gnunet-helper-nat-server.c File Reference

Tool to help bypass NATs using ICMP method; must run as root (SUID will do) This code will work under GNU/Linux only (or maybe BSDs, but never W32) More...

#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <sys/select.h>
#include <sys/time.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <stdlib.h>
#include <stdint.h>
#include <time.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <netinet/in.h>

Include dependency graph for gnunet-helper-nat-server.c:

Go to the source code of this file.

Data Structures
struct	ip_header
	IPv4 header. More...
struct	icmp_ttl_exceeded_header
	Format of ICMP packet. More...
struct	icmp_echo_header
struct	udp_header
	Beginning of UDP packet. More...

Macros
#define	_GNU_SOURCE
#define	ICMP_TIME_EXCEEDED   11
#define	GNUNET_memcpy(dst, src, n)
	Call memcpy() but check for n being 0 first. More...
#define	VERBOSE   0
	Should we print some debug output? More...
#define	PACKET_ID   256
	Must match packet ID used by gnunet-helper-nat-client.c. More...
#define	DUMMY_IP   "192.0.2.86"
	Must match IP given in the client. More...
#define	NAT_TRAV_PORT   22225
	Port for UDP. More...
#define	ICMP_SEND_FREQUENCY_MS   500
	How often do we send our ICMP messages to receive replies? More...

Functions
static uint16_t	calc_checksum (const uint16_t *data, unsigned int bytes)
	CRC-16 for IP/ICMP headers. More...
static void	send_icmp_echo (const struct in_addr *my_ip)
	Send an ICMP message to the dummy IP. More...
static void	send_udp ()
	Send a UDP message to the dummy IP. More...
static void	process_icmp_response ()
	We've received an ICMP response. More...
static int	setup_raw_socket ()
	Fully initialize the raw socket. More...
static int	make_udp_socket (const struct in_addr *my_ip)
	Create a UDP socket for writing. More...
int	main (int argc, char *const *argv)

Variables
static int	icmpsock
	Socket we use to receive "fake" ICMP replies. More...
static int	rawsock
	Socket we use to send our ICMP requests. More...
static int	udpsock
	Socket we use to send our UDP requests. More...
static struct in_addr	dummy
	Target "dummy" address. More...

Detailed Description

Tool to help bypass NATs using ICMP method; must run as root (SUID will do) This code will work under GNU/Linux only (or maybe BSDs, but never W32)

Author

Christian Grothoff

This program will send ONE ICMP message every 500 ms RAW sockets to a DUMMY IP address and also listens for ICMP replies. Since it uses RAW sockets, it must be installed SUID or run as 'root'. In order to keep the security risk of the resulting SUID binary minimal, the program ONLY opens the two RAW sockets with root privileges, then drops them and only then starts to process command line arguments. The code also does not link against any shared libraries (except libc) and is strictly minimal (except for checking for errors). The following list of people have reviewed this code and considered it safe since the last modification (if you reviewed it, please have your name added to the list):

• Christian Grothoff
• Nathan Evans
• Benjamin Kuperman (22 Aug 2010)
• Jacob Appelbaum (19 Dec 2011)

Definition in file gnunet-helper-nat-server.c.

Macro Definition Documentation

_GNU_SOURCE

#define _GNU_SOURCE

Definition at line 50 of file gnunet-helper-nat-server.c.

ICMP_TIME_EXCEEDED

#define ICMP_TIME_EXCEEDED   11

Definition at line 71 of file gnunet-helper-nat-server.c.

GNUNET_memcpy

#define GNUNET_memcpy	(		dst,
			src,
			n
	)

Value:

                                                                     do { if (0 != n) { (void) memcpy (dst, src, \
                                                                     n); \
                                        } } while (0)

Call memcpy() but check for n being 0 first.

In the latter case, it is now safe to pass NULL for src or dst. Unlike traditional memcpy(), returns nothing.

Parameters

dst	destination of the copy, may be NULL if n is zero
src	source of the copy, may be NULL if n is zero
n	number of bytes to copy

Definition at line 83 of file gnunet-helper-nat-server.c.

VERBOSE

#define VERBOSE   0

Should we print some debug output?

Definition at line 90 of file gnunet-helper-nat-server.c.

