#include "platform.h"
#include <microhttpd.h>
#include "gnunet_curl_lib.h"
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include <gnutls/abstract.h>
#include <gnutls/crypto.h>
#include <regex.h>
#include "gnunet_util_lib.h"
#include "gnunet_gns_service.h"
#include "gnunet_mhd_compat.h"
Go to the source code of this file.
Data Structures | |
struct | Socks5ClientHelloMessage |
Client hello in Socks5 protocol. More... | |
struct | Socks5ServerHelloMessage |
Server hello in Socks5 protocol. More... | |
struct | Socks5ClientRequestMessage |
Client socks request in Socks5 protocol. More... | |
struct | Socks5ServerResponseMessage |
Server response to client requests in Socks5 protocol. More... | |
struct | ProxyCA |
A structure for CA cert/key. More... | |
struct | ProxyGNSCertificate |
Structure for GNS certificates. More... | |
struct | MhdHttpList |
A structure for all running Httpds. More... | |
struct | HttpResponseHeader |
A header list. More... | |
struct | Socks5Request |
A structure for socks requests. More... | |
Macros | |
#define | GNUNET_GNS_PROXY_PORT 7777 |
Default Socks5 listen port. More... | |
#define | MAX_HTTP_URI_LENGTH 2048 |
Maximum supported length for a URI. More... | |
#define | MAX_DANES 32 |
Maximum number of DANE records we support per domain name (and port and protocol). More... | |
#define | IO_BUFFERSIZE CURL_MAX_WRITE_SIZE |
Size of the buffer for the data upload / download. More... | |
#define | SOCKS_BUFFERSIZE (256 + 32) |
Size of the read/write buffers for Socks. More... | |
#define | HTTP_PORT 80 |
Port for plaintext HTTP. More... | |
#define | HTTPS_PORT 443 |
Port for HTTPS. More... | |
#define | MAX_PEM_SIZE (10 * 1024) |
Largest allowed size for a PEM certificate. More... | |
#define | MHD_CACHE_TIMEOUT |
After how long do we clean up unused MHD TLS instances? More... | |
#define | HTTP_HANDSHAKE_TIMEOUT |
After how long do we clean up Socks5 handles that failed to show any activity with their respective MHD instance? More... | |
#define | LOG_CURL_EASY(level, fun, rc) |
Log curl error. More... | |
#define | SOCKS_VERSION_5 0x05 |
Which SOCKS version do we speak? More... | |
#define | SOCKS_AUTH_NONE 0 |
Flag to set for 'no authentication'. More... | |
Enumerations | |
enum | Socks5Commands { SOCKS5_CMD_TCP_STREAM = 1 , SOCKS5_CMD_TCP_PORT = 2 , SOCKS5_CMD_UDP_PORT = 3 } |
Commands in Socks5. More... | |
enum | Socks5AddressType { SOCKS5_AT_IPV4 = 1 , SOCKS5_AT_DOMAINNAME = 3 , SOCKS5_AT_IPV6 = 4 } |
Address types in Socks5. More... | |
enum | Socks5StatusCode { SOCKS5_STATUS_REQUEST_GRANTED = 0 , SOCKS5_STATUS_GENERAL_FAILURE = 1 , SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE = 2 , SOCKS5_STATUS_NETWORK_UNREACHABLE = 3 , SOCKS5_STATUS_HOST_UNREACHABLE = 4 , SOCKS5_STATUS_CONNECTION_REFUSED_BY_HOST = 5 , SOCKS5_STATUS_TTL_EXPIRED = 6 , SOCKS5_STATUS_COMMAND_NOT_SUPPORTED = 7 , SOCKS5_STATUS_ADDRESS_TYPE_NOT_SUPPORTED = 8 } |
Status codes in Socks5 response. More... | |
enum | SocksPhase { SOCKS5_INIT , SOCKS5_REQUEST , SOCKS5_RESOLVING , SOCKS5_DATA_TRANSFER , SOCKS5_WRITE_THEN_CLEANUP , SOCKS5_SOCKET_WITH_MHD , SOCKS5_SOCKET_UPLOAD_STARTED , SOCKS5_SOCKET_UPLOAD_DONE , SOCKS5_SOCKET_DOWNLOAD_STARTED , SOCKS5_SOCKET_DOWNLOAD_DONE } |
The socks phases. More... | |
Functions | |
static void | run_mhd_now (struct MhdHttpList *hd) |
Run MHD now, we have extra data ready for the callback. More... | |
static void | cleanup_s5r (struct Socks5Request *s5r) |
Clean up s5r handles. More... | |
static void | curl_download_prepare (void) |
Ask cURL for the select() sets and schedule cURL operations. More... | |
static ssize_t | mhd_content_cb (void *cls, uint64_t pos, char *buf, size_t max) |
Callback for MHD response generation. More... | |
static int | check_ssl_certificate (struct Socks5Request *s5r) |
Check that the website has presented us with a valid X.509 certificate. More... | |
static size_t | curl_check_hdr (void *buffer, size_t size, size_t nmemb, void *cls) |
We're getting an HTTP response header from cURL. More... | |
static int | create_mhd_response_from_s5r (struct Socks5Request *s5r) |
Create an MHD response object in s5r matching the information we got from curl. More... | |
static size_t | curl_download_cb (void *ptr, size_t size, size_t nmemb, void *ctx) |
Handle response payload data from cURL. More... | |
static size_t | curl_upload_cb (void *buf, size_t size, size_t nmemb, void *cls) |
cURL callback for uploaded (PUT/POST) data. More... | |
static void | curl_task_download (void *cls) |
Task that is run when we are ready to receive more data from curl. More... | |
static int | con_val_iter (void *cls, enum MHD_ValueKind kind, const char *key, const char *value) |
Read HTTP request header field from the request. More... | |
static MHD_RESULT | create_response (void *cls, struct MHD_Connection *con, const char *url, const char *meth, const char *ver, const char *upload_data, size_t *upload_data_size, void **con_cls) |
Main MHD callback for handling requests. More... | |
static void | mhd_completed_cb (void *cls, struct MHD_Connection *connection, void **con_cls, enum MHD_RequestTerminationCode toe) |
Function called when MHD decides that we are done with a request. More... | |
static void | mhd_connection_cb (void *cls, struct MHD_Connection *connection, void **con_cls, enum MHD_ConnectionNotificationCode cnc) |
Function called when MHD connection is opened or closed. More... | |
