123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542 |
- /*
- This file is part of GNUnet.
- Copyright (C) 2012, 2016 Christian Grothoff
- GNUnet is free software: you can redistribute it and/or modify it
- under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License,
- or (at your option) any later version.
- GNUnet is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- SPDX-License-Identifier: AGPL3.0-or-later
- */
- /**
- * @file vpn/vpn_api.c
- * @brief library to access the VPN service and tell it how to redirect traffic
- * @author Christian Grothoff
- */
- #include "platform.h"
- #include "gnunet_vpn_service.h"
- #include "vpn.h"
- /**
- * Opaque VPN handle
- */
- struct GNUNET_VPN_Handle
- {
- /**
- * Configuration we use.
- */
- const struct GNUNET_CONFIGURATION_Handle *cfg;
- /**
- * Connection to VPN service.
- */
- struct GNUNET_MQ_Handle *mq;
- /**
- * Head of list of active redirection requests.
- */
- struct GNUNET_VPN_RedirectionRequest *rr_head;
- /**
- * Tail of list of active redirection requests.
- */
- struct GNUNET_VPN_RedirectionRequest *rr_tail;
- /**
- * Identifier of a reconnect task.
- */
- struct GNUNET_SCHEDULER_Task *rt;
- /**
- * How long do we wait until we try to reconnect?
- */
- struct GNUNET_TIME_Relative backoff;
- /**
- * ID of the last request that was submitted to the service.
- */
- uint64_t request_id_gen;
- };
- /**
- * Opaque redirection request handle.
- */
- struct GNUNET_VPN_RedirectionRequest
- {
- /**
- * Element in DLL.
- */
- struct GNUNET_VPN_RedirectionRequest *next;
- /**
- * Element in DLL.
- */
- struct GNUNET_VPN_RedirectionRequest *prev;
- /**
- * Pointer to the VPN struct.
- */
- struct GNUNET_VPN_Handle *vh;
- /**
- * Target IP address for the redirection, or NULL for
- * redirection to service. Allocated after this struct.
- */
- const void *addr;
- /**
- * Function to call with the designated IP address.
- */
- GNUNET_VPN_AllocationCallback cb;
- /**
- * Closure for @e cb.
- */
- void *cb_cls;
- /**
- * For service redirection, identity of the peer offering the service.
- */
- struct GNUNET_PeerIdentity peer;
- /**
- * For service redirection, service descriptor.
- */
- struct GNUNET_HashCode serv;
- /**
- * At what time should the created service mapping expire?
- */
- struct GNUNET_TIME_Absolute expiration_time;
- /**
- * non-zero if this request has been sent to the service.
- */
- uint64_t request_id;
- /**
- * Desired address family for the result.
- */
- int result_af;
- /**
- * Address family of @e addr. AF_INET or AF_INET6.
- */
- int addr_af;
- /**
- * For service redirection, IPPROT_UDP or IPPROTO_TCP.
- */
- uint8_t protocol;
- };
- /**
- * Disconnect from the service (communication error) and reconnect later.
- *
- * @param vh handle to reconnect.
- */
- static void
- reconnect (struct GNUNET_VPN_Handle *vh);
- /**
- * Check a #GNUNET_MESSAGE_TYPE_VPN_CLIENT_USE_IP message from the
- * VPN service.
- *
- * @param cls the `struct GNUNET_VPN_Handle`
- * @param rm message received
- * @return #GNUNET_OK if @a rm is well-formed
- */
- static int
- check_use_ip (void *cls,
- const struct RedirectToIpResponseMessage *rm)
- {
- size_t alen;
- int af;
- af = (int) ntohl (rm->result_af);
- switch (af)
- {
- case AF_UNSPEC:
- alen = 0;
- break;
- case AF_INET:
- alen = sizeof (struct in_addr);
- break;
- case AF_INET6:
- alen = sizeof (struct in6_addr);
- break;
- default:
- GNUNET_break (0);
- return GNUNET_SYSERR;
- }
- if ( (ntohs (rm->header.size) != alen + sizeof (*rm)) ||
- (0 == rm->request_id) )
- {
- GNUNET_break (0);
- return GNUNET_SYSERR;
- }
- return GNUNET_OK;
- }
- /**
- * Handle a #GNUNET_MESSAGE_TYPE_VPN_CLIENT_USE_IP message from the
- * VPN service.
- *
- * @param cls the `struct GNUNET_VPN_Handle`
- * @param rm message received
- */
- static void
- handle_use_ip (void *cls,
- const struct RedirectToIpResponseMessage *rm)
- {
- struct GNUNET_VPN_Handle *vh = cls;
- struct GNUNET_VPN_RedirectionRequest *rr;
- int af;
- af = (int) ntohl (rm->result_af);
- for (rr = vh->rr_head; NULL != rr; rr = rr->next)
- {
- if (rr->request_id == rm->request_id)
- {
- GNUNET_CONTAINER_DLL_remove (vh->rr_head,
- vh->rr_tail,
- rr);
- rr->cb (rr->cb_cls,
- af,
- (af == AF_UNSPEC) ? NULL : &rm[1]);
- GNUNET_free (rr);
- break;
- }
- }
- }
- /**
- * Add a request to our request queue and transmit it.
