gnunet-helper-exit-windows.c

Go to the documentation of this file.

/*
     This file is part of GNUnet.
     Copyright (C) 2010, 2012 Christian Grothoff

     GNUnet is free software: you can redistribute it and/or modify it
     under the terms of the GNU Affero General Public License as published
     by the Free Software Foundation, either version 3 of the License,
     or (at your option) any later version.

     GNUnet is distributed in the hope that it will be useful, but
     WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     Affero General Public License for more details.

     You should have received a copy of the GNU Affero General Public License
     along with this program.  If not, see <http://www.gnu.org/licenses/>.

     SPDX-License-Identifier: AGPL3.0-or-later
 */
#include <stdio.h>
#include <Winsock2.h>
#include <windows.h>
#include <setupapi.h>
#ifndef __MINGW64_VERSION_MAJOR
#include <ddk/cfgmgr32.h>
#include <ddk/newdev.h>
#else
#include <cfgmgr32.h>
#include <newdev.h>
#endif
#include <time.h>
#include "platform.h"
#include "tap-windows.h"
#include "gnunet_crypto_lib.h"
#include "gnunet_common.h"

#include "gnunet_protocols.h"

#define DEBUG GNUNET_NO

#if DEBUG
/* FIXME: define with varargs... */
#define LOG_DEBUG(msg) fprintf(stderr, "%s", msg);
#else
#define LOG_DEBUG(msg) do {} while (0)
#endif

static boolean privilege_testing = FALSE;

#define MAX_SIZE 65536

#define INF_FILE "share/gnunet/openvpn-tap32/tapw32/OemWin2k.inf"

#define INF_FILE64 "share/gnunet/openvpn-tap32/tapw64/OemWin2k.inf"

#define HARDWARE_ID "tap0901"

#define TAP_WIN_MIN_MAJOR 9

#define TAP_WIN_MIN_MINOR 9

#define TAP32_POSTUP_WAITTIME 4

#define INTERFACE_REGISTRY_LOCATION "SYSTEM\\CurrentControlSet\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}"

static char secondary_hwid[LINE_LEN / 2];

static char device_visible_name[256];

static HDEVINFO DeviceInfo = INVALID_HANDLE_VALUE;

static SP_DEVINFO_DATA DeviceNode;

static char device_guid[256];


enum IO_State {
  IOSTATE_READY = 0,

  IOSTATE_QUEUED,

  IOSTATE_WAITING,

  IOSTATE_RESUME,

  IOSTATE_FAILED
};


struct io_facility {
  enum IO_State facility_state;

  BOOL path_open; // BOOL is winbool (int), NOT boolean (unsigned char)!

  HANDLE handle;

  OVERLAPPED overlapped;

  unsigned char buffer[MAX_SIZE];

  DWORD buffer_size;

  DWORD buffer_size_processed;

  DWORD buffer_size_written;
};

WINBASEAPI HANDLE WINAPI ReOpenFile(HANDLE, DWORD, DWORD, DWORD);

typedef BOOL (WINAPI *LPFN_ISWOW64PROCESS)(HANDLE, PBOOL);


size_t
GNUNET_strlcpy(char *dst, const char *src, size_t n)
{
  size_t ret;
  size_t slen;

  GNUNET_assert(0 != n);
  slen = strnlen(src, n - 1);
  memcpy(dst, src, slen);
  dst[slen] = '\0';
  return slen;
}


BOOL
is_win64()
{
#if defined(_WIN64)
  //this is a win64 binary,
  return TRUE;
#elif defined(_WIN32)
  //this is a 32bit binary, and we need to check if we are running in WOW64
  BOOL success = FALSE;
  BOOL on_wow64 = FALSE;
  LPFN_ISWOW64PROCESS IsWow64Process = (LPFN_ISWOW64PROCESS)GetProcAddress(GetModuleHandle("kernel32"), "IsWow64Process");

  if (NULL != IsWow64Process)
    success = IsWow64Process(GetCurrentProcess(), &on_wow64);

  return success && on_wow64;
#endif
}
static int
execute_shellcommand(const char *command)
{
  FILE *pipe;

  if ((NULL == command) ||
      (NULL == (pipe = _popen(command, "rt"))))
    return EINVAL;

#if DEBUG
  fprintf(stderr, "DEBUG: Command output: \n");
  char output[LINE_LEN];
  while (NULL != fgets(output, sizeof(output), pipe))
    fprintf(stderr, "%s", output);
#endif

  return _pclose(pipe);
}


static int
set_address6(const char *address, unsigned long prefix_len)
{
  int ret = EINVAL;
  char command[LINE_LEN];
  struct sockaddr_in6 sa6;

  /*
   * parse the new address
   */
  memset(&sa6, 0, sizeof(struct sockaddr_in6));
  sa6.sin6_family = AF_INET6;
  if (1 != inet_pton(AF_INET6, address, &sa6.sin6_addr.s6_addr))
    {
      fprintf(stderr, "ERROR: Failed to parse address `%s': %s\n", address,
              strerror(errno));
      return -1;
    }

  /*
   * prepare the command
   */
  snprintf(command, LINE_LEN,
           "netsh interface ipv6 add address \"%s\" %s/%d store=active",
           device_visible_name, address, prefix_len);
  /*
   * Set the address
   */
  ret = execute_shellcommand(command);

  /* Did it work?*/
  if (0 != ret)
    fprintf(stderr, "FATAL: Setting IPv6 address failed: %s\n", strerror(ret));
  return ret;
}


static void
remove_address6(const char *address)
{
  char command[LINE_LEN];
  int ret = EINVAL;

  // sanity checking was already done in set_address6
  /*
   * prepare the command
   */
  snprintf(command, LINE_LEN,
           "netsh interface ipv6 delete address \"%s\" store=persistent",
           device_visible_name);
  /*
   * Set the address
   */
  ret = execute_shellcommand(command);

  /* Did it work?*/
  if (0 != ret)
    fprintf(stderr, "FATAL: removing IPv6 address failed: %s\n", strerror(ret));
}


static int
set_address4(const char *address, const char *mask)
{
  int ret = EINVAL;
  char command[LINE_LEN];

  struct sockaddr_in addr;

  addr.sin_family = AF_INET;

  /*
   * Parse the address
   */
  if (1 != inet_pton(AF_INET, address, &addr.sin_addr.s_addr))
    {
      fprintf(stderr, "ERROR: Failed to parse address `%s': %s\n", address,
              strerror(errno));
      return -1;
    }
  // Set Device to Subnet-Mode?
  // do we really need tun.c:2925 ?

