_addr)); | ||
596 | off += sizeof(struct in_addr); | ||
597 | break; | ||
598 | |||
599 | default: | ||
600 | GNUNET_assert (0); | ||
601 | } | ||
602 | GNUNET_memcpy (off, | ||
603 | &ri->remote_address.port, | ||
604 | sizeof(uint16_t)); | ||
605 | off += sizeof(uint16_t); | ||
606 | switch (ri->local_address.af) | ||
607 | { | ||
608 | case AF_INET: | ||
609 | GNUNET_memcpy (off, | ||
610 | &ri->local_address.address.ipv4, | ||
611 | sizeof(struct in_addr)); | ||
612 | off += sizeof(struct in_addr); | ||
613 | break; | ||
614 | |||
615 | case AF_INET6: | ||
616 | GNUNET_memcpy (off, | ||
617 | &ri->local_address.address.ipv6, | ||
618 | sizeof(struct in6_addr)); | ||
619 | off += sizeof(struct in_addr); | ||
620 | break; | ||
621 | |||
622 | default: | ||
623 | GNUNET_assert (0); | ||
624 | } | ||
625 | GNUNET_memcpy (off, | ||
626 | &ri->local_address.port, | ||
627 | sizeof(uint16_t)); | ||
628 | off += sizeof(uint16_t); | ||
629 | GNUNET_memcpy (off, | ||
630 | &ri->remote_address.proto, | ||
631 | sizeof(uint8_t)); | ||
632 | /* off += sizeof (uint8_t); */ | ||
633 | } | ||
634 | |||
635 | |||
636 | /** | ||
637 | * Get our connection tracking state. Warns if it does not exists, | ||
638 | * refreshes the timestamp if it does exist. | ||
639 | * | ||
640 | * @param af address family | ||
641 | * @param protocol IPPROTO_UDP or IPPROTO_TCP | ||
642 | * @param destination_ip target IP | ||
643 | * @param destination_port target port | ||
644 | * @param local_ip local IP | ||
645 | * @param local_port local port | ||
646 | * @param state_key set to hash's state if non-NULL | ||
647 | * @return NULL if we have no tracking information for this tuple | ||
648 | */ | ||
649 | static struct ChannelState * | ||
650 | get_redirect_state (int af, | ||
651 | int protocol, | ||
652 | const void *destination_ip, | ||
653 | uint16_t destination_port, | ||
654 | const void *local_ip, | ||
655 | uint16_t local_port, | ||
656 | struct GNUNET_HashCode *state_key) | ||
657 | { | ||
658 | struct RedirectInformation ri; | ||
659 | struct GNUNET_HashCode key; | ||
660 | struct ChannelState *state; | ||
661 | |||
662 | if (((af == AF_INET) && (protocol == IPPROTO_ICMP)) || | ||
663 | ((af == AF_INET6) && (protocol == IPPROTO_ICMPV6))) | ||
664 | { | ||
665 | /* ignore ports */ | ||
666 | destination_port = 0; | ||
667 | local_port = 0; | ||
668 | } | ||
669 | ri.remote_address.af = af; | ||
670 | if (af == AF_INET) | ||
671 | ri.remote_address.address.ipv4 = *((struct in_addr*) destination_ip); | ||
672 | else | ||
673 | ri.remote_address.address.ipv6 = *((struct in6_addr*) destination_ip); | ||
674 | ri.remote_address.port = destination_port; | ||
675 | ri.remote_address.proto = protocol; | ||
676 | ri.local_address.af = af; | ||
677 | if (af == AF_INET) | ||
678 | ri.local_address.address.ipv4 = *((struct in_addr*) local_ip); | ||
679 | else | ||
680 | ri.local_address.address.ipv6 = *((struct in6_addr*) local_ip); | ||
681 | ri.local_address.port = local_port; | ||
682 | ri.local_address.proto = protocol; | ||
683 | hash_redirect_info (&key, | ||
684 | &ri); | ||
685 | if (NULL != state_key) | ||
686 | *state_key = key; | ||
687 | state = GNUNET_CONTAINER_multihashmap_get (connections_map, | ||
688 | &key); | ||
689 | if (NULL == state) | ||
690 | return NULL; | ||
691 | /* Mark this connection as freshly used */ | ||
692 | if (NULL == state_key) | ||
693 | GNUNET_CONTAINER_heap_update_cost (state->specifics.tcp_udp.heap_node, | ||
694 | GNUNET_TIME_absolute_get ().abs_value_us); | ||
695 | return state; | ||
696 | } | ||
697 | |||
698 | |||
699 | /** | ||
700 | * Check a request via cadet to send a request to a TCP service | ||
701 | * offered by this system. | ||
702 | * | ||
703 | * @param cls our `struct ChannelState *` | ||
704 | * @param start the actual message | ||
705 | * @return #GNUNET_OK to keep the connection open, | ||
706 | * #GNUNET_SYSERR to close it (signal serious error) | ||
707 | */ | ||
708 | static int | ||
709 | check_tcp_service (void *cls, | ||
710 | const struct GNUNET_EXIT_TcpServiceStartMessage *start) | ||
711 | { | ||
712 | struct ChannelState *state = cls; | ||
713 | |||
714 | if (NULL == state) | ||
715 | { | ||
716 | GNUNET_break_op (0); | ||
717 | return GNUNET_SYSERR; | ||
718 | } | ||
719 | if (GNUNET_YES == state->is_dns) | ||
720 | { | ||
721 | GNUNET_break_op (0); | ||
722 | return GNUNET_SYSERR; | ||
723 | } | ||
724 | if (NULL == state->specifics.tcp_udp.serv) | ||
725 | { | ||
726 | GNUNET_break_op (0); | ||
727 | return GNUNET_SYSERR; | ||
728 | } | ||
729 | if (NULL != state->specifics.tcp_udp.heap_node) | ||
730 | { | ||
731 | GNUNET_break_op (0); | ||
732 | return GNUNET_SYSERR; | ||
733 | } | ||
734 | if (start->tcp_header.off * 4 < sizeof(struct GNUNET_TUN_TcpHeader)) | ||
735 | { | ||
736 | GNUNET_break_op (0); | ||
737 | return GNUNET_SYSERR; | ||
738 | } | ||
739 | return GNUNET_OK; | ||
740 | } | ||
741 | |||
742 | |||
743 | /** | ||
744 | * Prepare an IPv4 packet for transmission via the TUN interface. | ||
745 | * Initializes the IP header and calculates checksums (IP+UDP/TCP). | ||
746 | * For UDP, the UDP header will be fully created, whereas for TCP | ||
747 | * only the ports and checksum will be filled in. So for TCP, | ||
748 | * a skeleton TCP header must be part of the provided payload. | ||
749 | * | ||
750 | * @param payload payload of the packet (starting with UDP payload or | ||
751 | * TCP header, depending on protocol) | ||
752 | * @param payload_length number of bytes in @a payload | ||
753 | * @param protocol IPPROTO_UDP or IPPROTO_TCP | ||
754 | * @param tcp_header skeleton of the TCP header, NULL for UDP | ||
755 | * @param src_address source address to use (IP and port) | ||
756 | * @param dst_address destination address to use (IP and port) | ||
757 | * @param pkt4 where to write the assembled packet; must | ||
758 | * contain enough space for the IP header, UDP/TCP header | ||
759 | * AND the payload | ||
760 | */ | ||
761 | static void | ||
762 | prepare_ipv4_packet (const void *payload, | ||
763 | size_t payload_length, | ||
764 | int protocol, | ||
765 | const struct GNUNET_TUN_TcpHeader *tcp_header, | ||
766 | const struct SocketAddress *src_address, | ||
767 | const struct SocketAddress *dst_address, | ||
768 | struct GNUNET_TUN_IPv4Header *pkt4) | ||
769 | { | ||
770 | size_t len; | ||
771 | |||
772 | len = payload_length; | ||
773 | switch (protocol) | ||
774 | { | ||
775 | case IPPROTO_UDP: | ||
776 | len += sizeof(struct GNUNET_TUN_UdpHeader); | ||
777 | break; | ||
778 | |||
779 | case IPPROTO_TCP: | ||
780 | len += sizeof(struct GNUNET_TUN_TcpHeader); | ||
781 | GNUNET_assert (NULL != tcp_header); | ||
782 | break; | ||
783 | |||
784 | default: | ||
785 | GNUNET_break (0); | ||
786 | return; | ||
787 | } | ||
788 | if (len + sizeof(struct GNUNET_TUN_IPv4Header) > UINT16_MAX) | ||
789 | { | ||
790 | GNUNET_break (0); | ||
791 | return; | ||
792 | } | ||
793 | |||
794 | GNUNET_TUN_initialize_ipv4_header (pkt4, | ||
795 | protocol, | ||
796 | len, | ||
797 | &src_address->address.ipv4, | ||
798 | &dst_address->address.ipv4); | ||
799 | switch (protocol) | ||
800 | { | ||
801 | case IPPROTO_UDP: | ||
802 | { | ||
803 | struct GNUNET_TUN_UdpHeader *pkt4_udp = (struct | ||
804 | GNUNET_TUN_UdpHeader *) &pkt4[1]; | ||
805 | |||
806 | pkt4_udp->source_port = htons (src_address->port); | ||
807 | pkt4_udp->destination_port = htons (dst_address->port); | ||
808 | pkt4_udp->len = htons ((uint16_t) payload_length); | ||
809 | GNUNET_TUN_calculate_udp4_checksum (pkt4, | ||
810 | pkt4_udp, | ||
811 | payload, | ||
812 | payload_length); | ||
813 | GNUNET_memcpy (&pkt4_udp[1], | ||
814 | payload, | ||
815 | payload_length); | ||
816 | } | ||
817 | break; | ||
818 | |||
819 | case IPPROTO_TCP: | ||
820 | { | ||
821 | struct GNUNET_TUN_TcpHeader *pkt4_tcp = (struct | ||
822 | GNUNET_TUN_TcpHeader *) &pkt4[1]; | ||
823 | |||
824 | *pkt4_tcp = *tcp_header; | ||
825 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
826 | "Sending TCP packet from port %u to port %u\n", | ||
827 | src_address->port, | ||
828 | dst_address->port); | ||
829 | pkt4_tcp->source_port = htons (src_address->port); | ||
830 | pkt4_tcp->destination_port = htons (dst_address->port); | ||
831 | GNUNET_TUN_calculate_tcp4_checksum (pkt4, | ||
832 | pkt4_tcp, | ||
833 | payload, | ||
834 | payload_length); | ||
835 | GNUNET_memcpy (&pkt4_tcp[1], | ||
836 | payload, | ||
837 | payload_length); | ||
838 | } | ||
839 | break; | ||
840 | |||
841 | default: | ||
842 | GNUNET_assert (0); | ||
843 | } | ||
844 | } | ||
845 | |||
846 | |||
847 | /** | ||
848 | * Prepare an IPv6 packet for transmission via the TUN interface. | ||
849 | * Initializes the IP header and calculates checksums (IP+UDP/TCP). | ||
850 | * For UDP, the UDP header will be fully created, whereas for TCP | ||
851 | * only the ports and checksum will be filled in. So for TCP, | ||
852 | * a skeleton TCP header must be part of the provided payload. | ||
853 | * | ||
854 | * @param payload payload of the packet (starting with UDP payload or | ||
855 | * TCP header, depending on protocol) | ||
856 | * @param payload_length number of bytes in @a payload | ||
857 | * @param protocol IPPROTO_UDP or IPPROTO_TCP | ||
858 | * @param tcp_header skeleton TCP header data to send, NULL for UDP | ||
859 | * @param src_address source address to use (IP and port) | ||
860 | * @param dst_address destination address to use (IP and port) | ||
861 | * @param pkt6 where to write the assembled packet; must | ||
862 | * contain enough space for the IP header, UDP/TCP header | ||
863 | * AND the payload | ||
864 | */ | ||
865 | static void | ||
866 | prepare_ipv6_packet (const void *payload, | ||
867 | size_t payload_length, | ||
868 | int protocol, | ||
869 | const struct GNUNET_TUN_TcpHeader *tcp_header, | ||
870 | const struct SocketAddress *src_address, | ||
871 | const struct SocketAddress *dst_address, | ||
872 | struct GNUNET_TUN_IPv6Header *pkt6) | ||
873 | { | ||
874 | size_t len; | ||
875 | |||
876 | len = payload_length; | ||
877 | switch (protocol) | ||
878 | { | ||
879 | case IPPROTO_UDP: | ||
880 | len += sizeof(struct GNUNET_TUN_UdpHeader); | ||
881 | break; | ||
882 | |||
883 | case IPPROTO_TCP: | ||
884 | len += sizeof(struct GNUNET_TUN_TcpHeader); | ||
885 | break; | ||
886 | |||
887 | default: | ||
888 | GNUNET_break (0); | ||
889 | return; | ||
890 | } | ||
891 | if (len > UINT16_MAX) | ||
892 | { | ||
893 | GNUNET_break (0); | ||
894 | return; | ||
895 | } | ||
896 | |||
897 | GNUNET_TUN_initialize_ipv6_header (pkt6, | ||
898 | protocol, | ||
899 | len, | ||
900 | &src_address->address.ipv6, | ||
901 | &dst_address->address.ipv6); | ||
902 | |||
903 | switch (protocol) | ||
904 | { | ||
905 | case IPPROTO_UDP: | ||
906 | { | ||
907 | struct GNUNET_TUN_UdpHeader *pkt6_udp = (struct | ||
908 | GNUNET_TUN_UdpHeader *) &pkt6[1]; | ||
909 | |||
910 | pkt6_udp->source_port = htons (src_address->port); | ||
911 | pkt6_udp->destination_port = htons (dst_address->port); | ||
912 | pkt6_udp->len = htons ((uint16_t) payload_length); | ||
913 | GNUNET_TUN_calculate_udp6_checksum (pkt6, | ||
914 | pkt6_udp, | ||
915 | payload, | ||
916 | payload_length); | ||
917 | GNUNET_memcpy (&pkt6_udp[1], | ||
918 | payload, | ||
919 | payload_length); | ||
920 | } | ||
921 | break; | ||
922 | |||
923 | case IPPROTO_TCP: | ||
924 | { | ||
925 | struct GNUNET_TUN_TcpHeader *pkt6_tcp = (struct | ||
926 | GNUNET_TUN_TcpHeader *) &pkt6[1]; | ||
927 | |||
928 | /* GNUNET_memcpy first here as some TCP header fields are initialized this way! */ | ||
929 | *pkt6_tcp = *tcp_header; | ||
930 | pkt6_tcp->source_port = htons (src_address->port); | ||
931 | pkt6_tcp->destination_port = htons (dst_address->port); | ||
932 | GNUNET_TUN_calculate_tcp6_checksum (pkt6, | ||
933 | pkt6_tcp, | ||
934 | payload, | ||
935 | payload_length); | ||
936 | GNUNET_memcpy (&pkt6_tcp[1], | ||
937 | payload, | ||
938 | payload_length); | ||
939 | } | ||
940 | break; | ||
941 | |||
942 | default: | ||
943 | GNUNET_assert (0); | ||
944 | break; | ||
945 | } | ||
946 | } | ||
947 | |||
948 | |||
949 | /** | ||
950 | * Send a TCP packet via the TUN interface. | ||
951 | * | ||
952 | * @param destination_address IP and port to use for the TCP packet's destination | ||
953 | * @param source_address IP and port to use for the TCP packet's source | ||
954 | * @param tcp_header header template to use | ||
955 | * @param payload payload of the TCP packet | ||
956 | * @param payload_length number of bytes in @a payload | ||
957 | */ | ||
958 | static void | ||
959 | send_tcp_packet_via_tun (const struct SocketAddress *destination_address, | ||
960 | const struct SocketAddress *source_address, | ||
961 | const struct GNUNET_TUN_TcpHeader *tcp_header, | ||
962 | const void *payload, | ||
963 | size_t payload_length) | ||
964 | { | ||
965 | size_t len; | ||
966 | |||
967 | GNUNET_STATISTICS_update (stats, | ||
968 | gettext_noop ("# TCP packets sent via TUN"), | ||
969 | 1, | ||
970 | GNUNET_NO); | ||
971 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
972 | "Sending packet with %u bytes TCP payload via TUN\n", | ||
973 | (unsigned int) payload_length); | ||
974 | len = sizeof(struct GNUNET_MessageHeader) + sizeof(struct | ||
975 | GNUNET_TUN_Layer2PacketHeader); | ||
976 | switch (source_address->af) | ||
977 | { | ||
978 | case AF_INET: | ||
979 | len += sizeof(struct GNUNET_TUN_IPv4Header); | ||
980 | break; | ||
981 | |||
982 | case AF_INET6: | ||
983 | len += sizeof(struct GNUNET_TUN_IPv6Header); | ||
984 | break; | ||
985 | |||
986 | default: | ||
987 | GNUNET_break (0); | ||
988 | return; | ||
989 | } | ||
990 | len += sizeof(struct GNUNET_TUN_TcpHeader); | ||
991 | len += payload_length; | ||
992 | if (len >= GNUNET_MAX_MESSAGE_SIZE) | ||
993 | { | ||
994 | GNUNET_break (0); | ||
995 | return; | ||
996 | } | ||
997 | { | ||
998 | char buf[len] GNUNET_ALIGN; | ||
999 | struct GNUNET_MessageHeader *hdr; | ||
1000 | struct GNUNET_TUN_Layer2PacketHeader *tun; | ||
1001 | |||
1002 | hdr = (struct GNUNET_MessageHeader *) buf; | ||
1003 | hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER); | ||
1004 | hdr->size = htons (len); | ||
1005 | tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1]; | ||
1006 | tun->flags = htons (0); | ||
1007 | switch (source_address->af) | ||
1008 | { | ||
1009 | case AF_INET: | ||
1010 | { | ||
1011 | struct GNUNET_TUN_IPv4Header *ipv4 | ||
1012 | = (struct GNUNET_TUN_IPv4Header*) &tun[1]; | ||
1013 | |||
1014 | tun->proto = htons (ETH_P_IPV4); | ||
1015 | prepare_ipv4_packet (payload, | ||
1016 | payload_length, | ||
1017 | IPPROTO_TCP, | ||
1018 | tcp_header, | ||
1019 | source_address, | ||
1020 | destination_address, | ||
1021 | ipv4); | ||
1022 | } | ||
1023 | break; | ||
1024 | |||
1025 | case AF_INET6: | ||
1026 | { | ||
1027 | struct GNUNET_TUN_IPv6Header *ipv6 | ||
1028 | = (struct GNUNET_TUN_IPv6Header*) &tun[1]; | ||
1029 | |||
1030 | tun->proto = htons (ETH_P_IPV6); | ||
1031 | prepare_ipv6_packet (payload, | ||
1032 | payload_length, | ||
1033 | IPPROTO_TCP, | ||
1034 | tcp_header, | ||
1035 | source_address, | ||
1036 | destination_address, | ||
1037 | ipv6); | ||
1038 | } | ||
1039 | break; | ||
1040 | |||
1041 | default: | ||
1042 | GNUNET_assert (0); | ||
1043 | break; | ||
1044 | } | ||