- *
- * @param rr request to queue and transmit.
- */
- static void
- send_request (struct GNUNET_VPN_RedirectionRequest *rr)
- {
- struct GNUNET_VPN_Handle *vh = rr->vh;
- struct RedirectToIpRequestMessage *rip;
- struct RedirectToServiceRequestMessage *rs;
- struct GNUNET_MQ_Envelope *env;
- size_t alen;
- if (NULL == vh->mq)
- return;
- if (NULL == rr->addr)
- {
- env = GNUNET_MQ_msg (rs,
- GNUNET_MESSAGE_TYPE_VPN_CLIENT_REDIRECT_TO_SERVICE);
- rs->reserved = htonl (0);
- rs->expiration_time = GNUNET_TIME_absolute_hton (rr->expiration_time);
- rs->protocol = htonl (rr->protocol);
- rs->result_af = htonl (rr->result_af);
- rs->target = rr->peer;
- rs->service_descriptor = rr->serv;
- rs->request_id = rr->request_id = ++vh->request_id_gen;
- }
- else
- {
- switch (rr->addr_af)
- {
- case AF_INET:
- alen = sizeof (struct in_addr);
- break;
- case AF_INET6:
- alen = sizeof (struct in6_addr);
- break;
- default:
- GNUNET_assert (0);
- return;
- }
- env = GNUNET_MQ_msg_extra (rip,
- alen,
- GNUNET_MESSAGE_TYPE_VPN_CLIENT_REDIRECT_TO_IP);
- rip->reserved = htonl (0);
- rip->expiration_time = GNUNET_TIME_absolute_hton (rr->expiration_time);
- rip->result_af = htonl (rr->result_af);
- rip->addr_af = htonl (rr->addr_af);
- rip->request_id = rr->request_id = ++vh->request_id_gen;
- GNUNET_memcpy (&rip[1],
- rr->addr,
- alen);
- }
- GNUNET_MQ_send (vh->mq,
- env);
- }
- /**
- * Generic error handler, called with the appropriate error code and
- * the same closure specified at the creation of the message queue.
- * Not every message queue implementation supports an error handler.
- *
- * @param cls closure with the `struct GNUNET_VPN_Handle *`
- * @param error error code
- */
- static void
- mq_error_handler (void *cls,
- enum GNUNET_MQ_Error error)
- {
- struct GNUNET_VPN_Handle *vh = cls;
- reconnect (vh);
- }
- /**
- * Connect to the VPN service and start again to transmit our requests.
- *
- * @param cls the `struct GNUNET_VPN_Handle *`
- */
- static void
- connect_task (void *cls)
- {
- struct GNUNET_VPN_Handle *vh = cls;
- struct GNUNET_MQ_MessageHandler handlers[] = {
- GNUNET_MQ_hd_var_size (use_ip,
- GNUNET_MESSAGE_TYPE_VPN_CLIENT_USE_IP,
- struct RedirectToIpResponseMessage,
- cls),
- GNUNET_MQ_handler_end ()
- };
- struct GNUNET_VPN_RedirectionRequest *rr;
- vh->rt = NULL;
- vh->mq = GNUNET_CLIENT_connect (vh->cfg,
- "vpn",
- handlers,
- &mq_error_handler,
- vh);
- if (NULL == vh->mq)
- return;
- for (rr = vh->rr_head; NULL != rr; rr = rr->next)
- send_request (rr);
- }
- /**
- * Disconnect from the service (communication error) and reconnect later.
- *
- * @param vh handle to reconnect.
- */
- static void
- reconnect (struct GNUNET_VPN_Handle *vh)
- {
- struct GNUNET_VPN_RedirectionRequest *rr;
- GNUNET_MQ_destroy (vh->mq);
- vh->mq = NULL;
- vh->request_id_gen = 0;
- for (rr = vh->rr_head; NULL != rr; rr = rr->next)
- rr->request_id = 0;
- vh->backoff = GNUNET_TIME_relative_max (GNUNET_TIME_UNIT_MILLISECONDS,
- GNUNET_TIME_relative_min (GNUNET_TIME_relative_saturating_multiply (vh->backoff, 2),
- GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 30)));
- vh->rt = GNUNET_SCHEDULER_add_delayed (vh->backoff,
- &connect_task,
- vh);
- }
- /**
- * Cancel redirection request with the service.
- *
- * @param rr request to cancel
- */
- void
- GNUNET_VPN_cancel_request (struct GNUNET_VPN_RedirectionRequest *rr)
- {
- struct GNUNET_VPN_Handle *vh;
- vh = rr->vh;
- GNUNET_CONTAINER_DLL_remove (vh->rr_head,
- vh->rr_tail,
- rr);
- GNUNET_free (rr);
- }
- /**
- * Tell the VPN that a forwarding to a particular peer offering a
- * particular service is requested. The VPN is to reserve a
- * particular IP for the redirection and return it. The VPN will
- * begin the redirection as soon as possible and maintain it as long
- * as it is actively used and keeping it is feasible. Given resource
- * limitations, the longest inactive mappings will be destroyed.