static void * | mhd_log_callback (void *cls, const char *url, struct MHD_Connection *connection) |
Function called when MHD first processes an incoming connection. More... | |
static void | kill_httpd (struct MhdHttpList *hd) |
Kill the given MHD daemon. More... | |
static void | kill_httpd_task (void *cls) |
Task run whenever HTTP server is idle for too long. More... | |
static void | do_httpd (void *cls) |
Task run whenever HTTP server operations are pending. More... | |
static void | schedule_httpd (struct MhdHttpList *hd) |
Schedule MHD. More... | |
static void * | load_file (const char *filename, unsigned int *size) |
Read file in filename. More... | |
static int | load_key_from_file (gnutls_x509_privkey_t key, const char *keyfile) |
Load PEM key from file. More... | |
static int | load_cert_from_file (gnutls_x509_crt_t crt, const char *certfile) |
Load cert from file. More... | |
static struct ProxyGNSCertificate * | generate_gns_certificate (const char *name) |
Generate new certificate for specific name. More... | |
static void | mhd_error_log_callback (void *cls, const char *fm, va_list ap) |
Function called by MHD with errors, suppresses them all. More... | |
static struct MhdHttpList * | lookup_ssl_httpd (const char *domain) |
Lookup (or create) an TLS MHD instance for a particular domain. More... | |
static void | timeout_s5r_handshake (void *cls) |
Task run when a Socks5Request somehow fails to be associated with an MHD connection (e.g. More... | |
static void | setup_data_transfer (struct Socks5Request *s5r) |
We're done with the Socks5 protocol, now we need to pass the connection data through to the final destination, either direct (if the protocol might not be HTTP), or via MHD (if the port looks like it should be HTTP). More... | |
static void | do_write (void *cls) |
Write data from buffer to socks5 client, then continue with state machine. More... | |
static void | signal_socks_failure (struct Socks5Request *s5r, enum Socks5StatusCode sc) |
Return a server response message indicating a failure to the client. More... | |
static void | signal_socks_success (struct Socks5Request *s5r) |
Return a server response message indicating success. More... | |
static void | handle_gns_result (void *cls, int tld, uint32_t rd_count, const struct GNUNET_GNSRECORD_Data *rd) |
Process GNS results for target domain. More... | |
static void | clear_from_s5r_rbuf (struct Socks5Request *s5r, size_t len) |
Remove the first len bytes from the beginning of the read buffer. More... | |
static void | do_s5r_read (void *cls) |
Read data from incoming Socks5 connection. More... | |
static void | do_accept (void *cls) |
Accept new incoming connections. More... | |
static void | do_shutdown (void *cls) |
Task run on shutdown. More... | |
static struct GNUNET_NETWORK_Handle * | bind_v4 () |
Create an IPv4 listen socket bound to our port. More... | |
static struct GNUNET_NETWORK_Handle * | bind_v6 () |
Create an IPv6 listen socket bound to our port. More... | |
static void | run (void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *c) |
Main function that will be run. More... | |
int | main (int argc, char *const *argv) |
The main function for gnunet-gns-proxy. More... | |
Variables | |
static in_addr_t | address |
The address to bind to. More... | |
static struct in6_addr | address6 |
The IPv6 address to bind to. More... | |
static uint16_t | port = 7777 |
The port the proxy is running on (default 7777) More... | |
static char * | cafile_opt |
The CA file (pem) to use for the proxy CA. More... | |
static struct GNUNET_NETWORK_Handle * | lsock4 |
The listen socket of the proxy for IPv4. More... | |
static struct GNUNET_NETWORK_Handle * | lsock6 |
The listen socket of the proxy for IPv6. More... | |
static struct GNUNET_SCHEDULER_Task * | ltask4 |
The listen task ID for IPv4. More... | |
static struct GNUNET_SCHEDULER_Task * | ltask6 |
The listen task ID for IPv6. More... | |
static struct GNUNET_SCHEDULER_Task * | curl_download_task |
The cURL download task (curl multi API). More... | |
static CURLM * | curl_multi |
The cURL multi handle. More... | |
static struct GNUNET_GNS_Handle * | gns_handle |
Handle to the GNS service. More... | |
static int | disable_v6 |
Disable IPv6. More... | |
static struct MhdHttpList * | mhd_httpd_head |
DLL for http/https daemons. More... | |
static struct MhdHttpList * | mhd_httpd_tail |
DLL for http/https daemons. More... | |
static struct MhdHttpList * | httpd |
Daemon for HTTP (we have one per X.509 certificate, and then one for all HTTP connections; this is the one for HTTP, not HTTPS). More... | |
static struct Socks5Request * | s5r_head |
DLL of active socks requests. More... | |
static struct Socks5Request * | s5r_tail |
DLL of active socks requests. More... | |
static struct ProxyCA | proxy_ca |
The CA for X.509 certificate generation. More... | |
static struct MHD_Response * | curl_failure_response |
Response we return on cURL failures. More... | |
static const struct GNUNET_CONFIGURATION_Handle * | cfg |
Our configuration. More... | |
#define GNUNET_GNS_PROXY_PORT 7777 |
Default Socks5 listen port.
Definition at line 49 of file gnunet-gns-proxy.c.
#define MAX_HTTP_URI_LENGTH 2048 |
#define MAX_DANES 32 |
Maximum number of DANE records we support per domain name (and port and protocol).
Definition at line 61 of file gnunet-gns-proxy.c.
#define IO_BUFFERSIZE CURL_MAX_WRITE_SIZE |
Size of the buffer for the data upload / download.
Must be enough for curl, thus CURL_MAX_WRITE_SIZE is needed here (16k).
