aboutsummaryrefslogtreecommitdiff
path: root/src/vpn/gnunet-helper-vpn-windows.c
diff options
context:
space:
mode:
authorBertrand Marc <beberking@gmail.com>2013-08-03 13:07:32 +0200
committerBertrand Marc <beberking@gmail.com>2013-08-03 13:07:32 +0200
commit1ae32bc989973c2e8909c3b085d34b2454f92d1e (patch)
treedfde89b41437def7ce23af24db53a11a9b5f1075 /src/vpn/gnunet-helper-vpn-windows.c
parent740b30688bd745a527f96f9116c19acb3480971a (diff)
Imported Upstream version 0.9.5a
Diffstat (limited to 'src/vpn/gnunet-helper-vpn-windows.c')
-rw-r--r--src/vpn/gnunet-helper-vpn-windows.c1557
1 files changed, 1557 insertions, 0 deletions
diff --git a/src/vpn/gnunet-helper-vpn-windows.c b/src/vpn/gnunet-helper-vpn-windows.c
new file mode 100644
index 0000000..b810dc7
--- /dev/null
+++ b/src/vpn/gnunet-helper-vpn-windows.c
@@ -0,0 +1,1557 @@
+/*
+ This file is part of GNUnet.
+ (C) 2010, 2012 Christian Grothoff
+
+ GNUnet is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published
+ by the Free Software Foundation; either version 3, or (at your
+ option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with GNUnet; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ Boston, MA 02111-1307, USA.
+ */
+
+/**
+ * @file vpn/gnunet-helper-vpn-windows.c
+ * @brief the helper for the VPN service in win32 builds.
+ * Opens a virtual network-interface, sends data received on the if to stdout,
+ * sends data received on stdin to the interface
+ * @author Christian M. Fuchs
+ *
+ * The following list of people have reviewed this code and considered
+ * it safe since the last modification (if you reviewed it, please
+ * have your name added to the list):
+ *
+ */
+
+#include <stdio.h>
+#include <windows.h>
+#include <setupapi.h>
+#include <ddk/cfgmgr32.h>
+#include <ddk/newdev.h>
+#include <Winsock2.h>
+#include <time.h>
+#include "platform.h"
+#include "tap-windows.h"
+/**
+ * Need 'struct GNUNET_MessageHeader'.
+ */
+#include "gnunet_common.h"
+
+/**
+ * Need VPN message types.
+ */
+#include "gnunet_protocols.h"
+
+/**
+ * Should we print (interesting|debug) messages that can happen during
+ * normal operation?
+ */
+#define DEBUG GNUNET_NO
+
+#if DEBUG
+/* FIXME: define with varargs... */
+#define LOG_DEBUG(msg) fprintf (stderr, "%s", msg);
+#else
+#define LOG_DEBUG(msg) do {} while (0)
+#endif
+
+
+/**
+ * Maximum size of a GNUnet message (GNUNET_SERVER_MAX_MESSAGE_SIZE)
+ */
+#define MAX_SIZE 65536
+
+/**
+ * Name or Path+Name of our win32 driver.
+ * The .sys and .cat files HAVE to be in the same location as this file!
+ */
+#define INF_FILE "share/gnunet/tapw32/OemWin2k.inf"
+
+/**
+ * Name or Path+Name of our win64 driver.
+ * The .sys and .cat files HAVE to be in the same location as this file!
+ */
+#define INF_FILE64 "share/gnunet/tapw64/OemWin2k.inf"
+
+/**
+ * Hardware ID used in the inf-file.
+ * This might change over time, as openvpn advances their driver
+ */
+#define HARDWARE_ID "tap0901"
+
+/**
+ * Minimum major-id of the driver version we can work with
+ */
+#define TAP_WIN_MIN_MAJOR 9
+
+/**
+ * Minimum minor-id of the driver version we can work with.
+ * v <= 7 has buggy IPv6.
+ * v == 8 is broken for small IPv4 Packets
+ */
+#define TAP_WIN_MIN_MINOR 9
+
+/**
+ * Time in seconds to wait for our virtual device to go up after telling it to do so.
+ *
+ * openvpn doesn't specify a value, 4 seems sane for testing, even for openwrt
+ * (in fact, 4 was chosen by a fair dice roll...)
+ */
+#define TAP32_POSTUP_WAITTIME 4
+
+/**
+ * Location of the network interface list resides in registry.
+ */
+#define INTERFACE_REGISTRY_LOCATION "SYSTEM\\CurrentControlSet\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}"
+
+/**
+ * Our local process' PID. Used for creating a sufficiently unique additional
+ * hardware ID for our device.
+ */
+static char secondary_hwid[LINE_LEN / 2];
+
+/**
+ * Device's visible Name, used to identify a network device in netsh.
+ * eg: "Local Area Connection 9"
+ */
+static char device_visible_name[256];
+
+/**
+ * This is our own local instance of a virtual network interface
+ * It is (somewhat) equivalent to using tun/tap in unixoid systems
+ *
+ * Upon initialization, we create such an device node.
+ * Upon termination, we remove it again.
+ *
+ * If we crash this device might stay around.
+ */
+static HDEVINFO DeviceInfo = INVALID_HANDLE_VALUE;
+
+/**
+ * Registry Key we hand over to windows to spawn a new virtual interface
+ */
+static SP_DEVINFO_DATA DeviceNode;
+
+/**
+ * GUID of our virtual device in the form of
+ * {12345678-1234-1234-1234-123456789abc} - in hex
+ */
+static char device_guid[256];
+
+
+/**
+ * Possible states of an IO facility.
+ */
+enum IO_State
+{
+
+ /**
+ * overlapped I/O is ready for work
+ */
+ IOSTATE_READY = 0,
+
+ /**
+ * overlapped I/O has been queued
+ */
+ IOSTATE_QUEUED,
+
+ /**
+ * overlapped I/O has finished, but is waiting for it's write-partner
+ */
+ IOSTATE_WAITING,
+
+ /**
+ * there is a full buffer waiting
+ */
+ IOSTATE_RESUME,
+
+ /**
+ * Operlapped IO states for facility objects
+ * overlapped I/O has failed, stop processing
+ */
+ IOSTATE_FAILED
+
+};
+
+
+/**
+ * A IO Object + read/writebuffer + buffer-size for windows asynchronous IO handling
+ */
+struct io_facility
+{
+ /**
+ * The mode the state machine associated with this object is in.
+ */
+ enum IO_State facility_state;
+
+ /**
+ * If the path is open or blocked in general (used for quickly checking)
+ */
+ BOOL path_open; // BOOL is winbool (int), NOT boolean (unsigned char)!
+
+ /**
+ * Windows Object-Handle (used for accessing TAP and STDIN/STDOUT)
+ */
+ HANDLE handle;
+
+ /**
+ * Overlaped IO structure used for asynchronous IO in windows.