1045 | if (NULL != helper_handle) | ||
1046 | (void) GNUNET_HELPER_send (helper_handle, | ||
1047 | (const struct GNUNET_MessageHeader*) buf, | ||
1048 | GNUNET_YES, | ||
1049 | NULL, | ||
1050 | NULL); | ||
1051 | } | ||
1052 | } | ||
1053 | |||
1054 | |||
1055 | /** | ||
1056 | * Send an ICMP packet via the TUN interface. | ||
1057 | * | ||
1058 | * @param destination_address IP to use for the ICMP packet's destination | ||
1059 | * @param source_address IP to use for the ICMP packet's source | ||
1060 | * @param icmp_header ICMP header to send | ||
1061 | * @param payload payload of the ICMP packet (does NOT include ICMP header) | ||
1062 | * @param payload_length number of bytes of data in @a payload | ||
1063 | */ | ||
1064 | static void | ||
1065 | send_icmp_packet_via_tun (const struct SocketAddress *destination_address, | ||
1066 | const struct SocketAddress *source_address, | ||
1067 | const struct GNUNET_TUN_IcmpHeader *icmp_header, | ||
1068 | const void *payload, size_t payload_length) | ||
1069 | { | ||
1070 | size_t len; | ||
1071 | struct GNUNET_TUN_IcmpHeader *icmp; | ||
1072 | |||
1073 | GNUNET_STATISTICS_update (stats, | ||
1074 | gettext_noop ("# ICMP packets sent via TUN"), | ||
1075 | 1, GNUNET_NO); | ||
1076 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1077 | "Sending packet with %u bytes ICMP payload via TUN\n", | ||
1078 | (unsigned int) payload_length); | ||
1079 | len = sizeof(struct GNUNET_MessageHeader) + sizeof(struct | ||
1080 | GNUNET_TUN_Layer2PacketHeader); | ||
1081 | switch (destination_address->af) | ||
1082 | { | ||
1083 | case AF_INET: | ||
1084 | len += sizeof(struct GNUNET_TUN_IPv4Header); | ||
1085 | break; | ||
1086 | |||
1087 | case AF_INET6: | ||
1088 | len += sizeof(struct GNUNET_TUN_IPv6Header); | ||
1089 | break; | ||
1090 | |||
1091 | default: | ||
1092 | GNUNET_break (0); | ||
1093 | return; | ||
1094 | } | ||
1095 | len += sizeof(struct GNUNET_TUN_IcmpHeader); | ||
1096 | len += payload_length; | ||
1097 | if (len >= GNUNET_MAX_MESSAGE_SIZE) | ||
1098 | { | ||
1099 | GNUNET_break (0); | ||
1100 | return; | ||
1101 | } | ||
1102 | { | ||
1103 | char buf[len] GNUNET_ALIGN; | ||
1104 | struct GNUNET_MessageHeader *hdr; | ||
1105 | struct GNUNET_TUN_Layer2PacketHeader *tun; | ||
1106 | |||
1107 | hdr = (struct GNUNET_MessageHeader *) buf; | ||
1108 | hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER); | ||
1109 | hdr->size = htons (len); | ||
1110 | tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1]; | ||
1111 | tun->flags = htons (0); | ||
1112 | switch (source_address->af) | ||
1113 | { | ||
1114 | case AF_INET: | ||
1115 | { | ||
1116 | struct GNUNET_TUN_IPv4Header *ipv4 = (struct | ||
1117 | GNUNET_TUN_IPv4Header*) &tun[1]; | ||
1118 | |||
1119 | tun->proto = htons (ETH_P_IPV4); | ||
1120 | GNUNET_TUN_initialize_ipv4_header (ipv4, | ||
1121 | IPPROTO_ICMP, | ||
1122 | sizeof(struct | ||
1123 | GNUNET_TUN_IcmpHeader) | ||
1124 | + payload_length, | ||
1125 | &source_address->address.ipv4, | ||
1126 | &destination_address->address.ipv4); | ||
1127 | icmp = (struct GNUNET_TUN_IcmpHeader*) &ipv4[1]; | ||
1128 | } | ||
1129 | break; | ||
1130 | |||
1131 | case AF_INET6: | ||
1132 | { | ||
1133 | struct GNUNET_TUN_IPv6Header *ipv6 = (struct | ||
1134 | GNUNET_TUN_IPv6Header*) &tun[1]; | ||
1135 | |||
1136 | tun->proto = htons (ETH_P_IPV6); | ||
1137 | GNUNET_TUN_initialize_ipv6_header (ipv6, | ||
1138 | IPPROTO_ICMPV6, | ||
1139 | sizeof(struct | ||
1140 | GNUNET_TUN_IcmpHeader) | ||
1141 | + payload_length, | ||
1142 | &source_address->address.ipv6, | ||
1143 | &destination_address->address.ipv6); | ||
1144 | icmp = (struct GNUNET_TUN_IcmpHeader*) &ipv6[1]; | ||
1145 | } | ||
1146 | break; | ||
1147 | |||
1148 | default: | ||
1149 | GNUNET_assert (0); | ||
1150 | break; | ||
1151 | } | ||
1152 | *icmp = *icmp_header; | ||
1153 | GNUNET_memcpy (&icmp[1], | ||
1154 | payload, | ||
1155 | payload_length); | ||
1156 | GNUNET_TUN_calculate_icmp_checksum (icmp, | ||
1157 | payload, | ||
1158 | payload_length); | ||
1159 | if (NULL != helper_handle) | ||
1160 | (void) GNUNET_HELPER_send (helper_handle, | ||
1161 | (const struct GNUNET_MessageHeader*) buf, | ||
1162 | GNUNET_YES, | ||
1163 | NULL, NULL); | ||
1164 | } | ||
1165 | } | ||
1166 | |||
1167 | |||
1168 | /** | ||
1169 | * We need to create a (unique) fresh local address (IP+port). | ||
1170 | * Fill one in. | ||
1171 | * | ||
1172 | * @param af desired address family | ||
1173 | * @param proto desired protocol (IPPROTO_UDP or IPPROTO_TCP) | ||
1174 | * @param local_address address to initialize | ||
1175 | */ | ||
1176 | static void | ||
1177 | setup_fresh_address (int af, | ||
1178 | uint8_t proto, | ||
1179 | struct SocketAddress *local_address) | ||
1180 | { | ||
1181 | local_address->af = af; | ||
1182 | local_address->proto = (uint8_t) proto; | ||
1183 | /* default "local" port range is often 32768--61000, | ||
1184 | so we pick a random value in that range */ | ||
1185 | if (((af == AF_INET) && (proto == IPPROTO_ICMP)) || | ||
1186 | ((af == AF_INET6) && (proto == IPPROTO_ICMPV6))) | ||
1187 | local_address->port = 0; | ||
1188 | else | ||
1189 | local_address->port | ||
1190 | = (uint16_t) 32768 + GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, | ||
1191 | 28232); | ||
1192 | switch (af) | ||
1193 | { | ||
1194 | case AF_INET: | ||
1195 | { | ||
1196 | struct in_addr addr; | ||
1197 | struct in_addr mask; | ||
1198 | struct in_addr rnd; | ||
1199 | |||
1200 | addr = exit_ipv4addr; | ||
1201 | mask = exit_ipv4mask; | ||
1202 | if (0 == ~mask.s_addr) | ||
1203 | { | ||
1204 | /* only one valid IP anyway */ | ||
1205 | local_address->address.ipv4 = addr; | ||
1206 | return; | ||
1207 | } | ||
1208 | /* Given 192.168.0.1/255.255.0.0, we want a mask | ||
1209 | of '192.168.255.255', thus: */ | ||
1210 | mask.s_addr = addr.s_addr | ~mask.s_addr; | ||
1211 | /* Pick random IPv4 address within the subnet, except 'addr' or 'mask' itself */ | ||
1212 | do | ||
1213 | { | ||
1214 | rnd.s_addr = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, | ||
1215 | UINT32_MAX); | ||
1216 | local_address->address.ipv4.s_addr = (addr.s_addr | rnd.s_addr) | ||
1217 | & mask.s_addr; | ||
1218 | } | ||
1219 | while ((local_address->address.ipv4.s_addr == addr.s_addr) || | ||
1220 | (local_address->address.ipv4.s_addr == mask.s_addr)); | ||
1221 | } | ||
1222 | break; | ||
1223 | |||
1224 | case AF_INET6: | ||
1225 | { | ||
1226 | struct in6_addr addr; | ||
1227 | struct in6_addr mask; | ||
1228 | struct in6_addr rnd; | ||
1229 | int i; | ||
1230 | |||
1231 | addr = exit_ipv6addr; | ||
1232 | GNUNET_assert (ipv6prefix < 128); | ||
1233 | if (ipv6prefix == 127) | ||
1234 | { | ||
1235 | /* only one valid IP anyway */ | ||
1236 | local_address->address.ipv6 = addr; | ||
1237 | return; | ||
1238 | } | ||
1239 | /* Given ABCD::/96, we want a mask of 'ABCD::FFFF:FFFF, | ||
1240 | thus: */ | ||
1241 | mask = addr; | ||
1242 | for (i = 127; i >= ipv6prefix; i--) | ||
1243 | mask.s6_addr[i / 8] |= (1 << (i % 8)); | ||
1244 | |||
1245 | /* Pick random IPv6 address within the subnet, except 'addr' or 'mask' itself */ | ||
1246 | do | ||
1247 | { | ||
1248 | for (i = 0; i < 16; i++) | ||
1249 | { | ||
1250 | rnd.s6_addr[i] = (unsigned char) GNUNET_CRYPTO_random_u32 ( | ||
1251 | GNUNET_CRYPTO_QUALITY_WEAK, | ||
1252 | 256); | ||
1253 | local_address->address.ipv6.s6_addr[i] | ||
1254 | = (addr.s6_addr[i] | rnd.s6_addr[i]) & mask.s6_addr[i]; | ||
1255 | } | ||
1256 | } | ||
1257 | while ((0 == GNUNET_memcmp (&local_address->address.ipv6, | ||
1258 | &addr)) || | ||
1259 | (0 == GNUNET_memcmp (&local_address->address.ipv6, | ||
1260 | &mask))); | ||
1261 | } | ||
1262 | break; | ||
1263 | |||
1264 | default: | ||
1265 | GNUNET_assert (0); | ||
1266 | } | ||
1267 | } | ||
1268 | |||
1269 | |||
1270 | /** | ||
1271 | * We are starting a fresh connection (TCP or UDP) and need | ||
1272 | * to pick a source port and IP address (within the correct | ||
1273 | * range and address family) to associate replies with the | ||
1274 | * connection / correct cadet channel. This function generates | ||
1275 | * a "fresh" source IP and source port number for a connection | ||
1276 | * After picking a good source address, this function sets up | ||
1277 | * the state in the 'connections_map' and 'connections_heap' | ||
1278 | * to allow finding the state when needed later. The function | ||
1279 | * also makes sure that we remain within memory limits by | ||
1280 | * cleaning up 'old' states. | ||
1281 | * | ||
1282 | * @param state skeleton state to setup a record for; should | ||
1283 | * 'state->specifics.tcp_udp.ri.remote_address' filled in so that | ||
1284 | * this code can determine which AF/protocol is | ||
1285 | * going to be used (the 'channel' should also | ||
1286 | * already be set); after calling this function, | ||
1287 | * heap_node and the local_address will be | ||
1288 | * also initialized (heap_node != NULL can be | ||
1289 | * used to test if a state has been fully setup). | ||
1290 | */ | ||
1291 | static void | ||
1292 | setup_state_record (struct ChannelState *state) | ||
1293 | { | ||
1294 | struct GNUNET_HashCode key; | ||
1295 | struct ChannelState *s; | ||
1296 | |||
1297 | /* generate fresh, unique address */ | ||
1298 | do | ||
1299 | { | ||
1300 | if (NULL == state->specifics.tcp_udp.serv) | ||
1301 | setup_fresh_address (state->specifics.tcp_udp.ri.remote_address.af, | ||
1302 | state->specifics.tcp_udp.ri.remote_address.proto, | ||
1303 | &state->specifics.tcp_udp.ri.local_address); | ||
1304 | else | ||
1305 | setup_fresh_address (state->specifics.tcp_udp.serv->address.af, | ||
1306 | state->specifics.tcp_udp.serv->address.proto, | ||
1307 | &state->specifics.tcp_udp.ri.local_address); | ||
1308 | } | ||
1309 | while (NULL != | ||
1310 | get_redirect_state (state->specifics.tcp_udp.ri.remote_address.af, | ||
1311 | state->specifics.tcp_udp.ri.remote_address.proto, | ||
1312 | &state->specifics.tcp_udp.ri.remote_address.address, | ||
1313 | state->specifics.tcp_udp.ri.remote_address.port, | ||
1314 | &state->specifics.tcp_udp.ri.local_address.address, | ||
1315 | state->specifics.tcp_udp.ri.local_address.port, | ||
1316 | &key)); | ||
1317 | { | ||
1318 | char buf[INET6_ADDRSTRLEN]; | ||
1319 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1320 | "Picked local address %s:%u for new connection\n", | ||
1321 | inet_ntop (state->specifics.tcp_udp.ri.local_address.af, | ||
1322 | &state->specifics.tcp_udp.ri.local_address.address, | ||
1323 | buf, | ||
1324 | sizeof(buf)), | ||
1325 | (unsigned int) state->specifics.tcp_udp.ri.local_address.port); | ||
1326 | } | ||
1327 | state->specifics.tcp_udp.state_key = key; | ||
1328 | GNUNET_assert (GNUNET_OK == | ||
1329 | GNUNET_CONTAINER_multihashmap_put (connections_map, | ||
1330 | &key, state, | ||
1331 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); | ||
1332 | state->specifics.tcp_udp.heap_node | ||
1333 | = GNUNET_CONTAINER_heap_insert (connections_heap, | ||
1334 | state, | ||
1335 | GNUNET_TIME_absolute_get ().abs_value_us); | ||
1336 | while (GNUNET_CONTAINER_heap_get_size (connections_heap) > max_connections) | ||
1337 | { | ||
1338 | s = GNUNET_CONTAINER_heap_remove_root (connections_heap); | ||
1339 | GNUNET_assert (state != s); | ||
1340 | s->specifics.tcp_udp.heap_node = NULL; | ||
1341 | GNUNET_CADET_channel_destroy (s->channel); | ||
1342 | GNUNET_assert (GNUNET_OK == | ||
1343 | GNUNET_CONTAINER_multihashmap_remove (connections_map, | ||
1344 | &s->specifics.tcp_udp. | ||
1345 | state_key, | ||
1346 | s)); | ||
1347 | GNUNET_free (s); | ||
1348 | } | ||
1349 | } | ||
1350 | |||
1351 | |||
1352 | /** | ||
1353 | * Send a UDP packet via the TUN interface. | ||
1354 | * | ||
1355 | * @param destination_address IP and port to use for the UDP packet's destination | ||
1356 | * @param source_address IP and port to use for the UDP packet's source | ||
1357 | * @param payload payload of the UDP packet (does NOT include UDP header) | ||
1358 | * @param payload_length number of bytes of data in @a payload | ||
1359 | */ | ||
1360 | static void | ||
1361 | send_udp_packet_via_tun (const struct SocketAddress *destination_address, | ||
1362 | const struct SocketAddress *source_address, | ||
1363 | const void *payload, size_t payload_length) | ||
1364 | { | ||
1365 | size_t len; | ||
1366 | |||
1367 | GNUNET_STATISTICS_update (stats, | ||
1368 | gettext_noop ("# UDP packets sent via TUN"), | ||
1369 | 1, GNUNET_NO); | ||
1370 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1371 | "Sending packet with %u bytes UDP payload via TUN\n", | ||
1372 | (unsigned int) payload_length); | ||
1373 | len = sizeof(struct GNUNET_MessageHeader) + sizeof(struct | ||
1374 | GNUNET_TUN_Layer2PacketHeader); | ||
1375 | switch (source_address->af) | ||
1376 | { | ||
1377 | case AF_INET: | ||
1378 | len += sizeof(struct GNUNET_TUN_IPv4Header); | ||
1379 | break; | ||
1380 | |||
1381 | case AF_INET6: | ||
1382 | len += sizeof(struct GNUNET_TUN_IPv6Header); | ||
1383 | break; | ||
1384 | |||
1385 | default: | ||
1386 | GNUNET_break (0); | ||
1387 | return; | ||
1388 | } | ||
1389 | len += sizeof(struct GNUNET_TUN_UdpHeader); | ||
1390 | len += payload_length; | ||
1391 | if (len >= GNUNET_MAX_MESSAGE_SIZE) | ||
1392 | { | ||
1393 | GNUNET_break (0); | ||
1394 | return; | ||
1395 | } | ||
1396 | { | ||
1397 | char buf[len] GNUNET_ALIGN; | ||
1398 | struct GNUNET_MessageHeader *hdr; | ||
1399 | struct GNUNET_TUN_Layer2PacketHeader *tun; | ||
1400 | |||
1401 | hdr = (struct GNUNET_MessageHeader *) buf; | ||
1402 | hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER); | ||
1403 | hdr->size = htons (len); | ||
1404 | tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1]; | ||
1405 | tun->flags = htons (0); | ||
1406 | switch (source_address->af) | ||
1407 | { | ||
1408 | case AF_INET: | ||
1409 | { | ||
1410 | struct GNUNET_TUN_IPv4Header *ipv4 = (struct | ||
1411 | GNUNET_TUN_IPv4Header*) &tun[1]; | ||
1412 | |||
1413 | tun->proto = htons (ETH_P_IPV4); | ||
1414 | prepare_ipv4_packet (payload, | ||
1415 | payload_length, | ||
1416 | IPPROTO_UDP, | ||
1417 | NULL, | ||
1418 | source_address, | ||
1419 | destination_address, | ||
1420 | ipv4); | ||
1421 | } | ||
1422 | break; | ||
1423 | |||
1424 | case AF_INET6: | ||
1425 | { | ||
1426 | struct GNUNET_TUN_IPv6Header *ipv6 = (struct | ||
1427 | GNUNET_TUN_IPv6Header*) &tun[1]; | ||
1428 | |||
1429 | tun->proto = htons (ETH_P_IPV6); | ||
1430 | prepare_ipv6_packet (payload, | ||
1431 | payload_length, | ||
1432 | IPPROTO_UDP, | ||
1433 | NULL, | ||
1434 | source_address, | ||
1435 | destination_address, | ||
1436 | ipv6); | ||
1437 | } | ||
1438 | break; | ||
1439 | |||
1440 | default: | ||
1441 | GNUNET_assert (0); | ||
1442 | break; | ||
1443 | } | ||
1444 | if (NULL != helper_handle) | ||
1445 | (void) GNUNET_HELPER_send (helper_handle, | ||
1446 | (const struct GNUNET_MessageHeader*) buf, | ||
1447 | GNUNET_YES, | ||
1448 | NULL, NULL); | ||
1449 | } | ||
1450 | } | ||
1451 | |||
1452 | |||
1453 | /** | ||
1454 | * Check a request to forward UDP data to the Internet via this peer. | ||
1455 | * | ||
1456 | * @param cls our `struct ChannelState *` | ||
1457 | * @param msg the actual message | ||
1458 | * @return #GNUNET_OK to keep the connection open, | ||
1459 | * #GNUNET_SYSERR to close it (signal serious error) | ||
