9 files changed, 354 insertions, 329 deletions
diff --git a/src/dns/Makefile.am b/src/dns/Makefile.am
index d8c2cd1c1..a9b1d652e 100644
--- a/src/dns/Makefile.am
+++ b/src/dns/Makefile.am
@@ -74,6 +74,7 @@ gnunet_service_dns_SOURCES = \
 gnunet-service-dns.c 
 gnunet_service_dns_LDADD = \
  $(top_builddir)/src/tun/libgnunettun.la \
+  $(top_builddir)/src/mesh/libgnunetmesh.la \
  $(top_builddir)/src/statistics/libgnunetstatistics.la \
  $(top_builddir)/src/util/libgnunetutil.la \
  $(GN_LIBINTL)
diff --git a/src/dns/dns.conf.in b/src/dns/dns.conf.in
index a99f7fec3..d2c67958a 100644
--- a/src/dns/dns.conf.in
+++ b/src/dns/dns.conf.in
@@ -1,17 +1,34 @@
 [dns]
 AUTOSTART = YES
-@UNIXONLY@ PORT = 0
 HOSTNAME = localhost
 HOME = $SERVICEHOME
 CONFIG = $DEFAULTCONFIG
 BINARY = gnunet-service-dns
 UNIXPATH = /tmp/gnunet-service-dns.sock
+# Access to this service can compromise all DNS queries in this
+# system.  Thus access should be restricted to the same UID.
+# (see https://gnunet.org/gnunet-access-control-model)
 UNIX_MATCH_UID = YES
 UNIX_MATCH_GID = YES
+# As there is no sufficiently restrictive access control for TCP, 
+# we never use it, even if @UNIXONLY@ is not set (just to be safe)
+@UNIXONLY@ PORT = 0
+# This option should be set to YES to allow the DNS service to 
+# perform lookups against the locally configured DNS resolver.
+# (set to "NO" if no normal ISP is locally available and thus
+# requests for normal ".com"/".org"/etc. must be routed via 
+# the GNUnet VPN (the GNUNET PT daemon then needs to be configured
+# to intercept and route DNS queries via mesh).
 PROVIDE_EXIT = YES
+# Name of the virtual interface we use to intercept DNS traffic.
 IFNAME = gnunet-dns
 # Use RFC 3849-style documentation IPv6 address (RFC 4773 might provide an alternative in the future)
+# FIXME: or just default to a site-local address scope as we do for VPN!?
 IPV6ADDR = 2001:DB8::1
 IPV6PREFIX = 126
@@ -19,3 +36,9 @@ IPV6PREFIX = 126
 IPV4ADDR = 169.254.1.1
 IPV4MASK = 255.255.0.0
+# Enable GNUnet-wide DNS-EXIT service by setting this value to the IP address (IPv4 or IPv6)
+# of a DNS resolver to use.  Only works if "PROVIDE_EXIT" is also set to YES.  Must absolutely
+# NOT be an address of any of GNUnet's virtual tunnel interfaces.  Use a well-known
+# public DNS resolver or your ISP's resolver from /etc/resolv.conf.
+# DNS_EXIT = 8.8.8.8
diff --git a/src/dns/dns.h b/src/dns/dns.h
index 29a9f937b..2b0ad0376 100644
--- a/src/dns/dns.h
+++ b/src/dns/dns.h
@@ -19,7 +19,7 @@
 */
 /**
- * @file dns/dns_new.h
+ * @file dns/dns.h
 * @brief IPC messages between DNS API and DNS service
 * @author Christian Grothoff
 */
diff --git a/src/dns/gnunet-service-dns.c b/src/dns/gnunet-service-dns.c
index 690b4887e..9f3a64334 100644
--- a/src/dns/gnunet-service-dns.c
+++ b/src/dns/gnunet-service-dns.c
@@ -25,11 +25,13 @@
 */
 #include "platform.h"
 #include "gnunet_util_lib.h"
+#include "gnunet_applications.h"
 #include "gnunet_constants.h"
 #include "gnunet_protocols.h"
 #include "gnunet_signatures.h"
 #include "dns.h"
 #include "gnunet_dns_service.h"
+#include "gnunet_mesh_service.h"
 #include "gnunet_statistics_service.h"
 #include "gnunet_tun_lib.h"
@@ -162,6 +164,55 @@ struct RequestRecord
 };
+/**
+ * State we keep for each DNS tunnel that terminates at this node.
+ */
+struct TunnelState
+{
+  /**
+   * Associated MESH tunnel.
+   */
+  struct GNUNET_MESH_Tunnel *tunnel;
+  /**
+   * Active request for sending a reply.
+   */
+  struct GNUNET_MESH_TransmitHandle *th;
+  /**
+   * DNS reply ready for transmission.