PACKET_ID

#define PACKET_ID   256

Must match packet ID used by gnunet-helper-nat-client.c.

Definition at line 95 of file gnunet-helper-nat-server.c.

DUMMY_IP

#define DUMMY_IP   "192.0.2.86"

Must match IP given in the client.

Definition at line 100 of file gnunet-helper-nat-server.c.

NAT_TRAV_PORT

#define NAT_TRAV_PORT   22225

Port for UDP.

Definition at line 105 of file gnunet-helper-nat-server.c.

ICMP_SEND_FREQUENCY_MS

#define ICMP_SEND_FREQUENCY_MS   500

How often do we send our ICMP messages to receive replies?

Definition at line 110 of file gnunet-helper-nat-server.c.

Function Documentation

calc_checksum()

static uint16_t calc_checksum ( const uint16_t *  data, unsigned int  bytes  )

static

CRC-16 for IP/ICMP headers.

Parameters

data	what to calculate the CRC over
bytes	number of bytes in data (must be multiple of 2)

Returns

the CRC 16.

Definition at line 239 of file gnunet-helper-nat-server.c.

{
  uint32_t sum;
  unsigned int i;
 
  sum = 0;
  for (i = 0; i < bytes / 2; i++)
    sum += data[i];
  sum = (sum & 0xffff) + (sum >> 16);
  sum = htons (0xffff - sum);
  return sum;
}

References data, and consensus-simulation::sum.

Referenced by send_icmp_echo().

Here is the caller graph for this function:

send_icmp_echo()

static void send_icmp_echo ( const struct in_addr *  my_ip )

static

Send an ICMP message to the dummy IP.

Parameters

my_ip

source address (our ip address)

Definition at line 259 of file gnunet-helper-nat-server.c.

{
  char packet[sizeof(struct ip_header) + sizeof(struct icmp_echo_header)];
  struct icmp_echo_header icmp_echo;
  struct ip_header ip_pkt;
  struct sockaddr_in dst;
  size_t off;
  int err;
 
  off = 0;
  ip_pkt.vers_ihl = 0x45;
  ip_pkt.tos = 0;
  ip_pkt.pkt_len = htons (sizeof(packet));
  ip_pkt.id = htons (PACKET_ID);
  ip_pkt.flags_frag_offset = 0;
  ip_pkt.ttl = IPDEFTTL;
  ip_pkt.proto = IPPROTO_ICMP;
  ip_pkt.checksum = 0;
  ip_pkt.src_ip = my_ip->s_addr;
  ip_pkt.dst_ip = dummy.s_addr;
  ip_pkt.checksum =
    htons (calc_checksum ((uint16_t *) &ip_pkt,
                          sizeof(struct ip_header)));
  GNUNET_memcpy (&packet[off],
                 &ip_pkt,
                 sizeof(struct ip_header));
  off += sizeof(struct ip_header);
 
  icmp_echo.type = ICMP_ECHO;
  icmp_echo.code = 0;
  icmp_echo.checksum = 0;
  icmp_echo.reserved = 0;
  icmp_echo.checksum =
    htons (calc_checksum
             ((uint16_t *) &icmp_echo,
             sizeof(struct icmp_echo_header)));
  GNUNET_memcpy (&packet[off],
                 &icmp_echo,
                 sizeof(struct icmp_echo_header));
  off += sizeof(struct icmp_echo_header);
 
  memset (&dst, 0, sizeof(dst));
  dst.sin_family = AF_INET;
#if HAVE_SOCKADDR_IN_SIN_LEN
  dst.sin_len = sizeof(struct sockaddr_in);
#endif
  dst.sin_addr = dummy;
  err = sendto (rawsock,
                packet,
                off,
                0,
                (struct sockaddr *) &dst,
                sizeof(dst));
  if (err < 0)
  {
#if VERBOSE
    fprintf (stderr,
             "sendto failed: %s\n",
             strerror (errno));
#endif
  }
  else if (sizeof(packet) != err)
  {
    fprintf (stderr,
             "Error: partial send of ICMP message\n");
  }
}

References calc_checksum(), ip_header::checksum, icmp_echo_header::checksum, icmp_echo_header::code, ip_header::dst_ip, dummy, ip_header::flags_frag_offset, GNUNET_memcpy, ip_header::id, PACKET_ID, ip_header::pkt_len, ip_header::proto, rawsock, icmp_echo_header::reserved, ip_header::src_ip, ip_header::tos, ip_header::ttl, icmp_echo_header::type, and ip_header::vers_ihl.