Definition at line 67 of file gnunet-gns-proxy.c.
#define SOCKS_BUFFERSIZE (256 + 32) |
Size of the read/write buffers for Socks.
Uses 256 bytes for the hostname (at most), plus a few bytes overhead for the messages.
Definition at line 74 of file gnunet-gns-proxy.c.
#define HTTP_PORT 80 |
Port for plaintext HTTP.
Definition at line 79 of file gnunet-gns-proxy.c.
#define HTTPS_PORT 443 |
Port for HTTPS.
Definition at line 84 of file gnunet-gns-proxy.c.
#define MAX_PEM_SIZE (10 * 1024) |
Largest allowed size for a PEM certificate.
Definition at line 89 of file gnunet-gns-proxy.c.
#define MHD_CACHE_TIMEOUT |
After how long do we clean up unused MHD TLS instances?
Definition at line 94 of file gnunet-gns-proxy.c.
#define HTTP_HANDSHAKE_TIMEOUT |
After how long do we clean up Socks5 handles that failed to show any activity with their respective MHD instance?
Definition at line 101 of file gnunet-gns-proxy.c.
#define LOG_CURL_EASY | ( | level, | |
fun, | |||
rc | |||
) |
Log curl error.
level | log level |
fun | name of curl_easy-function that gave the error |
rc | return code from curl |
Definition at line 112 of file gnunet-gns-proxy.c.
#define SOCKS_VERSION_5 0x05 |
Which SOCKS version do we speak?
Definition at line 126 of file gnunet-gns-proxy.c.
#define SOCKS_AUTH_NONE 0 |
Flag to set for 'no authentication'.
Definition at line 131 of file gnunet-gns-proxy.c.
enum Socks5Commands |
Commands in Socks5.
Enumerator | |
---|---|
SOCKS5_CMD_TCP_STREAM | Establish TCP/IP stream. |
SOCKS5_CMD_TCP_PORT | Establish TCP port binding. |
SOCKS5_CMD_UDP_PORT | Establish UDP port binding. |
Definition at line 137 of file gnunet-gns-proxy.c.
enum Socks5AddressType |
Address types in Socks5.
Enumerator | |
---|---|
SOCKS5_AT_IPV4 | IPv4 address. |
SOCKS5_AT_DOMAINNAME | IPv4 address. |
SOCKS5_AT_IPV6 | IPv6 address. |
Definition at line 159 of file gnunet-gns-proxy.c.
enum Socks5StatusCode |
Status codes in Socks5 response.
Definition at line 181 of file gnunet-gns-proxy.c.
enum SocksPhase |
The socks phases.
Definition at line 382 of file gnunet-gns-proxy.c.
|
static |
Run MHD now, we have extra data ready for the callback.
hd | the daemon to run now. |
Definition at line 2584 of file gnunet-gns-proxy.c.
References do_httpd(), GNUNET_SCHEDULER_add_now(), GNUNET_SCHEDULER_cancel(), and MhdHttpList::httpd_task.
Referenced by create_response(), curl_download_cb(), curl_task_download(), and curl_upload_cb().
|
static |
Clean up s5r handles.
s5r | the handle to destroy |
Definition at line 772 of file gnunet-gns-proxy.c.
References Socks5Request::con, Socks5Request::curl, curl_failure_response, curl_multi, Socks5Request::dane_data, Socks5Request::domain, Socks5Request::gns_lookup, GNUNET_CONTAINER_DLL_remove, GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_GNS_lookup_with_tld_cancel(), GNUNET_log, GNUNET_NETWORK_socket_close(), GNUNET_NETWORK_socket_free_memory_only_(), GNUNET_NO, GNUNET_SCHEDULER_cancel(), Socks5Request::headers, Socks5Request::hosts, Socks5Request::leho, Socks5Request::num_danes, Socks5Request::response, Socks5Request::rtask, s5r_head, s5r_tail, Socks5Request::sock, state, Socks5Request::suspended, Socks5Request::timeout_task, Socks5Request::url, and Socks5Request::wtask.
Referenced by do_s5r_read(), do_shutdown(), do_write(), mhd_connection_cb(), setup_data_transfer(), and timeout_s5r_handshake().
|
static |
Ask cURL for the select() sets and schedule cURL operations.
Definition at line 1569 of file gnunet-gns-proxy.c.
References curl_download_task, curl_multi, curl_task_download(), GNUNET_break, GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_NETWORK_fdset_copy_native(), GNUNET_NETWORK_fdset_create(), GNUNET_NETWORK_fdset_destroy(), GNUNET_SCHEDULER_add_delayed(), GNUNET_SCHEDULER_add_select(), GNUNET_SCHEDULER_cancel(), GNUNET_SCHEDULER_PRIORITY_DEFAULT, GNUNET_TIME_relative_multiply(), GNUNET_TIME_UNIT_FOREVER_REL, GNUNET_TIME_UNIT_MILLISECONDS, and max.
Referenced by create_response(), curl_task_download(), mhd_completed_cb(), mhd_connection_cb(), and mhd_content_cb().
|
static |
Callback for MHD response generation.
This function is called from MHD whenever MHD expects to get data back. Copies data from the io_buf, if available.
cls | closure with our struct Socks5Request |
pos | in buffer |
buf | where to copy data |
max | available space in buf |
Definition at line 859 of file gnunet-gns-proxy.c.
References Socks5Request::con, Socks5Request::curl, curl_download_prepare(), Socks5Request::curl_paused, Socks5Request::domain, GNUNET_ERROR_TYPE_DEBUG, GNUNET_log, GNUNET_memcpy, GNUNET_MIN, GNUNET_NO, GNUNET_YES, Socks5Request::io_buf, Socks5Request::io_len, max, SOCKS5_SOCKET_DOWNLOAD_DONE, SOCKS5_SOCKET_UPLOAD_DONE, SOCKS5_SOCKET_UPLOAD_STARTED, Socks5Request::state, Socks5Request::suspended, and Socks5Request::url.