1460 | */ | ||
1461 | static int | ||
1462 | check_udp_remote (void *cls, | ||
1463 | const struct GNUNET_EXIT_UdpInternetMessage *msg) | ||
1464 | { | ||
1465 | struct ChannelState *state = cls; | ||
1466 | |||
1467 | if (GNUNET_YES == state->is_dns) | ||
1468 | { | ||
1469 | GNUNET_break_op (0); | ||
1470 | return GNUNET_SYSERR; | ||
1471 | } | ||
1472 | return GNUNET_OK; | ||
1473 | } | ||
1474 | |||
1475 | |||
1476 | /** | ||
1477 | * Process a request to forward UDP data to the Internet via this peer. | ||
1478 | * | ||
1479 | * @param cls our `struct ChannelState *` | ||
1480 | * @param msg the actual message | ||
1481 | */ | ||
1482 | static void | ||
1483 | handle_udp_remote (void *cls, | ||
1484 | const struct GNUNET_EXIT_UdpInternetMessage *msg) | ||
1485 | { | ||
1486 | struct ChannelState *state = cls; | ||
1487 | uint16_t pkt_len = ntohs (msg->header.size) - sizeof(struct | ||
1488 | GNUNET_EXIT_UdpInternetMessage); | ||
1489 | const struct in_addr *v4; | ||
1490 | const struct in6_addr *v6; | ||
1491 | const void *payload; | ||
1492 | int af; | ||
1493 | |||
1494 | if (GNUNET_SYSERR == state->is_dns) | ||
1495 | { | ||
1496 | /* channel is UDP/TCP from now on */ | ||
1497 | state->is_dns = GNUNET_NO; | ||
1498 | } | ||
1499 | GNUNET_STATISTICS_update (stats, | ||
1500 | gettext_noop ("# Bytes received from CADET"), | ||
1501 | pkt_len, GNUNET_NO); | ||
1502 | GNUNET_STATISTICS_update (stats, | ||
1503 | gettext_noop ( | ||
1504 | "# UDP IP-exit requests received via cadet"), | ||
1505 | 1, GNUNET_NO); | ||
1506 | af = (int) ntohl (msg->af); | ||
1507 | state->specifics.tcp_udp.ri.remote_address.af = af; | ||
1508 | switch (af) | ||
1509 | { | ||
1510 | case AF_INET: | ||
1511 | if (pkt_len < sizeof(struct in_addr)) | ||
1512 | { | ||
1513 | GNUNET_break_op (0); | ||
1514 | return; | ||
1515 | } | ||
1516 | if (! ipv4_exit) | ||
1517 | { | ||
1518 | GNUNET_break_op (0); | ||
1519 | return; | ||
1520 | } | ||
1521 | v4 = (const struct in_addr*) &msg[1]; | ||
1522 | payload = &v4[1]; | ||
1523 | pkt_len -= sizeof(struct in_addr); | ||
1524 | state->specifics.tcp_udp.ri.remote_address.address.ipv4 = *v4; | ||
1525 | break; | ||
1526 | |||
1527 | case AF_INET6: | ||
1528 | if (pkt_len < sizeof(struct in6_addr)) | ||
1529 | { | ||
1530 | GNUNET_break_op (0); | ||
1531 | return; | ||
1532 | } | ||
1533 | if (! ipv6_exit) | ||
1534 | { | ||
1535 | GNUNET_break_op (0); | ||
1536 | return; | ||
1537 | } | ||
1538 | v6 = (const struct in6_addr*) &msg[1]; | ||
1539 | payload = &v6[1]; | ||
1540 | pkt_len -= sizeof(struct in6_addr); | ||
1541 | state->specifics.tcp_udp.ri.remote_address.address.ipv6 = *v6; | ||
1542 | break; | ||
1543 | |||
1544 | default: | ||
1545 | GNUNET_break_op (0); | ||
1546 | return; | ||
1547 | } | ||
1548 | { | ||
1549 | char buf[INET6_ADDRSTRLEN]; | ||
1550 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1551 | "Received data from %s for forwarding to UDP %s:%u\n", | ||
1552 | GNUNET_i2s (&state->peer), | ||
1553 | inet_ntop (af, | ||
1554 | &state->specifics.tcp_udp.ri.remote_address.address, | ||
1555 | buf, sizeof(buf)), | ||
1556 | (unsigned int) ntohs (msg->destination_port)); | ||
1557 | } | ||
1558 | state->specifics.tcp_udp.ri.remote_address.proto = IPPROTO_UDP; | ||
1559 | state->specifics.tcp_udp.ri.remote_address.port = msg->destination_port; | ||
1560 | if (NULL == state->specifics.tcp_udp.heap_node) | ||
1561 | setup_state_record (state); | ||
1562 | if (0 != ntohs (msg->source_port)) | ||
1563 | state->specifics.tcp_udp.ri.local_address.port = msg->source_port; | ||
1564 | send_udp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address, | ||
1565 | &state->specifics.tcp_udp.ri.local_address, | ||
1566 | payload, | ||
1567 | pkt_len); | ||
1568 | GNUNET_CADET_receive_done (state->channel); | ||
1569 | } | ||
1570 | |||
1571 | |||
1572 | /** | ||
1573 | * Check a request via cadet to send a request to a UDP service | ||
1574 | * offered by this system. | ||
1575 | * | ||
1576 | * @param cls our `struct ChannelState *` | ||
1577 | * @param msg the actual message | ||
1578 | * @return #GNUNET_OK to keep the connection open, | ||
1579 | * #GNUNET_SYSERR to close it (signal serious error) | ||
1580 | */ | ||
1581 | static int | ||
1582 | check_udp_service (void *cls, | ||
1583 | const struct GNUNET_EXIT_UdpServiceMessage *msg) | ||
1584 | { | ||
1585 | struct ChannelState *state = cls; | ||
1586 | |||
1587 | if (NULL == state->specifics.tcp_udp.serv) | ||
1588 | { | ||
1589 | GNUNET_break_op (0); | ||
1590 | return GNUNET_SYSERR; | ||
1591 | } | ||
1592 | return GNUNET_OK; | ||
1593 | } | ||
1594 | |||
1595 | |||
1596 | /** | ||
1597 | * Process a request via cadet to send a request to a UDP service | ||
1598 | * offered by this system. | ||
1599 | * | ||
1600 | * @param cls our `struct ChannelState *` | ||
1601 | * @param msg the actual message | ||
1602 | */ | ||
1603 | static void | ||
1604 | handle_udp_service (void *cls, | ||
1605 | const struct GNUNET_EXIT_UdpServiceMessage *msg) | ||
1606 | { | ||
1607 | struct ChannelState *state = cls; | ||
1608 | uint16_t pkt_len = ntohs (msg->header.size) - sizeof(struct | ||
1609 | GNUNET_EXIT_UdpServiceMessage); | ||
1610 | |||
1611 | GNUNET_STATISTICS_update (stats, | ||
1612 | gettext_noop ("# Bytes received from CADET"), | ||
1613 | pkt_len, GNUNET_NO); | ||
1614 | GNUNET_STATISTICS_update (stats, | ||
1615 | gettext_noop ( | ||
1616 | "# UDP service requests received via cadet"), | ||
1617 | 1, GNUNET_NO); | ||
1618 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
1619 | "Received data from %s for forwarding to UDP service %s on port %u\n", | ||
1620 | GNUNET_i2s (&state->peer), | ||
1621 | GNUNET_h2s (&state->specifics.tcp_udp.serv->descriptor), | ||
1622 | (unsigned int) ntohs (msg->destination_port)); | ||
1623 | setup_state_record (state); | ||
1624 | if (0 != ntohs (msg->source_port)) | ||
1625 | state->specifics.tcp_udp.ri.local_address.port = msg->source_port; | ||
1626 | send_udp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address, | ||
1627 | &state->specifics.tcp_udp.ri.local_address, | ||
1628 | &msg[1], | ||
1629 | pkt_len); | ||
1630 | GNUNET_CADET_receive_done (state->channel); | ||
1631 | } | ||
1632 | |||
1633 | |||
1634 | /** | ||
1635 | * Process a request via cadet to send a request to a TCP service | ||
1636 | * offered by this system. | ||
1637 | * | ||
1638 | * @param cls our `struct ChannelState *` | ||
1639 | * @param start the actual message | ||
1640 | * @return #GNUNET_OK to keep the connection open, | ||
1641 | * #GNUNET_SYSERR to close it (signal serious error) | ||
1642 | */ | ||
1643 | static void | ||
1644 | handle_tcp_service (void *cls, | ||
1645 | const struct GNUNET_EXIT_TcpServiceStartMessage *start) | ||
1646 | { | ||
1647 | struct ChannelState *state = cls; | ||
1648 | uint16_t pkt_len = ntohs (start->header.size) - sizeof(struct | ||
1649 | GNUNET_EXIT_TcpServiceStartMessage); | ||
1650 | |||
1651 | if (GNUNET_SYSERR == state->is_dns) | ||
1652 | { | ||
1653 | /* channel is UDP/TCP from now on */ | ||
1654 | state->is_dns = GNUNET_NO; | ||
1655 | } | ||
1656 | GNUNET_STATISTICS_update (stats, | ||
1657 | gettext_noop ( | ||
1658 | "# TCP service creation requests received via cadet"), | ||
1659 | 1, | ||
1660 | GNUNET_NO); | ||
1661 | GNUNET_STATISTICS_update (stats, | ||
1662 | gettext_noop ("# Bytes received from CADET"), | ||
1663 | pkt_len, | ||
1664 | GNUNET_NO); | ||
1665 | GNUNET_break_op (ntohl (start->reserved) == 0); | ||
1666 | /* setup fresh connection */ | ||
1667 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1668 | "Received data from %s for forwarding to TCP service %s on port %u\n", | ||
1669 | GNUNET_i2s (&state->peer), | ||
1670 | GNUNET_h2s (&state->specifics.tcp_udp.serv->descriptor), | ||
1671 | (unsigned int) ntohs (start->tcp_header.destination_port)); | ||
1672 | setup_state_record (state); | ||
1673 | send_tcp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address, | ||
1674 | &state->specifics.tcp_udp.ri.local_address, | ||
1675 | &start->tcp_header, | ||
1676 | &start[1], | ||
1677 | pkt_len); | ||
1678 | GNUNET_CADET_receive_done (state->channel); | ||
1679 | } | ||
1680 | |||
1681 | |||
1682 | /** | ||
1683 | * Check a request to forward TCP data to the Internet via this peer. | ||
1684 | * | ||
1685 | * @param cls our `struct ChannelState *` | ||
1686 | * @param start the actual message | ||
1687 | * @return #GNUNET_OK to keep the connection open, | ||
1688 | * #GNUNET_SYSERR to close it (signal serious error) | ||
1689 | */ | ||
1690 | static int | ||
1691 | check_tcp_remote (void *cls, | ||
1692 | const struct GNUNET_EXIT_TcpInternetStartMessage *start) | ||
1693 | { | ||
1694 | struct ChannelState *state = cls; | ||
1695 | |||
1696 | if (NULL == state) | ||
1697 | { | ||
1698 | GNUNET_break_op (0); | ||
1699 | return GNUNET_SYSERR; | ||
1700 | } | ||
1701 | if (GNUNET_YES == state->is_dns) | ||
1702 | { | ||
1703 | GNUNET_break_op (0); | ||
1704 | return GNUNET_SYSERR; | ||
1705 | } | ||
1706 | if ((NULL != state->specifics.tcp_udp.serv) || | ||
1707 | (NULL != state->specifics.tcp_udp.heap_node)) | ||
1708 | { | ||
1709 | GNUNET_break_op (0); | ||
1710 | return GNUNET_SYSERR; | ||
1711 | } | ||
1712 | if (start->tcp_header.off * 4 < sizeof(struct GNUNET_TUN_TcpHeader)) | ||
1713 | { | ||
1714 | GNUNET_break_op (0); | ||
1715 | return GNUNET_SYSERR; | ||
1716 | } | ||
1717 | return GNUNET_OK; | ||
1718 | } | ||
1719 | |||
1720 | |||
1721 | /** | ||
1722 | * Process a request to forward TCP data to the Internet via this peer. | ||
1723 | * | ||
1724 | * @param cls our `struct ChannelState *` | ||
1725 | * @param start the actual message | ||
1726 | */ | ||
1727 | static void | ||
1728 | handle_tcp_remote (void *cls, | ||
1729 | const struct GNUNET_EXIT_TcpInternetStartMessage *start) | ||
1730 | { | ||
1731 | struct ChannelState *state = cls; | ||
1732 | uint16_t pkt_len = ntohs (start->header.size) - sizeof(struct | ||
1733 | GNUNET_EXIT_TcpInternetStartMessage); | ||
1734 | const struct in_addr *v4; | ||
1735 | const struct in6_addr *v6; | ||
1736 | const void *payload; | ||
1737 | int af; | ||
1738 | |||
1739 | if (GNUNET_SYSERR == state->is_dns) | ||
1740 | { | ||
1741 | /* channel is UDP/TCP from now on */ | ||
1742 | state->is_dns = GNUNET_NO; | ||
1743 | } | ||
1744 | GNUNET_STATISTICS_update (stats, | ||
1745 | gettext_noop ("# Bytes received from CADET"), | ||
1746 | pkt_len, GNUNET_NO); | ||
1747 | GNUNET_STATISTICS_update (stats, | ||
1748 | gettext_noop ( | ||
1749 | "# TCP IP-exit creation requests received via cadet"), | ||
1750 | 1, GNUNET_NO); | ||
1751 | af = (int) ntohl (start->af); | ||
1752 | state->specifics.tcp_udp.ri.remote_address.af = af; | ||
1753 | switch (af) | ||
1754 | { | ||
1755 | case AF_INET: | ||
1756 | if (pkt_len < sizeof(struct in_addr)) | ||
1757 | { | ||
1758 | GNUNET_break_op (0); | ||
1759 | return; | ||
1760 | } | ||
1761 | if (! ipv4_exit) | ||
1762 | { | ||
1763 | GNUNET_break_op (0); | ||
1764 | return; | ||
1765 | } | ||
1766 | v4 = (const struct in_addr*) &start[1]; | ||
1767 | payload = &v4[1]; | ||
1768 | pkt_len -= sizeof(struct in_addr); | ||
1769 | state->specifics.tcp_udp.ri.remote_address.address.ipv4 = *v4; | ||
1770 | break; | ||
1771 | |||
1772 | case AF_INET6: | ||
1773 | if (pkt_len < sizeof(struct in6_addr)) | ||
1774 | { | ||
1775 | GNUNET_break_op (0); | ||
1776 | return; | ||
1777 | } | ||
1778 | if (! ipv6_exit) | ||
1779 | { | ||
1780 | GNUNET_break_op (0); | ||
1781 | return; | ||
1782 | } | ||
1783 | v6 = (const struct in6_addr*) &start[1]; | ||
1784 | payload = &v6[1]; | ||
1785 | pkt_len -= sizeof(struct in6_addr); | ||
1786 | state->specifics.tcp_udp.ri.remote_address.address.ipv6 = *v6; | ||
1787 | break; | ||
1788 | |||
1789 | default: | ||
1790 | GNUNET_break_op (0); | ||
1791 | return; | ||
1792 | } | ||
1793 | { | ||
1794 | char buf[INET6_ADDRSTRLEN]; | ||
1795 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1796 | "Received payload from %s for existing TCP stream to %s:%u\n", | ||
1797 | GNUNET_i2s (&state->peer), | ||
1798 | inet_ntop (af, | ||
1799 | &state->specifics.tcp_udp.ri.remote_address.address, | ||
1800 | buf, sizeof(buf)), | ||
1801 | (unsigned int) ntohs (start->tcp_header.destination_port)); | ||
1802 | } | ||
1803 | state->specifics.tcp_udp.ri.remote_address.proto = IPPROTO_TCP; | ||
1804 | state->specifics.tcp_udp.ri.remote_address.port = ntohs ( | ||
1805 | start->tcp_header.destination_port); | ||
1806 | setup_state_record (state); | ||
1807 | send_tcp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address, | ||
1808 | &state->specifics.tcp_udp.ri.local_address, | ||
1809 | &start->tcp_header, | ||
1810 | payload, | ||
1811 | pkt_len); | ||
1812 | GNUNET_CADET_receive_done (state->channel); | ||
1813 | } | ||
1814 | |||
1815 | |||
1816 | /** | ||
1817 | * Check a request to forward TCP data on an established | ||
1818 | * connection via this peer. | ||
1819 | * | ||
1820 | * @param cls our `struct ChannelState *` | ||
1821 | * @param data the actual message | ||
1822 | * @return #GNUNET_OK to keep the connection open, | ||
1823 | * #GNUNET_SYSERR to close it (signal serious error) | ||
1824 | */ | ||
1825 | static int | ||
1826 | check_tcp_data (void *cls, | ||
1827 | const struct GNUNET_EXIT_TcpDataMessage *data) | ||
1828 | { | ||
1829 | struct ChannelState *state = cls; | ||
1830 | |||
1831 | if ((NULL == state) || | ||
1832 | (NULL == state->specifics.tcp_udp.heap_node)) | ||
1833 | { | ||
1834 | /* connection should have been up! */ | ||
1835 | GNUNET_STATISTICS_update (stats, | ||
1836 | gettext_noop ( | ||
1837 | "# TCP DATA requests dropped (no session)"), | ||
1838 | 1, GNUNET_NO); | ||
1839 | GNUNET_break_op (0); | ||
1840 | return GNUNET_SYSERR; | ||
1841 | } | ||
1842 | if (data->tcp_header.off * 4 < sizeof(struct GNUNET_TUN_TcpHeader)) | ||
1843 | { | ||
1844 | GNUNET_break_op (0); | ||
1845 | return GNUNET_SYSERR; | ||
1846 | } | ||
1847 | if (GNUNET_YES == state->is_dns) | ||
1848 | { | ||
1849 | GNUNET_break_op (0); | ||
1850 | return GNUNET_SYSERR; | ||
1851 | } | ||
1852 | return GNUNET_OK; | ||
1853 | } | ||
1854 | |||
1855 | |||
1856 | /** | ||
1857 | * Process a request to forward TCP data on an established | ||
1858 | * connection via this peer. | ||
1859 | * | ||
1860 | * @param cls our `struct ChannelState *` | ||
1861 | * @param data the actual message | ||
1862 | */ | ||
1863 | static void | ||
1864 | handle_tcp_data (void *cls, | ||
1865 | const struct GNUNET_EXIT_TcpDataMessage *data) | ||
1866 | { | ||
1867 | struct ChannelState *state = cls; | ||
1868 | uint16_t pkt_len = ntohs (data->header.size) - sizeof(struct | ||
1869 | GNUNET_EXIT_TcpDataMessage); | ||
1870 | |||
1871 | GNUNET_STATISTICS_update (stats, | ||
1872 | gettext_noop ("# Bytes received from CADET"), | ||
1873 | pkt_len, GNUNET_NO); | ||
1874 | GNUNET_STATISTICS_update (stats, | ||
1875 | gettext_noop ( | ||
1876 | "# TCP data requests received via cadet"), | ||
1877 | 1, GNUNET_NO); | ||
1878 | if (GNUNET_SYSERR == state->is_dns) | ||
1879 | { | ||
1880 | /* channel is UDP/TCP from now on */ | ||
1881 | state->is_dns = GNUNET_NO; | ||
1882 | } | ||
1883 | |||
1884 | GNUNET_break_op (ntohl (data->reserved) == 0); | ||
1885 | { | ||
1886 | char buf[INET6_ADDRSTRLEN]; | ||