  /*
   * prepare the command
   */
  snprintf(command, LINE_LEN,
           "netsh interface ipv4 add address \"%s\" %s %s store=active",
           device_visible_name, address, mask);
  /*
   * Set the address
   */
  ret = execute_shellcommand(command);

  /* Did it work?*/
  if (0 != ret)
    fprintf(stderr, "FATAL: Setting IPv4 address failed: %s\n", strerror(ret));
  return ret;
}


static void
remove_address4(const char *address)
{
  char command[LINE_LEN];
  int ret = EINVAL;

  // sanity checking was already done in set_address4

  /*
   * prepare the command
   */
  snprintf(command, LINE_LEN,
           "netsh interface ipv4 delete address \"%s\" gateway=all store=persistent",
           device_visible_name);
  /*
   * Set the address
   */
  ret = execute_shellcommand(command);

  /* Did it work?*/
  if (0 != ret)
    fprintf(stderr, "FATAL: removing IPv4 address failed: %s\n", strerror(ret));
}


static BOOL
setup_interface()
{
  /*
   * where to find our inf-file. (+ the "full" path, after windows found")
   *
   * We do not directly input all the props here, because openvpn will update
   * these details over time.
   */
  char inf_file_path[MAX_PATH];
  char * temp_inf_filename;
  char hwidlist[LINE_LEN + 4];
  char class_name[128];
  GUID class_guid;
  int str_length = 0;

  str_length = GNUNET_strlcpy(hwidlist,
                              HARDWARE_ID,
                              sizeof(hwidlist)) + 1;
  str_length = strlen(hwidlist) + 1;
  str_length += GNUNET_strlcpy(&hwidlist[str_length],
                               secondary_hwid,
                               sizeof(hwidlist) - str_length) + 1;
  GNUNET_assert(str_length < sizeof(hwidlist));
  hwidlist[str_length] = '\0';
  ++str_length;

  if (is_win64())
    GetFullPathNameA(INF_FILE64, MAX_PATH, inf_file_path, &temp_inf_filename);
  else
    GetFullPathNameA(INF_FILE, MAX_PATH, inf_file_path, &temp_inf_filename);

  fprintf(stderr, "INFO: Located our driver's .inf file at %s\n", inf_file_path);
  if (!SetupDiGetINFClassA(inf_file_path,
                           &class_guid,
                           class_name, sizeof(class_name) / sizeof(char),
                           NULL))
    return FALSE;

  DeviceInfo = SetupDiCreateDeviceInfoList(&class_guid, NULL);
  if (DeviceInfo == INVALID_HANDLE_VALUE)
    return FALSE;

  DeviceNode.cbSize = sizeof(SP_DEVINFO_DATA);
  if (!SetupDiCreateDeviceInfoA(DeviceInfo,
                                class_name,
                                &class_guid,
                                NULL,
                                0,
                                DICD_GENERATE_ID,
                                &DeviceNode))
    return FALSE;

  /* Deploy all the information collected into the registry */
  if (!SetupDiSetDeviceRegistryPropertyA(DeviceInfo,
                                         &DeviceNode,
                                         SPDRP_HARDWAREID,
                                         (LPBYTE)hwidlist,
                                         str_length * sizeof(char)))
    return FALSE;

  /* Install our new class(=device) into the system */
  if (!SetupDiCallClassInstaller(DIF_REGISTERDEVICE,
                                 DeviceInfo,
                                 &DeviceNode))
    return FALSE;

  /* This system call tends to take a while (several seconds!) on
     "modern" Windoze systems */
  if (!UpdateDriverForPlugAndPlayDevicesA(NULL,
                                          secondary_hwid,
                                          inf_file_path,
                                          INSTALLFLAG_FORCE | INSTALLFLAG_NONINTERACTIVE,
                                          NULL))  //reboot required? NEVER!
    return FALSE;

  fprintf(stderr, "DEBUG: successfully created a network device\n");
  return TRUE;
}


static BOOL
remove_interface()
{
  SP_REMOVEDEVICE_PARAMS remove;

  if (INVALID_HANDLE_VALUE == DeviceInfo)
    return FALSE;

  remove.ClassInstallHeader.cbSize = sizeof(SP_CLASSINSTALL_HEADER);
  remove.HwProfile = 0;
  remove.Scope = DI_REMOVEDEVICE_GLOBAL;
  remove.ClassInstallHeader.InstallFunction = DIF_REMOVE;
  /*
   * 1. Prepare our existing device information set, and place the
   *    uninstall related information into the structure
   */
  if (!SetupDiSetClassInstallParamsA(DeviceInfo,
                                     (PSP_DEVINFO_DATA)&DeviceNode,
                                     &remove.ClassInstallHeader,
                                     sizeof(remove)))
    return FALSE;
  /*
   * 2. Uninstall the virtual interface using the class installer
   */
  if (!SetupDiCallClassInstaller(DIF_REMOVE,
                                 DeviceInfo,
                                 (PSP_DEVINFO_DATA)&DeviceNode))
    return FALSE;