Referenced by create_mhd_response_from_s5r().
|
static |
Check that the website has presented us with a valid X.509 certificate.
The certificate must either match the domain name or the LEHO name (or, if available, the TLSA record).
s5r | request to check for. |
Definition at line 955 of file gnunet-gns-proxy.c.
References _, Socks5Request::curl, Socks5Request::dane_data, Socks5Request::dane_data_len, Socks5Request::domain, GNUNET_break, GNUNET_DNSPARSER_MAX_NAME_LENGTH, GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_WARNING, GNUNET_log, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, GNUNET_YES, Socks5Request::leho, name, Socks5Request::num_danes, size, Socks5Request::ssl_checked, and verify.
Referenced by curl_check_hdr().
|
static |
We're getting an HTTP response header from cURL.
Convert it to the MHD response headers. Mostly copies the headers, but makes special adjustments to "Set-Cookie" and "Location" headers as those may need to be changed from the LEHO to the domain the browser expects.
buffer | curl buffer with a single line of header data; not 0-terminated! |
size | curl blocksize |
nmemb | curl blocknumber |
cls | our struct Socks5Request * |
Definition at line 1123 of file gnunet-gns-proxy.c.
References _, check_ssl_certificate(), cleanup(), Socks5Request::domain, GNUNET_asprintf(), GNUNET_CONTAINER_DLL_insert, GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_log, GNUNET_malloc, GNUNET_memcpy, GNUNET_new, GNUNET_NO, GNUNET_OK, GNUNET_strdup, GNUNET_strndup, GNUNET_YES, Socks5Request::header_head, Socks5Request::header_tail, Socks5Request::is_tls, Socks5Request::leho, size, Socks5Request::ssl_checked, HttpResponseHeader::type, and HttpResponseHeader::value.
Referenced by create_response().
|
static |
Create an MHD response object in s5r matching the information we got from curl.
s5r | the request for which we convert the response |
Definition at line 1328 of file gnunet-gns-proxy.c.
References Socks5Request::con, Socks5Request::curl, Socks5Request::domain, GNUNET_break, GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_INFO, GNUNET_log, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, Socks5Request::header_head, IO_BUFFERSIZE, mhd_content_cb(), HttpResponseHeader::next, Socks5Request::response, Socks5Request::response_code, Socks5Request::suspended, and Socks5Request::url.
Referenced by curl_download_cb(), and curl_task_download().
|
static |
Handle response payload data from cURL.
Copies it into our io_buf
to make it available to MHD.
ptr | pointer to the data |
size | number of blocks of data |
nmemb | blocksize |
ctx | our struct Socks5Request * |
Definition at line 1411 of file gnunet-gns-proxy.c.
References Socks5Request::con, create_mhd_response_from_s5r(), ctx, Socks5Request::curl_paused, Socks5Request::domain, GNUNET_assert, GNUNET_ERROR_TYPE_DEBUG, GNUNET_log, GNUNET_memcpy, GNUNET_NO, GNUNET_OK, GNUNET_YES, Socks5Request::hd, Socks5Request::io_buf, Socks5Request::io_len, Socks5Request::response, run_mhd_now(), size, SOCKS5_SOCKET_DOWNLOAD_STARTED, SOCKS5_SOCKET_UPLOAD_DONE, SOCKS5_SOCKET_UPLOAD_STARTED, Socks5Request::state, Socks5Request::suspended, and Socks5Request::url.
Referenced by create_response().
|
static |
cURL callback for uploaded (PUT/POST) data.
Copies it into our io_buf
to make it available to MHD.
buf | where to write the data |
size | number of bytes per member |
nmemb | number of members available in buf |
cls | our struct Socks5Request that generated the data |
Definition at line 1490 of file gnunet-gns-proxy.c.
References Socks5Request::curl, Socks5Request::curl_paused, Socks5Request::domain, GNUNET_break, GNUNET_ERROR_TYPE_DEBUG, GNUNET_log, GNUNET_memcpy, GNUNET_MIN, GNUNET_NO, GNUNET_YES, Socks5Request::hd, Socks5Request::io_buf, Socks5Request::io_len, run_mhd_now(), size, SOCKS5_SOCKET_DOWNLOAD_STARTED, SOCKS5_SOCKET_UPLOAD_DONE, SOCKS5_SOCKET_UPLOAD_STARTED, Socks5Request::state, and Socks5Request::url.
Referenced by create_response().
|
static |
Task that is run when we are ready to receive more data from curl.
cls | closure |
cls | closure, NULL |
Definition at line 1648 of file gnunet-gns-proxy.c.
References create_mhd_response_from_s5r(), curl_download_prepare(), curl_download_task, curl_failure_response, curl_multi, GNUNET_assert, GNUNET_break, GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_NO, GNUNET_OK, GNUNET_SCHEDULER_cancel(), GNUNET_YES, msg, run_mhd_now(), and SOCKS5_SOCKET_DOWNLOAD_DONE.
Referenced by curl_download_prepare().
|
static |
Read HTTP request header field from the request.
Copies the fields over to the 'headers' that will be given to curl. However, 'Host' is substituted with the LEHO if present. We also change the 'Connection' header value to "close" as the proxy does not support pipelining.
cls | our struct Socks5Request |
kind | value kind |
key | field key |
value | field value |
Definition at line 1780 of file gnunet-gns-proxy.c.
References GNUNET_asprintf(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_log, Socks5Request::headers, key, Socks5Request::leho, and value.
Referenced by create_response().
|
static |
Main MHD callback for handling requests.
cls | unused |
con | MHD connection handle |
url | the url in the request |
meth | the HTTP method used ("GET", "PUT", etc.) |
ver | the HTTP version string ("HTTP/1.1" for version 1.1, etc.) |
upload_data | the data being uploaded (excluding HEADERS, for a POST that fits into memory and that is encoded with a supported encoding, the POST data will NOT be given in upload_data and is instead available as part of MHD_get_connection_values; very large POST data will be made available incrementally in upload_data) |
upload_data_size | set initially to the size of the upload_data provided; the method must update this value to the number of bytes NOT processed; |
con_cls | pointer to location where we store the struct Request |
Pre-populate cache to resolve Hostname. This is necessary as the DNS name in the CURLOPT_URL is used for SNI http://de.wikipedia.org/wiki/Server_Name_Indication
Definition at line 1830 of file gnunet-gns-proxy.c.