1887 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1888 | "Received additional %u bytes of data from %s for TCP stream to %s:%u\n", | ||
1889 | pkt_len, | ||
1890 | GNUNET_i2s (&state->peer), | ||
1891 | inet_ntop (state->specifics.tcp_udp.ri.remote_address.af, | ||
1892 | &state->specifics.tcp_udp.ri.remote_address.address, | ||
1893 | buf, sizeof(buf)), | ||
1894 | (unsigned int) state->specifics.tcp_udp.ri.remote_address.port); | ||
1895 | } | ||
1896 | |||
1897 | send_tcp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address, | ||
1898 | &state->specifics.tcp_udp.ri.local_address, | ||
1899 | &data->tcp_header, | ||
1900 | &data[1], pkt_len); | ||
1901 | GNUNET_CADET_receive_done (state->channel); | ||
1902 | } | ||
1903 | |||
1904 | |||
1905 | /** | ||
1906 | * Synthesize a plausible ICMP payload for an ICMPv4 error | ||
1907 | * response on the given channel. | ||
1908 | * | ||
1909 | * @param state channel information | ||
1910 | * @param ipp IPv6 header to fill in (ICMP payload) | ||
1911 | * @param udp "UDP" header to fill in (ICMP payload); might actually | ||
1912 | * also be the first 8 bytes of the TCP header | ||
1913 | */ | ||
1914 | static void | ||
1915 | make_up_icmpv4_payload (struct ChannelState *state, | ||
1916 | struct GNUNET_TUN_IPv4Header *ipp, | ||
1917 | struct GNUNET_TUN_UdpHeader *udp) | ||
1918 | { | ||
1919 | GNUNET_TUN_initialize_ipv4_header (ipp, | ||
1920 | state->specifics.tcp_udp.ri.remote_address. | ||
1921 | proto, | ||
1922 | sizeof(struct GNUNET_TUN_TcpHeader), | ||
1923 | &state->specifics.tcp_udp.ri.remote_address | ||
1924 | .address.ipv4, | ||
1925 | &state->specifics.tcp_udp.ri.local_address. | ||
1926 | address.ipv4); | ||
1927 | udp->source_port = htons (state->specifics.tcp_udp.ri.remote_address.port); | ||
1928 | udp->destination_port = htons ( | ||
1929 | state->specifics.tcp_udp.ri.local_address.port); | ||
1930 | udp->len = htons (0); | ||
1931 | udp->crc = htons (0); | ||
1932 | } | ||
1933 | |||
1934 | |||
1935 | /** | ||
1936 | * Synthesize a plausible ICMP payload for an ICMPv6 error | ||
1937 | * response on the given channel. | ||
1938 | * | ||
1939 | * @param state channel information | ||
1940 | * @param ipp IPv6 header to fill in (ICMP payload) | ||
1941 | * @param udp "UDP" header to fill in (ICMP payload); might actually | ||
1942 | * also be the first 8 bytes of the TCP header | ||
1943 | */ | ||
1944 | static void | ||
1945 | make_up_icmpv6_payload (struct ChannelState *state, | ||
1946 | struct GNUNET_TUN_IPv6Header *ipp, | ||
1947 | struct GNUNET_TUN_UdpHeader *udp) | ||
1948 | { | ||
1949 | GNUNET_TUN_initialize_ipv6_header (ipp, | ||
1950 | state->specifics.tcp_udp.ri.remote_address. | ||
1951 | proto, | ||
1952 | sizeof(struct GNUNET_TUN_TcpHeader), | ||
1953 | &state->specifics.tcp_udp.ri.remote_address | ||
1954 | .address.ipv6, | ||
1955 | &state->specifics.tcp_udp.ri.local_address. | ||
1956 | address.ipv6); | ||
1957 | udp->source_port = htons (state->specifics.tcp_udp.ri.remote_address.port); | ||
1958 | udp->destination_port = htons ( | ||
1959 | state->specifics.tcp_udp.ri.local_address.port); | ||
1960 | udp->len = htons (0); | ||
1961 | udp->crc = htons (0); | ||
1962 | } | ||
1963 | |||
1964 | |||
1965 | /** | ||
1966 | * Check a request to forward ICMP data to the Internet via this peer. | ||
1967 | * | ||
1968 | * @param cls our `struct ChannelState *` | ||
1969 | * @param msg the actual message | ||
1970 | * @return #GNUNET_OK to keep the connection open, | ||
1971 | * #GNUNET_SYSERR to close it (signal serious error) | ||
1972 | */ | ||
1973 | static int | ||
1974 | check_icmp_remote (void *cls, | ||
1975 | const struct GNUNET_EXIT_IcmpInternetMessage *msg) | ||
1976 | { | ||
1977 | struct ChannelState *state = cls; | ||
1978 | |||
1979 | if (GNUNET_YES == state->is_dns) | ||
1980 | { | ||
1981 | GNUNET_break_op (0); | ||
1982 | return GNUNET_SYSERR; | ||
1983 | } | ||
1984 | return GNUNET_OK; | ||
1985 | } | ||
1986 | |||
1987 | |||
1988 | /** | ||
1989 | * Process a request to forward ICMP data to the Internet via this peer. | ||
1990 | * | ||
1991 | * @param cls our `struct ChannelState *` | ||
1992 | * @param msg the actual message | ||
1993 | */ | ||
1994 | static void | ||
1995 | handle_icmp_remote (void *cls, | ||
1996 | const struct GNUNET_EXIT_IcmpInternetMessage *msg) | ||
1997 | { | ||
1998 | struct ChannelState *state = cls; | ||
1999 | uint16_t pkt_len = ntohs (msg->header.size) - sizeof(struct | ||
2000 | GNUNET_EXIT_IcmpInternetMessage); | ||
2001 | const struct in_addr *v4; | ||
2002 | const struct in6_addr *v6; | ||
2003 | const void *payload; | ||
2004 | char buf[sizeof(struct GNUNET_TUN_IPv6Header) + 8] GNUNET_ALIGN; | ||
2005 | int af; | ||
2006 | |||
2007 | if (GNUNET_SYSERR == state->is_dns) | ||
2008 | { | ||
2009 | /* channel is UDP/TCP from now on */ | ||
2010 | state->is_dns = GNUNET_NO; | ||
2011 | } | ||
2012 | GNUNET_STATISTICS_update (stats, | ||
2013 | gettext_noop ("# Bytes received from CADET"), | ||
2014 | pkt_len, GNUNET_NO); | ||
2015 | GNUNET_STATISTICS_update (stats, | ||
2016 | gettext_noop ( | ||
2017 | "# ICMP IP-exit requests received via cadet"), | ||
2018 | 1, GNUNET_NO); | ||
2019 | |||
2020 | af = (int) ntohl (msg->af); | ||
2021 | if ((NULL != state->specifics.tcp_udp.heap_node) && | ||
2022 | (af != state->specifics.tcp_udp.ri.remote_address.af)) | ||
2023 | { | ||
2024 | /* other peer switched AF on this channel; not allowed */ | ||
2025 | GNUNET_break_op (0); | ||
2026 | return; | ||
2027 | } | ||
2028 | |||
2029 | switch (af) | ||
2030 | { | ||
2031 | case AF_INET: | ||
2032 | if (pkt_len < sizeof(struct in_addr)) | ||
2033 | { | ||
2034 | GNUNET_break_op (0); | ||
2035 | return; | ||
2036 | } | ||
2037 | if (! ipv4_exit) | ||
2038 | { | ||
2039 | GNUNET_break_op (0); | ||
2040 | return; | ||
2041 | } | ||
2042 | v4 = (const struct in_addr*) &msg[1]; | ||
2043 | payload = &v4[1]; | ||
2044 | pkt_len -= sizeof(struct in_addr); | ||
2045 | state->specifics.tcp_udp.ri.remote_address.address.ipv4 = *v4; | ||
2046 | if (NULL == state->specifics.tcp_udp.heap_node) | ||
2047 | { | ||
2048 | state->specifics.tcp_udp.ri.remote_address.af = af; | ||
2049 | state->specifics.tcp_udp.ri.remote_address.proto = IPPROTO_ICMP; | ||
2050 | setup_state_record (state); | ||
2051 | } | ||
2052 | /* check that ICMP type is something we want to support | ||
2053 | and possibly make up payload! */ | ||
2054 | switch (msg->icmp_header.type) | ||
2055 | { | ||
2056 | case GNUNET_TUN_ICMPTYPE_ECHO_REPLY: | ||
2057 | case GNUNET_TUN_ICMPTYPE_ECHO_REQUEST: | ||
2058 | break; | ||
2059 | |||
2060 | case GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE: | ||
2061 | case GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH: | ||
2062 | case GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED: | ||
2063 | if (0 != pkt_len) | ||
2064 | { | ||
2065 | GNUNET_break_op (0); | ||
2066 | return; | ||
2067 | } | ||
2068 | /* make up payload */ | ||
2069 | { | ||
2070 | struct GNUNET_TUN_IPv4Header *ipp = (struct | ||
2071 | GNUNET_TUN_IPv4Header *) buf; | ||
2072 | struct GNUNET_TUN_UdpHeader *udp = (struct | ||
2073 | GNUNET_TUN_UdpHeader *) &ipp[1]; | ||
2074 | |||
2075 | GNUNET_assert (8 == sizeof(struct GNUNET_TUN_UdpHeader)); | ||
2076 | pkt_len = sizeof(struct GNUNET_TUN_IPv4Header) + 8; | ||
2077 | make_up_icmpv4_payload (state, | ||
2078 | ipp, | ||
2079 | udp); | ||
2080 | payload = ipp; | ||
2081 | } | ||
2082 | break; | ||
2083 | |||
2084 | default: | ||
2085 | GNUNET_break_op (0); | ||
2086 | GNUNET_STATISTICS_update (stats, | ||
2087 | gettext_noop ( | ||
2088 | "# ICMPv4 packets dropped (type not allowed)"), | ||
2089 | 1, GNUNET_NO); | ||
2090 | return; | ||
2091 | } | ||
2092 | /* end AF_INET */ | ||
2093 | break; | ||
2094 | |||
2095 | case AF_INET6: | ||
2096 | if (pkt_len < sizeof(struct in6_addr)) | ||
2097 | { | ||
2098 | GNUNET_break_op (0); | ||
2099 | return; | ||
2100 | } | ||
2101 | if (! ipv6_exit) | ||
2102 | { | ||
2103 | GNUNET_break_op (0); | ||
2104 | return; | ||
2105 | } | ||
2106 | v6 = (const struct in6_addr*) &msg[1]; | ||
2107 | payload = &v6[1]; | ||
2108 | pkt_len -= sizeof(struct in6_addr); | ||
2109 | state->specifics.tcp_udp.ri.remote_address.address.ipv6 = *v6; | ||
2110 | if (NULL == state->specifics.tcp_udp.heap_node) | ||
2111 | { | ||
2112 | state->specifics.tcp_udp.ri.remote_address.af = af; | ||
2113 | state->specifics.tcp_udp.ri.remote_address.proto = IPPROTO_ICMPV6; | ||
2114 | setup_state_record (state); | ||
2115 | } | ||
2116 | /* check that ICMP type is something we want to support | ||
2117 | and possibly make up payload! */ | ||
2118 | switch (msg->icmp_header.type) | ||
2119 | { | ||
2120 | case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY: | ||
2121 | case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST: | ||
2122 | break; | ||
2123 | |||
2124 | case GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE: | ||
2125 | case GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG: | ||
2126 | case GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED: | ||
2127 | case GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM: | ||
2128 | if (0 != pkt_len) | ||
2129 | { | ||
2130 | GNUNET_break_op (0); | ||
2131 | return; | ||
2132 | } | ||
2133 | /* make up payload */ | ||
2134 | { | ||
2135 | struct GNUNET_TUN_IPv6Header *ipp = (struct | ||
2136 | GNUNET_TUN_IPv6Header *) buf; | ||
2137 | struct GNUNET_TUN_UdpHeader *udp = (struct | ||
2138 | GNUNET_TUN_UdpHeader *) &ipp[1]; | ||
2139 | |||
2140 | GNUNET_assert (8 == sizeof(struct GNUNET_TUN_UdpHeader)); | ||
2141 | pkt_len = sizeof(struct GNUNET_TUN_IPv6Header) + 8; | ||
2142 | make_up_icmpv6_payload (state, | ||
2143 | ipp, | ||
2144 | udp); | ||
2145 | payload = ipp; | ||
2146 | } | ||
2147 | break; | ||
2148 | |||
2149 | default: | ||
2150 | GNUNET_break_op (0); | ||
2151 | GNUNET_STATISTICS_update (stats, | ||
2152 | gettext_noop ( | ||
2153 | "# ICMPv6 packets dropped (type not allowed)"), | ||
2154 | 1, GNUNET_NO); | ||
2155 | return; | ||
2156 | } | ||
2157 | /* end AF_INET6 */ | ||
2158 | break; | ||
2159 | |||
2160 | default: | ||
2161 | /* bad AF */ | ||
2162 | GNUNET_break_op (0); | ||
2163 | return; | ||
2164 | } | ||
2165 | |||
2166 | { | ||
2167 | char buf[INET6_ADDRSTRLEN]; | ||
2168 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2169 | "Received ICMP data from %s for forwarding to %s\n", | ||
2170 | GNUNET_i2s (&state->peer), | ||
2171 | inet_ntop (af, | ||
2172 | &state->specifics.tcp_udp.ri.remote_address.address, | ||
2173 | buf, sizeof(buf))); | ||
2174 | } | ||
2175 | send_icmp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address, | ||
2176 | &state->specifics.tcp_udp.ri.local_address, | ||
2177 | &msg->icmp_header, | ||
2178 | payload, pkt_len); | ||
2179 | GNUNET_CADET_receive_done (state->channel); | ||
2180 | } | ||
2181 | |||
2182 | |||
2183 | /** | ||
2184 | * Setup ICMP payload for ICMP error messages. Called | ||
2185 | * for both IPv4 and IPv6 addresses. | ||
2186 | * | ||
2187 | * @param state context for creating the IP Packet | ||
2188 | * @param buf where to create the payload, has at least | ||
2189 | * sizeof (struct GNUNET_TUN_IPv6Header) + 8 bytes | ||
2190 | * @return number of bytes of payload we created in buf | ||
2191 | */ | ||
2192 | static uint16_t | ||
2193 | make_up_icmp_service_payload (struct ChannelState *state, | ||
2194 | char *buf) | ||
2195 | { | ||
2196 | switch (state->specifics.tcp_udp.serv->address.af) | ||
2197 | { | ||
2198 | case AF_INET: | ||
2199 | { | ||
2200 | struct GNUNET_TUN_IPv4Header *ipv4; | ||
2201 | struct GNUNET_TUN_UdpHeader *udp; | ||
2202 | |||
2203 | ipv4 = (struct GNUNET_TUN_IPv4Header *) buf; | ||
2204 | udp = (struct GNUNET_TUN_UdpHeader *) &ipv4[1]; | ||
2205 | make_up_icmpv4_payload (state, | ||
2206 | ipv4, | ||
2207 | udp); | ||
2208 | GNUNET_assert (8 == sizeof(struct GNUNET_TUN_UdpHeader)); | ||
2209 | return sizeof(struct GNUNET_TUN_IPv4Header) + 8; | ||
2210 | } | ||
2211 | break; | ||
2212 | |||
2213 | case AF_INET6: | ||
2214 | { | ||
2215 | struct GNUNET_TUN_IPv6Header *ipv6; | ||
2216 | struct GNUNET_TUN_UdpHeader *udp; | ||
2217 | |||
2218 | ipv6 = (struct GNUNET_TUN_IPv6Header *) buf; | ||
2219 | udp = (struct GNUNET_TUN_UdpHeader *) &ipv6[1]; | ||
2220 | make_up_icmpv6_payload (state, | ||
2221 | ipv6, | ||
2222 | udp); | ||
2223 | GNUNET_assert (8 == sizeof(struct GNUNET_TUN_UdpHeader)); | ||
2224 | return sizeof(struct GNUNET_TUN_IPv6Header) + 8; | ||
2225 | } | ||
2226 | break; | ||
2227 | |||
2228 | default: | ||
2229 | GNUNET_break (0); | ||
2230 | } | ||
2231 | return 0; | ||
2232 | } | ||
2233 | |||
2234 | |||
2235 | /** | ||
2236 | * Check a request via cadet to send ICMP data to a service | ||
2237 | * offered by this system. | ||
2238 | * | ||
2239 | * @param cls our `struct ChannelState *` | ||
2240 | * @param msg the actual message | ||
2241 | * @return #GNUNET_OK to keep the connection open, | ||
2242 | * #GNUNET_SYSERR to close it (signal serious error) | ||
2243 | */ | ||
2244 | static int | ||
2245 | check_icmp_service (void *cls, | ||
2246 | const struct GNUNET_EXIT_IcmpServiceMessage *msg) | ||
2247 | { | ||
2248 | struct ChannelState *state = cls; | ||
2249 | |||
2250 | if (GNUNET_YES == state->is_dns) | ||
2251 | { | ||
2252 | GNUNET_break_op (0); | ||
2253 | return GNUNET_SYSERR; | ||
2254 | } | ||
2255 | if (NULL == state->specifics.tcp_udp.serv) | ||
2256 | { | ||
2257 | GNUNET_break_op (0); | ||
2258 | return GNUNET_SYSERR; | ||
2259 | } | ||
2260 | return GNUNET_OK; | ||
2261 | } | ||
2262 | |||
2263 | |||
2264 | /** | ||
2265 | * Process a request via cadet to send ICMP data to a service | ||
2266 | * offered by this system. | ||
2267 | * | ||
2268 | * @param cls our `struct ChannelState *` | ||
2269 | * @param msg the actual message | ||
2270 | */ | ||
2271 | static void | ||
2272 | handle_icmp_service (void *cls, | ||
2273 | const struct GNUNET_EXIT_IcmpServiceMessage *msg) | ||
2274 | { | ||
2275 | struct ChannelState *state = cls; | ||
2276 | uint16_t pkt_len = ntohs (msg->header.size) - sizeof(struct | ||
2277 | GNUNET_EXIT_IcmpServiceMessage); | ||
2278 | struct GNUNET_TUN_IcmpHeader icmp; | ||
2279 | char buf[sizeof(struct GNUNET_TUN_IPv6Header) + 8] GNUNET_ALIGN; | ||
2280 | const void *payload; | ||
2281 | |||
2282 | GNUNET_STATISTICS_update (stats, | ||
2283 | gettext_noop ("# Bytes received from CADET"), | ||
2284 | pkt_len, GNUNET_NO); | ||
2285 | GNUNET_STATISTICS_update (stats, | ||
2286 | gettext_noop ( | ||
2287 | "# ICMP service requests received via cadet"), | ||
2288 | 1, GNUNET_NO); | ||
2289 | /* check that we got at least a valid header */ | ||
2290 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2291 | "Received data from %s for forwarding to ICMP service %s\n", | ||
2292 | GNUNET_i2s (&state->peer), | ||
2293 | GNUNET_h2s (&state->specifics.tcp_udp.serv->descriptor)); | ||
2294 | icmp = msg->icmp_header; | ||
2295 | payload = &msg[1]; | ||
2296 | state->specifics.tcp_udp.ri.remote_address | ||
2297 | = state->specifics.tcp_udp.serv->address; | ||
2298 | setup_state_record (state); | ||
2299 | |||
2300 | /* check that ICMP type is something we want to support, | ||
2301 | perform ICMP PT if needed and possibly make up payload */ | ||
2302 | switch (msg->af) | ||
2303 | { | ||