  SetupDiDestroyDeviceInfoList(DeviceInfo);

  fprintf(stderr, "DEBUG: removed interface successfully\n");

  return TRUE;
}


static BOOL
resolve_interface_name()
{
  SP_DEVINFO_LIST_DETAIL_DATA device_details;
  char pnp_instance_id [MAX_DEVICE_ID_LEN];
  HKEY adapter_key_handle;
  LONG status;
  DWORD len;
  int i = 0;
  int retrys;
  BOOL retval = FALSE;
  char adapter[] = INTERFACE_REGISTRY_LOCATION;

  /* We can obtain the PNP instance ID from our setupapi handle */
  device_details.cbSize = sizeof(device_details);
  if (CR_SUCCESS != CM_Get_Device_ID_ExA(DeviceNode.DevInst,
                                         (PCHAR)pnp_instance_id,
                                         MAX_DEVICE_ID_LEN,
                                         0,  //must be 0
                                         NULL))  //hMachine, we are local
    return FALSE;

  fprintf(stderr, "DEBUG: Resolving interface name for network device %s\n", pnp_instance_id);

  /* Registry is incredibly slow, retry for up to 30 seconds to allow registry to refresh */
  for (retrys = 0; retrys < 120 && !retval; retrys++)
    {
      /* sleep for 250ms*/
      Sleep(250);

      /* Now we can use this ID to locate the correct networks interface in registry */
      if (ERROR_SUCCESS != RegOpenKeyExA(
            HKEY_LOCAL_MACHINE,
            adapter,
            0,
            KEY_READ,
            &adapter_key_handle))
        return FALSE;

      /* Of course there is a multitude of entries here, with arbitrary names,
       * thus we need to iterate through there.
       */
      while (!retval)
        {
          char instance_key[256];
          char query_key [256];
          HKEY instance_key_handle;
          char pnpinstanceid_name[] = "PnpInstanceID";
          char pnpinstanceid_value[256];
          char adaptername_name[] = "Name";
          DWORD data_type;

          len = 256 * sizeof(char);
          /* optain a subkey of {4D36E972-E325-11CE-BFC1-08002BE10318} */
          status = RegEnumKeyExA(
            adapter_key_handle,
            i,
            instance_key,
            &len,
            NULL,
            NULL,
            NULL,
            NULL);

          /* this may fail due to one of two reasons:
           * we are at the end of the list*/
          if (ERROR_NO_MORE_ITEMS == status)
            break;
          // * we found a broken registry key, continue with the next key.
          if (ERROR_SUCCESS != status)
            goto cleanup;

          /* prepare our new query string: */
          snprintf(query_key, 256, "%s\\%s\\Connection",
                   adapter,
                   instance_key);

          /* look inside instance_key\\Connection */
          if (ERROR_SUCCESS != RegOpenKeyExA(
                HKEY_LOCAL_MACHINE,
                query_key,
                0,
                KEY_READ,
                &instance_key_handle))
            goto cleanup;

          /* now, read our PnpInstanceID */
          len = sizeof(pnpinstanceid_value);
          status = RegQueryValueExA(instance_key_handle,
                                    pnpinstanceid_name,
                                    NULL,  //reserved, always NULL according to MSDN
                                    &data_type,
                                    (LPBYTE)pnpinstanceid_value,
                                    &len);

          if (status != ERROR_SUCCESS || data_type != REG_SZ)
            goto cleanup;

          /* compare the value we got to our devices PNPInstanceID*/
          if (0 != strncmp(pnpinstanceid_value, pnp_instance_id,
                           sizeof(pnpinstanceid_value) / sizeof(char)))
            goto cleanup;

          len = sizeof(device_visible_name);
          status = RegQueryValueExA(
            instance_key_handle,
            adaptername_name,
            NULL,                          //reserved, always NULL according to MSDN
            &data_type,
            (LPBYTE)device_visible_name,
            &len);

          if (status != ERROR_SUCCESS || data_type != REG_SZ)
            goto cleanup;

          /*
           * we have successfully found OUR instance,
           * save the device GUID before exiting
           */
          GNUNET_strlcpy(device_guid, instance_key, sizeof(device_guid));
          retval = TRUE;
          fprintf(stderr, "DEBUG: Interface Name lookup succeeded on retry %d, got \"%s\" %s\n", retrys, device_visible_name, device_guid);

cleanup:
          RegCloseKey(instance_key_handle);

          ++i;
        }

      RegCloseKey(adapter_key_handle);
    }
  return retval;
}


static BOOL
check_tapw32_version(HANDLE handle)
{
  ULONG version[3];
  DWORD len;

  memset(&(version), 0, sizeof(version));

  if (DeviceIoControl(handle, TAP_WIN_IOCTL_GET_VERSION,
                      &version, sizeof(version),
                      &version, sizeof(version), &len, NULL))
    fprintf(stderr, "INFO: TAP-Windows Driver Version %d.%d %s\n",
            (int)version[0],
            (int)version[1],
            (version[2] ? "(DEBUG)" : ""));

  if ((version[0] != TAP_WIN_MIN_MAJOR) ||
      (version[1] < TAP_WIN_MIN_MINOR))
    {
      fprintf(stderr, "FATAL:  This version of gnunet requires a TAP-Windows driver that is at least version %d.%d\n",
              TAP_WIN_MIN_MAJOR,
              TAP_WIN_MIN_MINOR);
      return FALSE;
    }

  return TRUE;
}


static HANDLE
init_tun()
{
  char device_path[256];
  HANDLE handle;

  if (!setup_interface())
    {
      errno = ENODEV;
      return INVALID_HANDLE_VALUE;
    }

  if (!resolve_interface_name())
    {
      errno = ENODEV;
      return INVALID_HANDLE_VALUE;
    }