Referenced by main().

Here is the call graph for this function:

Here is the caller graph for this function:

send_udp()

static void send_udp ( )

static

Send a UDP message to the dummy IP.

Definition at line 332 of file gnunet-helper-nat-server.c.

{
  struct sockaddr_in dst;
  ssize_t err;
 
  memset (&dst, 0, sizeof(dst));
  dst.sin_family = AF_INET;
#if HAVE_SOCKADDR_IN_SIN_LEN
  dst.sin_len = sizeof(struct sockaddr_in);
#endif
  dst.sin_addr = dummy;
  dst.sin_port = htons (NAT_TRAV_PORT);
  err = sendto (udpsock,
                NULL,
                0,
                0,
                (struct sockaddr *) &dst,
                sizeof(dst));
  if (err < 0)
  {
#if VERBOSE
    fprintf (stderr,
             "sendto failed: %s\n",
             strerror (errno));
#endif
  }
  else if (0 != err)
  {
    fprintf (stderr,
             "Error: partial send of ICMP message\n");
  }
}

References dummy, NAT_TRAV_PORT, and udpsock.

Referenced by main().

Here is the caller graph for this function:

process_icmp_response()

static void process_icmp_response ( )

static

We've received an ICMP response.

Process it.

Definition at line 370 of file gnunet-helper-nat-server.c.

{
  char buf[65536];
  ssize_t have;
  struct in_addr source_ip;
  struct ip_header ip_pkt;
  struct icmp_ttl_exceeded_header icmp_ttl;
  struct icmp_echo_header icmp_echo;
  struct udp_header udp_pkt;
  size_t off;
  uint16_t port;
 
  have = read (icmpsock, buf, sizeof(buf));
  if (-1 == have)
  {
    fprintf (stderr,
             "Error reading raw socket: %s\n",
             strerror (errno));
    return;
  }
#if VERBOSE
  fprintf (stderr,
           "Received message of %u bytes\n",
           (unsigned int) have);
#endif
  if (have <
      (ssize_t) (sizeof(struct ip_header)
                 + sizeof(struct icmp_ttl_exceeded_header)
                 + sizeof(struct ip_header)))
  {
    /* malformed */
    return;
  }
  off = 0;
  GNUNET_memcpy (&ip_pkt,
                 &buf[off],
                 sizeof(struct ip_header));
  off += sizeof(struct ip_header);
  GNUNET_memcpy (&icmp_ttl,
                 &buf[off],
                 sizeof(struct icmp_ttl_exceeded_header));
  off += sizeof(struct icmp_ttl_exceeded_header);
  if ((ICMP_TIME_EXCEEDED != icmp_ttl.type) || (0 != icmp_ttl.code))
  {
    /* different type than what we want */
    return;
  }
  /* grab source IP of 1st IP header */
  source_ip.s_addr = ip_pkt.src_ip;
 
  /* skip 2nd IP header */
  GNUNET_memcpy (&ip_pkt,
                 &buf[off],
                 sizeof(struct ip_header));
  off += sizeof(struct ip_header);
 
  switch (ip_pkt.proto)
  {
  case IPPROTO_ICMP:
    if (have !=
        (sizeof(struct ip_header) * 2
         + sizeof(struct icmp_ttl_exceeded_header)
         + sizeof(struct icmp_echo_header)))
    {
      /* malformed */
      return;
    }
    /* grab ICMP ECHO content */
    GNUNET_memcpy (&icmp_echo,
                   &buf[off],
                   sizeof(struct icmp_echo_header));
    port = (uint16_t) ntohl (icmp_echo.reserved);
    break;
 
  case IPPROTO_UDP:
    if (have !=
        (sizeof(struct ip_header) * 2
         + sizeof(struct icmp_ttl_exceeded_header) + sizeof(struct udp_header)))
    {
      /* malformed */
      return;
    }
    /* grab UDP content */
    GNUNET_memcpy (&udp_pkt,
                   &buf[off],
                   sizeof(struct udp_header));
    port = ntohs (udp_pkt.length);
    break;
 
  default:
    /* different type than what we want */
    return;
  }
 
  if (port == 0)
    fprintf (stdout, "%s\n",
             inet_ntop (AF_INET, &source_ip, buf, sizeof(buf)));
  else
    fprintf (stdout, "%s:%u\n",
             inet_ntop (AF_INET, &source_ip, buf, sizeof(buf)),
             (unsigned int) port);
  fflush (stdout);
}