2304 | case AF_INET: | ||
2305 | switch (msg->icmp_header.type) | ||
2306 | { | ||
2307 | case GNUNET_TUN_ICMPTYPE_ECHO_REPLY: | ||
2308 | if (state->specifics.tcp_udp.serv->address.af == AF_INET6) | ||
2309 | icmp.type = GNUNET_TUN_ICMPTYPE6_ECHO_REPLY; | ||
2310 | break; | ||
2311 | |||
2312 | case GNUNET_TUN_ICMPTYPE_ECHO_REQUEST: | ||
2313 | if (state->specifics.tcp_udp.serv->address.af == AF_INET6) | ||
2314 | icmp.type = GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST; | ||
2315 | break; | ||
2316 | |||
2317 | case GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE: | ||
2318 | if (state->specifics.tcp_udp.serv->address.af == AF_INET6) | ||
2319 | icmp.type = GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE; | ||
2320 | if (0 != pkt_len) | ||
2321 | { | ||
2322 | GNUNET_break_op (0); | ||
2323 | return; | ||
2324 | } | ||
2325 | payload = buf; | ||
2326 | pkt_len = make_up_icmp_service_payload (state, buf); | ||
2327 | break; | ||
2328 | |||
2329 | case GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED: | ||
2330 | if (state->specifics.tcp_udp.serv->address.af == AF_INET6) | ||
2331 | icmp.type = GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED; | ||
2332 | if (0 != pkt_len) | ||
2333 | { | ||
2334 | GNUNET_break_op (0); | ||
2335 | return; | ||
2336 | } | ||
2337 | payload = buf; | ||
2338 | pkt_len = make_up_icmp_service_payload (state, buf); | ||
2339 | break; | ||
2340 | |||
2341 | case GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH: | ||
2342 | if (state->specifics.tcp_udp.serv->address.af == AF_INET6) | ||
2343 | { | ||
2344 | GNUNET_STATISTICS_update (stats, | ||
2345 | gettext_noop ( | ||
2346 | "# ICMPv4 packets dropped (impossible PT to v6)"), | ||
2347 | 1, GNUNET_NO); | ||
2348 | return; | ||
2349 | } | ||
2350 | if (0 != pkt_len) | ||
2351 | { | ||
2352 | GNUNET_break_op (0); | ||
2353 | return; | ||
2354 | } | ||
2355 | payload = buf; | ||
2356 | pkt_len = make_up_icmp_service_payload (state, buf); | ||
2357 | break; | ||
2358 | |||
2359 | default: | ||
2360 | GNUNET_break_op (0); | ||
2361 | GNUNET_STATISTICS_update (stats, | ||
2362 | gettext_noop ( | ||
2363 | "# ICMPv4 packets dropped (type not allowed)"), | ||
2364 | 1, GNUNET_NO); | ||
2365 | return; | ||
2366 | } | ||
2367 | /* end of AF_INET */ | ||
2368 | break; | ||
2369 | |||
2370 | case AF_INET6: | ||
2371 | switch (msg->icmp_header.type) | ||
2372 | { | ||
2373 | case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY: | ||
2374 | if (state->specifics.tcp_udp.serv->address.af == AF_INET) | ||
2375 | icmp.type = GNUNET_TUN_ICMPTYPE_ECHO_REPLY; | ||
2376 | break; | ||
2377 | |||
2378 | case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST: | ||
2379 | if (state->specifics.tcp_udp.serv->address.af == AF_INET) | ||
2380 | icmp.type = GNUNET_TUN_ICMPTYPE_ECHO_REQUEST; | ||
2381 | break; | ||
2382 | |||
2383 | case GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE: | ||
2384 | if (state->specifics.tcp_udp.serv->address.af == AF_INET) | ||
2385 | icmp.type = GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE; | ||
2386 | if (0 != pkt_len) | ||
2387 | { | ||
2388 | GNUNET_break_op (0); | ||
2389 | return; | ||
2390 | } | ||
2391 | payload = buf; | ||
2392 | pkt_len = make_up_icmp_service_payload (state, buf); | ||
2393 | break; | ||
2394 | |||
2395 | case GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED: | ||
2396 | if (state->specifics.tcp_udp.serv->address.af == AF_INET) | ||
2397 | icmp.type = GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED; | ||
2398 | if (0 != pkt_len) | ||
2399 | { | ||
2400 | GNUNET_break_op (0); | ||
2401 | return; | ||
2402 | } | ||
2403 | payload = buf; | ||
2404 | pkt_len = make_up_icmp_service_payload (state, buf); | ||
2405 | break; | ||
2406 | |||
2407 | case GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG: | ||
2408 | case GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM: | ||
2409 | if (state->specifics.tcp_udp.serv->address.af == AF_INET) | ||
2410 | { | ||
2411 | GNUNET_STATISTICS_update (stats, | ||
2412 | gettext_noop ( | ||
2413 | "# ICMPv6 packets dropped (impossible PT to v4)"), | ||
2414 | 1, GNUNET_NO); | ||
2415 | return; | ||
2416 | } | ||
2417 | if (0 != pkt_len) | ||
2418 | { | ||
2419 | GNUNET_break_op (0); | ||
2420 | return; | ||
2421 | } | ||
2422 | payload = buf; | ||
2423 | pkt_len = make_up_icmp_service_payload (state, buf); | ||
2424 | break; | ||
2425 | |||
2426 | default: | ||
2427 | GNUNET_break_op (0); | ||
2428 | GNUNET_STATISTICS_update (stats, | ||
2429 | gettext_noop ( | ||
2430 | "# ICMPv6 packets dropped (type not allowed)"), | ||
2431 | 1, GNUNET_NO); | ||
2432 | return; | ||
2433 | } | ||
2434 | /* end of AF_INET6 */ | ||
2435 | break; | ||
2436 | |||
2437 | default: | ||
2438 | GNUNET_break_op (0); | ||
2439 | return; | ||
2440 | } | ||
2441 | |||
2442 | send_icmp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address, | ||
2443 | &state->specifics.tcp_udp.ri.local_address, | ||
2444 | &icmp, | ||
2445 | payload, | ||
2446 | pkt_len); | ||
2447 | GNUNET_CADET_receive_done (state->channel); | ||
2448 | } | ||
2449 | |||
2450 | |||
2451 | /** | ||
2452 | * Free memory associated with a service record. | ||
2453 | * | ||
2454 | * @param cls unused | ||
2455 | * @param key service descriptor | ||
2456 | * @param value service record to free | ||
2457 | * @return #GNUNET_OK | ||
2458 | */ | ||
2459 | static int | ||
2460 | free_service_record (void *cls, | ||
2461 | const struct GNUNET_HashCode *key, | ||
2462 | void *value) | ||
2463 | { | ||
2464 | struct LocalService *service = value; | ||
2465 | |||
2466 | GNUNET_assert (GNUNET_YES == | ||
2467 | GNUNET_CONTAINER_multihashmap_remove (services, | ||
2468 | key, | ||
2469 | service)); | ||
2470 | GNUNET_CADET_close_port (service->port); | ||
2471 | GNUNET_free (service->name); | ||
2472 | GNUNET_free (service); | ||
2473 | return GNUNET_OK; | ||
2474 | } | ||
2475 | |||
2476 | |||
2477 | /** | ||
2478 | * Callback from CADET for new channels. | ||
2479 | * | ||
2480 | * @param cls closure | ||
2481 | * @param channel new handle to the channel | ||
2482 | * @param initiator peer that started the channel | ||
2483 | * @return initial channel context for the channel | ||
2484 | */ | ||
2485 | static void * | ||
2486 | new_service_channel (void *cls, | ||
2487 | struct GNUNET_CADET_Channel *channel, | ||
2488 | const struct GNUNET_PeerIdentity *initiator) | ||
2489 | { | ||
2490 | struct LocalService *ls = cls; | ||
2491 | struct ChannelState *s = GNUNET_new (struct ChannelState); | ||
2492 | |||
2493 | s->peer = *initiator; | ||
2494 | GNUNET_STATISTICS_update (stats, | ||
2495 | gettext_noop ("# Inbound CADET channels created"), | ||
2496 | 1, | ||
2497 | GNUNET_NO); | ||
2498 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2499 | "Received inbound channel from `%s'\n", | ||
2500 | GNUNET_i2s (initiator)); | ||
2501 | s->channel = channel; | ||
2502 | s->specifics.tcp_udp.serv = ls; | ||
2503 | s->specifics.tcp_udp.ri.remote_address = ls->address; | ||
2504 | return s; | ||
2505 | } | ||
2506 | |||
2507 | |||
2508 | /** | ||
2509 | * Function called by cadet whenever an inbound channel is destroyed. | ||
2510 | * Should clean up any associated state. | ||
2511 | * | ||
2512 | * @param cls our `struct ChannelState *` | ||
2513 | * @param channel connection to the other end (henceforth invalid) | ||
2514 | */ | ||
2515 | static void | ||
2516 | clean_channel (void *cls, | ||
2517 | const struct GNUNET_CADET_Channel *channel) | ||
2518 | { | ||
2519 | struct ChannelState *s = cls; | ||
2520 | |||
2521 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
2522 | "Channel destroyed\n"); | ||
2523 | if (GNUNET_SYSERR == s->is_dns) | ||
2524 | { | ||
2525 | GNUNET_free (s); | ||
2526 | return; | ||
2527 | } | ||
2528 | if (GNUNET_YES == s->is_dns) | ||
2529 | { | ||
2530 | if (channels[s->specifics.dns.my_id] == s) | ||
2531 | channels[s->specifics.dns.my_id] = NULL; | ||
2532 | } | ||
2533 | else | ||
2534 | { | ||
2535 | if (NULL != s->specifics.tcp_udp.heap_node) | ||
2536 | { | ||
2537 | GNUNET_assert (GNUNET_YES == | ||
2538 | GNUNET_CONTAINER_multihashmap_remove (connections_map, | ||
2539 | &s->specifics.tcp_udp | ||
2540 | .state_key, | ||
2541 | s)); | ||
2542 | GNUNET_CONTAINER_heap_remove_node (s->specifics.tcp_udp.heap_node); | ||
2543 | s->specifics.tcp_udp.heap_node = NULL; | ||
2544 | } | ||
2545 | } | ||
2546 | GNUNET_free (s); | ||
2547 | } | ||
2548 | |||
2549 | |||
2550 | /** | ||
2551 | * Given a service descriptor and a destination port, find the | ||
2552 | * respective service entry. | ||
2553 | * | ||
2554 | * @param proto IPPROTO_TCP or IPPROTO_UDP | ||
2555 | * @param name name of the service | ||
2556 | * @param destination_port destination port | ||
2557 | * @param service service information record to store (service->name will be set). | ||
2558 | */ | ||
2559 | static void | ||
2560 | store_service (int proto, | ||
2561 | const char *name, | ||
2562 | uint16_t destination_port, | ||
2563 | struct LocalService *service) | ||
2564 | { | ||
2565 | struct GNUNET_MQ_MessageHandler handlers[] = { | ||
2566 | GNUNET_MQ_hd_var_size (icmp_service, | ||
2567 | GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_SERVICE, | ||
2568 | struct GNUNET_EXIT_IcmpServiceMessage, | ||
2569 | service), | ||
2570 | GNUNET_MQ_hd_var_size (udp_service, | ||
2571 | GNUNET_MESSAGE_TYPE_VPN_UDP_TO_SERVICE, | ||
2572 | struct GNUNET_EXIT_UdpServiceMessage, | ||
2573 | service), | ||
2574 | GNUNET_MQ_hd_var_size (tcp_service, | ||
2575 | GNUNET_MESSAGE_TYPE_VPN_TCP_TO_SERVICE_START, | ||
2576 | struct GNUNET_EXIT_TcpServiceStartMessage, | ||
2577 | service), | ||
2578 | GNUNET_MQ_hd_var_size (tcp_data, | ||
2579 | GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_EXIT, | ||
2580 | struct GNUNET_EXIT_TcpDataMessage, | ||
2581 | service), | ||
2582 | GNUNET_MQ_handler_end () | ||
2583 | }; | ||
2584 | |||
2585 | struct GNUNET_HashCode cadet_port; | ||
2586 | |||
2587 | service->name = GNUNET_strdup (name); | ||
2588 | GNUNET_TUN_service_name_to_hash (name, | ||
2589 | &service->descriptor); | ||
2590 | GNUNET_TUN_compute_service_cadet_port (&service->descriptor, | ||
2591 | destination_port, | ||
2592 | &cadet_port); | ||
2593 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2594 | "Opening CADET port %s for SERVICE exit %s on port %u\n", | ||
2595 | GNUNET_h2s (&cadet_port), | ||
2596 | name, | ||
2597 | (unsigned int) destination_port); | ||
2598 | service->port = GNUNET_CADET_open_port (cadet_handle, | ||
2599 | &cadet_port, | ||
2600 | &new_service_channel, | ||
2601 | service, | ||
2602 | NULL, | ||
2603 | &clean_channel, | ||
2604 | handlers); | ||
2605 | service->is_udp = (IPPROTO_UDP == proto); | ||
2606 | if (GNUNET_OK != | ||
2607 | GNUNET_CONTAINER_multihashmap_put (services, | ||
2608 | &cadet_port, | ||
2609 | service, | ||
2610 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)) | ||
2611 | { | ||
2612 | GNUNET_CADET_close_port (service->port); | ||
2613 | GNUNET_free (service->name); | ||
2614 | GNUNET_free (service); | ||
2615 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
2616 | _ ("Got duplicate service records for `%s:%u'\n"), | ||
2617 | name, | ||
2618 | (unsigned int) destination_port); | ||
2619 | } | ||
2620 | } | ||
2621 | |||
2622 | |||
2623 | /** | ||
2624 | * Send the given packet via the cadet channel. | ||
2625 | * | ||
2626 | * @param s channel destination | ||
2627 | * @param env message to queue | ||
2628 | */ | ||
2629 | static void | ||
2630 | send_packet_to_cadet_channel (struct ChannelState *s, | ||
2631 | struct GNUNET_MQ_Envelope *env) | ||
2632 | { | ||
2633 | GNUNET_assert (NULL != s); | ||
2634 | GNUNET_STATISTICS_update (stats, | ||
2635 | gettext_noop ( | ||
2636 | "# Messages transmitted via cadet channels"), | ||
2637 | 1, | ||
2638 | GNUNET_NO); | ||
2639 | GNUNET_MQ_send (GNUNET_CADET_get_mq (s->channel), | ||
2640 | env); | ||
2641 | } | ||
2642 | |||
2643 | |||
2644 | /** | ||
2645 | * @brief Handles an ICMP packet received from the helper. | ||
2646 | * | ||
2647 | * @param icmp A pointer to the Packet | ||
2648 | * @param pktlen number of bytes in @a icmp | ||
2649 | * @param af address family (AFINET or AF_INET6) | ||
2650 | * @param destination_ip destination IP-address of the IP packet (should | ||
2651 | * be our local address) | ||
2652 | * @param source_ip original source IP-address of the IP packet (should | ||
2653 | * be the original destination address) | ||
2654 | */ | ||
2655 | static void | ||
2656 | icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp, | ||
2657 | size_t pktlen, | ||
2658 | int af, | ||
2659 | const void *destination_ip, | ||
2660 | const void *source_ip) | ||
2661 | { | ||
2662 | struct ChannelState *state; | ||
2663 | struct GNUNET_MQ_Envelope *env; | ||
2664 | struct GNUNET_EXIT_IcmpToVPNMessage *i2v; | ||
2665 | const struct GNUNET_TUN_IPv4Header *ipv4; | ||
2666 | const struct GNUNET_TUN_IPv6Header *ipv6; | ||
2667 | const struct GNUNET_TUN_UdpHeader *udp; | ||
2668 | uint16_t source_port; | ||
2669 | uint16_t destination_port; | ||
2670 | uint8_t protocol; | ||
2671 | |||
2672 | { | ||
2673 | char sbuf[INET6_ADDRSTRLEN]; | ||
2674 | char dbuf[INET6_ADDRSTRLEN]; | ||
2675 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2676 | "Received ICMP packet going from %s to %s\n", | ||
2677 | inet_ntop (af, | ||
2678 | source_ip, | ||
2679 | sbuf, sizeof(sbuf)), | ||
2680 | inet_ntop (af, | ||
2681 | destination_ip, | ||
2682 | dbuf, sizeof(dbuf))); | ||
2683 | } | ||
2684 | |||
2685 | if (pktlen < sizeof(struct GNUNET_TUN_IcmpHeader)) | ||
2686 | { | ||
2687 | /* blame kernel */ | ||
2688 | GNUNET_break (0); | ||
2689 | return; | ||
2690 | } | ||
2691 | |||
2692 | /* Find out if this is an ICMP packet in response to an existing | ||
2693 | TCP/UDP packet and if so, figure out ports / protocol of the | ||
2694 | existing session from the IP data in the ICMP payload */ | ||
2695 | source_port = 0; | ||
2696 | destination_port = 0; | ||
2697 | switch (af) | ||
2698 | { | ||
2699 | case AF_INET: | ||
2700 | protocol = IPPROTO_ICMP; | ||
2701 | switch (icmp->type) | ||
2702 | { | ||
2703 | case GNUNET_TUN_ICMPTYPE_ECHO_REPLY: | ||
2704 | case GNUNET_TUN_ICMPTYPE_ECHO_REQUEST: | ||
2705 | break; | ||
2706 | |||
2707 | case GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE: | ||
2708 | case GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH: | ||
2709 | case GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED: | ||
2710 | if (pktlen < | ||
2711 | sizeof(struct GNUNET_TUN_IcmpHeader) | ||
2712 | + sizeof(struct GNUNET_TUN_IPv4Header) + 8) | ||
2713 | { | ||
2714 | /* blame kernel */ | ||
2715 | GNUNET_break (0); | ||
2716 | return; | ||
2717 | } | ||
2718 | ipv4 = (const struct GNUNET_TUN_IPv4Header *) &icmp[1]; | ||
2719 | protocol = ipv4->protocol; | ||
2720 | /* could be TCP or UDP, but both have the ports in the right | ||
2721 | place, so that doesn't matter here */ | ||
2722 | udp = (const struct GNUNET_TUN_UdpHeader *) &ipv4[1]; | ||
2723 | /* swap ports, as they are from the original message */ | ||
2724 | destination_port = ntohs (udp->source_port); | ||
2725 | source_port = ntohs (udp->destination_port); | ||
2726 | /* throw away ICMP payload, won't be useful for the other side anyway */ | ||