+   */
+  char *reply;
+  /**
+   * Address we sent the DNS request to.
+   */
+  struct sockaddr_storage addr;
+  /**
+   * Number of bytes in 'addr'.
+   */
+  socklen_t addrlen;
+  /**
+   * Number of bytes in 'reply'.
+   */
+  size_t reply_length;
+  /**
+   * Original DNS request ID as used by the client.
+   */
+  uint16_t original_id;
+  /**
+   * DNS request ID that we used for forwarding.
+   */
+  uint16_t my_id;
+};
 /**
 * The IPv4 UDP-Socket through which DNS-Resolves will be sent if they are not to be
 * sent through gnunet. The port of this socket will not be hijacked.
@@ -231,10 +282,27 @@ static struct GNUNET_SERVER_NotificationContext *nc;
 static struct RequestRecord requests[UINT16_MAX + 1];
 /**
+ * Array of all open requests from tunnels.
+ */
+static struct TunnelState *tunnels[UINT16_MAX + 1];
+/**
 * Generator for unique request IDs.
 */
 static uint64_t request_id_gen;
+/**
+ * IP address to use for the DNS server if we are a DNS exit service
+ * (for VPN via mesh); otherwise NULL.
+ */
+static char *dns_exit;
+/**
+ * Handle to the MESH service (for receiving DNS queries), or NULL 
+ * if we are not a DNS exit.
+ */
+static struct GNUNET_MESH_Handle *mesh;
 /**
 * We're done processing a DNS request, free associated memory.
@@ -298,6 +366,11 @@ cleanup_task (void *cls GNUNET_UNUSED,
    GNUNET_STATISTICS_destroy (stats, GNUNET_YES);
    stats = NULL;
  }
+  if (NULL != dns_exit)
+  {
+    GNUNET_free (dns_exit);
+    dns_exit = NULL;
+  }
 }
@@ -657,6 +730,52 @@ client_disconnect (void *cls, struct GNUNET_SERVER_Client *client)
 /**
+ * We got a reply from DNS for a request of a MESH tunnel.  Send it
+ * via the tunnel (after changing the request ID back).
+ *
+ * @param cls the 'struct TunnelState'
+ * @param size number of bytes available in buf
+ * @param buf where to copy the reply
+ * @return number of bytes written to buf
+ */
+static size_t
+transmit_reply_to_mesh (void *cls,
+                        size_t size,
+                        void *buf)
+{
+  struct TunnelState *ts = cls;
+  size_t off;
+  size_t ret;
+  char *cbuf = buf;
+  struct GNUNET_MessageHeader hdr;
+  struct GNUNET_TUN_DnsHeader dns;
+  ts->th = NULL;
+  GNUNET_assert (ts->reply != NULL);
+  if (size == 0)
+    return 0;
+  ret = sizeof (struct GNUNET_MessageHeader) + ts->reply_length; 
+  GNUNET_assert (ret <= size);
+  hdr.size = htons (ret);
+  hdr.type = htons (GNUNET_MESSAGE_TYPE_VPN_DNS_FROM_INTERNET);
+  memcpy (&dns, ts->reply, sizeof (dns));
+  dns.id = ts->original_id;
+  off = 0;
+  memcpy (&cbuf[off], &hdr, sizeof (hdr));
+  off += sizeof (hdr);
+  memcpy (&cbuf[off], &dns, sizeof (dns));
+  off += sizeof (dns);
+  memcpy (&cbuf[off], &ts->reply[sizeof (dns)], ts->reply_length - sizeof (dns));
+  off += ts->reply_length - sizeof (dns);
+  GNUNET_free (ts->reply);
+  ts->reply = NULL;
+  ts->reply_length = 0;  
+  GNUNET_assert (ret == off);
+  return ret;
+}
+/**
 * Read a DNS response from the (unhindered) UDP-Socket
 *
 * @param cls socket to read from
@@ -673,6 +792,7 @@ read_response (void *cls,
  struct GNUNET_TUN_DnsHeader *dns;
  socklen_t addrlen;
  struct RequestRecord *rr;
+  struct TunnelState *ts;
  ssize_t r;
  int len;
@@ -728,19 +848,48 @@ read_response (void *cls,
      return;
    }
    dns = (struct GNUNET_TUN_DnsHeader *) buf;
+    /* Handle case that this is a reply to a request from a MESH DNS tunnel */
+    ts = tunnels[dns->id];
+    if ( (NULL == ts) ||
+         (addrlen != ts->addrlen) ||
+         (0 != memcmp (&ts->addr,
+                       addr,
+                       addrlen)) )
+      ts = NULL; /* DNS responder address missmatch */
+    if (NULL != ts)
+    {
+      tunnels[dns->id] = NULL;
+      GNUNET_free_non_null (ts->reply);
+      ts->reply = GNUNET_malloc (r);
+      ts->reply_length = r;
+      memcpy (ts->reply, dns, r);
+      if (ts->th != NULL)
+        GNUNET_MESH_notify_transmit_ready_cancel (ts->th);
+      ts->th = GNUNET_MESH_notify_transmit_ready (ts->tunnel,
+                                                  GNUNET_NO, 0,
+                                                  GNUNET_TIME_UNIT_FOREVER_REL,