+ */
+ OVERLAPPED overlapped;
+
+ /**
+ * Buffer for reading things to and writing from...
+ */
+ unsigned char buffer[MAX_SIZE];
+
+ /**
+ * How much of this buffer was used when reading or how much data can be written
+ */
+ DWORD buffer_size;
+
+ /**
+ * Amount of data actually written or read by readfile/writefile.
+ */
+ DWORD buffer_size_processed;
+
+ /**
+ * How much of this buffer we have writte in total
+ */
+ DWORD buffer_size_written;
+};
+
+/**
+ * ReOpenFile is only available as of XP SP2 and 2003 SP1
+ */
+WINBASEAPI HANDLE WINAPI ReOpenFile (HANDLE, DWORD, DWORD, DWORD);
+
+/**
+ * IsWow64Process definition for our is_win64, as this is a kernel function
+ */
+typedef BOOL (WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL);
+
+/**
+ * Determines if the host OS is win32 or win64
+ *
+ * @return true if
+ */
+BOOL
+is_win64 ()
+{
+#if defined(_WIN64)
+ //this is a win64 binary,
+ return TRUE;
+#elif defined(_WIN32)
+ //this is a 32bit binary, and we need to check if we are running in WOW64
+ BOOL success = FALSE;
+ BOOL on_wow64 = FALSE;
+ LPFN_ISWOW64PROCESS IsWow64Process = (LPFN_ISWOW64PROCESS) GetProcAddress (GetModuleHandle ("kernel32"), "IsWow64Process");
+
+ if (NULL != IsWow64Process)
+ success = IsWow64Process (GetCurrentProcess (), &on_wow64);
+
+ return success && on_wow64;
+#endif
+}
+/**
+ * Wrapper for executing a shellcommand in windows.
+ *
+ * @param command - the command + parameters to execute
+ * @return * exitcode of the program executed,
+ * * EINVAL (cmd/file not found)
+ * * EPIPE (could not read STDOUT)
+ */
+static int
+execute_shellcommand (const char *command)
+{
+ FILE *pipe;
+
+ if ( (NULL == command) ||
+ (NULL == (pipe = _popen (command, "rt"))) )
+ return EINVAL;
+
+#if DEBUG
+ fprintf (stderr, "DEBUG: Command output: \n");
+ char output[LINE_LEN];
+ while (NULL != fgets (output, sizeof (output), pipe))
+ fprintf (stderr, "%s", output);
+#endif
+
+ return _pclose (pipe);
+}
+
+
+/**
+ * @brief Sets the IPv6-Address given in address on the interface dev
+ *
+ * @param address the IPv6-Address
+ * @param prefix_len the length of the network-prefix
+ */
+static int
+set_address6 (const char *address, unsigned long prefix_len)
+{
+ int ret = EINVAL;
+ char command[LINE_LEN];
+ struct sockaddr_in6 sa6;
+
+ /*
+ * parse the new address
+ */
+ memset (&sa6, 0, sizeof (struct sockaddr_in6));
+ sa6.sin6_family = AF_INET6;
+ if (1 != inet_pton (AF_INET6, address, &sa6.sin6_addr.s6_addr))
+ {
+ fprintf (stderr, "ERROR: Failed to parse address `%s': %s\n", address,
+ strerror (errno));
+ return -1;
+ }
+
+ /*
+ * prepare the command
+ */
+ snprintf (command, LINE_LEN,
+ "netsh interface ipv6 add address \"%s\" %s/%d store=active",
+ device_visible_name, address, prefix_len);
+ /*
+ * Set the address
+ */
+ ret = execute_shellcommand (command);
+
+ /* Did it work?*/
+ if (0 != ret)
+ fprintf (stderr, "FATAL: Setting IPv6 address failed: %s\n", strerror (ret));
+ return ret;
+}
+
+
+/**
+ * @brief Removes the IPv6-Address given in address from the interface dev
+ *
+ * @param dev the interface to remove
+ * @param address the IPv4-Address
+ * @param mask the netmask
+ */
+static void
+remove_address6 (const char *address)
+{
+ char command[LINE_LEN];
+ int ret = EINVAL;
+
+ // sanity checking was already done in set_address6
+ /*
+ * prepare the command
+ */
+ snprintf (command, LINE_LEN,
+ "netsh interface ipv6 delete address \"%s\" store=persistent",
+ device_visible_name, address);
+ /*
+ * Set the address
+ */
+ ret = execute_shellcommand (command);
+
+ /* Did it work?*/
+ if (0 != ret)
+ fprintf (stderr, "FATAL: removing IPv6 address failed: %s\n", strerror (ret));
+}
+
+
+/**
+ * @brief Sets the IPv4-Address given in address on the interface dev
+ *
+ * @param dev the interface to configure
+ * @param address the IPv4-Address
+ * @param mask the netmask
+ */
+static int
+set_address4 (const char *address, const char *mask)
+{
+ int ret = EINVAL;
+ char command[LINE_LEN];
+
+ struct sockaddr_in addr;
+ addr.sin_family = AF_INET;
+
+ /*
+ * Parse the address
+ */
+ if (1 != inet_pton (AF_INET, address, &addr.sin_addr.s_addr))
+ {
+ fprintf (stderr, "ERROR: Failed to parse address `%s': %s\n", address,
+ strerror (errno));
+ return -1;
+ }
+ // Set Device to Subnet-Mode?
+ // do we really need tun.c:2925 ?
+
+ /*
+ * prepare the command
+ */
+ snprintf (command, LINE_LEN,
+ "netsh interface ipv4 add address \"%s\" %s %s store=active",
+ device_visible_name, address, mask);
+ /*
+ * Set the address
+ */
+ ret = execute_shellcommand (command);
+
+ /* Did it work?*/
+ if (0 != ret)
+ fprintf (stderr, "FATAL: Setting IPv4 address failed: %s\n", strerror (ret));
+ return ret;
+}
+
+
+/**
+ * @brief Removes the IPv4-Address given in address from the interface dev
+ *
+ * @param dev the interface to remove
+ * @param address the IPv4-Address
+ * @param mask the netmask
+ */
+static void
+remove_address4 (const char *address)
+{
+ char command[LINE_LEN];
+ int ret = EINVAL;
+
+ // sanity checking was already done in set_address4
+
+ /*
+ * prepare the command
+ */
+ snprintf (command, LINE_LEN,
+ "netsh interface ipv4 delete address \"%s\" gateway=all store=persistent",
+ device_visible_name, address);
+ /*
+ * Set the address
+ */
+ ret = execute_shellcommand (command);
+
+ /* Did it work?*/
+ if (0 != ret)
+ fprintf (stderr, "FATAL: removing IPv4 address failed: %s\n", strerror (ret));
+}
+
+
+/**
+ * Setup a new virtual interface to use for tunneling.