  /* Open Windows TAP-Windows adapter */
  snprintf(device_path, sizeof(device_path), "%s%s%s",
           USERMODEDEVICEDIR,
           device_guid,
           TAP_WIN_SUFFIX);

  handle = CreateFile(
    device_path,
    GENERIC_READ | GENERIC_WRITE,
    0,                    /* was: FILE_SHARE_READ */
    0,
    OPEN_EXISTING,
    FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED,
    0
    );

  if (INVALID_HANDLE_VALUE == handle)
    {
      fprintf(stderr, "FATAL: CreateFile failed on TAP device: %s\n", device_path);
      return handle;
    }

  /* get driver version info */
  if (!check_tapw32_version(handle))
    {
      CloseHandle(handle);
      return INVALID_HANDLE_VALUE;
    }

  /* TODO (opt?): get MTU-Size */

  fprintf(stderr, "DEBUG: successfully opened TAP device\n");
  return handle;
}


static BOOL
tun_up(HANDLE handle)
{
  ULONG status = TRUE;
  DWORD len;

  if (!DeviceIoControl(handle, TAP_WIN_IOCTL_SET_MEDIA_STATUS,
                       &status, sizeof(status),
                       &status, sizeof(status), &len, NULL))
    {
      fprintf(stderr, "FATAL: TAP driver ignored request to UP interface (DeviceIoControl call)\n");
      return FALSE;
    }

  /* Wait for the device to go UP, might take some time. */
  Sleep(TAP32_POSTUP_WAITTIME * 1000);
  fprintf(stderr, "DEBUG: successfully set TAP device to UP\n");

  return TRUE;
}


static BOOL
attempt_read_tap(struct io_facility * input_facility,
                 struct io_facility * output_facility)
{
  struct GNUNET_MessageHeader * hdr;
  unsigned short size;

  switch (input_facility->facility_state)
    {
    case IOSTATE_READY:
    {
      if (!ResetEvent(input_facility->overlapped.hEvent))
        {
          return FALSE;
        }

      input_facility->buffer_size = 0;

      /* Check how the task is handled */
      if (ReadFile(input_facility->handle,
                   input_facility->buffer,
                   sizeof(input_facility->buffer) - sizeof(struct GNUNET_MessageHeader),
                   &input_facility->buffer_size,
                   &input_facility->overlapped))
        {  /* async event processed immediately*/
          /* reset event manually*/
          if (!SetEvent(input_facility->overlapped.hEvent))
            return FALSE;

          fprintf(stderr, "DEBUG: tap read succeeded immediately\n");

          /* we successfully read something from the TAP and now need to
           * send it our via STDOUT. Is that possible at the moment? */
          if ((IOSTATE_READY == output_facility->facility_state ||
               IOSTATE_WAITING == output_facility->facility_state)
              && (0 < input_facility->buffer_size))
            {   /* hand over this buffers content and apply message header for gnunet */
              hdr = (struct GNUNET_MessageHeader *)output_facility->buffer;
              size = input_facility->buffer_size + sizeof(struct GNUNET_MessageHeader);

              GNUNET_memcpy(output_facility->buffer + sizeof(struct GNUNET_MessageHeader),
                            input_facility->buffer,
                            input_facility->buffer_size);

              output_facility->buffer_size = size;
              hdr->size = htons(size);
              hdr->type = htons(GNUNET_MESSAGE_TYPE_VPN_HELPER);
              output_facility->facility_state = IOSTATE_READY;
            }
          else if (0 < input_facility->buffer_size)
            /* If we have have read our buffer, wait for our write-partner*/
            input_facility->facility_state = IOSTATE_WAITING;
        }
      else   /* operation was either queued or failed*/
        {
          int err = GetLastError();
          if (ERROR_IO_PENDING == err)
            {   /* operation queued */
              input_facility->facility_state = IOSTATE_QUEUED;
            }
          else
            {   /* error occurred, let the rest of the elements finish */
              input_facility->path_open = FALSE;
              input_facility->facility_state = IOSTATE_FAILED;
              if (IOSTATE_WAITING == output_facility->facility_state)
                output_facility->path_open = FALSE;

              fprintf(stderr, "FATAL: Read from handle failed, allowing write to finish\n");
            }
        }
    }
      return TRUE;

    // We are queued and should check if the read has finished
    case IOSTATE_QUEUED:
    {
      // there was an operation going on already, check if that has completed now.

      if (GetOverlappedResult(input_facility->handle,
                              &input_facility->overlapped,
                              &input_facility->buffer_size,
                              FALSE))
        {  /* successful return for a queued operation */
          if (!ResetEvent(input_facility->overlapped.hEvent))
            return FALSE;

          fprintf(stderr, "DEBUG: tap read succeeded delayed\n");

          /* we successfully read something from the TAP and now need to
           * send it our via STDOUT. Is that possible at the moment? */
          if ((IOSTATE_READY == output_facility->facility_state ||
               IOSTATE_WAITING == output_facility->facility_state)
              && 0 < input_facility->buffer_size)
            {   /* hand over this buffers content and apply message header for gnunet */
              hdr = (struct GNUNET_MessageHeader *)output_facility->buffer;
              size = input_facility->buffer_size + sizeof(struct GNUNET_MessageHeader);