+                                                  NULL,
+                                                  sizeof (struct GNUNET_MessageHeader) + r,
+                                                  &transmit_reply_to_mesh,
+                                                  ts);
+    }
+    /* Handle case that this is a reply to a local request (intercepted from TUN interface) */
    rr = &requests[dns->id];
    if (rr->phase != RP_INTERNET_DNS) 
    {
-      /* unexpected / bogus reply */
+      if (NULL == ts)
-      GNUNET_STATISTICS_update (stats,
+      {
-                                gettext_noop ("# External DNS response discarded (no matching request)"),
+        /* unexpected / bogus reply */
-                                1, GNUNET_NO);
+        GNUNET_STATISTICS_update (stats,
+                                  gettext_noop ("# External DNS response discarded (no matching request)"),
+                                  1, GNUNET_NO);
+      }
      return; 
    }
    GNUNET_free_non_null (rr->payload);
-    rr->payload = GNUNET_malloc (len);
+    rr->payload = GNUNET_malloc (r);
-    memcpy (rr->payload, buf, len);
+    memcpy (rr->payload, buf, r);
-    rr->payload_length = len;
+    rr->payload_length = r;
    next_phase (rr);
  }  
 }
@@ -1123,6 +1272,147 @@ process_helper_messages (void *cls GNUNET_UNUSED, void *client,
 /**
+ * Process a request via mesh to perform a DNS query.
+ *
+ * @param cls closure, NULL
+ * @param tunnel connection to the other end
+ * @param tunnel_ctx pointer to our 'struct TunnelState *'
+ * @param sender who sent the message
+ * @param message the actual message
+ * @param atsi performance data for the connection
+ * @return GNUNET_OK to keep the connection open,
+ *         GNUNET_SYSERR to close it (signal serious error)
+ */
+static int
+receive_dns_request (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
+                     void **tunnel_ctx,
+                     const struct GNUNET_PeerIdentity *sender GNUNET_UNUSED,
+                     const struct GNUNET_MessageHeader *message,
+                     const struct GNUNET_ATS_Information *atsi GNUNET_UNUSED)
+{
+  struct TunnelState *ts = *tunnel_ctx;
+  const struct GNUNET_TUN_DnsHeader *dns;
+  size_t mlen = ntohs (message->size);
+  size_t dlen = mlen - sizeof (struct GNUNET_MessageHeader);
+  char buf[dlen];
+  struct GNUNET_TUN_DnsHeader *dout;
+  struct sockaddr_in v4;
+  struct sockaddr_in6 v6;
+  struct sockaddr *so;
+  socklen_t salen;
+  struct GNUNET_NETWORK_Handle *dnsout;
+  if (dlen < sizeof (struct GNUNET_TUN_DnsHeader))
+  {
+    GNUNET_break_op (0);
+    return GNUNET_SYSERR;
+  }
+  dns = (const struct GNUNET_TUN_DnsHeader *) &message[1];
+  ts->original_id = dns->id;
+  if (tunnels[ts->my_id] == ts)
+    tunnels[ts->my_id] = NULL;
+  ts->my_id = (uint16_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, 
+                                                   65536);
+  tunnels[ts->my_id] = ts;
+  memcpy (buf, dns, dlen);
+  dout = (struct GNUNET_TUN_DnsHeader*) buf;
+  dout->id = ts->my_id;
+  
+  memset (&v4, 0, sizeof (v4));
+  memset (&v6, 0, sizeof (v6));
+  dnsout = NULL;
+  if (1 == inet_pton (AF_INET, dns_exit, &v4.sin_addr))
+  {
+    salen = sizeof (v4);
+    v4.sin_family = AF_INET;
+    v4.sin_port = htons (53);
+#if HAVE_SOCKADDR_IN_SIN_LEN
+    v4.sin_len = (u_char) salen;
+#endif
+    so = (struct sockaddr *) &v4;
+    dnsout = dnsout4;
+  } 
+  if (1 == inet_pton (AF_INET6, dns_exit, &v6.sin6_addr))
+  {
+    salen = sizeof (v6);
+    v6.sin6_family = AF_INET6;
+    v6.sin6_port = htons (53);
+#if HAVE_SOCKADDR_IN_SIN_LEN
+    v6.sin6_len = (u_char) salen;
+#endif
+    so = (struct sockaddr *) &v6;
+    dnsout = dnsout6;
+  }
+  if (NULL == dnsout)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                _("Configured DNS exit `%s' is not working / valid.\n"),
+                dns_exit);
+    return GNUNET_SYSERR;
+  }
+  memcpy (&ts->addr,
+          so,
+          salen);
+  ts->addrlen = salen;
+  GNUNET_NETWORK_socket_sendto (dnsout,
+                                buf, dlen, so, salen); 
+  return GNUNET_OK;
+}
+/**
+ * Callback from GNUNET_MESH for new tunnels.