+ *
+ * @return: TRUE if setup was successful, else FALSE
+ */
+static BOOL
+setup_interface ()
+{
+ /*
+ * where to find our inf-file. (+ the "full" path, after windows found")
+ *
+ * We do not directly input all the props here, because openvpn will update
+ * these details over time.
+ */
+ char inf_file_path[MAX_PATH];
+ char * temp_inf_filename;
+ char hwidlist[LINE_LEN + 4];
+ char class_name[128];
+ GUID class_guid;
+ int str_length = 0;
+
+ /**
+ * Set the device's hardware ID and add it to a list.
+ * This information will later on identify this device in registry.
+ */
+ strncpy (hwidlist, HARDWARE_ID, LINE_LEN);
+ /**
+ * this is kind of over-complicated, but allows keeps things independent of
+ * how the openvpn-hwid is actually stored.
+ *
+ * A HWID list is double-\0 terminated and \0 separated
+ */
+ str_length = strlen (hwidlist) + 1;
+ strncpy (&hwidlist[str_length], secondary_hwid, LINE_LEN);
+ str_length += strlen (&hwidlist[str_length]) + 1;
+
+ /**
+ * Locate the inf-file, we need to store it somewhere where the system can
+ * find it. We need to pick the correct driver for win32/win64.
+ */
+ if (is_win64())
+ GetFullPathNameA (INF_FILE64, MAX_PATH, inf_file_path, &temp_inf_filename);
+ else
+ GetFullPathNameA (INF_FILE, MAX_PATH, inf_file_path, &temp_inf_filename);
+
+ fprintf (stderr, "INFO: Located our driver's .inf file at %s\n", inf_file_path);
+ /**
+ * Bootstrap our device info using the drivers inf-file
+ */
+ if ( ! SetupDiGetINFClassA (inf_file_path,
+ &class_guid,
+ class_name, sizeof (class_name) / sizeof (char),
+ NULL))
+ return FALSE;
+
+ /**
+ * Collect all the other needed information...
+ * let the system fill our this form
+ */
+ DeviceInfo = SetupDiCreateDeviceInfoList (&class_guid, NULL);
+ if (DeviceInfo == INVALID_HANDLE_VALUE)
+ return FALSE;
+
+ DeviceNode.cbSize = sizeof (SP_DEVINFO_DATA);
+ if ( ! SetupDiCreateDeviceInfoA (DeviceInfo,
+ class_name,
+ &class_guid,
+ NULL,
+ 0,
+ DICD_GENERATE_ID,
+ &DeviceNode))
+ return FALSE;
+
+ /* Deploy all the information collected into the registry */
+ if ( ! SetupDiSetDeviceRegistryPropertyA (DeviceInfo,
+ &DeviceNode,
+ SPDRP_HARDWAREID,
+ (LPBYTE) hwidlist,
+ str_length * sizeof (char)))
+ return FALSE;
+
+ /* Install our new class(=device) into the system */
+ if ( ! SetupDiCallClassInstaller (DIF_REGISTERDEVICE,
+ DeviceInfo,
+ &DeviceNode))
+ return FALSE;
+
+ /* This system call tends to take a while (several seconds!) on
+ "modern" Windoze systems */
+ if ( ! UpdateDriverForPlugAndPlayDevicesA (NULL,
+ secondary_hwid,
+ inf_file_path,
+ INSTALLFLAG_FORCE | INSTALLFLAG_NONINTERACTIVE,
+ NULL)) //reboot required? NEVER!
+ return FALSE;
+
+ fprintf (stderr, "DEBUG: successfully created a network device\n");
+ return TRUE;
+}
+
+
+/**
+ * Remove our new virtual interface to use for tunneling.
+ * This function must be called AFTER setup_interface!
+ *
+ * @return: TRUE if destruction was successful, else FALSE
+ */
+static BOOL
+remove_interface ()
+{
+ SP_REMOVEDEVICE_PARAMS remove;
+
+ if (INVALID_HANDLE_VALUE == DeviceInfo)
+ return FALSE;
+
+ remove.ClassInstallHeader.cbSize = sizeof (SP_CLASSINSTALL_HEADER);
+ remove.HwProfile = 0;
+ remove.Scope = DI_REMOVEDEVICE_GLOBAL;
+ remove.ClassInstallHeader.InstallFunction = DIF_REMOVE;
+ /*
+ * 1. Prepare our existing device information set, and place the
+ * uninstall related information into the structure
+ */
+ if ( ! SetupDiSetClassInstallParamsA (DeviceInfo,
+ (PSP_DEVINFO_DATA) & DeviceNode,
+ &remove.ClassInstallHeader,
+ sizeof (remove)))
+ return FALSE;
+ /*
+ * 2. Uninstall the virtual interface using the class installer
+ */
+ if ( ! SetupDiCallClassInstaller (DIF_REMOVE,
+ DeviceInfo,
+ (PSP_DEVINFO_DATA) & DeviceNode))
+ return FALSE;
+
+ SetupDiDestroyDeviceInfoList (DeviceInfo);
+
+ fprintf (stderr, "DEBUG: removed interface successfully\n");
+
+ return TRUE;
+}
+
+
+/**
+ * Do all the lookup necessary to retrieve the inteface's actual name
+ * off the registry.
+ *
+ * @return: TRUE if we were able to lookup the interface's name, else FALSE
+ */
+static BOOL
+resolve_interface_name ()
+{
+ SP_DEVINFO_LIST_DETAIL_DATA device_details;
+ char pnp_instance_id [MAX_DEVICE_ID_LEN];
+ HKEY adapter_key_handle;
+ LONG status;
+ DWORD len;
+ int i = 0;
+ int retrys;
+ BOOL retval = FALSE;
+ char adapter[] = INTERFACE_REGISTRY_LOCATION;
+
+ /* We can obtain the PNP instance ID from our setupapi handle */
+ device_details.cbSize = sizeof (device_details);
+ if (CR_SUCCESS != CM_Get_Device_ID_ExA (DeviceNode.DevInst,
+ (PCHAR) pnp_instance_id,
+ MAX_DEVICE_ID_LEN,
+ 0, //must be 0
+ NULL)) //hMachine, we are local
+ return FALSE;
+
+ fprintf (stderr, "DEBUG: Resolving interface name for network device %s\n",pnp_instance_id);
+
+ /* Registry is incredibly slow, retry for up to 30 seconds to allow registry to refresh */
+ for (retrys = 0; retrys < 120 && !retval; retrys++)
+ {
+ /* sleep for 250ms*/
+ Sleep (250);
+
+ /* Now we can use this ID to locate the correct networks interface in registry */
+ if (ERROR_SUCCESS != RegOpenKeyExA (
+ HKEY_LOCAL_MACHINE,
+ adapter,
+ 0,
+ KEY_READ,
+ &adapter_key_handle))
+ return FALSE;
+
+ /* Of course there is a multitude of entries here, with arbitrary names,
+ * thus we need to iterate through there.