References _, Socks5Request::con, con_val_iter(), Socks5Request::curl, curl_check_hdr(), curl_download_cb(), curl_download_prepare(), curl_failure_response, curl_multi, Socks5Request::curl_paused, curl_upload_cb(), Socks5Request::destination_address, Socks5Request::domain, GNUNET_asprintf(), GNUNET_assert, GNUNET_break, GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_log, GNUNET_memcpy, GNUNET_MIN, GNUNET_NO, GNUNET_snprintf(), GNUNET_YES, Socks5Request::hd, Socks5Request::headers, Socks5Request::hosts, Socks5Request::io_buf, Socks5Request::io_len, Socks5Request::is_gns, Socks5Request::is_tls, Socks5Request::leho, Socks5Request::num_danes, Socks5Request::port, Socks5Request::response, Socks5Request::response_code, run_mhd_now(), SOCKS5_SOCKET_DOWNLOAD_STARTED, SOCKS5_SOCKET_UPLOAD_DONE, SOCKS5_SOCKET_UPLOAD_STARTED, SOCKS5_SOCKET_WITH_MHD, Socks5Request::state, Socks5Request::suspended, and Socks5Request::url.
Referenced by lookup_ssl_httpd(), and run().
|
static |
Function called when MHD decides that we are done with a request.
cls | NULL |
connection | connection handle |
con_cls | value as set by the last call to the MHD_AccessHandlerCallback, should be our struct Socks5Request * |
toe | reason for request termination (ignored) |
Definition at line 2275 of file gnunet-gns-proxy.c.
References Socks5Request::curl, curl_download_prepare(), curl_failure_response, curl_multi, GNUNET_CONTAINER_DLL_remove, GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_INFO, GNUNET_free, GNUNET_log, Socks5Request::header_head, Socks5Request::header_tail, Socks5Request::headers, Socks5Request::io_len, Socks5Request::rbuf_len, Socks5Request::response, SOCKS5_SOCKET_WITH_MHD, Socks5Request::state, Socks5Request::url, and Socks5Request::wbuf_len.
Referenced by lookup_ssl_httpd(), and run().
|
static |
Function called when MHD connection is opened or closed.
cls | NULL |
connection | connection handle |
con_cls | value as set by the last call to the MHD_AccessHandlerCallback, should be our struct Socks5Request * |
toe | connection notification type |
Definition at line 2337 of file gnunet-gns-proxy.c.
References cleanup_s5r(), curl_download_prepare(), GNUNET_break, GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_NETWORK_get_fd(), GNUNET_NO, Socks5Request::next, s5r_head, Socks5Request::sock, and Socks5Request::ssl_checked.
Referenced by lookup_ssl_httpd(), and run().
|
static |
Function called when MHD first processes an incoming connection.
Gives us the respective URI information.
We use this to associate the struct MHD_Connection
with our internal struct Socks5Request
data structure (by checking for matching sockets).
cls | the HTTP server handle (a struct MhdHttpList ) |
url | the URL that is being requested |
connection | MHD connection object for the request |
struct Socks5Request
that this connection is for Definition at line 2406 of file gnunet-gns-proxy.c.
References GNUNET_assert, GNUNET_break, GNUNET_ERROR_TYPE_DEBUG, GNUNET_log, GNUNET_SCHEDULER_cancel(), GNUNET_strdup, SOCKS5_SOCKET_WITH_MHD, Socks5Request::state, Socks5Request::timeout_task, and Socks5Request::url.
Referenced by lookup_ssl_httpd(), and run().
|
static |
Kill the given MHD daemon.
hd | daemon to stop |
Definition at line 2444 of file gnunet-gns-proxy.c.
References MhdHttpList::daemon, MhdHttpList::domain, GNUNET_CONTAINER_DLL_remove, GNUNET_free, GNUNET_SCHEDULER_cancel(), httpd, MhdHttpList::httpd_task, mhd_httpd_head, mhd_httpd_tail, and MhdHttpList::proxy_cert.
Referenced by do_shutdown(), kill_httpd_task(), and schedule_httpd().
|
static |
Task run whenever HTTP server is idle for too long.
Kill it.
cls | the struct MhdHttpList * |
Definition at line 2469 of file gnunet-gns-proxy.c.
References MhdHttpList::httpd_task, and kill_httpd().
Referenced by schedule_httpd().
|
static |
Task run whenever HTTP server operations are pending.
cls | the struct MhdHttpList * of the daemon that is being run |
Definition at line 2568 of file gnunet-gns-proxy.c.
References MhdHttpList::daemon, MhdHttpList::httpd_task, and schedule_httpd().
Referenced by run_mhd_now(), and schedule_httpd().
|
static |
Schedule MHD.
This function should be called initially when an MHD is first getting its client socket, and will then automatically always be called later whenever there is work to be done.
hd | the daemon to schedule |
Definition at line 2495 of file gnunet-gns-proxy.c.
References MhdHttpList::daemon, do_httpd(), GNUNET_NETWORK_fdset_copy_native(), GNUNET_NETWORK_fdset_create(), GNUNET_NETWORK_fdset_destroy(), GNUNET_SCHEDULER_add_delayed(), GNUNET_SCHEDULER_add_select(), GNUNET_SCHEDULER_cancel(), GNUNET_SCHEDULER_PRIORITY_DEFAULT, GNUNET_TIME_UNIT_FOREVER_REL, httpd, MhdHttpList::httpd_task, kill_httpd(), kill_httpd_task(), max, MHD_CACHE_TIMEOUT, GNUNET_TIME_Relative::rel_value_us, and timeout.