+ *
+ * @param cls closure
+ * @param tunnel new handle to the tunnel
+ * @param initiator peer that started the tunnel
+ * @param atsi performance information for the tunnel
+ * @return initial tunnel context for the tunnel
+ */
+static void *
+accept_dns_tunnel (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
+                   const struct GNUNET_PeerIdentity *initiator GNUNET_UNUSED,
+                   const struct GNUNET_ATS_Information *ats GNUNET_UNUSED)
+{
+  struct TunnelState *ts = GNUNET_malloc (sizeof (struct TunnelState));
+  GNUNET_STATISTICS_update (stats,
+                            gettext_noop ("# Inbound MESH tunnels created"),
+                            1, GNUNET_NO);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Received inbound tunnel from `%s'\n",
+              GNUNET_i2s (initiator));
+  ts->tunnel = tunnel;
+  return ts;
+}
+/**
+ * Function called by mesh whenever an inbound tunnel is destroyed.
+ * Should clean up any associated state.
+ *
+ * @param cls closure (set from GNUNET_MESH_connect)
+ * @param tunnel connection to the other end (henceforth invalid)
+ * @param tunnel_ctx place where local state associated
+ *                   with the tunnel is stored
+ */
+static void
+destroy_dns_tunnel (void *cls GNUNET_UNUSED, 
+                    const struct GNUNET_MESH_Tunnel *tunnel,
+                    void *tunnel_ctx)
+{
+  struct TunnelState *ts = tunnel_ctx;
+  if (tunnels[ts->my_id] == ts)
+    tunnels[ts->my_id] = NULL;
+  if (NULL != ts->th)
+    GNUNET_MESH_notify_transmit_ready_cancel (ts->th);
+  GNUNET_free_non_null (ts->reply);
+  GNUNET_free (ts);
+}
+/**
 * @param cls closure
 * @param server the initialized server
 * @param cfg_ configuration to use
@@ -1150,6 +1440,9 @@ run (void *cls, struct GNUNET_SERVER_Handle *server,
  nc = GNUNET_SERVER_notification_context_create (server, 1);
  GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &cleanup_task,
                                cls);
+  (void) GNUNET_CONFIGURATION_get_value_string (cfg, "dns", 
+                                                "DNS_EXIT",
+                                                &dns_exit);  
  if (GNUNET_YES ==
      GNUNET_CONFIGURATION_get_value_yesno (cfg_, "dns", "PROVIDE_EXIT"))
  {
@@ -1220,6 +1513,24 @@ run (void *cls, struct GNUNET_SERVER_Handle *server,
                   (unsigned int) dnsoutport);
  helper_argv[6] = GNUNET_strdup (port_s);
  helper_argv[7] = NULL;
+  if (NULL != dns_exit)
+  {
+    static struct GNUNET_MESH_MessageHandler mesh_handlers[] = {
+      {&receive_dns_request, GNUNET_MESSAGE_TYPE_VPN_DNS_TO_INTERNET, 0},
+      {NULL, 0, 0}
+    };
+    static GNUNET_MESH_ApplicationType mesh_types[] = {
+      GNUNET_APPLICATION_TYPE_INTERNET_RESOLVER,
+      GNUNET_APPLICATION_TYPE_END
+    };
+    mesh = GNUNET_MESH_connect (cfg,
+                                1, NULL,
+                                &accept_dns_tunnel, 
+                                &destroy_dns_tunnel,
+                                mesh_handlers,
+                                mesh_types);
+  }
  hijacker = GNUNET_HELPER_start ("gnunet-helper-dns",
                                  helper_argv,
                                  &process_helper_messages,
diff --git a/src/exit/gnunet-daemon-exit.c b/src/exit/gnunet-daemon-exit.c
index 2a8c746f2..a2b6d9c8a 100644
--- a/src/exit/gnunet-daemon-exit.c
+++ b/src/exit/gnunet-daemon-exit.c