References buf, icmp_ttl_exceeded_header::code, GNUNET_memcpy, ICMP_TIME_EXCEEDED, icmpsock, udp_header::length, port, ip_header::proto, icmp_echo_header::reserved, ip_header::src_ip, and icmp_ttl_exceeded_header::type.

Referenced by main().

Here is the caller graph for this function:

setup_raw_socket()

static int setup_raw_socket ( )

static

Fully initialize the raw socket.

Returns

-1 on error, 0 on success

Definition at line 481 of file gnunet-helper-nat-server.c.

{
  const int one = 1;
 
  if (-1 ==
      setsockopt (rawsock,
                  SOL_SOCKET,
                  SO_BROADCAST,
                  (char *) &one,
                  sizeof(one)))
  {
    fprintf (stderr,
             "setsockopt failed: %s\n",
             strerror (errno));
    return -1;
  }
  if (-1 ==
      setsockopt (rawsock,
                  IPPROTO_IP,
                  IP_HDRINCL,
                  (char *) &one,
                  sizeof(one)))
  {
    fprintf (stderr,
             "setsockopt failed: %s\n",
             strerror (errno));
    return -1;
  }
  return 0;
}

References rawsock.

Referenced by main().

Here is the caller graph for this function:

make_udp_socket()

static int make_udp_socket ( const struct in_addr *  my_ip )

static

Create a UDP socket for writing.

Parameters

my_ip

source address (our ip address)

Returns

-1 on error

Definition at line 520 of file gnunet-helper-nat-server.c.

{
  int ret;
  struct sockaddr_in addr;
 
  ret = socket (AF_INET, SOCK_DGRAM, 0);
  if (-1 == ret)
  {
    fprintf (stderr,
             "Error opening UDP socket: %s\n",
             strerror (errno));
    return -1;
  }
  memset (&addr, 0, sizeof(addr));
  addr.sin_family = AF_INET;
#if HAVE_SOCKADDR_IN_SIN_LEN
  addr.sin_len = sizeof(struct sockaddr_in);
#endif
  addr.sin_addr = *my_ip;
  addr.sin_port = htons (NAT_TRAV_PORT);
 
  if (0 != bind (ret,
                 (struct sockaddr *) &addr,
                 sizeof(addr)))
  {
    fprintf (stderr,
             "Error binding UDP socket to port %u: %s\n",
             NAT_TRAV_PORT,
             strerror (errno));
    (void) close (ret);
    return -1;
  }
  return ret;
}

References NAT_TRAV_PORT, and ret.

Referenced by main().

Here is the caller graph for this function:

main()

int main	(	int	argc,
		char *const *	argv
	)

Definition at line 557 of file gnunet-helper-nat-server.c.

{
  struct in_addr external;
  fd_set rs;
  struct timeval tv;
  uid_t uid;
  unsigned int alt;
  int icmp_eno;
  int raw_eno;
  int global_ret;
 
  /* Create an ICMP raw socket for reading (we'll check errors later) */
  icmpsock = socket (AF_INET,
                     SOCK_RAW,
                     IPPROTO_ICMP);
  icmp_eno = errno;
 
  /* Create an (ICMP) raw socket for writing (we'll check errors later) */
  rawsock = socket (AF_INET,
                    SOCK_RAW,
                    IPPROTO_RAW);
  raw_eno = errno;
  udpsock = -1;
 
  /* drop root rights */
  uid = getuid ();
#ifdef HAVE_SETRESUID
  if (0 != setresuid (uid, uid, uid))
  {
    fprintf (stderr,
             "Failed to setresuid: %s\n",
             strerror (errno));
    global_ret = 1;
    goto error_exit;
  }
#else
  if (0 != (setuid (uid) | seteuid (uid)))
  {
    fprintf (stderr,
             "Failed to setuid: %s\n",
             strerror (errno));
    global_ret = 2;
    goto error_exit;
  }
#endif
 