Referenced by do_httpd(), and setup_data_transfer().
|
static |
Read file in filename.
filename | file to read |
size | pointer where filesize is stored |
Definition at line 2601 of file gnunet-gns-proxy.c.
References filename, GNUNET_DISK_file_size(), GNUNET_DISK_fn_read(), GNUNET_free, GNUNET_malloc, GNUNET_OK, GNUNET_YES, consensus-simulation::int, MAX_PEM_SIZE, and size.
Referenced by load_cert_from_file(), and load_key_from_file().
|
static |
Load PEM key from file.
key | where to store the data |
keyfile | path to the PEM file |
Definition at line 2637 of file gnunet-gns-proxy.c.
References _, GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_SYSERR, key, load_file(), and ret.
Referenced by run().
|
static |
Load cert from file.
crt | struct to store data in |
certfile | path to pem file |
Definition at line 2668 of file gnunet-gns-proxy.c.
References _, GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_SYSERR, load_file(), and ret.
Referenced by run().
|
static |
Generate new certificate for specific name.
name | the subject name to generate a cert for |
Definition at line 2699 of file gnunet-gns-proxy.c.
References ProxyCA::cert, ProxyGNSCertificate::cert, etime, GNUNET_break, GNUNET_ERROR_TYPE_DEBUG, GNUNET_log, GNUNET_new, ProxyCA::key, ProxyGNSCertificate::key, name, proxy_ca, and request.
Referenced by lookup_ssl_httpd().
|
static |
Function called by MHD with errors, suppresses them all.
cls | closure |
fm | format string (printf() -style) |
ap | arguments to fm |
Definition at line 2781 of file gnunet-gns-proxy.c.
Referenced by lookup_ssl_httpd().
|
static |
Lookup (or create) an TLS MHD instance for a particular domain.
domain | the domain the TLS daemon has to serve |
Definition at line 2796 of file gnunet-gns-proxy.c.
References ProxyGNSCertificate::cert, create_response(), MhdHttpList::daemon, MhdHttpList::domain, generate_gns_certificate(), GNUNET_break, GNUNET_CONTAINER_DLL_insert, GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_log, GNUNET_new, GNUNET_strdup, GNUNET_YES, MhdHttpList::is_ssl, ProxyGNSCertificate::key, mhd_completed_cb(), mhd_connection_cb(), mhd_error_log_callback(), mhd_httpd_head, mhd_httpd_tail, mhd_log_callback(), MhdHttpList::next, and MhdHttpList::proxy_cert.
Referenced by setup_data_transfer().
|
static |
Task run when a Socks5Request somehow fails to be associated with an MHD connection (e.g.
because the client never speaks HTTP after the SOCKS5 handshake). Clean up.
cls | the struct Socks5Request * |
Definition at line 2858 of file gnunet-gns-proxy.c.
References cleanup_s5r(), and Socks5Request::timeout_task.
Referenced by setup_data_transfer().
|
static |
We're done with the Socks5 protocol, now we need to pass the connection data through to the final destination, either direct (if the protocol might not be HTTP), or via MHD (if the port looks like it should be HTTP).
s5r | socks request that has reached the final stage |
Definition at line 2876 of file gnunet-gns-proxy.c.
References _, cleanup_s5r(), MhdHttpList::daemon, Socks5Request::domain, GNUNET_asprintf(), GNUNET_assert, GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_log, GNUNET_NETWORK_get_addr(), GNUNET_NETWORK_get_addrlen(), GNUNET_NETWORK_get_fd(), GNUNET_SCHEDULER_add_delayed(), GNUNET_YES, Socks5Request::hd, HTTP_HANDSHAKE_TIMEOUT, httpd, Socks5Request::is_tls, lookup_ssl_httpd(), schedule_httpd(), Socks5Request::sock, SOCKS5_SOCKET_WITH_MHD, Socks5Request::state, timeout_s5r_handshake(), and Socks5Request::timeout_task.
Referenced by do_write().
|
static |
Write data from buffer to socks5 client, then continue with state machine.
cls | the closure with the struct Socks5Request |
Definition at line 2940 of file gnunet-gns-proxy.c.
References cleanup_s5r(), do_write(), GNUNET_assert, GNUNET_break, GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_NETWORK_socket_send(), GNUNET_SCHEDULER_add_write_net(), GNUNET_TIME_UNIT_FOREVER_REL, Socks5Request::rtask, setup_data_transfer(), Socks5Request::sock, SOCKS5_DATA_TRANSFER, SOCKS5_INIT, SOCKS5_REQUEST, SOCKS5_WRITE_THEN_CLEANUP, Socks5Request::state, Socks5Request::wbuf, Socks5Request::wbuf_len, and Socks5Request::wtask.
Referenced by do_s5r_read(), do_write(), signal_socks_failure(), and signal_socks_success().
|
static |
Return a server response message indicating a failure to the client.
s5r | request to return failure code for |
sc | status code to return |
Definition at line 3005 of file gnunet-gns-proxy.c.
References do_write(), GNUNET_assert, GNUNET_break, GNUNET_SCHEDULER_add_write_net(), GNUNET_TIME_UNIT_FOREVER_REL, Socks5ServerResponseMessage::reply, sc, Socks5Request::sock, SOCKS5_WRITE_THEN_CLEANUP, SOCKS_BUFFERSIZE, SOCKS_VERSION_5, Socks5Request::state, Socks5ServerResponseMessage::version, Socks5Request::wbuf, Socks5Request::wbuf_len, and Socks5Request::wtask.
Referenced by do_s5r_read(), and handle_gns_result().
|
static |
Return a server response message indicating success.
s5r | request to return success status message for |
Definition at line 3032 of file gnunet-gns-proxy.c.
References Socks5ServerResponseMessage::addr_type, do_write(), GNUNET_SCHEDULER_add_write_net(), GNUNET_TIME_UNIT_FOREVER_REL, Socks5ServerResponseMessage::reply, Socks5ServerResponseMessage::reserved, Socks5Request::sock, SOCKS5_AT_IPV4, SOCKS5_STATUS_REQUEST_GRANTED, SOCKS_VERSION_5, Socks5ServerResponseMessage::version, Socks5Request::wbuf, Socks5Request::wbuf_len, and Socks5Request::wtask.