@@ -641,9 +641,7 @@ udp_from_helper (const struct GNUNET_TUN_UdpHeader *udp,
  send_packet_to_mesh_tunnel (state->tunnel,
                              &udp[1], pktlen - sizeof (struct GNUNET_TUN_UdpHeader),
                              NULL,
-                              state->serv != NULL
+                              GNUNET_MESSAGE_TYPE_VPN_UDP_REPLY);
-                              ? GNUNET_MESSAGE_TYPE_VPN_SERVICE_UDP_BACK 
-                              : GNUNET_MESSAGE_TYPE_VPN_REMOTE_UDP_BACK);
 }
@@ -712,9 +710,7 @@ tcp_from_helper (const struct GNUNET_TUN_TcpHeader *tcp,
  send_packet_to_mesh_tunnel (state->tunnel,
                              mtcp, pktlen,
                              NULL,
-                              state->serv != NULL
+                              GNUNET_MESSAGE_TYPE_VPN_TCP_DATA);
-                              ? GNUNET_MESSAGE_TYPE_VPN_SERVICE_TCP_BACK 
-                              : GNUNET_MESSAGE_TYPE_VPN_REMOTE_TCP_BACK);
 }
diff --git a/src/include/gnunet_applications.h b/src/include/gnunet_applications.h
index d9df78d33..5feaeec6b 100644
--- a/src/include/gnunet_applications.h
+++ b/src/include/gnunet_applications.h
@@ -50,30 +50,6 @@ extern "C"
 */
 #define GNUNET_APPLICATION_TYPE_INTERNET_RESOLVER 2
-/**
- * Internet HTTP gateway (port 80).
- */
-#define GNUNET_APPLICATION_TYPE_INTERNET_HTTP_GATEWAY 3
-/**
- * Internet HTTPS gateway (port 443).
- */
-#define GNUNET_APPLICATION_TYPE_INTERNET_HTTPS_GATEWAY 4
-/**
- * Internet TCP gateway (any port).
- */
-#define GNUNET_APPLICATION_TYPE_INTERNET_TCP_GATEWAY 5
-/**
- * Internet UDP gateway (any port).
- */
-#define GNUNET_APPLICATION_TYPE_INTERNET_UDP_GATEWAY 6
-/**
- * GNUnet VPN Search Engine (searches HTTP sites hosted within GNUnet) [example]
- */
-#define GNUNET_APPLICATION_TYPE_GNUNET_SEARCH 7
 /**
 * Internet IPv4 gateway (any TCP/UDP/ICMP).
diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h
index 52ae26e00..bda20e37d 100644
--- a/src/include/gnunet_protocols.h
+++ b/src/include/gnunet_protocols.h
@@ -593,47 +593,16 @@ extern "C"
 */
 #define GNUNET_MESSAGE_TYPE_VPN_HELPER 185
-/**
- * Type of messages containing an UDP packet for a service
- */
-#define GNUNET_MESSAGE_TYPE_VPN_SERVICE_UDP 186
-/**
- * Type of messages containing an UDP packet from a service
- */
-#define GNUNET_MESSAGE_TYPE_VPN_SERVICE_UDP_BACK 187
-/**
- * Type of messages containing an TCP packet for a service
- */
-#define GNUNET_MESSAGE_TYPE_VPN_SERVICE_TCP 188
 /**
- * Type of messages containing an TCP packet from a service
+ * Type of messages containing an DNS request for a DNS exit service.
 */
-#define GNUNET_MESSAGE_TYPE_VPN_SERVICE_TCP_BACK 189
+#define GNUNET_MESSAGE_TYPE_VPN_DNS_TO_INTERNET 194
 /**
- * Type of messages containing an UDP packet for a remote host
+ * Type of messages containing an DNS reply from a DNS exit service.
 */
-#define GNUNET_MESSAGE_TYPE_VPN_REMOTE_UDP 190
+#define GNUNET_MESSAGE_TYPE_VPN_DNS_FROM_INTERNET 195
-/**
- * Type of messages containing an UDP packet from a remote host
- */
-#define GNUNET_MESSAGE_TYPE_VPN_REMOTE_UDP_BACK 191
-/**
- * Type of messages containing an TCP packet for a remote host
- */
-#define GNUNET_MESSAGE_TYPE_VPN_REMOTE_TCP 192
-/**
- * Type of messages containing an TCP packet from a remote host
- */
-#define GNUNET_MESSAGE_TYPE_VPN_REMOTE_TCP_BACK 193
 /**
 * Type of messages containing an TCP packet for a service.