- *
- * @param vh VPN handle
- * @param result_af desired address family for the returned allocation
- * can also be AF_UNSPEC
- * @param protocol protocol, IPPROTO_UDP or IPPROTO_TCP
- * @param peer target peer for the redirection
- * @param serv service descriptor to give to the peer
- * @param expiration_time at what time should the redirection expire?
- * (this should not impact connections that are active at that time)
- * @param cb function to call with the IP
- * @param cb_cls closure for @a cb
- * @return handle to cancel the request (means the callback won't be
- * invoked anymore; the mapping may or may not be established
- * anyway)
- */
- struct GNUNET_VPN_RedirectionRequest *
- GNUNET_VPN_redirect_to_peer (struct GNUNET_VPN_Handle *vh,
- int result_af,
- uint8_t protocol,
- const struct GNUNET_PeerIdentity *peer,
- const struct GNUNET_HashCode *serv,
- struct GNUNET_TIME_Absolute expiration_time,
- GNUNET_VPN_AllocationCallback cb,
- void *cb_cls)
- {
- struct GNUNET_VPN_RedirectionRequest *rr;
- rr = GNUNET_new (struct GNUNET_VPN_RedirectionRequest);
- rr->vh = vh;
- rr->cb = cb;
- rr->cb_cls = cb_cls;
- rr->peer = *peer;
- rr->serv = *serv;
- rr->expiration_time = expiration_time;
- rr->result_af = result_af;
- rr->protocol = protocol;
- GNUNET_CONTAINER_DLL_insert_tail (vh->rr_head,
- vh->rr_tail,
- rr);
- send_request (rr);
- return rr;
- }
- /**
- * Tell the VPN that forwarding to the Internet via some exit node is
- * requested. Note that both UDP and TCP traffic will be forwarded,
- * but possibly to different exit nodes. The VPN is to reserve a
- * particular IP for the redirection and return it. The VPN will
- * begin the redirection as soon as possible and maintain it as long
- * as it is actively used and keeping it is feasible. Given resource
- * limitations, the longest inactive mappings will be destroyed.
- *
- * @param vh VPN handle
- * @param result_af desired address family for the returned allocation
- * @param addr_af address family for @a addr, AF_INET or AF_INET6
- * @param addr destination IP address on the Internet; destination
- * port is to be taken from the VPN packet itself
- * @param expiration_time at what time should the redirection expire?
- * (this should not impact connections that are active at that time)
- * @param cb function to call with the IP
- * @param cb_cls closure for @a cb
- * @return handle to cancel the request (means the callback won't be
- * invoked anymore; the mapping may or may not be established
- * anyway)
- */
- struct GNUNET_VPN_RedirectionRequest *
- GNUNET_VPN_redirect_to_ip (struct GNUNET_VPN_Handle *vh,
- int result_af,
- int addr_af,
- const void *addr,
- struct GNUNET_TIME_Absolute expiration_time,
- GNUNET_VPN_AllocationCallback cb,
- void *cb_cls)
- {
- struct GNUNET_VPN_RedirectionRequest *rr;
- size_t alen;
- switch (addr_af)
- {
- case AF_INET:
- alen = sizeof (struct in_addr);
- break;
- case AF_INET6:
- alen = sizeof (struct in6_addr);
- break;
- default:
- GNUNET_break (0);
- return NULL;
- }
- rr = GNUNET_malloc (sizeof (struct GNUNET_VPN_RedirectionRequest) + alen);
- rr->vh = vh;
- rr->addr = &rr[1];
- rr->cb = cb;
- rr->cb_cls = cb_cls;
- rr->expiration_time = expiration_time;
- rr->result_af = result_af;
- rr->addr_af = addr_af;
- GNUNET_memcpy (&rr[1],
- addr,
- alen);
- GNUNET_CONTAINER_DLL_insert_tail (vh->rr_head,
- vh->rr_tail,
- rr);
- send_request (rr);
- return rr;
- }
- /**
- * Connect to the VPN service
- *
- * @param cfg configuration to use
- * @return VPN handle
- */
- struct GNUNET_VPN_Handle *
- GNUNET_VPN_connect (const struct GNUNET_CONFIGURATION_Handle *cfg)
- {
- struct GNUNET_VPN_Handle *vh
- = GNUNET_new (struct GNUNET_VPN_Handle);
- vh->cfg = cfg;
- connect_task (vh);
- if (NULL == vh->mq)
- {
- GNUNET_free (vh);
- return NULL;
- }
- return vh;
- }
- /**
- * Disconnect from the VPN service.
- *
- * @param vh VPN handle
- */
- void
- GNUNET_VPN_disconnect (struct GNUNET_VPN_Handle *vh)
- {
- GNUNET_assert (NULL == vh->rr_head);
- if (NULL != vh->mq)
- {
- GNUNET_MQ_destroy (vh->mq);
- vh->mq = NULL;
- }
- if (NULL != vh->rt)
- {
- GNUNET_SCHEDULER_cancel (vh->rt);
- vh->rt = NULL;
- }
- GNUNET_free (vh);
- }
- /* end of vpn_api.c */
|