Referenced by do_s5r_read(), and handle_gns_result().
|
static |
Process GNS results for target domain.
cls | the struct Socks5Request * |
tld | GNUNET_YES if this was a GNS TLD. |
rd_count | number of records returned |
rd | record data |
Definition at line 3064 of file gnunet-gns-proxy.c.
References Socks5Request::dane_data, Socks5Request::dane_data_len, GNUNET_GNSRECORD_Data::data, GNUNET_GNSRECORD_Data::data_size, Socks5Request::destination_address, disable_v6, Socks5Request::gns_lookup, GNUNET_break, GNUNET_break_op, GNUNET_DNSPARSER_TYPE_A, GNUNET_DNSPARSER_TYPE_AAAA, GNUNET_DNSPARSER_TYPE_TLSA, GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_GNSRECORD_TYPE_BOX, GNUNET_GNSRECORD_TYPE_LEHO, GNUNET_GNSRECORD_TYPE_VPN, GNUNET_log, GNUNET_memcpy, GNUNET_memdup, GNUNET_NETWORK_test_pf(), GNUNET_NO, GNUNET_OK, GNUNET_strndup, GNUNET_YES, Socks5Request::is_gns, Socks5Request::is_tls, Socks5Request::leho, MAX_DANES, Socks5Request::num_danes, Socks5Request::port, GNUNET_GNSRECORD_BoxRecord::protocol, rd, rd_count, GNUNET_GNSRECORD_Data::record_type, GNUNET_GNSRECORD_BoxRecord::record_type, GNUNET_GNSRECORD_BoxRecord::service, signal_socks_failure(), signal_socks_success(), SOCKS5_DATA_TRANSFER, SOCKS5_STATUS_GENERAL_FAILURE, and Socks5Request::state.
Referenced by do_s5r_read().
|
static |
Remove the first len bytes from the beginning of the read buffer.
s5r | the handle clear the read buffer for |
len | number of bytes in read buffer to advance |
Definition at line 3203 of file gnunet-gns-proxy.c.
References GNUNET_assert, Socks5Request::rbuf, and Socks5Request::rbuf_len.
Referenced by do_s5r_read().
|
static |
Read data from incoming Socks5 connection.
cls | the closure with the struct Socks5Request |
Definition at line 3220 of file gnunet-gns-proxy.c.
References _, Socks5ClientRequestMessage::addr_type, Socks5ServerHelloMessage::auth_method, cleanup_s5r(), clear_from_s5r_rbuf(), Socks5ClientRequestMessage::command, Socks5Request::destination_address, do_s5r_read(), do_write(), Socks5Request::domain, gns_handle, Socks5Request::gns_lookup, GNUNET_assert, GNUNET_break_op, GNUNET_DNSPARSER_TYPE_A, GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_GNS_LO_LOCAL_MASTER, GNUNET_GNS_lookup_with_tld(), GNUNET_log, GNUNET_NETWORK_fdset_isset(), GNUNET_NETWORK_socket_recv(), GNUNET_NO, GNUNET_SCHEDULER_add_read_net(), GNUNET_SCHEDULER_add_write_net(), GNUNET_SCHEDULER_cancel(), GNUNET_SCHEDULER_get_task_context(), GNUNET_strndup, GNUNET_TIME_UNIT_FOREVER_REL, GNUNET_YES, handle_gns_result(), HTTPS_PORT, Socks5Request::is_tls, Socks5ClientHelloMessage::num_auth_methods, Socks5Request::port, Socks5Request::rbuf, Socks5Request::rbuf_len, GNUNET_SCHEDULER_TaskContext::read_ready, Socks5Request::rtask, signal_socks_failure(), signal_socks_success(), Socks5Request::sock, SOCKS5_AT_DOMAINNAME, SOCKS5_AT_IPV4, SOCKS5_AT_IPV6, SOCKS5_CMD_TCP_STREAM, SOCKS5_DATA_TRANSFER, SOCKS5_INIT, SOCKS5_REQUEST, SOCKS5_RESOLVING, SOCKS5_STATUS_ADDRESS_TYPE_NOT_SUPPORTED, SOCKS5_STATUS_COMMAND_NOT_SUPPORTED, SOCKS5_STATUS_GENERAL_FAILURE, SOCKS_AUTH_NONE, SOCKS_VERSION_5, Socks5Request::state, tc, Socks5ClientHelloMessage::version, Socks5ServerHelloMessage::version, Socks5Request::wbuf, Socks5Request::wbuf_len, and Socks5Request::wtask.
Referenced by do_accept(), and do_s5r_read().
|
static |
Accept new incoming connections.
cls | the closure with the lsock4 or lsock6 |
Definition at line 3433 of file gnunet-gns-proxy.c.
References do_accept(), do_s5r_read(), GNUNET_assert, GNUNET_CONTAINER_DLL_insert, GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_log_strerror, GNUNET_NETWORK_socket_accept(), GNUNET_new, GNUNET_SCHEDULER_add_read_net(), GNUNET_TIME_UNIT_FOREVER_REL, lsock4, lsock6, ltask4, ltask6, Socks5Request::rtask, s5r_head, s5r_tail, Socks5Request::sock, SOCKS5_INIT, and Socks5Request::state.
Referenced by do_accept(), and run().
|
static |
Task run on shutdown.
cls | closure |
Definition at line 3485 of file gnunet-gns-proxy.c.
References ProxyCA::cert, cleanup_s5r(), curl_download_task, curl_multi, gns_handle, GNUNET_ERROR_TYPE_INFO, GNUNET_GNS_disconnect(), GNUNET_log, GNUNET_NETWORK_socket_close(), GNUNET_NO, GNUNET_SCHEDULER_cancel(), ProxyCA::key, kill_httpd(), lsock4, lsock6, ltask4, ltask6, mhd_httpd_head, Socks5Request::next, proxy_ca, and s5r_head.