+ */
+ while (!retval)
+ {
+ char instance_key[256];
+ char query_key [256];
+ HKEY instance_key_handle;
+ char pnpinstanceid_name[] = "PnpInstanceID";
+ char pnpinstanceid_value[256];
+ char adaptername_name[] = "Name";
+ DWORD data_type;
+
+ len = 256 * sizeof (char);
+ /* optain a subkey of {4D36E972-E325-11CE-BFC1-08002BE10318} */
+ status = RegEnumKeyExA (
+ adapter_key_handle,
+ i,
+ instance_key,
+ &len,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+
+ /* this may fail due to one of two reasons:
+ * we are at the end of the list*/
+ if (ERROR_NO_MORE_ITEMS == status)
+ break;
+ // * we found a broken registry key, continue with the next key.
+ if (ERROR_SUCCESS != status)
+ goto cleanup;
+
+ /* prepare our new query string: */
+ snprintf (query_key, 256, "%s\\%s\\Connection",
+ adapter,
+ instance_key);
+
+ /* look inside instance_key\\Connection */
+ if (ERROR_SUCCESS != RegOpenKeyExA (
+ HKEY_LOCAL_MACHINE,
+ query_key,
+ 0,
+ KEY_READ,
+ &instance_key_handle))
+ goto cleanup;
+
+ /* now, read our PnpInstanceID */
+ len = sizeof (pnpinstanceid_value);
+ status = RegQueryValueExA (instance_key_handle,
+ pnpinstanceid_name,
+ NULL, //reserved, always NULL according to MSDN
+ &data_type,
+ (LPBYTE) pnpinstanceid_value,
+ &len);
+
+ if (status != ERROR_SUCCESS || data_type != REG_SZ)
+ goto cleanup;
+
+ /* compare the value we got to our devices PNPInstanceID*/
+ if (0 != strncmp (pnpinstanceid_value, pnp_instance_id,
+ sizeof (pnpinstanceid_value) / sizeof (char)))
+ goto cleanup;
+
+ len = sizeof (device_visible_name);
+ status = RegQueryValueExA (
+ instance_key_handle,
+ adaptername_name,
+ NULL, //reserved, always NULL according to MSDN
+ &data_type,
+ (LPBYTE) device_visible_name,
+ &len);
+
+ if (status != ERROR_SUCCESS || data_type != REG_SZ)
+ goto cleanup;
+
+ /*
+ * we have successfully found OUR instance,
+ * save the device GUID before exiting
+ */
+
+ strncpy (device_guid, instance_key, 256);
+ retval = TRUE;
+ fprintf (stderr, "DEBUG: Interface Name lookup succeeded on retry %d, got \"%s\" %s\n", retrys, device_visible_name, device_guid);
+
+cleanup:
+ RegCloseKey (instance_key_handle);
+
+ ++i;
+ }
+
+ RegCloseKey (adapter_key_handle);
+ }
+ return retval;
+}
+
+
+/**
+ * Determines the version of the installed TAP32 driver and checks if it's sufficiently new for GNUNET
+ *
+ * @param handle the handle to our tap device
+ * @return TRUE if the version is sufficient, else FALSE
+ */
+static BOOL
+check_tapw32_version (HANDLE handle)
+{
+ ULONG version[3];
+ DWORD len;
+ memset (&(version), 0, sizeof (version));
+
+ if (DeviceIoControl (handle, TAP_WIN_IOCTL_GET_VERSION,
+ &version, sizeof (version),
+ &version, sizeof (version), &len, NULL))
+ fprintf (stderr, "INFO: TAP-Windows Driver Version %d.%d %s\n",
+ (int) version[0],
+ (int) version[1],
+ (version[2] ? "(DEBUG)" : ""));
+
+ if ((version[0] != TAP_WIN_MIN_MAJOR) ||
+ (version[1] < TAP_WIN_MIN_MINOR )){
+ fprintf (stderr, "FATAL: This version of gnunet requires a TAP-Windows driver that is at least version %d.%d\n",
+ TAP_WIN_MIN_MAJOR,
+ TAP_WIN_MIN_MINOR);
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+
+/**
+ * Creates a tun-interface called dev;
+ *
+ * @return the fd to the tun or -1 on error
+ */
+static HANDLE
+init_tun ()
+{
+ char device_path[256];
+ HANDLE handle;
+
+ if (! setup_interface ())
+ {
+ errno = ENODEV;
+ return INVALID_HANDLE_VALUE;
+ }
+
+ if (! resolve_interface_name ())
+ {
+ errno = ENODEV;
+ return INVALID_HANDLE_VALUE;
+ }
+
+ /* Open Windows TAP-Windows adapter */
+ snprintf (device_path, sizeof (device_path), "%s%s%s",
+ USERMODEDEVICEDIR,
+ device_guid,
+ TAP_WIN_SUFFIX);
+
+ handle = CreateFile (
+ device_path,
+ GENERIC_READ | GENERIC_WRITE,
+ 0, /* was: FILE_SHARE_READ */
+ 0,
+ OPEN_EXISTING,
+ FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED,
+ 0
+ );
+
+ if (INVALID_HANDLE_VALUE == handle)
+ {
+ fprintf (stderr, "FATAL: CreateFile failed on TAP device: %s\n", device_path);
+ return handle;
+ }
+
+ /* get driver version info */
+ if (! check_tapw32_version (handle))
+ {
+ CloseHandle (handle);
+ return INVALID_HANDLE_VALUE;
+ }
+
+ /* TODO (opt?): get MTU-Size */
+
+ fprintf (stderr, "DEBUG: successfully opened TAP device\n");
+ return handle;
+}
+
+
+/**
+ * Brings a TAP device up and sets it to connected state.
+ *
+ * @param handle the handle to our TAP device
+ * @return True if the operation succeeded, else false
+ */
+static BOOL
+tun_up (HANDLE handle)
+{
+ ULONG status = TRUE;
+ DWORD len;
+ if (! DeviceIoControl (handle, TAP_WIN_IOCTL_SET_MEDIA_STATUS,
+ &status, sizeof (status),
+ &status, sizeof (status), &len, NULL))
+ {
+ fprintf (stderr, "FATAL: TAP driver ignored request to UP interface (DeviceIoControl call)\n");
+ return FALSE;
+ }
+
+ /* Wait for the device to go UP, might take some time. */
+ Sleep (TAP32_POSTUP_WAITTIME * 1000);
+ fprintf (stderr, "DEBUG: successfully set TAP device to UP\n");
+
+ return TRUE;
+}
+
+
+/**
+ * Attempts to read off an input facility (tap or named pipe) in overlapped mode.
+ *
+ * 1.
+ * If the input facility is in IOSTATE_READY, it will issue a new read operation to the
+ * input handle. Then it goes into IOSTATE_QUEUED state.
+ * In case the read succeeded instantly the input facility enters 3.
+ *
+ * 2.