@@ -689,26 +658,6 @@ extern "C"
 * VPN-DNS message types
 ******************************************************************************/
-/**
- * Type of messages to query the local service-dns
- */
-#define GNUNET_MESSAGE_TYPE_VPN_DNS_LOCAL_QUERY_DNS 205
-/**
- * Type of messages the local service-dns responds with
- */
-#define GNUNET_MESSAGE_TYPE_VPN_DNS_LOCAL_RESPONSE_DNS 206
-/**
- * Type of messages to instruct the local service-dns to rehijack the dns
- */
-#define GNUNET_MESSAGE_TYPE_REHIJACK 207
-/**
- * Type of messages to send a DNS-query to another peer
- */
-#define GNUNET_MESSAGE_TYPE_VPN_REMOTE_QUERY_DNS 208
-/**
- * Type of messages to send a DNS-answer to another peer
- */
-#define GNUNET_MESSAGE_TYPE_VPN_REMOTE_ANSWER_DNS 209
 /**
 * Initial message from client to DNS service for registration.
@@ -746,7 +695,6 @@ extern "C"
 */
 #define GNUNET_MESSAGE_TYPE_MESH_HELLO 216
 /**
 * Request the creation of a path
 */
diff --git a/src/pt/gnunet-daemon-pt b/src/pt/gnunet-daemon-pt
deleted file mode 100755
index e57ea8f4d..000000000
--- a/src/pt/gnunet-daemon-pt
+++ /dev/null
@@ -1,228 +0,0 @@
-#! /bin/bash
-# gnunet-daemon-pt - temporary wrapper script for .libs/gnunet-daemon-pt
-# Generated by libtool (GNU libtool) 2.4.2 Debian-2.4.2-1
-#
-# The gnunet-daemon-pt program cannot be directly executed until all the libtool
-# libraries that it depends on are installed.
-#
-# This wrapper script should never be moved out of the build directory.
-# If it is, it will not operate correctly.
-# Sed substitution that helps us do robust quoting.  It backslashifies
-# metacharacters that are still active within double-quoted strings.
-sed_quote_subst='s/\([`"$\\]\)/\\\1/g'
-# Be Bourne compatible
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
-  emulate sh
-  NULLCMD=:
-  # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
-  # is contrary to our usage.  Disable this feature.
-  alias -g '${1+"$@"}'='"$@"'
-  setopt NO_GLOB_SUBST
-else
-  case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac
-fi
-BIN_SH=xpg4; export BIN_SH # for Tru64
-DUALCASE=1; export DUALCASE # for MKS sh
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-relink_command="(cd /home/grothoff/svn/gnunet/src/pt; { test -z \"\${LIBRARY_PATH+set}\" || unset LIBRARY_PATH || { LIBRARY_PATH=; export LIBRARY_PATH; }; }; { test -z \"\${COMPILER_PATH+set}\" || unset COMPILER_PATH || { COMPILER_PATH=; export COMPILER_PATH; }; }; { test -z \"\${GCC_EXEC_PREFIX+set}\" || unset GCC_EXEC_PREFIX || { GCC_EXEC_PREFIX=; export GCC_EXEC_PREFIX; }; }; { test -z \"\${LD_RUN_PATH+set}\" || unset LD_RUN_PATH || { LD_RUN_PATH=; export LD_RUN_PATH; }; }; LD_LIBRARY_PATH=/home/grothoff/lib; export LD_LIBRARY_PATH; PATH=/opt/jdk1.6.0_22/bin/:/home/grothoff/bin/:/usr/local/bin:/usr/bin:/bin:/usr/games:.; export PATH; gcc -fno-strict-aliasing -Wall -g -O0 -Wall -o \$progdir/\$file gnunet-daemon-pt.o  -L/home/grothoff//lib ../../src/vpn/.libs/libgnunetvpn.so ../../src/dns/.libs/libgnunetdns.so ../../src/dns/.libs/libgnunetdnsparser.so ../../src/statistics/.libs/libgnunetstatistics.so ../../src/util/.libs/libgnunetutil.so ../../src/mesh/.libs/libgnunetmesh.so -lm -ldl -Wl,-rpath -Wl,/home/grothoff/svn/gnunet/src/vpn/.libs -Wl,-rpath -Wl,/home/grothoff/svn/gnunet/src/dns/.libs -Wl,-rpath -Wl,/home/grothoff/svn/gnunet/src/statistics/.libs -Wl,-rpath -Wl,/home/grothoff/svn/gnunet/src/util/.libs -Wl,-rpath -Wl,/home/grothoff/svn/gnunet/src/mesh/.libs -Wl,-rpath -Wl,/home/grothoff/lib)"
-# This environment variable determines our operation mode.
