Tool to help bypass NATs using ICMP method; must run as root (SUID will do) This code will work under GNU/Linux only. More...
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <stdlib.h>
#include <stdint.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <netinet/in.h>
Go to the source code of this file.
Data Structures | |
struct | ip_header |
IPv4 header. More... | |
struct | icmp_ttl_exceeded_header |
Format of ICMP packet. More... | |
struct | icmp_echo_header |
struct | udp_header |
Beginning of UDP packet. More... | |
Macros | |
#define | _GNU_SOURCE |
#define | ICMP_TIME_EXCEEDED 11 |
#define | GNUNET_memcpy(dst, src, n) |
Call memcpy() but check for n being 0 first. More... | |
#define | DUMMY_IP "192.0.2.86" |
Must match IP given in the server. More... | |
#define | NAT_TRAV_PORT 22225 |
#define | PACKET_ID 256 |
Must match packet ID used by gnunet-helper-nat-server.c. More... | |
Functions | |
static uint16_t | calc_checksum (const uint16_t *data, unsigned int bytes) |
CRC-16 for IP/ICMP headers. More... | |
static void | send_icmp_udp (const struct in_addr *my_ip, const struct in_addr *other) |
Send an ICMP message to the target. More... | |
static void | send_icmp (const struct in_addr *my_ip, const struct in_addr *other) |
Send an ICMP message to the target. More... | |
int | main (int argc, char *const *argv) |
Variables | |
static int | rawsock |
Socket we use to send our fake ICMP replies. More... | |
static struct in_addr | dummy |
Target "dummy" address of the packet we pretend to respond to. More... | |
static uint16_t | port |
Our "source" port. More... | |
Tool to help bypass NATs using ICMP method; must run as root (SUID will do) This code will work under GNU/Linux only.
This program will send ONE ICMP message using RAW sockets to the IP address specified as the second argument. Since it uses RAW sockets, it must be installed SUID or run as 'root'. In order to keep the security risk of the resulting SUID binary minimal, the program ONLY opens the RAW socket with root privileges, then drops them and only then starts to process command line arguments. The code also does not link against any shared libraries (except libc) and is strictly minimal (except for checking for errors). The following list of people have reviewed this code and considered it safe since the last modification (if you reviewed it, please have your name added to the list):
Definition in file gnunet-helper-nat-client.c.
#define _GNU_SOURCE |
Definition at line 49 of file gnunet-helper-nat-client.c.
#define ICMP_TIME_EXCEEDED 11 |
Definition at line 67 of file gnunet-helper-nat-client.c.
#define GNUNET_memcpy | ( | dst, | |
src, | |||
n | |||
) |
Call memcpy() but check for n being 0 first.
In the latter case, it is now safe to pass NULL for src or dst. Unlike traditional memcpy(), returns nothing.
dst | destination of the copy, may be NULL if n is zero |
src | source of the copy, may be NULL if n is zero |
n | number of bytes to copy |
Definition at line 79 of file gnunet-helper-nat-client.c.
#define DUMMY_IP "192.0.2.86" |
Must match IP given in the server.
Definition at line 86 of file gnunet-helper-nat-client.c.
#define NAT_TRAV_PORT 22225 |
Definition at line 88 of file gnunet-helper-nat-client.c.
#define PACKET_ID 256 |
Must match packet ID used by gnunet-helper-nat-server.c.
Definition at line 93 of file gnunet-helper-nat-client.c.
|
static |
CRC-16 for IP/ICMP headers.
data | what to calculate the CRC over |
bytes | number of bytes in data (must be multiple of 2) |
Definition at line 216 of file gnunet-helper-nat-client.c.
References data, and consensus-simulation::sum.
Referenced by send_icmp(), and send_icmp_udp().
|
static |
Send an ICMP message to the target.
my_ip | source address |
other | target address |
Definition at line 237 of file gnunet-helper-nat-client.c.
References calc_checksum(), ip_header::checksum, icmp_ttl_exceeded_header::checksum, icmp_ttl_exceeded_header::code, udp_header::crc, ip_header::dst_ip, udp_header::dst_port, dummy, ip_header::flags_frag_offset, GNUNET_memcpy, ICMP_TIME_EXCEEDED, ip_header::id, udp_header::length, NAT_TRAV_PORT, PACKET_ID, ip_header::pkt_len, port, ip_header::proto, rawsock, ip_header::src_ip, udp_header::src_port, ip_header::tos, ip_header::ttl, icmp_ttl_exceeded_header::type, icmp_ttl_exceeded_header::unused, and ip_header::vers_ihl.
Referenced by main().
|
static |
Send an ICMP message to the target.
my_ip | source address |
other | target address |
Definition at line 349 of file gnunet-helper-nat-client.c.
References calc_checksum(), ip_header::checksum, icmp_ttl_exceeded_header::checksum, icmp_echo_header::checksum, icmp_ttl_exceeded_header::code, icmp_echo_header::code, ip_header::dst_ip, dummy, ip_header::flags_frag_offset, GNUNET_memcpy, ICMP_TIME_EXCEEDED, ip_header::id, PACKET_ID, ip_header::pkt_len, port, ip_header::proto, rawsock, icmp_echo_header::reserved, ip_header::src_ip, ip_header::tos, ip_header::ttl, icmp_ttl_exceeded_header::type, icmp_echo_header::type, icmp_ttl_exceeded_header::unused, and ip_header::vers_ihl.
Referenced by main().
int main | ( | int | argc, |
char *const * | argv | ||
) |
Definition at line 457 of file gnunet-helper-nat-client.c.
References cleanup(), dummy, DUMMY_IP, global_ret, p, port, rawsock, send_icmp(), and send_icmp_udp().
|
static |
Socket we use to send our fake ICMP replies.
Definition at line 195 of file gnunet-helper-nat-client.c.
Referenced by main(), send_icmp(), and send_icmp_udp().
|
static |
Target "dummy" address of the packet we pretend to respond to.
Definition at line 195 of file gnunet-helper-nat-client.c.
Referenced by access_handler_callback(), extract_port(), GNUNET_HELLO_builder_from_url(), GNUNET_NETWORK_shorten_unixpath(), GNUNET_STRINGS_parse_ipv4_policy(), GNUNET_STRINGS_parse_ipv6_policy(), GNUNET_TRANSPORT_TESTING_start_peer(), libgnunet_plugin_dhtu_ip_init(), main(), PEERSTORE_create_record_mq_envelope(), PEERSTORE_parse_record_message(), run(), send_icmp(), send_icmp_udp(), setup_service(), sq_prepare(), start_peer_run(), and udp_address_to_sockaddr().
|
static |
Our "source" port.
Definition at line 205 of file gnunet-helper-nat-client.c.
Referenced by main(), send_icmp(), and send_icmp_udp().