+ * If the input facility is in IOSTATE_QUEUED state, it will check if the queued read has finished already.
+ * If it has finished, go to state 3.
+ * If it has failed, set IOSTATE_FAILED
+ *
+ * 3.
+ * If the output facility is in state IOSTATE_READY, the read-buffer is copied to the output buffer.
+ * The input facility enters state IOSTATE_READY
+ * The output facility enters state IOSTATE_READY
+ * If the output facility is in state IOSTATE_QUEUED, the input facility enters IOSTATE_WAITING
+ *
+ * IOSTATE_WAITING is reset by the output facility, once it has completed.
+ *
+ * @param input_facility input named pipe or file to work with.
+ * @param output_facility output pipe or file to hand over data to.
+ * @return false if an event reset was impossible (OS error), else true
+ */
+static BOOL
+attempt_read_tap (struct io_facility * input_facility,
+ struct io_facility * output_facility)
+{
+ struct GNUNET_MessageHeader * hdr;
+ unsigned short size;
+
+ switch (input_facility->facility_state)
+ {
+ case IOSTATE_READY:
+ {
+ if (! ResetEvent (input_facility->overlapped.hEvent))
+ {
+ return FALSE;
+ }
+
+ input_facility->buffer_size = 0;
+
+ /* Check how the task is handled */
+ if (ReadFile (input_facility->handle,
+ input_facility->buffer,
+ sizeof (input_facility->buffer) - sizeof (struct GNUNET_MessageHeader),
+ &input_facility->buffer_size,
+ &input_facility->overlapped))
+ {/* async event processed immediately*/
+
+ /* reset event manually*/
+ if (! SetEvent (input_facility->overlapped.hEvent))
+ return FALSE;
+
+ fprintf (stderr, "DEBUG: tap read succeeded immediately\n");
+
+ /* we successfully read something from the TAP and now need to
+ * send it our via STDOUT. Is that possible at the moment? */
+ if ((IOSTATE_READY == output_facility->facility_state ||
+ IOSTATE_WAITING == output_facility->facility_state)
+ && (0 < input_facility->buffer_size))
+ { /* hand over this buffers content and apply message header for gnunet */
+ hdr = (struct GNUNET_MessageHeader *) output_facility->buffer;
+ size = input_facility->buffer_size + sizeof (struct GNUNET_MessageHeader);
+
+ memcpy (output_facility->buffer + sizeof (struct GNUNET_MessageHeader),
+ input_facility->buffer,
+ input_facility->buffer_size);
+
+ output_facility->buffer_size = size;
+ hdr->size = htons (size);
+ hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
+ output_facility->facility_state = IOSTATE_READY;
+ }
+ else if (0 < input_facility->buffer_size)
+ /* If we have have read our buffer, wait for our write-partner*/
+ input_facility->facility_state = IOSTATE_WAITING;
+ }
+ else /* operation was either queued or failed*/
+ {
+ int err = GetLastError ();
+ if (ERROR_IO_PENDING == err)
+ { /* operation queued */
+ input_facility->facility_state = IOSTATE_QUEUED;
+ }
+ else
+ { /* error occurred, let the rest of the elements finish */
+ input_facility->path_open = FALSE;
+ input_facility->facility_state = IOSTATE_FAILED;
+ if (IOSTATE_WAITING == output_facility->facility_state)
+ output_facility->path_open = FALSE;
+
+ fprintf (stderr, "FATAL: Read from handle failed, allowing write to finish\n");
+ }
+ }
+ }
+ return TRUE;
+ // We are queued and should check if the read has finished
+ case IOSTATE_QUEUED:
+ {
+ // there was an operation going on already, check if that has completed now.
+
+ if (GetOverlappedResult (input_facility->handle,
+ &input_facility->overlapped,
+ &input_facility->buffer_size,
+ FALSE))
+ {/* successful return for a queued operation */
+ if (! ResetEvent (input_facility->overlapped.hEvent))
+ return FALSE;
+
+ fprintf (stderr, "DEBUG: tap read succeeded delayed\n");
+
+ /* we successfully read something from the TAP and now need to
+ * send it our via STDOUT. Is that possible at the moment? */
+ if ((IOSTATE_READY == output_facility->facility_state ||
+ IOSTATE_WAITING == output_facility->facility_state)
+ && 0 < input_facility->buffer_size)
+ { /* hand over this buffers content and apply message header for gnunet */
+ hdr = (struct GNUNET_MessageHeader *) output_facility->buffer;
+ size = input_facility->buffer_size + sizeof (struct GNUNET_MessageHeader);
+
+ memcpy (output_facility->buffer + sizeof (struct GNUNET_MessageHeader),
+ input_facility->buffer,
+ input_facility->buffer_size);
+
+ output_facility->buffer_size = size;
+ hdr->size = htons(size);
+ hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
+ output_facility->facility_state = IOSTATE_READY;
+ input_facility->facility_state = IOSTATE_READY;
+ }
+ else if (0 < input_facility->buffer_size)
+ { /* If we have have read our buffer, wait for our write-partner*/
+ input_facility->facility_state = IOSTATE_WAITING;
+ // TODO: shall we attempt to fill our buffer or should we wait for our write-partner to finish?
+ }
+ }
+ else
+ { /* operation still pending/queued or failed? */
+ int err = GetLastError ();
+ if ((ERROR_IO_INCOMPLETE != err) && (ERROR_IO_PENDING != err))
+ { /* error occurred, let the rest of the elements finish */
+ input_facility->path_open = FALSE;
+ input_facility->facility_state = IOSTATE_FAILED;
+ if (IOSTATE_WAITING == output_facility->facility_state)
+ output_facility->path_open = FALSE;
+ fprintf (stderr, "FATAL: Read from handle failed, allowing write to finish\n");
+ }
+ }
+ }
+ return TRUE;
+ case IOSTATE_RESUME:
+ hdr = (struct GNUNET_MessageHeader *) output_facility->buffer;
+ size = input_facility->buffer_size + sizeof (struct GNUNET_MessageHeader);
+
+ memcpy (output_facility->buffer + sizeof (struct GNUNET_MessageHeader),
+ input_facility->buffer,
+ input_facility->buffer_size);
+
+ output_facility->buffer_size = size;
+ hdr->size = htons (size);
+ hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
+ output_facility->facility_state = IOSTATE_READY;
+ input_facility->facility_state = IOSTATE_READY;
+ return TRUE;
+ default:
+ return TRUE;
+ }
+}
+
+
+/**
+ * Attempts to read off an input facility (tap or named pipe) in overlapped mode.
+ *
+ * 1.
+ * If the input facility is in IOSTATE_READY, it will issue a new read operation to the
+ * input handle. Then it goes into IOSTATE_QUEUED state.
+ * In case the read succeeded instantly the input facility enters 3.
+ *
+ * 2.
+ * If the input facility is in IOSTATE_QUEUED state, it will check if the queued read has finished already.