2727 | pktlen = sizeof(struct GNUNET_TUN_IcmpHeader); | ||
2728 | break; | ||
2729 | |||
2730 | default: | ||
2731 | GNUNET_STATISTICS_update (stats, | ||
2732 | gettext_noop ( | ||
2733 | "# ICMPv4 packets dropped (type not allowed)"), | ||
2734 | 1, GNUNET_NO); | ||
2735 | return; | ||
2736 | } | ||
2737 | break; | ||
2738 | |||
2739 | case AF_INET6: | ||
2740 | protocol = IPPROTO_ICMPV6; | ||
2741 | switch (icmp->type) | ||
2742 | { | ||
2743 | case GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE: | ||
2744 | case GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG: | ||
2745 | case GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED: | ||
2746 | case GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM: | ||
2747 | if (pktlen < | ||
2748 | sizeof(struct GNUNET_TUN_IcmpHeader) | ||
2749 | + sizeof(struct GNUNET_TUN_IPv6Header) + 8) | ||
2750 | { | ||
2751 | /* blame kernel */ | ||
2752 | GNUNET_break (0); | ||
2753 | return; | ||
2754 | } | ||
2755 | ipv6 = (const struct GNUNET_TUN_IPv6Header *) &icmp[1]; | ||
2756 | protocol = ipv6->next_header; | ||
2757 | /* could be TCP or UDP, but both have the ports in the right | ||
2758 | place, so that doesn't matter here */ | ||
2759 | udp = (const struct GNUNET_TUN_UdpHeader *) &ipv6[1]; | ||
2760 | /* swap ports, as they are from the original message */ | ||
2761 | destination_port = ntohs (udp->source_port); | ||
2762 | source_port = ntohs (udp->destination_port); | ||
2763 | /* throw away ICMP payload, won't be useful for the other side anyway */ | ||
2764 | pktlen = sizeof(struct GNUNET_TUN_IcmpHeader); | ||
2765 | break; | ||
2766 | |||
2767 | case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST: | ||
2768 | case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY: | ||
2769 | break; | ||
2770 | |||
2771 | default: | ||
2772 | GNUNET_STATISTICS_update (stats, | ||
2773 | gettext_noop ( | ||
2774 | "# ICMPv6 packets dropped (type not allowed)"), | ||
2775 | 1, GNUNET_NO); | ||
2776 | return; | ||
2777 | } | ||
2778 | break; | ||
2779 | |||
2780 | default: | ||
2781 | GNUNET_assert (0); | ||
2782 | } | ||
2783 | switch (protocol) | ||
2784 | { | ||
2785 | case IPPROTO_ICMP: | ||
2786 | state = get_redirect_state (af, | ||
2787 | IPPROTO_ICMP, | ||
2788 | source_ip, | ||
2789 | 0, | ||
2790 | destination_ip, | ||
2791 | 0, | ||
2792 | NULL); | ||
2793 | break; | ||
2794 | |||
2795 | case IPPROTO_ICMPV6: | ||
2796 | state = get_redirect_state (af, | ||
2797 | IPPROTO_ICMPV6, | ||
2798 | source_ip, | ||
2799 | 0, | ||
2800 | destination_ip, | ||
2801 | 0, | ||
2802 | NULL); | ||
2803 | break; | ||
2804 | |||
2805 | case IPPROTO_UDP: | ||
2806 | state = get_redirect_state (af, | ||
2807 | IPPROTO_UDP, | ||
2808 | source_ip, | ||
2809 | source_port, | ||
2810 | destination_ip, | ||
2811 | destination_port, | ||
2812 | NULL); | ||
2813 | break; | ||
2814 | |||
2815 | case IPPROTO_TCP: | ||
2816 | state = get_redirect_state (af, | ||
2817 | IPPROTO_TCP, | ||
2818 | source_ip, | ||
2819 | source_port, | ||
2820 | destination_ip, | ||
2821 | destination_port, | ||
2822 | NULL); | ||
2823 | break; | ||
2824 | |||
2825 | default: | ||
2826 | GNUNET_STATISTICS_update (stats, | ||
2827 | gettext_noop ( | ||
2828 | "# ICMP packets dropped (not allowed)"), | ||
2829 | 1, | ||
2830 | GNUNET_NO); | ||
2831 | return; | ||
2832 | } | ||
2833 | if (NULL == state) | ||
2834 | { | ||
2835 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
2836 | _ ( | ||
2837 | "ICMP Packet dropped, have no matching connection information\n")); | ||
2838 | return; | ||
2839 | } | ||
2840 | env = GNUNET_MQ_msg_extra (i2v, | ||
2841 | pktlen - sizeof(struct GNUNET_TUN_IcmpHeader), | ||
2842 | GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_VPN); | ||
2843 | i2v->af = htonl (af); | ||
2844 | GNUNET_memcpy (&i2v->icmp_header, | ||
2845 | icmp, | ||
2846 | pktlen); | ||
2847 | send_packet_to_cadet_channel (state, | ||
2848 | env); | ||
2849 | } | ||
2850 | |||
2851 | |||
2852 | /** | ||
2853 | * @brief Handles an UDP packet received from the helper. | ||
2854 | * | ||
2855 | * @param udp A pointer to the Packet | ||
2856 | * @param pktlen number of bytes in 'udp' | ||
2857 | * @param af address family (AFINET or AF_INET6) | ||
2858 | * @param destination_ip destination IP-address of the IP packet (should | ||
2859 | * be our local address) | ||
2860 | * @param source_ip original source IP-address of the IP packet (should | ||
2861 | * be the original destination address) | ||
2862 | */ | ||
2863 | static void | ||
2864 | udp_from_helper (const struct GNUNET_TUN_UdpHeader *udp, | ||
2865 | size_t pktlen, | ||
2866 | int af, | ||
2867 | const void *destination_ip, | ||
2868 | const void *source_ip) | ||
2869 | { | ||
2870 | struct ChannelState *state; | ||
2871 | struct GNUNET_MQ_Envelope *env; | ||
2872 | struct GNUNET_EXIT_UdpReplyMessage *urm; | ||
2873 | |||
2874 | { | ||
2875 | char sbuf[INET6_ADDRSTRLEN]; | ||
2876 | char dbuf[INET6_ADDRSTRLEN]; | ||
2877 | |||
2878 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2879 | "Received UDP packet going from %s:%u to %s:%u\n", | ||
2880 | inet_ntop (af, | ||
2881 | source_ip, | ||
2882 | sbuf, sizeof(sbuf)), | ||
2883 | (unsigned int) ntohs (udp->source_port), | ||
2884 | inet_ntop (af, | ||
2885 | destination_ip, | ||
2886 | dbuf, sizeof(dbuf)), | ||
2887 | (unsigned int) ntohs (udp->destination_port)); | ||
2888 | } | ||
2889 | |||
2890 | if (pktlen < sizeof(struct GNUNET_TUN_UdpHeader)) | ||
2891 | { | ||
2892 | /* blame kernel */ | ||
2893 | GNUNET_break (0); | ||
2894 | return; | ||
2895 | } | ||
2896 | if (pktlen != ntohs (udp->len)) | ||
2897 | { | ||
2898 | /* blame kernel */ | ||
2899 | GNUNET_break (0); | ||
2900 | return; | ||
2901 | } | ||
2902 | state = get_redirect_state (af, | ||
2903 | IPPROTO_UDP, | ||
2904 | source_ip, | ||
2905 | ntohs (udp->source_port), | ||
2906 | destination_ip, | ||
2907 | ntohs (udp->destination_port), | ||
2908 | NULL); | ||
2909 | if (NULL == state) | ||
2910 | { | ||
2911 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
2912 | _ ( | ||
2913 | "UDP Packet dropped, have no matching connection information\n")); | ||
2914 | return; | ||
2915 | } | ||
2916 | env = GNUNET_MQ_msg_extra (urm, | ||
2917 | pktlen - sizeof(struct GNUNET_TUN_UdpHeader), | ||
2918 | GNUNET_MESSAGE_TYPE_VPN_UDP_REPLY); | ||
2919 | urm->source_port = htons (0); | ||
2920 | urm->destination_port = htons (0); | ||
2921 | GNUNET_memcpy (&urm[1], | ||
2922 | &udp[1], | ||
2923 | pktlen - sizeof(struct GNUNET_TUN_UdpHeader)); | ||
2924 | send_packet_to_cadet_channel (state, | ||
2925 | env); | ||
2926 | } | ||
2927 | |||
2928 | |||
2929 | /** | ||
2930 | * @brief Handles a TCP packet received from the helper. | ||
2931 | * | ||
2932 | * @param tcp A pointer to the Packet | ||
2933 | * @param pktlen the length of the packet, including its TCP header | ||
2934 | * @param af address family (AFINET or AF_INET6) | ||
2935 | * @param destination_ip destination IP-address of the IP packet (should | ||
2936 | * be our local address) | ||
2937 | * @param source_ip original source IP-address of the IP packet (should | ||
2938 | * be the original destination address) | ||
2939 | */ | ||
2940 | static void | ||
2941 | tcp_from_helper (const struct GNUNET_TUN_TcpHeader *tcp, | ||
2942 | size_t pktlen, | ||
2943 | int af, | ||
2944 | const void *destination_ip, | ||
2945 | const void *source_ip) | ||
2946 | { | ||
2947 | struct ChannelState *state; | ||
2948 | char buf[pktlen] GNUNET_ALIGN; | ||
2949 | struct GNUNET_TUN_TcpHeader *mtcp; | ||
2950 | struct GNUNET_EXIT_TcpDataMessage *tdm; | ||
2951 | struct GNUNET_MQ_Envelope *env; | ||
2952 | size_t mlen; | ||
2953 | |||
2954 | { | ||
2955 | char sbuf[INET6_ADDRSTRLEN]; | ||
2956 | char dbuf[INET6_ADDRSTRLEN]; | ||
2957 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2958 | "Received TCP packet with %u bytes going from %s:%u to %s:%u\n", | ||
2959 | (unsigned int) (pktlen - sizeof(struct GNUNET_TUN_TcpHeader)), | ||
2960 | inet_ntop (af, | ||
2961 | source_ip, | ||
2962 | sbuf, sizeof(sbuf)), | ||
2963 | (unsigned int) ntohs (tcp->source_port), | ||
2964 | inet_ntop (af, | ||
2965 | destination_ip, | ||
2966 | dbuf, sizeof(dbuf)), | ||
2967 | (unsigned int) ntohs (tcp->destination_port)); | ||
2968 | } | ||
2969 | |||
2970 | if (pktlen < sizeof(struct GNUNET_TUN_TcpHeader)) | ||
2971 | { | ||
2972 | /* blame kernel */ | ||
2973 | GNUNET_break (0); | ||
2974 | return; | ||
2975 | } | ||
2976 | state = get_redirect_state (af, | ||
2977 | IPPROTO_TCP, | ||
2978 | source_ip, | ||
2979 | ntohs (tcp->source_port), | ||
2980 | destination_ip, | ||
2981 | ntohs (tcp->destination_port), | ||
2982 | NULL); | ||
2983 | if (NULL == state) | ||
2984 | { | ||
2985 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
2986 | _ ( | ||
2987 | "TCP Packet dropped, have no matching connection information\n")); | ||
2988 | |||
2989 | return; | ||
2990 | } | ||
2991 | /* mug port numbers and crc to avoid information leakage; | ||
2992 | sender will need to lookup the correct values anyway */ | ||
2993 | GNUNET_memcpy (buf, tcp, pktlen); | ||
2994 | mtcp = (struct GNUNET_TUN_TcpHeader *) buf; | ||
2995 | mtcp->source_port = 0; | ||
2996 | mtcp->destination_port = 0; | ||
2997 | mtcp->crc = 0; | ||
2998 | |||
2999 | mlen = sizeof(struct GNUNET_EXIT_TcpDataMessage) + (pktlen - sizeof(struct | ||
3000 | GNUNET_TUN_TcpHeader)); | ||
3001 | if (mlen >= GNUNET_MAX_MESSAGE_SIZE) | ||
3002 | { | ||
3003 | GNUNET_break (0); | ||
3004 | return; | ||
3005 | } | ||
3006 | env = GNUNET_MQ_msg_extra (tdm, | ||
3007 | pktlen - sizeof(struct GNUNET_TUN_TcpHeader), | ||
3008 | GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_VPN); | ||
3009 | tdm->reserved = htonl (0); | ||
3010 | GNUNET_memcpy (&tdm->tcp_header, | ||
3011 | buf, | ||
3012 | pktlen); | ||
3013 | send_packet_to_cadet_channel (state, | ||
3014 | env); | ||
3015 | } | ||
3016 | |||
3017 | |||
3018 | /** | ||
3019 | * Receive packets from the helper-process | ||
3020 | * | ||
3021 | * @param cls unused | ||
3022 | * @param message message received from helper | ||
3023 | */ | ||
3024 | static int | ||
3025 | message_token (void *cls GNUNET_UNUSED, | ||
3026 | const struct GNUNET_MessageHeader *message) | ||
3027 | { | ||
3028 | const struct GNUNET_TUN_Layer2PacketHeader *pkt_tun; | ||
3029 | size_t size; | ||
3030 | |||
3031 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3032 | "Got %u-byte message of type %u from gnunet-helper-exit\n", | ||
3033 | ntohs (message->size), | ||
3034 | ntohs (message->type)); | ||
3035 | GNUNET_STATISTICS_update (stats, | ||
3036 | gettext_noop ("# Packets received from TUN"), | ||
3037 | 1, GNUNET_NO); | ||
3038 | if (ntohs (message->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER) | ||
3039 | { | ||
3040 | GNUNET_break (0); | ||
3041 | return GNUNET_OK; | ||
3042 | } | ||
3043 | size = ntohs (message->size); | ||
3044 | if (size < sizeof(struct GNUNET_TUN_Layer2PacketHeader) + sizeof(struct | ||
3045 | GNUNET_MessageHeader)) | ||
3046 | { | ||
3047 | GNUNET_break (0); | ||
3048 | return GNUNET_OK; | ||
3049 | } | ||
3050 | GNUNET_STATISTICS_update (stats, | ||
3051 | gettext_noop ("# Bytes received from TUN"), | ||
3052 | size, GNUNET_NO); | ||
3053 | pkt_tun = (const struct GNUNET_TUN_Layer2PacketHeader *) &message[1]; | ||
3054 | size -= sizeof(struct GNUNET_TUN_Layer2PacketHeader) + sizeof(struct | ||
3055 | GNUNET_MessageHeader); | ||
3056 | switch (ntohs (pkt_tun->proto)) | ||
3057 | { | ||
3058 | case ETH_P_IPV4: | ||
3059 | { | ||
3060 | const struct GNUNET_TUN_IPv4Header *pkt4; | ||
3061 | |||
3062 | if (size < sizeof(struct GNUNET_TUN_IPv4Header)) | ||
3063 | { | ||
3064 | /* Kernel to blame? */ | ||
3065 | GNUNET_break (0); | ||
3066 | return GNUNET_OK; | ||
3067 | } | ||
3068 | pkt4 = (const struct GNUNET_TUN_IPv4Header *) &pkt_tun[1]; | ||
3069 | if (size != ntohs (pkt4->total_length)) | ||
3070 | { | ||
3071 | /* Kernel to blame? */ | ||
3072 | GNUNET_break (0); | ||
3073 | return GNUNET_OK; | ||
3074 | } | ||
3075 | if (pkt4->header_length * 4 != sizeof(struct GNUNET_TUN_IPv4Header)) | ||
3076 | { | ||
3077 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
3078 | _ ("IPv4 packet options received. Ignored.\n")); | ||
3079 | return GNUNET_OK; | ||
3080 | } | ||
3081 | |||
3082 | size -= sizeof(struct GNUNET_TUN_IPv4Header); | ||
3083 | switch (pkt4->protocol) | ||
3084 | { | ||
3085 | case IPPROTO_UDP: | ||
3086 | udp_from_helper ((const struct GNUNET_TUN_UdpHeader *) &pkt4[1], size, | ||
3087 | AF_INET, | ||
3088 | &pkt4->destination_address, | ||
3089 | &pkt4->source_address); | ||
3090 | break; | ||
3091 | |||
3092 | case IPPROTO_TCP: | ||
3093 | tcp_from_helper ((const struct GNUNET_TUN_TcpHeader *) &pkt4[1], size, | ||
3094 | AF_INET, | ||
3095 | &pkt4->destination_address, | ||
3096 | &pkt4->source_address); | ||
3097 | break; | ||
3098 | |||
3099 | case IPPROTO_ICMP: | ||
3100 | icmp_from_helper ((const struct GNUNET_TUN_IcmpHeader *) &pkt4[1], size, | ||
3101 | AF_INET, | ||
3102 | &pkt4->destination_address, | ||
3103 | &pkt4->source_address); | ||
3104 | break; | ||
3105 | |||
3106 | default: | ||
3107 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
3108 | _ ( | ||
3109 | "IPv4 packet with unsupported next header %u received. Ignored.\n"), | ||
3110 | (int) pkt4->protocol); | ||
3111 | return GNUNET_OK; | ||
3112 | } | ||
3113 | } | ||
3114 | break; | ||
3115 | |||
3116 | case ETH_P_IPV6: | ||
3117 | { | ||
3118 | const struct GNUNET_TUN_IPv6Header *pkt6; | ||
3119 | |||
3120 | if (size < sizeof(struct GNUNET_TUN_IPv6Header)) | ||
3121 | { | ||
3122 | /* Kernel to blame? */ | ||
3123 | GNUNET_break (0); | ||
3124 | return GNUNET_OK; | ||
3125 | } | ||
3126 | pkt6 = (struct GNUNET_TUN_IPv6Header *) &pkt_tun[1]; | ||
3127 | if (size != ntohs (pkt6->payload_length) + sizeof(struct | ||
3128 | GNUNET_TUN_IPv6Header)) | ||
3129 | { | ||
3130 | /* Kernel to blame? */ | ||
3131 | GNUNET_break (0); | ||
3132 | return GNUNET_OK; | ||
3133 | } | ||
3134 | size -= sizeof(struct GNUNET_TUN_IPv6Header); | ||
3135 | switch (pkt6->next_header) | ||
3136 | { | ||
3137 | case IPPROTO_UDP: | ||
3138 | udp_from_helper ((const struct GNUNET_TUN_UdpHeader *) &pkt6[1], size, | ||
3139 | AF_INET6, | ||
3140 | &pkt6->destination_address, | ||
3141 | &pkt6->source_address); | ||
3142 | break; | ||
3143 | |||
3144 | case IPPROTO_TCP: | ||
3145 | tcp_from_helper ((const struct GNUNET_TUN_TcpHeader *) &pkt6[1], size, | ||
3146 | AF_INET6, | ||
3147 | &pkt6->destination_address, | ||
3148 | &pkt6->source_address); | ||
3149 | break; | ||
3150 | |||
3151 | case IPPROTO_ICMPV6: | ||
3152 | icmp_from_helper ((const struct GNUNET_TUN_IcmpHeader *) &pkt6[1], size, | ||
3153 | AF_INET6, | ||
3154 | &pkt6->destination_address, | ||
3155 | &pkt6->source_address); | ||
3156 | break; | ||
3157 | |||
3158 | default: | ||
3159 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
3160 | _ ( | ||
3161 | "IPv6 packet with unsupported next header %d received. Ignored.\n"), | ||
3162 | pkt6->next_header); | ||
3163 | return GNUNET_OK; | ||
3164 | } | ||
3165 | } | ||
3166 | break; | ||
3167 | |||
3168 | default: | ||
3169 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
3170 | _ ("Packet from unknown protocol %u received. Ignored.\n"), | ||