-if test "$libtool_install_magic" = "%%%MAGIC variable%%%"; then
-  # install mode needs the following variables:
-  generated_by_libtool_version='2.4.2'
-  notinst_deplibs=' ../../src/vpn/libgnunetvpn.la ../../src/dns/libgnunetdns.la ../../src/dns/libgnunetdnsparser.la ../../src/statistics/libgnunetstatistics.la ../../src/util/libgnunetutil.la ../../src/mesh/libgnunetmesh.la'
-else
-  # When we are sourced in execute mode, $file and $ECHO are already set.
-  if test "$libtool_execute_magic" != "%%%MAGIC variable%%%"; then
-    file="$0"
-# A function that is used when there is no print builtin or printf.
-func_fallback_echo ()
-{
-  eval 'cat <<_LTECHO_EOF
-$1
-_LTECHO_EOF'
-}
-    ECHO="printf %s\\n"
-  fi
-# Very basic option parsing. These options are (a) specific to
-# the libtool wrapper, (b) are identical between the wrapper
-# /script/ and the wrapper /executable/ which is used only on
-# windows platforms, and (c) all begin with the string --lt-
-# (application programs are unlikely to have options which match
-# this pattern).
-#
-# There are only two supported options: --lt-debug and
-# --lt-dump-script. There is, deliberately, no --lt-help.
-#
-# The first argument to this parsing function should be the
-# script's ../../libtool value, followed by no.
-lt_option_debug=
-func_parse_lt_options ()
-{
-  lt_script_arg0=$0
-  shift
-  for lt_opt
-  do
-    case "$lt_opt" in
-    --lt-debug) lt_option_debug=1 ;;
-    --lt-dump-script)
-        lt_dump_D=`$ECHO "X$lt_script_arg0" | /bin/sed -e 's/^X//' -e 's%/[^/]*$%%'`
-        test "X$lt_dump_D" = "X$lt_script_arg0" && lt_dump_D=.
-        lt_dump_F=`$ECHO "X$lt_script_arg0" | /bin/sed -e 's/^X//' -e 's%^.*/%%'`
-        cat "$lt_dump_D/$lt_dump_F"
-        exit 0
-      ;;
-    --lt-*)
-        $ECHO "Unrecognized --lt- option: '$lt_opt'" 1>&2
-        exit 1
-      ;;
-    esac
-  done
-  # Print the debug banner immediately:
-  if test -n "$lt_option_debug"; then
-    echo "gnunet-daemon-pt:gnunet-daemon-pt:${LINENO}: libtool wrapper (GNU libtool) 2.4.2 Debian-2.4.2-1" 1>&2
-  fi
-}
-# Used when --lt-debug. Prints its arguments to stdout
-# (redirection is the responsibility of the caller)
-func_lt_dump_args ()
-{
-  lt_dump_args_N=1;
-  for lt_arg
-  do
-    $ECHO "gnunet-daemon-pt:gnunet-daemon-pt:${LINENO}: newargv[$lt_dump_args_N]: $lt_arg"
-    lt_dump_args_N=`expr $lt_dump_args_N + 1`
-  done
-}
-# Core function for launching the target application
-func_exec_program_core ()
-{
-      if test -n "$lt_option_debug"; then
-        $ECHO "gnunet-daemon-pt:gnunet-daemon-pt:${LINENO}: newargv[0]: $progdir/$program" 1>&2
-        func_lt_dump_args ${1+"$@"} 1>&2
-      fi
-      exec "$progdir/$program" ${1+"$@"}
-      $ECHO "$0: cannot exec $program $*" 1>&2
-      exit 1
-}
-# A function to encapsulate launching the target application
-# Strips options in the --lt-* namespace from $@ and
-# launches target application with the remaining arguments.
-func_exec_program ()
-{
-  case " $* " in
-  *\ --lt-*)
-    for lt_wr_arg
-    do
-      case $lt_wr_arg in
-      --lt-*) ;;
-      *) set x "$@" "$lt_wr_arg"; shift;;
-      esac
-      shift
-    done ;;
-  esac
-  func_exec_program_core ${1+"$@"}
-}
-  # Parse options
-  func_parse_lt_options "$0" ${1+"$@"}
-  # Find the directory that this script lives in.
-  thisdir=`$ECHO "$file" | /bin/sed 's%/[^/]*$%%'`
-  test "x$thisdir" = "x$file" && thisdir=.
-  # Follow symbolic links until we get to the real thisdir.
-  file=`ls -ld "$file" | /bin/sed -n 's/.*-> //p'`
-  while test -n "$file"; do
-    destdir=`$ECHO "$file" | /bin/sed 's%/[^/]*$%%'`
-    # If there was a directory component, then change thisdir.