+ * If it has finished, go to state 3.
+ * If it has failed, set IOSTATE_FAILED
+ *
+ * 3.
+ * If the facility is finished with ready
+ * The read-buffer is copied to the output buffer, except for the GNUNET_MessageHeader.
+ * The input facility enters state IOSTATE_READY
+ * The output facility enters state IOSTATE_READY
+ * If the output facility is in state IOSTATE_QUEUED, the input facility enters IOSTATE_WAITING
+ *
+ * IOSTATE_WAITING is reset by the output facility, once it has completed.
+ *
+ * @param input_facility input named pipe or file to work with.
+ * @param output_facility output pipe or file to hand over data to.
+ * @return false if an event reset was impossible (OS error), else true
+ */
+static BOOL
+attempt_read_stdin (struct io_facility * input_facility,
+ struct io_facility * output_facility)
+{
+ struct GNUNET_MessageHeader * hdr;
+
+ switch (input_facility->facility_state)
+ {
+ case IOSTATE_READY:
+ {
+ input_facility->buffer_size = 0;
+
+partial_read_iostate_ready:
+ if (! ResetEvent (input_facility->overlapped.hEvent))
+ return FALSE;
+
+ /* Check how the task is handled */
+ if (ReadFile (input_facility->handle,
+ input_facility->buffer + input_facility->buffer_size,
+ sizeof (input_facility->buffer) - input_facility->buffer_size,
+ &input_facility->buffer_size_processed,
+ &input_facility->overlapped))
+ {/* async event processed immediately*/
+ hdr = (struct GNUNET_MessageHeader *) input_facility->buffer;
+
+ /* reset event manually*/
+ if (!SetEvent (input_facility->overlapped.hEvent))
+ return FALSE;
+
+ fprintf (stderr, "DEBUG: stdin read succeeded immediately\n");
+ input_facility->buffer_size += input_facility->buffer_size_processed;
+
+ if (ntohs (hdr->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER ||
+ ntohs (hdr->size) > sizeof (input_facility->buffer))
+ {
+ fprintf (stderr, "WARNING: Protocol violation, got GNUnet Message type %h, size %h\n", ntohs (hdr->type), ntohs (hdr->size));
+ input_facility->facility_state = IOSTATE_READY;
+ return TRUE;
+ }
+ /* we got the a part of a packet */
+ if (ntohs (hdr->size) > input_facility->buffer_size)
+ goto partial_read_iostate_ready;
+
+ /* have we read more than 0 bytes of payload? (sizeread > header)*/
+ if (input_facility->buffer_size > sizeof (struct GNUNET_MessageHeader) &&
+ ((IOSTATE_READY == output_facility->facility_state) ||
+ (IOSTATE_WAITING == output_facility->facility_state)))
+ {/* we successfully read something from the TAP and now need to
+ * send it our via STDOUT. Is that possible at the moment? */
+
+ /* hand over this buffers content and strip gnunet message header */
+ memcpy (output_facility->buffer,
+ input_facility->buffer + sizeof (struct GNUNET_MessageHeader),
+ input_facility->buffer_size - sizeof (struct GNUNET_MessageHeader));
+ output_facility->buffer_size = input_facility->buffer_size - sizeof (struct GNUNET_MessageHeader);
+ output_facility->facility_state = IOSTATE_READY;
+ input_facility->facility_state = IOSTATE_READY;
+ }
+ else if (input_facility->buffer_size > sizeof (struct GNUNET_MessageHeader))
+ /* If we have have read our buffer, wait for our write-partner*/
+ input_facility->facility_state = IOSTATE_WAITING;
+ else /* we read nothing */
+ input_facility->facility_state = IOSTATE_READY;
+ }
+ else /* operation was either queued or failed*/
+ {
+ int err = GetLastError ();
+ if (ERROR_IO_PENDING == err) /* operation queued */
+ input_facility->facility_state = IOSTATE_QUEUED;
+ else
+ { /* error occurred, let the rest of the elements finish */
+ input_facility->path_open = FALSE;
+ input_facility->facility_state = IOSTATE_FAILED;
+ if (IOSTATE_WAITING == output_facility->facility_state)
+ output_facility->path_open = FALSE;
+
+ fprintf (stderr, "FATAL: Read from handle failed, allowing write to finish\n");
+ }
+ }
+ }
+ return TRUE;
+ // We are queued and should check if the read has finished
+ case IOSTATE_QUEUED:
+ {
+ // there was an operation going on already, check if that has completed now.
+ if (GetOverlappedResult (input_facility->handle,
+ &input_facility->overlapped,
+ &input_facility->buffer_size_processed,
+ FALSE))
+ {/* successful return for a queued operation */
+ hdr = (struct GNUNET_MessageHeader *) input_facility->buffer;
+
+ if (! ResetEvent (input_facility->overlapped.hEvent))
+ return FALSE;
+
+ fprintf (stderr, "DEBUG: stdin read succeeded delayed\n");
+ input_facility->buffer_size += input_facility->buffer_size_processed;
+
+ if ((ntohs (hdr->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER) ||
+ (ntohs (hdr->size) > sizeof (input_facility->buffer)))
+ {
+ fprintf (stderr, "WARNING: Protocol violation, got GNUnet Message type %h, size %h\n", ntohs (hdr->type), ntohs (hdr->size));
+ input_facility->facility_state = IOSTATE_READY;
+ return TRUE;
+ }
+ /* we got the a part of a packet */
+ if (ntohs (hdr->size) > input_facility->buffer_size );
+ goto partial_read_iostate_ready;
+
+ /* we successfully read something from the TAP and now need to
+ * send it our via STDOUT. Is that possible at the moment? */
+ if ((IOSTATE_READY == output_facility->facility_state ||
+ IOSTATE_WAITING == output_facility->facility_state)
+ && input_facility->buffer_size > sizeof(struct GNUNET_MessageHeader))
+ { /* hand over this buffers content and strip gnunet message header */
+ memcpy (output_facility->buffer,
+ input_facility->buffer + sizeof(struct GNUNET_MessageHeader),
+ input_facility->buffer_size - sizeof(struct GNUNET_MessageHeader));
+ output_facility->buffer_size = input_facility->buffer_size - sizeof(struct GNUNET_MessageHeader);
+ output_facility->facility_state = IOSTATE_READY;
+ input_facility->facility_state = IOSTATE_READY;
+ }
+ else if (input_facility->buffer_size > sizeof(struct GNUNET_MessageHeader))
+ input_facility->facility_state = IOSTATE_WAITING;
+ else
+ input_facility->facility_state = IOSTATE_READY;
+ }
+ else
+ { /* operation still pending/queued or failed? */
+ int err = GetLastError ();
+ if ((ERROR_IO_INCOMPLETE != err) && (ERROR_IO_PENDING != err))
+ { /* error occurred, let the rest of the elements finish */
+ input_facility->path_open = FALSE;
+ input_facility->facility_state = IOSTATE_FAILED;
+ if (IOSTATE_WAITING == output_facility->facility_state)
+ output_facility->path_open = FALSE;
+ fprintf (stderr, "FATAL: Read from handle failed, allowing write to finish\n");
+ }
+ }
+ }
+ return TRUE;
+ case IOSTATE_RESUME: /* Our buffer was filled already but our write facility was busy. */
+ memcpy (output_facility->buffer,
+ input_facility->buffer + sizeof (struct GNUNET_MessageHeader),
+ input_facility->buffer_size - sizeof (struct GNUNET_MessageHeader));
+ output_facility->buffer_size = input_facility->buffer_size - sizeof (struct GNUNET_MessageHeader);
+ output_facility->facility_state = IOSTATE_READY;
+ input_facility->facility_state = IOSTATE_READY;
+ return TRUE;
+ default:
+ return TRUE;
+ }
+}
+
+
+/**
+ * Attempts to write to an output facility (tap or named pipe) in overlapped mode.