              GNUNET_memcpy(output_facility->buffer + sizeof(struct GNUNET_MessageHeader),
                            input_facility->buffer,
                            input_facility->buffer_size);

              output_facility->buffer_size = size;
              hdr->size = htons(size);
              hdr->type = htons(GNUNET_MESSAGE_TYPE_VPN_HELPER);
              output_facility->facility_state = IOSTATE_READY;
              input_facility->facility_state = IOSTATE_READY;
            }
          else if (0 < input_facility->buffer_size)
            {   /* If we have have read our buffer, wait for our write-partner*/
              input_facility->facility_state = IOSTATE_WAITING;
              // TODO: shall we attempt to fill our buffer or should we wait for our write-partner to finish?
            }
        }
      else
        {   /* operation still pending/queued or failed? */
          int err = GetLastError();
          if ((ERROR_IO_INCOMPLETE != err) && (ERROR_IO_PENDING != err))
            {   /* error occurred, let the rest of the elements finish */
              input_facility->path_open = FALSE;
              input_facility->facility_state = IOSTATE_FAILED;
              if (IOSTATE_WAITING == output_facility->facility_state)
                output_facility->path_open = FALSE;
              fprintf(stderr, "FATAL: Read from handle failed, allowing write to finish\n");
            }
        }
    }
      return TRUE;

    case IOSTATE_RESUME:
      hdr = (struct GNUNET_MessageHeader *)output_facility->buffer;
      size = input_facility->buffer_size + sizeof(struct GNUNET_MessageHeader);

      GNUNET_memcpy(output_facility->buffer + sizeof(struct GNUNET_MessageHeader),
                    input_facility->buffer,
                    input_facility->buffer_size);

      output_facility->buffer_size = size;
      hdr->size = htons(size);
      hdr->type = htons(GNUNET_MESSAGE_TYPE_VPN_HELPER);
      output_facility->facility_state = IOSTATE_READY;
      input_facility->facility_state = IOSTATE_READY;
      return TRUE;

    default:
      return TRUE;
    }
}


static BOOL
attempt_read_stdin(struct io_facility * input_facility,
                   struct io_facility * output_facility)
{
  struct GNUNET_MessageHeader * hdr;

  switch (input_facility->facility_state)
    {
    case IOSTATE_READY:
    {
      input_facility->buffer_size = 0;

partial_read_iostate_ready:
      if (!ResetEvent(input_facility->overlapped.hEvent))
        return FALSE;

      /* Check how the task is handled */
      if (ReadFile(input_facility->handle,
                   input_facility->buffer + input_facility->buffer_size,
                   sizeof(input_facility->buffer) - input_facility->buffer_size,
                   &input_facility->buffer_size_processed,
                   &input_facility->overlapped))
        {  /* async event processed immediately*/
          hdr = (struct GNUNET_MessageHeader *)input_facility->buffer;

          /* reset event manually*/
          if (!SetEvent(input_facility->overlapped.hEvent))
            return FALSE;

          fprintf(stderr, "DEBUG: stdin read succeeded immediately\n");
          input_facility->buffer_size += input_facility->buffer_size_processed;

          if (ntohs(hdr->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER ||
              ntohs(hdr->size) > sizeof(input_facility->buffer))
            {
              fprintf(stderr, "WARNING: Protocol violation, got GNUnet Message type %h, size %h\n", ntohs(hdr->type), ntohs(hdr->size));
              input_facility->facility_state = IOSTATE_READY;
              return TRUE;
            }
          /* we got the a part of a packet */
          if (ntohs(hdr->size) > input_facility->buffer_size)
            goto partial_read_iostate_ready;

          /* have we read more than 0 bytes of payload? (sizeread > header)*/
          if (input_facility->buffer_size > sizeof(struct GNUNET_MessageHeader) &&
              ((IOSTATE_READY == output_facility->facility_state) ||
               (IOSTATE_WAITING == output_facility->facility_state)))
            {  /* we successfully read something from the TAP and now need to
                * send it our via STDOUT. Is that possible at the moment? */
              /* hand over this buffers content and strip gnunet message header */
              GNUNET_memcpy(output_facility->buffer,
                            input_facility->buffer + sizeof(struct GNUNET_MessageHeader),
                            input_facility->buffer_size - sizeof(struct GNUNET_MessageHeader));
              output_facility->buffer_size = input_facility->buffer_size - sizeof(struct GNUNET_MessageHeader);
              output_facility->facility_state = IOSTATE_READY;
              input_facility->facility_state = IOSTATE_READY;
            }
          else if (input_facility->buffer_size > sizeof(struct GNUNET_MessageHeader))
            /* If we have have read our buffer, wait for our write-partner*/
            input_facility->facility_state = IOSTATE_WAITING;
          else   /* we read nothing */
            input_facility->facility_state = IOSTATE_READY;
        }
      else   /* operation was either queued or failed*/
        {
          int err = GetLastError();
          if (ERROR_IO_PENDING == err)   /* operation queued */
            input_facility->facility_state = IOSTATE_QUEUED;
          else
            {   /* error occurred, let the rest of the elements finish */
              input_facility->path_open = FALSE;
              input_facility->facility_state = IOSTATE_FAILED;
              if (IOSTATE_WAITING == output_facility->facility_state)
                output_facility->path_open = FALSE;

              fprintf(stderr, "FATAL: Read from handle failed, allowing write to finish\n");
            }
        }
    }
      return TRUE;

    // We are queued and should check if the read has finished
    case IOSTATE_QUEUED:
    {
      // there was an operation going on already, check if that has completed now.
      if (GetOverlappedResult(input_facility->handle,
                              &input_facility->overlapped,
                              &input_facility->buffer_size_processed,
                              FALSE))
        {  /* successful return for a queued operation */
          hdr = (struct GNUNET_MessageHeader *)input_facility->buffer;

          if (!ResetEvent(input_facility->overlapped.hEvent))
            return FALSE;

          fprintf(stderr, "DEBUG: stdin read succeeded delayed\n");
          input_facility->buffer_size += input_facility->buffer_size_processed;

          if ((ntohs(hdr->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER) ||
              (ntohs(hdr->size) > sizeof(input_facility->buffer)))
            {
              fprintf(stderr, "WARNING: Protocol violation, got GNUnet Message type %h, size %h\n", ntohs(hdr->type), ntohs(hdr->size));
              input_facility->facility_state = IOSTATE_READY;
              return TRUE;
            }
          /* we got the a part of a packet */
          if (ntohs(hdr->size) > input_facility->buffer_size)
            ;
          goto partial_read_iostate_ready;