Referenced by run().
|
static |
Create an IPv4 listen socket bound to our port.
Definition at line 3551 of file gnunet-gns-proxy.c.
References address, GNUNET_NETWORK_socket_bind(), GNUNET_NETWORK_socket_close(), GNUNET_NETWORK_socket_create(), GNUNET_OK, ls, and port.
Referenced by run().
|
static |
Create an IPv6 listen socket bound to our port.
Definition at line 3589 of file gnunet-gns-proxy.c.
References address6, GNUNET_NETWORK_socket_bind(), GNUNET_NETWORK_socket_close(), GNUNET_NETWORK_socket_create(), GNUNET_OK, ls, and port.
Referenced by run().
|
static |
Main function that will be run.
cls | closure |
args | remaining command-line arguments |
cfgfile | name of the configuration file used (for saving, can be NULL!) |
c | configuration |
Definition at line 3630 of file gnunet-gns-proxy.c.
References _, address, address6, bind_v4(), bind_v6(), cafile_opt, ProxyCA::cert, cfg, create_response(), curl_multi, MhdHttpList::daemon, do_accept(), do_shutdown(), gns_handle, GNUNET_CONFIGURATION_get_value_filename(), GNUNET_CONFIGURATION_get_value_string(), GNUNET_CONTAINER_DLL_insert, GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_GNS_connect(), GNUNET_log, GNUNET_log_config_missing(), GNUNET_log_strerror, GNUNET_NETWORK_socket_close(), GNUNET_NETWORK_socket_listen(), GNUNET_new, GNUNET_OK, GNUNET_SCHEDULER_add_read_net(), GNUNET_SCHEDULER_add_shutdown(), GNUNET_SCHEDULER_shutdown(), GNUNET_TIME_UNIT_FOREVER_REL, httpd, ProxyCA::key, load_cert_from_file(), load_key_from_file(), lsock4, lsock6, ltask4, ltask6, mhd_completed_cb(), mhd_connection_cb(), mhd_httpd_head, mhd_httpd_tail, mhd_log_callback(), port, and proxy_ca.
Referenced by main().
int main | ( | int | argc, |
char *const * | argv | ||
) |
The main function for gnunet-gns-proxy.
argc | number of arguments from the command line |
argv | command line arguments |
Definition at line 3859 of file gnunet-gns-proxy.c.
References _, cafile_opt, curl_failure_response, disable_v6, gettext_noop, GNUNET_GETOPT_OPTION_END, GNUNET_GETOPT_option_flag(), GNUNET_GETOPT_option_string(), GNUNET_GETOPT_option_uint16(), GNUNET_log_setup(), GNUNET_OK, GNUNET_OS_project_data_gnunet(), GNUNET_PROGRAM_run(), options, port, ret, and run().
|
static |
The address to bind to.
Definition at line 655 of file gnunet-gns-proxy.c.
|
static |
The IPv6 address to bind to.
Definition at line 660 of file gnunet-gns-proxy.c.
|
static |
|
static |
The CA file (pem) to use for the proxy CA.
Definition at line 670 of file gnunet-gns-proxy.c.
|
static |
The listen socket of the proxy for IPv4.
Definition at line 675 of file gnunet-gns-proxy.c.
Referenced by do_accept(), do_shutdown(), and run().
|
static |
The listen socket of the proxy for IPv6.
Definition at line 680 of file gnunet-gns-proxy.c.
Referenced by do_accept(), do_shutdown(), and run().
|
static |
The listen task ID for IPv4.
Definition at line 685 of file gnunet-gns-proxy.c.
Referenced by do_accept(), do_shutdown(), and run().
|
static |
The listen task ID for IPv6.
Definition at line 690 of file gnunet-gns-proxy.c.
Referenced by do_accept(), do_shutdown(), and run().
|
static |
The cURL download task (curl multi API).
Definition at line 695 of file gnunet-gns-proxy.c.
Referenced by curl_download_prepare(), curl_task_download(), and do_shutdown().
|
static |
The cURL multi handle.
Definition at line 700 of file gnunet-gns-proxy.c.
Referenced by cleanup_s5r(), create_response(), curl_download_prepare(), curl_task_download(), do_shutdown(), mhd_completed_cb(), and run().
|
static |
Handle to the GNS service.
Definition at line 705 of file gnunet-gns-proxy.c.
Referenced by do_s5r_read(), do_shutdown(), and run().
|
static |
Disable IPv6.
Definition at line 710 of file gnunet-gns-proxy.c.
Referenced by handle_gns_result(), and main().
|
static |
DLL for http/https daemons.
Definition at line 715 of file gnunet-gns-proxy.c.
Referenced by do_shutdown(), kill_httpd(), lookup_ssl_httpd(), and run().
|
static |
DLL for http/https daemons.
Definition at line 720 of file gnunet-gns-proxy.c.
Referenced by kill_httpd(), lookup_ssl_httpd(), and run().
|
static |
Daemon for HTTP (we have one per X.509 certificate, and then one for all HTTP connections; this is the one for HTTP, not HTTPS).
Definition at line 726 of file gnunet-gns-proxy.c.
Referenced by kill_httpd(), run(), schedule_httpd(), and setup_data_transfer().
|
static |
DLL of active socks requests.
Definition at line 731 of file gnunet-gns-proxy.c.
Referenced by cleanup_s5r(), do_accept(), do_shutdown(), and mhd_connection_cb().
|
static |
DLL of active socks requests.
Definition at line 736 of file gnunet-gns-proxy.c.
Referenced by cleanup_s5r(), and do_accept().
|
static |
The CA for X.509 certificate generation.
Definition at line 741 of file gnunet-gns-proxy.c.
Referenced by do_shutdown(), generate_gns_certificate(), and run().
|
static |
Response we return on cURL failures.
Definition at line 746 of file gnunet-gns-proxy.c.
Referenced by cleanup_s5r(), create_response(), curl_task_download(), main(), and mhd_completed_cb().
|
static |