+ *
+ * TODO: high level description
+ *
+ * @param output_facility output pipe or file to hand over data to.
+ * @param input_facility input named pipe or file to work with.
+ * @return false if an event reset was impossible (OS error), else true
+ */
+static BOOL
+attempt_write (struct io_facility * output_facility,
+ struct io_facility * input_facility)
+{
+ switch (output_facility->facility_state)
+ {
+ case IOSTATE_READY:
+ output_facility->buffer_size_written = 0;
+
+continue_partial_write:
+ if (! ResetEvent (output_facility->overlapped.hEvent))
+ return FALSE;
+
+ /* Check how the task was handled */
+ if (WriteFile (output_facility->handle,
+ output_facility->buffer + output_facility->buffer_size_written,
+ output_facility->buffer_size - output_facility->buffer_size_written,
+ &output_facility->buffer_size_processed,
+ &output_facility->overlapped))
+ {/* async event processed immediately*/
+
+ fprintf (stderr, "DEBUG: write succeeded immediately\n");
+ output_facility->buffer_size_written += output_facility->buffer_size_processed;
+
+ /* reset event manually*/
+ if (! SetEvent (output_facility->overlapped.hEvent))
+ return FALSE;
+
+ /* partial write */
+ if (output_facility->buffer_size_written < output_facility->buffer_size)
+ goto continue_partial_write;
+
+ /* we are now waiting for our buffer to be filled*/
+ output_facility->facility_state = IOSTATE_WAITING;
+
+ /* we successfully wrote something and now need to reset our reader */
+ if (IOSTATE_WAITING == input_facility->facility_state)
+ input_facility->facility_state = IOSTATE_RESUME;
+ else if (IOSTATE_FAILED == input_facility->facility_state)
+ output_facility->path_open = FALSE;
+ }
+ else /* operation was either queued or failed*/
+ {
+ int err = GetLastError ();
+ if (ERROR_IO_PENDING == err)
+ { /* operation queued */
+ output_facility->facility_state = IOSTATE_QUEUED;
+ }
+ else
+ { /* error occurred, close this path */
+ output_facility->path_open = FALSE;
+ output_facility->facility_state = IOSTATE_FAILED;
+ fprintf (stderr, "FATAL: Write to handle failed, exiting\n");
+ }
+ }
+ return TRUE;
+ case IOSTATE_QUEUED:
+ // there was an operation going on already, check if that has completed now.
+
+ if (GetOverlappedResult (output_facility->handle,
+ &output_facility->overlapped,
+ &output_facility->buffer_size_processed,
+ FALSE))
+ {/* successful return for a queued operation */
+ if (! ResetEvent (output_facility->overlapped.hEvent))
+ return FALSE;
+
+ fprintf (stderr, "DEBUG: write succeeded delayed\n");
+ output_facility->buffer_size_written += output_facility->buffer_size_processed;
+
+ /* partial write */
+ if (output_facility->buffer_size_written < output_facility->buffer_size)
+ goto continue_partial_write;
+
+ /* we are now waiting for our buffer to be filled*/
+ output_facility->facility_state = IOSTATE_WAITING;
+
+ /* we successfully wrote something and now need to reset our reader */
+ if (IOSTATE_WAITING == input_facility->facility_state)
+ input_facility->facility_state = IOSTATE_RESUME;
+ else if (IOSTATE_FAILED == input_facility->facility_state)
+ output_facility->path_open = FALSE;
+ }
+ else
+ { /* operation still pending/queued or failed? */
+ int err = GetLastError ();
+ if ((ERROR_IO_INCOMPLETE != err) && (ERROR_IO_PENDING != err))
+ { /* error occurred, close this path */
+ output_facility->path_open = FALSE;
+ output_facility->facility_state = IOSTATE_FAILED;
+ fprintf (stderr, "FATAL: Write to handle failed, exiting\n");
+ }
+ }
+ default:
+ return TRUE;
+ }
+}
+
+
+/**
+ * Initialize a overlapped structure
+ *
+ * @param elem the element to initilize
+ * @param initial_state the initial state for this instance
+ * @param signaled if the hEvent created should default to signaled or not
+ * @return true on success, else false
+ */
+static BOOL
+initialize_io_facility (struct io_facility * elem,
+ int initial_state,
+ BOOL signaled)
+{
+ elem->path_open = TRUE;
+ elem->handle = INVALID_HANDLE_VALUE;
+ elem->facility_state = initial_state;
+ elem->buffer_size = 0;
+ elem->overlapped.hEvent = CreateEvent (NULL, TRUE, signaled, NULL);
+ if (NULL == elem->overlapped.hEvent)
+ return FALSE;
+
+ return TRUE;
+}
+
+
+/**
+ * Start forwarding to and from the tunnel.
+ *
+ * @param fd_tun tunnel FD
+ */
+static void
+run (HANDLE tap_handle)
+{
+ /* IO-Facility for reading from our virtual interface */
+ struct io_facility tap_read;
+ /* IO-Facility for writing to our virtual interface */
+ struct io_facility tap_write;
+ /* IO-Facility for reading from stdin */
+ struct io_facility std_in;
+ /* IO-Facility for writing to stdout */
+ struct io_facility std_out;
+
+ HANDLE parent_std_in_handle = GetStdHandle (STD_INPUT_HANDLE);
+ HANDLE parent_std_out_handle = GetStdHandle (STD_OUTPUT_HANDLE);
+
+ /* tun up: */
+ /* we do this HERE and not beforehand (in init_tun()), in contrast to openvpn
+ * to remove the need to flush the arp cache, handle DHCP and wrong IPs.
+ *
+ * DHCP and such are all features we will never use in gnunet afaik.
+ * But for openvpn those are essential.