          /* we successfully read something from the TAP and now need to
           * send it our via STDOUT. Is that possible at the moment? */
          if ((IOSTATE_READY == output_facility->facility_state ||
               IOSTATE_WAITING == output_facility->facility_state)
              && input_facility->buffer_size > sizeof(struct GNUNET_MessageHeader))
            {   /* hand over this buffers content and strip gnunet message header */
              GNUNET_memcpy(output_facility->buffer,
                            input_facility->buffer + sizeof(struct GNUNET_MessageHeader),
                            input_facility->buffer_size - sizeof(struct GNUNET_MessageHeader));
              output_facility->buffer_size = input_facility->buffer_size - sizeof(struct GNUNET_MessageHeader);
              output_facility->facility_state = IOSTATE_READY;
              input_facility->facility_state = IOSTATE_READY;
            }
          else if (input_facility->buffer_size > sizeof(struct GNUNET_MessageHeader))
            input_facility->facility_state = IOSTATE_WAITING;
          else
            input_facility->facility_state = IOSTATE_READY;
        }
      else
        {   /* operation still pending/queued or failed? */
          int err = GetLastError();
          if ((ERROR_IO_INCOMPLETE != err) && (ERROR_IO_PENDING != err))
            {   /* error occurred, let the rest of the elements finish */
              input_facility->path_open = FALSE;
              input_facility->facility_state = IOSTATE_FAILED;
              if (IOSTATE_WAITING == output_facility->facility_state)
                output_facility->path_open = FALSE;
              fprintf(stderr, "FATAL: Read from handle failed, allowing write to finish\n");
            }
        }
    }
      return TRUE;

    case IOSTATE_RESUME: /* Our buffer was filled already but our write facility was busy. */
      GNUNET_memcpy(output_facility->buffer,
                    input_facility->buffer + sizeof(struct GNUNET_MessageHeader),
                    input_facility->buffer_size - sizeof(struct GNUNET_MessageHeader));
      output_facility->buffer_size = input_facility->buffer_size - sizeof(struct GNUNET_MessageHeader);
      output_facility->facility_state = IOSTATE_READY;
      input_facility->facility_state = IOSTATE_READY;
      return TRUE;

    default:
      return TRUE;
    }
}


static BOOL
attempt_write(struct io_facility * output_facility,
              struct io_facility * input_facility)
{
  switch (output_facility->facility_state)
    {
    case IOSTATE_READY:
      output_facility->buffer_size_written = 0;

continue_partial_write:
      if (!ResetEvent(output_facility->overlapped.hEvent))
        return FALSE;

      /* Check how the task was handled */
      if (WriteFile(output_facility->handle,
                    output_facility->buffer + output_facility->buffer_size_written,
                    output_facility->buffer_size - output_facility->buffer_size_written,
                    &output_facility->buffer_size_processed,
                    &output_facility->overlapped))
        {/* async event processed immediately*/
          fprintf(stderr, "DEBUG: write succeeded immediately\n");
          output_facility->buffer_size_written += output_facility->buffer_size_processed;

          /* reset event manually*/
          if (!SetEvent(output_facility->overlapped.hEvent))
            return FALSE;

          /* partial write */
          if (output_facility->buffer_size_written < output_facility->buffer_size)
            goto continue_partial_write;

          /* we are now waiting for our buffer to be filled*/
          output_facility->facility_state = IOSTATE_WAITING;

          /* we successfully wrote something and now need to reset our reader */
          if (IOSTATE_WAITING == input_facility->facility_state)
            input_facility->facility_state = IOSTATE_RESUME;
          else if (IOSTATE_FAILED == input_facility->facility_state)
            output_facility->path_open = FALSE;
        }
      else /* operation was either queued or failed*/
        {
          int err = GetLastError();
          if (ERROR_IO_PENDING == err)
            { /* operation queued */
              output_facility->facility_state = IOSTATE_QUEUED;
            }
          else
            { /* error occurred, close this path */
              output_facility->path_open = FALSE;
              output_facility->facility_state = IOSTATE_FAILED;
              fprintf(stderr, "FATAL: Write to handle failed, exiting\n");
            }
        }
      return TRUE;

    case IOSTATE_QUEUED:
      // there was an operation going on already, check if that has completed now.

      if (GetOverlappedResult(output_facility->handle,
                              &output_facility->overlapped,
                              &output_facility->buffer_size_processed,
                              FALSE))
        {/* successful return for a queued operation */
          if (!ResetEvent(output_facility->overlapped.hEvent))
            return FALSE;

          fprintf(stderr, "DEBUG: write succeeded delayed\n");
          output_facility->buffer_size_written += output_facility->buffer_size_processed;

          /* partial write */
          if (output_facility->buffer_size_written < output_facility->buffer_size)
            goto continue_partial_write;

          /* we are now waiting for our buffer to be filled*/
          output_facility->facility_state = IOSTATE_WAITING;