3171 | ntohs (pkt_tun->proto)); | ||
3172 | break; | ||
3173 | } | ||
3174 | return GNUNET_OK; | ||
3175 | } | ||
3176 | |||
3177 | |||
3178 | /** | ||
3179 | * Callback from CADET for new channels. | ||
3180 | * | ||
3181 | * @param cls closure | ||
3182 | * @param channel new handle to the channel | ||
3183 | * @param initiator peer that started the channel | ||
3184 | * @return initial channel context for the channel | ||
3185 | */ | ||
3186 | static void * | ||
3187 | new_channel (void *cls, | ||
3188 | struct GNUNET_CADET_Channel *channel, | ||
3189 | const struct GNUNET_PeerIdentity *initiator) | ||
3190 | { | ||
3191 | struct ChannelState *s = GNUNET_new (struct ChannelState); | ||
3192 | |||
3193 | s->is_dns = GNUNET_SYSERR; | ||
3194 | s->peer = *initiator; | ||
3195 | GNUNET_STATISTICS_update (stats, | ||
3196 | gettext_noop ("# Inbound CADET channels created"), | ||
3197 | 1, | ||
3198 | GNUNET_NO); | ||
3199 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3200 | "Received inbound channel from `%s'\n", | ||
3201 | GNUNET_i2s (initiator)); | ||
3202 | s->channel = channel; | ||
3203 | return s; | ||
3204 | } | ||
3205 | |||
3206 | |||
3207 | /** | ||
3208 | * Function that frees everything from a hashmap | ||
3209 | * | ||
3210 | * @param cls unused | ||
3211 | * @param hash key | ||
3212 | * @param value value to free | ||
3213 | */ | ||
3214 | static int | ||
3215 | free_iterate (void *cls, | ||
3216 | const struct GNUNET_HashCode *hash, | ||
3217 | void *value) | ||
3218 | { | ||
3219 | GNUNET_free (value); | ||
3220 | return GNUNET_YES; | ||
3221 | } | ||
3222 | |||
3223 | |||
3224 | /** | ||
3225 | * Function scheduled as very last function if the service | ||
3226 | * disabled itself because the helper is not installed | ||
3227 | * properly. Does nothing, except for keeping the | ||
3228 | * service process alive by virtue of being scheduled. | ||
3229 | * | ||
3230 | * @param cls NULL | ||
3231 | */ | ||
3232 | static void | ||
3233 | dummy_task (void *cls) | ||
3234 | { | ||
3235 | /* just terminate */ | ||
3236 | } | ||
3237 | |||
3238 | |||
3239 | /** | ||
3240 | * Function scheduled as very last function, cleans up after us | ||
3241 | * | ||
3242 | * @param cls NULL | ||
3243 | */ | ||
3244 | static void | ||
3245 | cleanup (void *cls) | ||
3246 | { | ||
3247 | unsigned int i; | ||
3248 | |||
3249 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3250 | "Exit service is shutting down now\n"); | ||
3251 | |||
3252 | if (NULL != helper_handle) | ||
3253 | { | ||
3254 | GNUNET_HELPER_stop (helper_handle, GNUNET_NO); | ||
3255 | helper_handle = NULL; | ||
3256 | } | ||
3257 | if (NULL != regex4) | ||
3258 | { | ||
3259 | GNUNET_REGEX_announce_cancel (regex4); | ||
3260 | regex4 = NULL; | ||
3261 | } | ||
3262 | if (NULL != regex6) | ||
3263 | { | ||
3264 | GNUNET_REGEX_announce_cancel (regex6); | ||
3265 | regex6 = NULL; | ||
3266 | } | ||
3267 | if (NULL != services) | ||
3268 | { | ||
3269 | GNUNET_CONTAINER_multihashmap_iterate (services, | ||
3270 | &free_service_record, | ||
3271 | NULL); | ||
3272 | GNUNET_CONTAINER_multihashmap_destroy (services); | ||
3273 | } | ||
3274 | if (NULL != dns_port) | ||
3275 | { | ||
3276 | GNUNET_CADET_close_port (dns_port); | ||
3277 | dns_port = NULL; | ||
3278 | } | ||
3279 | if (NULL != cadet_port4) | ||
3280 | { | ||
3281 | GNUNET_CADET_close_port (cadet_port4); | ||
3282 | cadet_port4 = NULL; | ||
3283 | } | ||
3284 | if (NULL != cadet_port6) | ||
3285 | { | ||
3286 | GNUNET_CADET_close_port (cadet_port6); | ||
3287 | cadet_port6 = NULL; | ||
3288 | } | ||
3289 | if (NULL != cadet_handle) | ||
3290 | { | ||
3291 | GNUNET_CADET_disconnect (cadet_handle); | ||
3292 | cadet_handle = NULL; | ||
3293 | } | ||
3294 | if (NULL != connections_map) | ||
3295 | { | ||
3296 | GNUNET_CONTAINER_multihashmap_iterate (connections_map, | ||
3297 | &free_iterate, | ||
3298 | NULL); | ||
3299 | GNUNET_CONTAINER_multihashmap_destroy (connections_map); | ||
3300 | connections_map = NULL; | ||
3301 | } | ||
3302 | if (NULL != connections_heap) | ||
3303 | { | ||
3304 | GNUNET_CONTAINER_heap_destroy (connections_heap); | ||
3305 | connections_heap = NULL; | ||
3306 | } | ||
3307 | if (NULL != dnsstub) | ||
3308 | { | ||
3309 | GNUNET_DNSSTUB_stop (dnsstub); | ||
3310 | dnsstub = NULL; | ||
3311 | } | ||
3312 | if (NULL != peer_key) | ||
3313 | { | ||
3314 | GNUNET_free (peer_key); | ||
3315 | peer_key = NULL; | ||
3316 | } | ||
3317 | if (NULL != dht_task) | ||
3318 | { | ||
3319 | GNUNET_SCHEDULER_cancel (dht_task); | ||
3320 | dht_task = NULL; | ||
3321 | } | ||
3322 | if (NULL != dht_put) | ||
3323 | { | ||
3324 | GNUNET_DHT_put_cancel (dht_put); | ||
3325 | dht_put = NULL; | ||
3326 | } | ||
3327 | if (NULL != dht) | ||
3328 | { | ||
3329 | GNUNET_DHT_disconnect (dht); | ||
3330 | dht = NULL; | ||
3331 | } | ||
3332 | if (NULL != stats) | ||
3333 | { | ||
3334 | GNUNET_STATISTICS_destroy (stats, | ||
3335 | GNUNET_NO); | ||
3336 | stats = NULL; | ||
3337 | } | ||
3338 | for (i = 0; i < 8; i++) | ||
3339 | GNUNET_free (exit_argv[i]); | ||
3340 | } | ||
3341 | |||
3342 | |||
3343 | /** | ||
3344 | * Add services to the service map. | ||
3345 | * | ||
3346 | * @param proto IPPROTO_TCP or IPPROTO_UDP | ||
3347 | * @param cpy copy of the service descriptor (can be mutilated) | ||
3348 | * @param name DNS name of the service | ||
3349 | */ | ||
3350 | static void | ||
3351 | add_services (int proto, | ||
3352 | char *cpy, | ||
3353 | const char *name) | ||
3354 | { | ||
3355 | char *redirect; | ||
3356 | char *hostname; | ||
3357 | char *hostport; | ||
3358 | struct LocalService *serv; | ||
3359 | char *n; | ||
3360 | size_t slen; | ||
3361 | |||
3362 | slen = strlen (name); | ||
3363 | GNUNET_assert (slen >= 8); | ||
3364 | n = GNUNET_strndup (name, slen - 8 /* remove .gnunet. */); | ||
3365 | |||
3366 | for (redirect = strtok (cpy, " ;"); redirect != NULL; | ||
3367 | redirect = strtok (NULL, " ;")) | ||
3368 | { | ||
3369 | if (NULL == (hostname = strstr (redirect, ":"))) | ||
3370 | { | ||
3371 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
3372 | _ ( | ||
3373 | "Option `%s' for domain `%s' is not formatted correctly!\n"), | ||
3374 | redirect, | ||
3375 | name); | ||
3376 | continue; | ||
3377 | } | ||
3378 | hostname[0] = '\0'; | ||
3379 | hostname++; | ||
3380 | if (NULL == (hostport = strstr (hostname, ":"))) | ||
3381 | { | ||
3382 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
3383 | _ ( | ||
3384 | "Option `%s' for domain `%s' is not formatted correctly!\n"), | ||
3385 | redirect, | ||
3386 | name); | ||
3387 | continue; | ||
3388 | } | ||
3389 | hostport[0] = '\0'; | ||
3390 | hostport++; | ||
3391 | |||
3392 | int local_port = atoi (redirect); | ||
3393 | int remote_port = atoi (hostport); | ||
3394 | |||
3395 | if (! ((local_port > 0) && (local_port < 65536))) | ||
3396 | { | ||
3397 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
3398 | _ ("`%s' is not a valid port number (for domain `%s')!"), | ||
3399 | redirect, | ||
3400 | name); | ||
3401 | continue; | ||
3402 | } | ||
3403 | if (! ((remote_port > 0) && (remote_port < 65536))) | ||
3404 | { | ||
3405 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
3406 | _ ("`%s' is not a valid port number (for domain `%s')!"), | ||
3407 | hostport, | ||
3408 | name); | ||
3409 | continue; | ||
3410 | } | ||
3411 | |||
3412 | serv = GNUNET_new (struct LocalService); | ||
3413 | serv->address.proto = proto; | ||
3414 | serv->address.port = remote_port; | ||
3415 | if (0 == strcmp ("localhost4", | ||
3416 | hostname)) | ||
3417 | { | ||
3418 | const char *ip4addr = exit_argv[5]; | ||
3419 | |||
3420 | serv->address.af = AF_INET; | ||
3421 | GNUNET_assert (1 == inet_pton (AF_INET, | ||
3422 | ip4addr, | ||
3423 | &serv->address.address.ipv4)); | ||
3424 | } | ||
3425 | else if (0 == strcmp ("localhost6", | ||
3426 | hostname)) | ||
3427 | { | ||
3428 | const char *ip6addr = exit_argv[3]; | ||
3429 | |||
3430 | serv->address.af = AF_INET6; | ||
3431 | GNUNET_assert (1 == inet_pton (AF_INET6, | ||
3432 | ip6addr, | ||
3433 | &serv->address.address.ipv6)); | ||
3434 | } | ||
3435 | else | ||
3436 | { | ||
3437 | struct addrinfo *res; | ||
3438 | int ret; | ||
3439 | |||
3440 | ret = getaddrinfo (hostname, | ||
3441 | NULL, | ||
3442 | NULL, | ||
3443 | &res); | ||
3444 | if ((0 != ret) || (NULL == res)) | ||
3445 | { | ||
3446 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
3447 | _ ( | ||
3448 | "No addresses found for hostname `%s' of service `%s'!\n"), | ||
3449 | hostname, | ||
3450 | n); | ||
3451 | GNUNET_free (serv); | ||
3452 | continue; | ||
3453 | } | ||
3454 | |||
3455 | serv->address.af = res->ai_family; | ||
3456 | switch (res->ai_family) | ||
3457 | { | ||
3458 | case AF_INET: | ||
3459 | if (! ipv4_enabled) | ||
3460 | { | ||
3461 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
3462 | _ ( | ||
3463 | "Service `%s' configured for IPv4, but IPv4 is disabled!\n"), | ||
3464 | n); | ||
3465 | freeaddrinfo (res); | ||
3466 | GNUNET_free (serv); | ||
3467 | continue; | ||
3468 | } | ||
3469 | serv->address.address.ipv4 | ||
3470 | = ((struct sockaddr_in *) res->ai_addr)->sin_addr; | ||
3471 | break; | ||
3472 | |||
3473 | case AF_INET6: | ||
3474 | if (! ipv6_enabled) | ||
3475 | { | ||
3476 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
3477 | _ ( | ||
3478 | "Service `%s' configured for IPv4, but IPv4 is disabled!\n"), | ||
3479 | n); | ||
3480 | freeaddrinfo (res); | ||
3481 | GNUNET_free (serv); | ||
3482 | continue; | ||
3483 | } | ||
3484 | serv->address.address.ipv6 | ||
3485 | = ((struct sockaddr_in6 *) res->ai_addr)->sin6_addr; | ||
3486 | break; | ||
3487 | |||
3488 | default: | ||
3489 | freeaddrinfo (res); | ||
3490 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
3491 | _ ( | ||
3492 | "No IP addresses found for hostname `%s' of service `%s'!\n"), | ||
3493 | hostname, | ||
3494 | n); | ||
3495 | GNUNET_free (serv); | ||
3496 | continue; | ||
3497 | } | ||
3498 | freeaddrinfo (res); | ||
3499 | } | ||
3500 | store_service (proto, | ||
3501 | n, | ||
3502 | local_port, | ||
3503 | serv); | ||
3504 | } | ||
3505 | GNUNET_free (n); | ||
3506 | } | ||
3507 | |||
3508 | |||
3509 | /** | ||
3510 | * Reads the configuration and populates #udp_services and #tcp_services | ||
3511 | * | ||
3512 | * @param cls unused | ||
3513 | * @param section name of section in config | ||
3514 | */ | ||
3515 | static void | ||
3516 | read_service_conf (void *cls, | ||
3517 | const char *section) | ||
3518 | { | ||
3519 | char *cpy; | ||
3520 | |||
3521 | if ((strlen (section) < 8) || | ||
3522 | (0 != strcmp (".gnunet.", section + (strlen (section) - 8)))) | ||
3523 | return; | ||
3524 | if (GNUNET_OK == | ||
3525 | GNUNET_CONFIGURATION_get_value_string (cfg, | ||
3526 | section, | ||
3527 | "UDP_REDIRECTS", | ||
3528 | &cpy)) | ||
3529 | { | ||
3530 | add_services (IPPROTO_UDP, | ||
3531 | cpy, | ||
3532 | section); | ||
3533 | GNUNET_free (cpy); | ||
3534 | } | ||
3535 | if (GNUNET_OK == | ||
3536 | GNUNET_CONFIGURATION_get_value_string (cfg, | ||
3537 | section, | ||
3538 | "TCP_REDIRECTS", | ||
3539 | &cpy)) | ||
3540 | { | ||
3541 | add_services (IPPROTO_TCP, | ||
3542 | cpy, | ||
3543 | section); | ||
3544 | GNUNET_free (cpy); | ||
3545 | } | ||
3546 | } | ||
3547 | |||
3548 | |||
3549 | /** | ||
3550 | * We are running a DNS exit service, advertise it in the | ||
3551 | * DHT. This task is run periodically to do the DHT PUT. | ||
3552 | * | ||
3553 | * @param cls closure | ||
3554 | */ | ||
3555 | static void | ||
3556 | do_dht_put (void *cls); | ||
3557 | |||
3558 | |||
3559 | /** | ||
3560 | * Function called when the DHT PUT operation is complete. | ||
3561 | * Schedules the next PUT. | ||
3562 | * | ||
3563 | * @param cls closure, NULL | ||
3564 | */ | ||
3565 | static void | ||
3566 | dht_put_cont (void *cls) | ||
3567 | { | ||
3568 | dht_put = NULL; | ||
3569 | } | ||
3570 | |||
3571 | |||
3572 | /** | ||
3573 | * We are running a DNS exit service, advertise it in the | ||
3574 | * DHT. This task is run periodically to do the DHT PUT. | ||
3575 | * | ||
3576 | * @param cls closure | ||
3577 | */ | ||
3578 | static void | ||
3579 | do_dht_put (void *cls) | ||
3580 | { | ||
3581 | struct GNUNET_TIME_Absolute expiration; | ||
3582 | |||
3583 | dht_task = GNUNET_SCHEDULER_add_delayed (DHT_PUT_FREQUENCY, | ||
3584 | &do_dht_put, | ||
3585 | NULL); | ||
3586 | expiration = GNUNET_TIME_absolute_ntoh (dns_advertisement.expiration_time); | ||
3587 | if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value_us < | ||
3588 | GNUNET_TIME_UNIT_HOURS.rel_value_us) | ||
3589 | { | ||
3590 | /* refresh advertisement */ | ||
3591 | expiration = GNUNET_TIME_relative_to_absolute (DNS_ADVERTISEMENT_TIMEOUT); | ||
3592 | dns_advertisement.expiration_time = GNUNET_TIME_absolute_hton (expiration); | ||
3593 | GNUNET_assert (GNUNET_OK == | ||
3594 | GNUNET_CRYPTO_eddsa_sign_ (peer_key, | ||
3595 | &dns_advertisement.purpose, | ||
3596 | &dns_advertisement.signature)); | ||
3597 | } | ||
3598 | if (NULL != dht_put) | ||
3599 | GNUNET_DHT_put_cancel (dht_put); | ||
3600 | dht_put = GNUNET_DHT_put (dht, | ||
3601 | &dht_put_key, | ||
3602 | 1 /* replication */, | ||
3603 | GNUNET_DHT_RO_NONE, | ||
3604 | GNUNET_BLOCK_TYPE_DNS, | ||
3605 | sizeof(struct GNUNET_DNS_Advertisement), | ||
3606 | &dns_advertisement, | ||
3607 | expiration, | ||
3608 | &dht_put_cont, | ||
3609 | NULL); | ||
3610 | } | ||
3611 | |||
3612 | |||
3613 | /** | ||
3614 | * Figure out which IP versions we should support (and which | ||
3615 | * are supported by the OS) according to our configuration. | ||
3616 | */ | ||
3617 | static void | ||
3618 | parse_ip_options () | ||
3619 | { | ||
3620 | ipv4_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, | ||
3621 | "exit", | ||
3622 | "EXIT_IPV4"); | ||
3623 | ipv6_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, | ||
3624 | "exit", | ||
3625 | "EXIT_IPV6"); | ||
3626 | ipv4_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, | ||
3627 | "exit", | ||
3628 | "ENABLE_IPV4"); | ||
3629 | ipv6_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg, | ||
3630 | "exit", | ||
3631 | "ENABLE_IPV6"); | ||
3632 | if ((ipv4_exit || ipv4_enabled) && | ||
3633 | (GNUNET_OK != GNUNET_NETWORK_test_pf (PF_INET)) ) | ||
3634 | { | ||
3635 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
3636 | _ ( | ||
3637 | "This system does not support IPv4, will disable IPv4 functions despite them being enabled in the configuration\n")); | ||
3638 | ipv4_exit = GNUNET_NO; | ||
3639 | ipv4_enabled = GNUNET_NO; | ||
3640 | } | ||
3641 | if ((ipv6_exit || ipv6_enabled) && | ||
3642 | (GNUNET_OK != GNUNET_NETWORK_test_pf (PF_INET6)) ) | ||
3643 | { | ||
3644 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
3645 | _ ( | ||
3646 | "This system does not support IPv6, will disable IPv6 functions despite them being enabled in the configuration\n")); | ||
3647 | ipv6_exit = GNUNET_NO; | ||
3648 | ipv6_enabled = GNUNET_NO; | ||
3649 | } | ||
3650 | if (ipv4_exit && (! ipv4_enabled)) | ||
3651 | { | ||
3652 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
3653 | _ ( | ||
3654 | "Cannot enable IPv4 exit but disable IPv4 on TUN interface, will use ENABLE_IPv4=YES\n")); | ||
3655 | ipv4_enabled = GNUNET_YES; | ||
3656 | } | ||
3657 | if (ipv6_exit && (! ipv6_enabled)) | ||