+ */
+ if (! tun_up (tap_handle))
+ return;
+
+ /* Initialize our overlapped IO structures*/
+ if (! (initialize_io_facility (&tap_read, IOSTATE_READY, FALSE)
+ && initialize_io_facility (&tap_write, IOSTATE_WAITING, TRUE)
+ && initialize_io_facility (&std_in, IOSTATE_READY, FALSE)
+ && initialize_io_facility (&std_out, IOSTATE_WAITING, TRUE)))
+ goto teardown_final;
+
+ /* Handles for STDIN and STDOUT */
+ tap_read.handle = tap_handle;
+ tap_write.handle = tap_handle;
+
+#ifdef DEBUG_TO_CONSOLE
+ /* Debug output to console STDIN/STDOUT*/
+ std_in.handle = parent_std_in_handle;
+ std_out.handle = parent_std_out_handle;
+
+#else
+ fprintf (stderr, "DEBUG: reopening stdin/out for overlapped IO\n");
+ /*
+ * Find out the types of our handles.
+ * This part is a problem, because in windows we need to handle files,
+ * pipes and the console differently.
+ */
+ if ((FILE_TYPE_PIPE != GetFileType (parent_std_in_handle)) ||
+ (FILE_TYPE_PIPE != GetFileType (parent_std_out_handle)))
+ {
+ fprintf (stderr, "ERROR: stdin/stdout must be named pipes\n");
+ goto teardown;
+ }
+
+ std_in.handle = ReOpenFile (parent_std_in_handle,
+ GENERIC_READ,
+ FILE_SHARE_WRITE | FILE_SHARE_READ,
+ FILE_FLAG_OVERLAPPED);
+
+ if (INVALID_HANDLE_VALUE == std_in.handle)
+ {
+ fprintf (stderr, "FATAL: Could not reopen stdin for in overlapped mode, has to be a named pipe\n");
+ goto teardown;
+ }
+
+ std_out.handle = ReOpenFile (parent_std_out_handle,
+ GENERIC_WRITE,
+ FILE_SHARE_READ,
+ FILE_FLAG_OVERLAPPED);
+
+ if (INVALID_HANDLE_VALUE == std_out.handle)
+ {
+ fprintf (stderr, "FATAL: Could not reopen stdout for in overlapped mode, has to be a named pipe\n");
+ goto teardown;
+ }
+#endif
+
+ fprintf (stderr, "DEBUG: mainloop has begun\n");
+
+ while (std_out.path_open || tap_write.path_open)
+ {
+ /* perform READ from stdin if possible */
+ if (std_in.path_open && (! attempt_read_stdin (&std_in, &tap_write)))
+ break;
+
+ /* perform READ from tap if possible */
+ if (tap_read.path_open && (! attempt_read_tap (&tap_read, &std_out)))
+ break;
+
+ /* perform WRITE to tap if possible */
+ if (tap_write.path_open && (! attempt_write (&tap_write, &std_in)))
+ break;
+
+ /* perform WRITE to STDOUT if possible */
+ if (std_out.path_open && (! attempt_write (&std_out, &tap_read)))
+ break;
+ }
+
+teardown:
+
+ fprintf (stderr, "DEBUG: teardown initiated\n");
+
+ CancelIo (tap_handle);
+ CancelIo (std_in.handle);
+ CancelIo (std_out.handle);
+
+teardown_final:
+
+ CloseHandle (tap_handle);
+}
+
+
+/**
+ * Open VPN tunnel interface.
+ *
+ * @param argc must be 6
+ * @param argv 0: binary name (gnunet-helper-vpn)
+ * 1: tunnel interface prefix (gnunet-vpn)
+ * 2: IPv6 address (::1), "-" to disable
+ * 3: IPv6 netmask length in bits (64), ignored if #2 is "-"
+ * 4: IPv4 address (1.2.3.4), "-" to disable
+ * 5: IPv4 netmask (255.255.0.0), ignored if #4 is "-"
+ */
+int
+main (int argc, char **argv)
+{
+ char hwid[LINE_LEN];
+ HANDLE handle;
+ int global_ret = 0;
+ BOOL have_ip4 = FALSE;
+ BOOL have_ip6 = FALSE;
+
+ if (6 != argc)
+ {
+ fprintf (stderr, "FATAL: must supply 5 arguments\nUsage:\ngnunet-helper-vpn <if name prefix> <address6 or \"-\"> <netbits6> <address4 or \"-\"> <netmask4>\n", argv[0]);
+ return 1;
+ }
+
+ strncpy (hwid, argv[1], LINE_LEN);
+ hwid[LINE_LEN - 1] = '\0';
+
+ /*
+ * We use our PID for finding/resolving the control-panel name of our virtual
+ * device. PIDs are (of course) unique at runtime, thus we can safely use it
+ * as additional hardware-id for our device.
+ */
+ snprintf (secondary_hwid, LINE_LEN / 2, "%s-%d",
+ hwid,
+ _getpid ());
+
+ if (INVALID_HANDLE_VALUE == (handle = init_tun ()))
+ {
+ fprintf (stderr, "FATAL: could not initialize virtual-interface %s with IPv6 %s/%s and IPv4 %s/%s\n",
+ hwid,
+ argv[2],
+ argv[3],
+ argv[4],
+ argv[5]);
+ global_ret = -1;
+ goto cleanup;
+ }
+
+ fprintf (stderr, "DEBUG: Setting IPs, if needed\n");
+ if (0 != strcmp (argv[2], "-"))
+ {
+ const char *address = argv[2];
+ long prefix_len = atol (argv[3]);
+
+ if ((prefix_len < 1) || (prefix_len > 127))
+ {
+ fprintf (stderr, "FATAL: ipv6 prefix_len out of range\n");
+ global_ret = -1;
+ goto cleanup;
+ }
+
+ fprintf (stderr, "DEBUG: Setting IP6 address: %s/%d\n",address,prefix_len);
+ if (0 != (global_ret = set_address6 (address, prefix_len)))
+ goto cleanup;
+
+ have_ip6 = TRUE;
+ }
+
+ if (0 != strcmp (argv[4], "-"))
+ {
+ const char *address = argv[4];
+ const char *mask = argv[5];
+
+ fprintf (stderr, "DEBUG: Setting IP4 address: %s/%s\n",address,mask);
+ if (0 != (global_ret = set_address4 (address, mask)))
+ goto cleanup;
+
+ have_ip4 = TRUE;
+ }
+
+ run (handle);
+ global_ret = 0;
+cleanup:
+
+ if (have_ip4)
+ {
+ const char *address = argv[4];
+ fprintf (stderr, "DEBUG: Removing IP4 address\n");
+ remove_address4 (address);
+ }
+ if (have_ip6)
+ {
+ const char *address = argv[2];
+ fprintf (stderr, "DEBUG: Removing IP6 address\n");
+ remove_address6 (address);
+ }
+
+ fprintf (stderr, "DEBUG: removing interface\n");
+ remove_interface ();
+ fprintf (stderr, "DEBUG: graceful exit completed\n");
+
+ return global_ret;
+}