          /* we successfully wrote something and now need to reset our reader */
          if (IOSTATE_WAITING == input_facility->facility_state)
            input_facility->facility_state = IOSTATE_RESUME;
          else if (IOSTATE_FAILED == input_facility->facility_state)
            output_facility->path_open = FALSE;
        }
      else
        { /* operation still pending/queued or failed? */
          int err = GetLastError();
          if ((ERROR_IO_INCOMPLETE != err) && (ERROR_IO_PENDING != err))
            { /* error occurred, close this path */
              output_facility->path_open = FALSE;
              output_facility->facility_state = IOSTATE_FAILED;
              fprintf(stderr, "FATAL: Write to handle failed, exiting\n");
            }
        }

    default:
      return TRUE;
    }
}


static BOOL
initialize_io_facility(struct io_facility * elem,
                       int initial_state,
                       BOOL signaled)
{
  elem->path_open = TRUE;
  elem->handle = INVALID_HANDLE_VALUE;
  elem->facility_state = initial_state;
  elem->buffer_size = 0;
  elem->overlapped.hEvent = CreateEvent(NULL, TRUE, signaled, NULL);
  if (NULL == elem->overlapped.hEvent)
    return FALSE;

  return TRUE;
}


static void
run(HANDLE tap_handle)
{
  /* IO-Facility for reading from our virtual interface */
  struct io_facility tap_read;
  /* IO-Facility for writing to our virtual interface */
  struct io_facility tap_write;
  /* IO-Facility for reading from stdin */
  struct io_facility std_in;
  /* IO-Facility for writing to stdout */
  struct io_facility std_out;

  HANDLE parent_std_in_handle = GetStdHandle(STD_INPUT_HANDLE);
  HANDLE parent_std_out_handle = GetStdHandle(STD_OUTPUT_HANDLE);

  /* tun up: */
  /* we do this HERE and not beforehand (in init_tun()), in contrast to openvpn
   * to remove the need to flush the arp cache, handle DHCP and wrong IPs.
   *
   * DHCP and such are all features we will never use in gnunet afaik.
   * But for openvpn those are essential.
   */
  if ((privilege_testing) || (!tun_up(tap_handle)))
    goto teardown_final;

  /* Initialize our overlapped IO structures*/
  if (!(initialize_io_facility(&tap_read, IOSTATE_READY, FALSE)
        && initialize_io_facility(&tap_write, IOSTATE_WAITING, TRUE)
        && initialize_io_facility(&std_in, IOSTATE_READY, FALSE)
        && initialize_io_facility(&std_out, IOSTATE_WAITING, TRUE)))
    goto teardown_final;

  /* Handles for STDIN and STDOUT */
  tap_read.handle = tap_handle;
  tap_write.handle = tap_handle;

#ifdef DEBUG_TO_CONSOLE
  /* Debug output to console STDIN/STDOUT*/
  std_in.handle = parent_std_in_handle;
  std_out.handle = parent_std_out_handle;
#else
  fprintf(stderr, "DEBUG: reopening stdin/out for overlapped IO\n");
  /*
   * Find out the types of our handles.
   * This part is a problem, because in windows we need to handle files,
   * pipes and the console differently.
   */
  if ((FILE_TYPE_PIPE != GetFileType(parent_std_in_handle)) ||
      (FILE_TYPE_PIPE != GetFileType(parent_std_out_handle)))
    {
      fprintf(stderr, "ERROR: stdin/stdout must be named pipes\n");
      goto teardown;
    }

  std_in.handle = ReOpenFile(parent_std_in_handle,
                             GENERIC_READ,
                             FILE_SHARE_WRITE | FILE_SHARE_READ,
                             FILE_FLAG_OVERLAPPED);

  if (INVALID_HANDLE_VALUE == std_in.handle)
    {
      fprintf(stderr, "FATAL: Could not reopen stdin for in overlapped mode, has to be a named pipe\n");
      goto teardown;
    }

  std_out.handle = ReOpenFile(parent_std_out_handle,
                              GENERIC_WRITE,
                              FILE_SHARE_READ,
                              FILE_FLAG_OVERLAPPED);

  if (INVALID_HANDLE_VALUE == std_out.handle)
    {
      fprintf(stderr, "FATAL: Could not reopen stdout for in overlapped mode, has to be a named pipe\n");
      goto teardown;
    }
#endif

  fprintf(stderr, "DEBUG: mainloop has begun\n");

  while (std_out.path_open || tap_write.path_open)
    {
      /* perform READ from stdin if possible */
      if (std_in.path_open && (!attempt_read_stdin(&std_in, &tap_write)))
        break;

      /* perform READ from tap if possible */
      if (tap_read.path_open && (!attempt_read_tap(&tap_read, &std_out)))
        break;

      /* perform WRITE to tap if possible */
      if (tap_write.path_open && (!attempt_write(&tap_write, &std_in)))
        break;

      /* perform WRITE to STDOUT if possible */
      if (std_out.path_open && (!attempt_write(&std_out, &tap_read)))
        break;
    }
  fprintf(stderr, "DEBUG: teardown initiated\n");

teardown:

  CancelIo(tap_handle);
  CancelIo(std_in.handle);
  CancelIo(std_out.handle);

teardown_final:

  CloseHandle(tap_handle);
}


int
main(int argc, char **argv)
{
  char hwid[LINE_LEN];
  HANDLE handle;
  int global_ret = 1;
  int local_ret = EINVAL;
  BOOL have_ip4 = FALSE;
  BOOL have_ip6 = FALSE;
  BOOL have_nat44 = FALSE;

  if ((1 < argc) && (0 != strcmp(argv[1], "-d")))
    {
      privilege_testing = TRUE;
      fprintf(stderr,
              "%s",
              "DEBUG: Running binary in privilege testing mode.");
      argv++;
      argc--;
    }

  if (6 != argc)
    {
      fprintf(stderr,
              "%s",
              "FATAL: must supply 6 arguments\nUsage:\ngnunet-helper-exit [-d] <if name prefix> <uplink-interface name> <address6 or \"-\"> <netbits6> <address4 or \"-\"> <netmask4>\n");
      return 1;
    }

  GNUNET_strlcpy(hwid, argv[1], sizeof(hwid));