3658 | { | ||
3659 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
3660 | _ ( | ||
3661 | "Cannot enable IPv6 exit but disable IPv6 on TUN interface, will use ENABLE_IPv6=YES\n")); | ||
3662 | ipv6_enabled = GNUNET_YES; | ||
3663 | } | ||
3664 | } | ||
3665 | |||
3666 | |||
3667 | /** | ||
3668 | * Helper function to open the CADET port for DNS exits and to | ||
3669 | * advertise the DNS exit (if applicable). | ||
3670 | */ | ||
3671 | static void | ||
3672 | advertise_dns_exit () | ||
3673 | { | ||
3674 | struct GNUNET_MQ_MessageHandler handlers[] = { | ||
3675 | GNUNET_MQ_hd_var_size (dns_request, | ||
3676 | GNUNET_MESSAGE_TYPE_VPN_DNS_TO_INTERNET, | ||
3677 | struct DnsResponseMessage, | ||
3678 | NULL), | ||
3679 | GNUNET_MQ_handler_end () | ||
3680 | }; | ||
3681 | char *dns_exit; | ||
3682 | struct GNUNET_HashCode port; | ||
3683 | |||
3684 | if (GNUNET_YES != | ||
3685 | GNUNET_CONFIGURATION_get_value_yesno (cfg, | ||
3686 | "exit", | ||
3687 | "EXIT_DNS")) | ||
3688 | return; | ||
3689 | GNUNET_assert (NULL != (dnsstub = GNUNET_DNSSTUB_start (128))); | ||
3690 | dns_exit = NULL; | ||
3691 | /* TODO: support using multiple DNS resolvers */ | ||
3692 | if ((GNUNET_OK != | ||
3693 | GNUNET_CONFIGURATION_get_value_string (cfg, | ||
3694 | "exit", | ||
3695 | "DNS_RESOLVER", | ||
3696 | &dns_exit)) || | ||
3697 | (GNUNET_OK != | ||
3698 | GNUNET_DNSSTUB_add_dns_ip (dnsstub, | ||
3699 | dns_exit))) | ||
3700 | { | ||
3701 | GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, | ||
3702 | "dns", | ||
3703 | "DNS_RESOLVER", | ||
3704 | _ ("need a valid IPv4 or IPv6 address\n")); | ||
3705 | GNUNET_free (dns_exit); | ||
3706 | return; | ||
3707 | } | ||
3708 | /* open port */ | ||
3709 | GNUNET_CRYPTO_hash (GNUNET_APPLICATION_PORT_INTERNET_RESOLVER, | ||
3710 | strlen (GNUNET_APPLICATION_PORT_INTERNET_RESOLVER), | ||
3711 | &port); | ||
3712 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3713 | "Opening CADET port %s for DNS exit service\n", | ||
3714 | GNUNET_h2s (&port)); | ||
3715 | dns_port = GNUNET_CADET_open_port (cadet_handle, | ||
3716 | &port, | ||
3717 | &new_channel, | ||
3718 | NULL, | ||
3719 | NULL, | ||
3720 | &clean_channel, | ||
3721 | handlers); | ||
3722 | /* advertise exit */ | ||
3723 | dht = GNUNET_DHT_connect (cfg, | ||
3724 | 1); | ||
3725 | peer_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg); | ||
3726 | GNUNET_CRYPTO_eddsa_key_get_public (peer_key, | ||
3727 | &dns_advertisement.peer.public_key); | ||
3728 | dns_advertisement.purpose.size = htonl (sizeof(struct | ||
3729 | GNUNET_DNS_Advertisement) | ||
3730 | - sizeof(struct | ||
3731 | GNUNET_CRYPTO_EddsaSignature)); | ||
3732 | dns_advertisement.purpose.purpose = htonl ( | ||
3733 | GNUNET_SIGNATURE_PURPOSE_DNS_RECORD); | ||
3734 | GNUNET_CRYPTO_hash ("dns", | ||
3735 | strlen ("dns"), | ||
3736 | &dht_put_key); | ||
3737 | dht_task = GNUNET_SCHEDULER_add_now (&do_dht_put, | ||
3738 | NULL); | ||
3739 | GNUNET_free (dns_exit); | ||
3740 | } | ||
3741 | |||
3742 | |||
3743 | /** | ||
3744 | * Initialize #exit_argv. | ||
3745 | * | ||
3746 | * @return #GNUNET_OK on success, #GNUNET_SYSERR if we should shutdown | ||
3747 | */ | ||
3748 | static int | ||
3749 | setup_exit_helper_args () | ||
3750 | { | ||
3751 | char *exit_ifname; | ||
3752 | char *tun_ifname; | ||
3753 | char *ipv6addr; | ||
3754 | char *ipv6prefix_s; | ||
3755 | char *ipv4addr; | ||
3756 | char *ipv4mask; | ||
3757 | |||
3758 | exit_argv[0] = GNUNET_strdup ("exit-gnunet"); | ||
3759 | if (GNUNET_SYSERR == | ||
3760 | GNUNET_CONFIGURATION_get_value_string (cfg, | ||
3761 | "exit", | ||
3762 | "TUN_IFNAME", | ||
3763 | &tun_ifname)) | ||
3764 | { | ||
3765 | GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, | ||
3766 | "EXIT", | ||
3767 | "TUN_IFNAME"); | ||
3768 | return GNUNET_SYSERR; | ||
3769 | } | ||
3770 | exit_argv[1] = tun_ifname; | ||
3771 | if (ipv4_enabled) | ||
3772 | { | ||
3773 | if (GNUNET_SYSERR == | ||
3774 | GNUNET_CONFIGURATION_get_value_string (cfg, | ||
3775 | "exit", | ||
3776 | "EXIT_IFNAME", | ||
3777 | &exit_ifname)) | ||
3778 | { | ||
3779 | GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, | ||
3780 | "EXIT", | ||
3781 | "EXIT_IFNAME"); | ||
3782 | return GNUNET_SYSERR; | ||
3783 | } | ||
3784 | exit_argv[2] = exit_ifname; | ||
3785 | } | ||
3786 | else | ||
3787 | { | ||
3788 | exit_argv[2] = GNUNET_strdup ("-"); | ||
3789 | } | ||
3790 | |||
3791 | if (GNUNET_YES == ipv6_enabled) | ||
3792 | { | ||
3793 | ipv6addr = NULL; | ||
3794 | if (((GNUNET_SYSERR == | ||
3795 | GNUNET_CONFIGURATION_get_value_string (cfg, | ||
3796 | "exit", | ||
3797 | "IPV6ADDR", | ||
3798 | &ipv6addr)) || | ||
3799 | (1 != inet_pton (AF_INET6, | ||
3800 | ipv6addr, | ||
3801 | &exit_ipv6addr)))) | ||
3802 | { | ||
3803 | GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, | ||
3804 | "EXIT", | ||
3805 | "IPV6ADDR"); | ||
3806 | GNUNET_free (ipv6addr); | ||
3807 | return GNUNET_SYSERR; | ||
3808 | } | ||
3809 | exit_argv[3] = ipv6addr; | ||
3810 | if (GNUNET_SYSERR == | ||
3811 | GNUNET_CONFIGURATION_get_value_string (cfg, | ||
3812 | "exit", | ||
3813 | "IPV6PREFIX", | ||
3814 | &ipv6prefix_s)) | ||
3815 | { | ||
3816 | GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, | ||
3817 | "EXIT", | ||
3818 | "IPV6PREFIX"); | ||
3819 | return GNUNET_SYSERR; | ||
3820 | } | ||
3821 | exit_argv[4] = ipv6prefix_s; | ||
3822 | if ((GNUNET_OK != | ||
3823 | GNUNET_CONFIGURATION_get_value_number (cfg, | ||
3824 | "exit", | ||
3825 | "IPV6PREFIX", | ||
3826 | &ipv6prefix)) || | ||
3827 | (ipv6prefix >= 127)) | ||
3828 | { | ||
3829 | GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, | ||
3830 | "EXIT", | ||
3831 | "IPV6PREFIX", | ||
3832 | _ ("Must be a number")); | ||
3833 | return GNUNET_SYSERR; | ||
3834 | } | ||
3835 | } | ||
3836 | else | ||
3837 | { | ||
3838 | /* IPv6 explicitly disabled */ | ||
3839 | exit_argv[3] = GNUNET_strdup ("-"); | ||
3840 | exit_argv[4] = GNUNET_strdup ("-"); | ||
3841 | } | ||
3842 | if (GNUNET_YES == ipv4_enabled) | ||
3843 | { | ||
3844 | ipv4addr = NULL; | ||
3845 | if (((GNUNET_SYSERR == | ||
3846 | GNUNET_CONFIGURATION_get_value_string (cfg, | ||
3847 | "exit", | ||
3848 | "IPV4ADDR", | ||
3849 | &ipv4addr)) || | ||
3850 | (1 != inet_pton (AF_INET, | ||
3851 | ipv4addr, | ||
3852 | &exit_ipv4addr)))) | ||
3853 | { | ||
3854 | GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, | ||
3855 | "EXIT", | ||
3856 | "IPV4ADDR"); | ||
3857 | GNUNET_free (ipv4addr); | ||
3858 | return GNUNET_SYSERR; | ||
3859 | } | ||
3860 | exit_argv[5] = ipv4addr; | ||
3861 | ipv4mask = NULL; | ||
3862 | if (((GNUNET_SYSERR == | ||
3863 | GNUNET_CONFIGURATION_get_value_string (cfg, | ||
3864 | "exit", | ||
3865 | "IPV4MASK", | ||
3866 | &ipv4mask)) || | ||
3867 | (1 != inet_pton (AF_INET, | ||
3868 | ipv4mask, | ||
3869 | &exit_ipv4mask)))) | ||
3870 | { | ||
3871 | GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, | ||
3872 | "EXIT", | ||
3873 | "IPV4MASK"); | ||
3874 | GNUNET_free (ipv4mask); | ||
3875 | return GNUNET_SYSERR; | ||
3876 | } | ||
3877 | exit_argv[6] = ipv4mask; | ||
3878 | } | ||
3879 | else | ||
3880 | { | ||
3881 | /* IPv4 explicitly disabled */ | ||
3882 | exit_argv[5] = GNUNET_strdup ("-"); | ||
3883 | exit_argv[6] = GNUNET_strdup ("-"); | ||
3884 | } | ||
3885 | exit_argv[7] = NULL; | ||
3886 | return GNUNET_OK; | ||
3887 | } | ||
3888 | |||
3889 | |||
3890 | /** | ||
3891 | * @brief Main function that will be run by the scheduler. | ||
3892 | * | ||
3893 | * @param cls closure | ||
3894 | * @param args remaining command-line arguments | ||
3895 | * @param cfgfile name of the configuration file used (for saving, can be NULL!) | ||
3896 | * @param cfg_ configuration | ||
3897 | */ | ||
3898 | static void | ||
3899 | run (void *cls, | ||
3900 | char *const *args, | ||
3901 | const char *cfgfile, | ||
3902 | const struct GNUNET_CONFIGURATION_Handle *cfg_) | ||
3903 | { | ||
3904 | struct GNUNET_MQ_MessageHandler handlers[] = { | ||
3905 | GNUNET_MQ_hd_var_size (icmp_remote, | ||
3906 | GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_INTERNET, | ||
3907 | struct GNUNET_EXIT_IcmpInternetMessage, | ||
3908 | NULL), | ||
3909 | GNUNET_MQ_hd_var_size (udp_remote, | ||
3910 | GNUNET_MESSAGE_TYPE_VPN_UDP_TO_INTERNET, | ||
3911 | struct GNUNET_EXIT_UdpInternetMessage, | ||
3912 | NULL), | ||
3913 | GNUNET_MQ_hd_var_size (tcp_remote, | ||
3914 | GNUNET_MESSAGE_TYPE_VPN_TCP_TO_INTERNET_START, | ||
3915 | struct GNUNET_EXIT_TcpInternetStartMessage, | ||
3916 | NULL), | ||
3917 | GNUNET_MQ_hd_var_size (tcp_data, | ||
3918 | GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_EXIT, | ||
3919 | struct GNUNET_EXIT_TcpDataMessage, | ||
3920 | NULL), | ||
3921 | GNUNET_MQ_handler_end () | ||
3922 | }; | ||
3923 | struct GNUNET_HashCode port; | ||
3924 | char *policy; | ||
3925 | char *binary; | ||
3926 | char *regex; | ||
3927 | char *prefixed_regex; | ||
3928 | |||
3929 | cfg = cfg_; | ||
3930 | if (GNUNET_OK != | ||
3931 | GNUNET_CONFIGURATION_get_value_number (cfg, | ||
3932 | "exit", | ||
3933 | "MAX_CONNECTIONS", | ||
3934 | &max_connections)) | ||
3935 | max_connections = 1024; | ||
3936 | parse_ip_options (); | ||
3937 | binary = GNUNET_OS_get_suid_binary_path (cfg, "gnunet-helper-exit"); | ||
3938 | if ((ipv4_exit) || (ipv6_exit)) | ||
3939 | { | ||
3940 | if (GNUNET_YES != | ||
3941 | GNUNET_OS_check_helper_binary (binary, | ||
3942 | GNUNET_YES, | ||
3943 | "gnunet-vpn - - - 169.1.3.7 255.255.255.0")) // no nat, ipv4 only | ||
3944 | { | ||
3945 | GNUNET_free (binary); | ||
3946 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
3947 | _ ( | ||
3948 | "`%s' is not SUID or the path is invalid, EXIT will not work\n"), | ||
3949 | "gnunet-helper-exit"); | ||
3950 | GNUNET_SCHEDULER_add_shutdown (&dummy_task, | ||
3951 | NULL); | ||
3952 | global_ret = 1; | ||
3953 | return; | ||
3954 | } | ||
3955 | } | ||
3956 | if (! (ipv4_enabled || ipv6_enabled)) | ||
3957 | { | ||
3958 | GNUNET_free (binary); | ||
3959 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
3960 | _ ("No useful service enabled. Exiting.\n")); | ||
3961 | GNUNET_SCHEDULER_shutdown (); | ||
3962 | return; | ||
3963 | } | ||
3964 | |||
3965 | GNUNET_SCHEDULER_add_shutdown (&cleanup, | ||
3966 | NULL); | ||
3967 | stats = GNUNET_STATISTICS_create ("exit", | ||
3968 | cfg); | ||
3969 | cadet_handle = GNUNET_CADET_connect (cfg); | ||
3970 | if (NULL == cadet_handle) | ||
3971 | { | ||
3972 | GNUNET_free (binary); | ||
3973 | GNUNET_SCHEDULER_shutdown (); | ||
3974 | return; | ||
3975 | } | ||
3976 | advertise_dns_exit (); | ||
3977 | if (GNUNET_OK != | ||
3978 | setup_exit_helper_args ()) | ||
3979 | { | ||
3980 | GNUNET_free (binary); | ||
3981 | GNUNET_SCHEDULER_shutdown (); | ||
3982 | return; | ||
3983 | } | ||
3984 | |||
3985 | services = GNUNET_CONTAINER_multihashmap_create (65536, | ||
3986 | GNUNET_NO); | ||
3987 | connections_map = GNUNET_CONTAINER_multihashmap_create (65536, | ||
3988 | GNUNET_NO); | ||
3989 | connections_heap = GNUNET_CONTAINER_heap_create ( | ||
3990 | GNUNET_CONTAINER_HEAP_ORDER_MIN); | ||
3991 | GNUNET_CONFIGURATION_iterate_sections (cfg, | ||
3992 | &read_service_conf, | ||
3993 | NULL); | ||
3994 | |||
3995 | /* Cadet handle acquired, now open ports and announce regular | ||
3996 | expressions matching our exit */ | ||
3997 | if ((GNUNET_YES == ipv4_enabled) && | ||
3998 | (GNUNET_YES == ipv4_exit)) | ||
3999 | { | ||
4000 | GNUNET_CRYPTO_hash (GNUNET_APPLICATION_PORT_IPV4_GATEWAY, | ||
4001 | strlen (GNUNET_APPLICATION_PORT_IPV4_GATEWAY), | ||
4002 | &port); | ||
4003 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
4004 | "Opening CADET port %s for IPv4 gateway service\n", | ||
4005 | GNUNET_h2s (&port)); | ||
4006 | cadet_port4 = GNUNET_CADET_open_port (cadet_handle, | ||
4007 | &port, | ||
4008 | &new_channel, | ||
4009 | NULL, | ||
4010 | NULL, | ||
4011 | &clean_channel, | ||
4012 | handlers); | ||
4013 | policy = NULL; | ||
4014 | if (GNUNET_OK != | ||
4015 | GNUNET_CONFIGURATION_get_value_string (cfg, | ||
4016 | "exit", | ||
4017 | "EXIT_RANGE_IPV4_POLICY", | ||
4018 | &policy)) | ||
4019 | regex = NULL; | ||
4020 | else | ||
4021 | regex = GNUNET_TUN_ipv4policy2regex (policy); | ||
4022 | GNUNET_free (policy); | ||
4023 | if (NULL != regex) | ||
4024 | { | ||
4025 | (void) GNUNET_asprintf (&prefixed_regex, | ||
4026 | "%s%s", | ||
4027 | GNUNET_APPLICATION_TYPE_EXIT_REGEX_PREFIX, | ||
4028 | regex); | ||
4029 | regex4 = GNUNET_REGEX_announce (cfg, | ||
4030 | prefixed_regex, | ||
4031 | REGEX_REFRESH_FREQUENCY, | ||
4032 | REGEX_MAX_PATH_LEN_IPV4); | ||
4033 | GNUNET_free (regex); | ||
4034 | GNUNET_free (prefixed_regex); | ||
4035 | } | ||
4036 | } | ||
4037 | |||
4038 | if ((GNUNET_YES == ipv6_enabled) && (GNUNET_YES == ipv6_exit)) | ||
4039 | { | ||
4040 | GNUNET_CRYPTO_hash (GNUNET_APPLICATION_PORT_IPV6_GATEWAY, | ||
4041 | strlen (GNUNET_APPLICATION_PORT_IPV6_GATEWAY), | ||
4042 | &port); | ||
4043 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
4044 | "Opening CADET port %s for IPv6 gateway service\n", | ||
4045 | GNUNET_h2s (&port)); | ||
4046 | cadet_port6 = GNUNET_CADET_open_port (cadet_handle, | ||
4047 | &port, | ||
4048 | &new_channel, | ||
4049 | NULL, | ||
4050 | NULL, | ||
4051 | &clean_channel, | ||
4052 | handlers); | ||
4053 | policy = NULL; | ||
4054 | if (GNUNET_OK != | ||
4055 | GNUNET_CONFIGURATION_get_value_string (cfg, | ||
4056 | "exit", | ||
4057 | "EXIT_RANGE_IPV6_POLICY", | ||
4058 | &policy)) | ||
4059 | regex = NULL; | ||
4060 | else | ||
4061 | regex = GNUNET_TUN_ipv6policy2regex (policy); | ||
4062 | GNUNET_free (policy); | ||
4063 | if (NULL != regex) | ||
4064 | { | ||
4065 | (void) GNUNET_asprintf (&prefixed_regex, | ||
4066 | "%s%s", | ||
4067 | GNUNET_APPLICATION_TYPE_EXIT_REGEX_PREFIX, | ||
4068 | regex); | ||
4069 | regex6 = GNUNET_REGEX_announce (cfg, | ||
4070 | prefixed_regex, | ||
4071 | REGEX_REFRESH_FREQUENCY, | ||
4072 | REGEX_MAX_PATH_LEN_IPV6); | ||
4073 | GNUNET_free (regex); | ||
4074 | GNUNET_free (prefixed_regex); | ||
4075 | } | ||
4076 | } | ||
4077 | helper_handle = GNUNET_HELPER_start (GNUNET_NO, | ||
4078 | binary, | ||
4079 | exit_argv, | ||
4080 | &message_token, | ||
4081 | NULL, | ||
4082 | NULL); | ||
4083 | GNUNET_free (binary); | ||
4084 | } | ||
4085 | |||
4086 | |||
4087 | /** | ||
4088 | * The main function | ||
4089 | * | ||
4090 | * @param argc number of arguments from the command line | ||
4091 | * @param argv command line arguments | ||
4092 | * @return 0 ok, 1 on error | ||
4093 | */ | ||
4094 | int | ||
4095 | main (int argc, | ||
4096 | char *const *argv) | ||
4097 | { | ||
4098 | static const struct GNUNET_GETOPT_CommandLineOption options[] = { | ||
4099 | GNUNET_GETOPT_OPTION_END | ||
4100 | }; | ||
4101 | |||
4102 | if (GNUNET_OK != | ||
4103 | GNUNET_STRINGS_get_utf8_args (argc, | ||
4104 | argv, | ||
4105 | &argc, | ||
4106 | &argv)) | ||
4107 | return 2; | ||
4108 | |||
4109 | return (GNUNET_OK == | ||
4110 | GNUNET_PROGRAM_run (argc, | ||
4111 | argv, | ||
4112 | "gnunet-daemon-exit", | ||
4113 | gettext_noop ( | ||
4114 | "Daemon to run to provide an IP exit node for the VPN"), | ||
4115 | options, | ||
4116 | &run, | ||
4117 | NULL)) ? global_ret : 1; | ||
4118 | } | ||
4119 | |||
4120 | |||
4121 | /* end of gnunet-daemon-exit.c */ | ||