  /* Now that we run without root rights, we can do error checking... */
  if (2 != argc)
  {
    fprintf (stderr,
             "This program must be started with our (internal NAT) IP as the only argument.\n");
    global_ret = 3;
    goto error_exit;
  }
  if (1 != inet_pton (AF_INET, argv[1], &external))
  {
    fprintf (stderr,
             "Error parsing IPv4 address: %s\n",
             strerror (errno));
    global_ret = 4;
    goto error_exit;
  }
  if (1 != inet_pton (AF_INET, DUMMY_IP, &dummy))
  {
    fprintf (stderr,
             "Internal error converting dummy IP to binary.\n");
    global_ret = 5;
    goto error_exit;
  }
 
  /* error checking icmpsock */
  if (-1 == icmpsock)
  {
    fprintf (stderr,
             "Error opening RAW socket: %s\n",
             strerror (icmp_eno));
    global_ret = 6;
    goto error_exit;
  }
  if (icmpsock >= FD_SETSIZE)
  {
    /* this could happen if we were started with a large number of already-open
       file descriptors... */
    fprintf (stderr,
             "Socket number too large (%d > %u)\n",
             icmpsock,
             (unsigned int) FD_SETSIZE);
    global_ret = 7;
    goto error_exit;
  }
 
  /* error checking rawsock */
  if (-1 == rawsock)
  {
    fprintf (stderr,
             "Error opening RAW socket: %s\n",
             strerror (raw_eno));
    global_ret = 8;
    goto error_exit;
  }
  /* no need to check 'rawsock' against FD_SETSIZE as it is never used
     with 'select' */
 
  if (0 != setup_raw_socket ())
  {
    global_ret = 9;
    goto error_exit;
  }
 
  if (-1 == (udpsock = make_udp_socket (&external)))
  {
    global_ret = 10;
    goto error_exit;
  }
 
  alt = 0;
  while (1)
  {
    FD_ZERO (&rs);
    FD_SET (icmpsock, &rs);
    tv.tv_sec = 0;
    tv.tv_usec = ICMP_SEND_FREQUENCY_MS * 1000;
    if (-1 == select (icmpsock + 1, &rs, NULL, NULL, &tv))
    {
      if (errno == EINTR)
        continue;
      fprintf (stderr,
               "select failed: %s\n",
               strerror (errno));
      break;
    }
    if (1 == getppid ())        /* Check the parent process id, if 1 the parent has died, so we should die too */
      break;
    if (FD_ISSET (icmpsock, &rs))
    {
      process_icmp_response ();
      continue;
    }
    if (0 == (++alt % 2))
      send_icmp_echo (&external);
    else
      send_udp ();
  }
 
  /* select failed (internal error or OS out of resources) */
  global_ret = 11;
error_exit:
  if (-1 != icmpsock)
    (void) close (icmpsock);
  if (-1 != rawsock)
    (void) close (rawsock);
  if (-1 != udpsock)
    (void) close (udpsock);
  return global_ret;
}

References dummy, DUMMY_IP, global_ret, ICMP_SEND_FREQUENCY_MS, icmpsock, make_udp_socket(), process_icmp_response(), rawsock, send_icmp_echo(), send_udp(), setup_raw_socket(), and udpsock.

Here is the call graph for this function:

Variable Documentation

icmpsock

int icmpsock

static

Socket we use to receive "fake" ICMP replies.

Definition at line 213 of file gnunet-helper-nat-server.c.

Referenced by main(), and process_icmp_response().

rawsock

int rawsock

static

Socket we use to send our ICMP requests.

Definition at line 218 of file gnunet-helper-nat-server.c.

Referenced by main(), send_icmp_echo(), and setup_raw_socket().

udpsock

int udpsock

static

Socket we use to send our UDP requests.

Definition at line 223 of file gnunet-helper-nat-server.c.

Referenced by main(), and send_udp().

dummy

struct in_addr dummy

static

Target "dummy" address.

Definition at line 223 of file gnunet-helper-nat-server.c.

Referenced by main(), send_icmp_echo(), and send_udp().