  /*
   * We use our PID for finding/resolving the control-panel name of our virtual
   * device. PIDs are (of course) unique at runtime, thus we can safely use it
   * as additional hardware-id for our device.
   */
  snprintf(secondary_hwid, LINE_LEN / 2, "%s-%d",
           hwid,
           _getpid());

  if (INVALID_HANDLE_VALUE == (handle = init_tun()))
    {
      fprintf(stderr, "FATAL: could not initialize virtual-interface %s with IPv6 %s/%s and IPv4 %s/%s\n",
              hwid,
              argv[3],
              argv[4],
              argv[5],
              argv[6]);
      global_ret = -1;
      goto cleanup;
    }

  fprintf(stderr, "DEBUG: Setting IPs, if needed\n");
  if (0 != strcmp(argv[3], "-"))
    {
      char command[LINE_LEN];
      const char *address = argv[3];
      long prefix_len = atol(argv[4]);

      if ((prefix_len < 1) || (prefix_len > 127))
        {
          fprintf(stderr, "FATAL: ipv6 prefix_len out of range\n");
          global_ret = -1;
          goto cleanup;
        }

      fprintf(stderr, "DEBUG: Setting IP6 address: %s/%d\n", address, prefix_len);
      if (0 != (global_ret = set_address6(address, prefix_len)))
        goto cleanup;

      have_ip6 = TRUE;

      /* install our the windows NAT module*/
      fprintf(stderr, "DEBUG: Setting IPv6 Forwarding for internal and external interface.\n");
      /* outside interface (maybe that's already set) */
      snprintf(command, LINE_LEN,
               "netsh interface ipv6 set interface interface=\"%s\" metric=1 forwarding=enabled store=active",
               argv[2]);
      local_ret = execute_shellcommand(command);
      if (0 != local_ret)
        {
          fprintf(stderr, "FATAL: Could not enable forwarding via netsh: %s\n", strerror(local_ret));
          goto cleanup;
        }
      /* internal interface */
      snprintf(command, LINE_LEN,
               "netsh interface ipv6 set interface interface=\"%s\" metric=1 forwarding=enabled advertise=enabled store=active",
               device_visible_name);
      local_ret = execute_shellcommand(command);
      if (0 != local_ret)
        {
          fprintf(stderr, "FATAL: Could not enable forwarding via netsh: %s\n", strerror(local_ret));
          goto cleanup;
        }
      /* we can keep IPv6 forwarding around, as all interfaces have
       * their forwarding mode reset to false at bootup. */
    }

  if (0 != strcmp(argv[5], "-"))
    {
      const char *address = argv[5];
      const char *mask = argv[6];

      fprintf(stderr, "DEBUG: Setting IP4 address: %s/%s\n", address, mask);
      if (0 != (global_ret = set_address4(address, mask)))
        goto cleanup;

      // setup NAPT, if possible
      /* MS has REMOVED the routing/nat capabilities from Vista+, thus
       * we can not setup NAT like in XP or on the server. Actually the
       * the only feasible solution seems to be to use
       * Internet Connection Sharing, which introduces a horde of problems
       * such as sending out rogue-RAs on the external interface in an ipv6
       * network.
       * Thus, below stuff ONLY works on
       *   WinXP SP3
       *   Win Server 2003 SP1+
       *   Win Server 2008
       *   ...
       */
      have_ip4 = TRUE;
      if (0 != strcmp(argv[2], "-"))
        {
          char command[LINE_LEN];

          /* install our the windows NAT module*/
          fprintf(stderr, "DEBUG: Adding NAPT/Masquerading between external IF %s and mine.\n", argv[2]);
          local_ret = execute_shellcommand("netsh routing ip nat install");
          if (0 != local_ret)
            {
              fprintf(stderr, "FATAL: Could not install NAPT support via Netsh: %s\n", strerror(local_ret));
              goto cleanup;
            }
          /* external IF */
          snprintf(command, LINE_LEN,
                   "netsh routing ip nat add interface \"%s\" full",  /*full = NAPT (addr+port)*/
                   argv[2]);
          local_ret = execute_shellcommand(command);
          if (0 != local_ret)
            {
              fprintf(stderr, "FATAL: IPv4-NAPT on external interface failed: %s\n", strerror(local_ret));
              goto cleanup;
            }
          /* private/internal/virtual IF */
          snprintf(command, LINE_LEN,
                   "netsh routing ip nat add interface \"%s\" private",
                   device_visible_name);
          local_ret = execute_shellcommand(command);
          if (0 != local_ret)
            {
              fprintf(stderr, "FATAL: IPv4-NAPT on internal interface failed: %s\n", strerror(local_ret));
              goto cleanup;

              have_nat44 = TRUE;
            }
        }
    }

  run(handle);
cleanup:

  if (have_ip4)
    {
      const char *address = argv[5];
      if (have_nat44)
        {
          char command[LINE_LEN];
          fprintf(stderr, "DEBUG: removing IP4 NAPT from virtual interface \n");
          snprintf(command, LINE_LEN,
                   "netsh routing ip nat del interface \"%s\"",
                   device_visible_name);
          local_ret = execute_shellcommand(command);
          if (0 != local_ret)
            fprintf(stderr, "WARNING: Could not remove IPv4-NAPT from internal interface, hopefully this will have no effect in future runs: %s\n", strerror(local_ret));
        }

      fprintf(stderr, "DEBUG: Removing IP4 address\n");
      remove_address4(address);
    }
  if (have_ip6)
    {
      const char *address = argv[3];
      fprintf(stderr, "DEBUG: Removing IP6 address\n");
      remove_address6(address);
    }

  fprintf(stderr, "DEBUG: removing interface\n");
  remove_interface();
  fprintf(stderr, "DEBUG: graceful exit completed\n");

  return global_ret;
}