-    if test "x$destdir" != "x$file"; then
-      case "$destdir" in
-      [\\/]* | [A-Za-z]:[\\/]*) thisdir="$destdir" ;;
-      *) thisdir="$thisdir/$destdir" ;;
-      esac
-    fi
-    file=`$ECHO "$file" | /bin/sed 's%^.*/%%'`
-    file=`ls -ld "$thisdir/$file" | /bin/sed -n 's/.*-> //p'`
-  done
-  # Usually 'no', except on cygwin/mingw when embedded into
-  # the cwrapper.
-  WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=no
-  if test "$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR" = "yes"; then
-    # special case for '.'
-    if test "$thisdir" = "."; then
-      thisdir=`pwd`
-    fi
-    # remove .libs from thisdir
-    case "$thisdir" in
-    *[\\/].libs ) thisdir=`$ECHO "$thisdir" | /bin/sed 's%[\\/][^\\/]*$%%'` ;;
-    .libs )   thisdir=. ;;
-    esac
-  fi
-  # Try to get the absolute directory name.
-  absdir=`cd "$thisdir" && pwd`
-  test -n "$absdir" && thisdir="$absdir"
-  program=lt-'gnunet-daemon-pt'
-  progdir="$thisdir/.libs"
-  if test ! -f "$progdir/$program" ||
-     { file=`ls -1dt "$progdir/$program" "$progdir/../$program" 2>/dev/null | /bin/sed 1q`; \
-       test "X$file" != "X$progdir/$program"; }; then
-    file="$$-$program"
-    if test ! -d "$progdir"; then
-      mkdir "$progdir"
-    else
-      rm -f "$progdir/$file"
-    fi
-    # relink executable if necessary
-    if test -n "$relink_command"; then
-      if relink_command_output=`eval $relink_command 2>&1`; then :
-      else
-        printf %s\n "$relink_command_output" >&2
-        rm -f "$progdir/$file"
-        exit 1
-      fi
-    fi
-    mv -f "$progdir/$file" "$progdir/$program" 2>/dev/null ||
-    { rm -f "$progdir/$program";
-      mv -f "$progdir/$file" "$progdir/$program"; }
-    rm -f "$progdir/$file"
-  fi
-  if test -f "$progdir/$program"; then
-    if test "$libtool_execute_magic" != "%%%MAGIC variable%%%"; then
-      # Run the actual program with our arguments.
-      func_exec_program ${1+"$@"}
-    fi
-  else
-    # The program doesn't exist.
-    $ECHO "$0: error: \`$progdir/$program' does not exist" 1>&2
-    $ECHO "This script is just a wrapper for $program." 1>&2
-    $ECHO "See the libtool documentation for more information." 1>&2
-    exit 1
-  fi
-fi
diff --git a/src/vpn/gnunet-service-vpn.c b/src/vpn/gnunet-service-vpn.c
index 153327b9b..8a4e308bf 100644
--- a/src/vpn/gnunet-service-vpn.c
+++ b/src/vpn/gnunet-service-vpn.c
@@ -2314,17 +2314,15 @@ run (void *cls,
 {
  static const struct GNUNET_SERVER_MessageHandler service_handlers[] = {
    /* callback, cls, type, size */
-    {&service_redirect_to_ip, NULL, GNUNET_MESSAGE_TYPE_VPN_CLIENT_REDIRECT_TO_IP, 0},
+    { &service_redirect_to_ip, NULL, GNUNET_MESSAGE_TYPE_VPN_CLIENT_REDIRECT_TO_IP, 0},
-    {&service_redirect_to_service, NULL, 
+    { &service_redirect_to_service, NULL, 
     GNUNET_MESSAGE_TYPE_VPN_CLIENT_REDIRECT_TO_SERVICE, 
     sizeof (struct RedirectToServiceRequestMessage) },
    {NULL, NULL, 0, 0}
  };
  static const struct GNUNET_MESH_MessageHandler mesh_handlers[] = {
-    {receive_udp_back, GNUNET_MESSAGE_TYPE_VPN_SERVICE_UDP_BACK, 0},
+    { &receive_udp_back, GNUNET_MESSAGE_TYPE_VPN_UDP_REPLY, 0},
-    {receive_tcp_back, GNUNET_MESSAGE_TYPE_VPN_SERVICE_TCP_BACK, 0},
+    { &receive_tcp_back, GNUNET_MESSAGE_TYPE_VPN_TCP_DATA, 0},
-    {receive_udp_back, GNUNET_MESSAGE_TYPE_VPN_REMOTE_UDP_BACK, 0},
-    {receive_tcp_back, GNUNET_MESSAGE_TYPE_VPN_REMOTE_TCP_BACK, 0},
    {NULL, 0, 0}
  };
  static const GNUNET_MESH_ApplicationType types[] = {