GNUnet  0.10.x
gnunet-helper-nat-server.c
Go to the documentation of this file.
1 /*
2  This file is part of GNUnet.
3  Copyright (C) 2010 GNUnet e.V.
4 
5  GNUnet is free software: you can redistribute it and/or modify it
6  under the terms of the GNU Affero General Public License as published
7  by the Free Software Foundation, either version 3 of the License,
8  or (at your option) any later version.
9 
10  GNUnet is distributed in the hope that it will be useful, but
11  WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  Affero General Public License for more details.
14 
15  You should have received a copy of the GNU Affero General Public License
16  along with this program. If not, see <http://www.gnu.org/licenses/>.
17 
18  SPDX-License-Identifier: AGPL3.0-or-later
19  */
20 
45 #if HAVE_CONFIG_H
46 /* Just needed for HAVE_SOCKADDR_IN_SIN_LEN test macro! */
47 #include "gnunet_config.h"
48 #else
49 #define _GNU_SOURCE
50 #endif
51 #include <sys/types.h>
52 #include <sys/socket.h>
53 #include <arpa/inet.h>
54 #include <sys/select.h>
55 #include <sys/time.h>
56 #include <sys/types.h>
57 #include <unistd.h>
58 #include <stdio.h>
59 #include <string.h>
60 #include <errno.h>
61 #include <stdlib.h>
62 #include <stdint.h>
63 #include <time.h>
64 #include <netinet/ip.h>
65 #include <netinet/ip_icmp.h>
66 #include <netinet/in.h>
67 
68 /* The following constant is missing from FreeBSD 9.2 */
69 #ifndef ICMP_TIME_EXCEEDED
70 #define ICMP_TIME_EXCEEDED 11
71 #endif
72 
82 #define GNUNET_memcpy(dst, src, n) do { if (0 != n) { (void)memcpy(dst, src, n); } } while (0)
83 
87 #define VERBOSE 0
88 
92 #define PACKET_ID 256
93 
97 #define DUMMY_IP "192.0.2.86"
98 
102 #define NAT_TRAV_PORT 22225
103 
107 #define ICMP_SEND_FREQUENCY_MS 500
108 
112 struct ip_header {
116  uint8_t vers_ihl;
117 
121  uint8_t tos;
122 
126  uint16_t pkt_len;
127 
131  uint16_t id;
132 
136  uint16_t flags_frag_offset;
137 
141  uint8_t ttl;
142 
146  uint8_t proto;
147 
151  uint16_t checksum;
152 
156  uint32_t src_ip;
157 
161  uint32_t dst_ip;
162 };
163 
168  uint8_t type;
169 
170  uint8_t code;
171 
172  uint16_t checksum;
173 
174  uint32_t unused;
175 
176  /* followed by original payload */
177 };
178 
179 struct icmp_echo_header {
180  uint8_t type;
181 
182  uint8_t code;
183 
184  uint16_t checksum;
185 
186  uint32_t reserved;
187 };
188 
189 
193 struct udp_header {
194  uint16_t src_port;
195 
196  uint16_t dst_port;
197 
198  uint16_t length;
199 
200  uint16_t crc;
201 };
202 
206 static int icmpsock;
207 
211 static int rawsock;
212 
216 static int udpsock;
217 
221 static struct in_addr dummy;
222 
223 
231 static uint16_t
232 calc_checksum(const uint16_t * data, unsigned int bytes)
233 {
234  uint32_t sum;
235  unsigned int i;
236 
237  sum = 0;
238  for (i = 0; i < bytes / 2; i++)
239  sum += data[i];
240  sum = (sum & 0xffff) + (sum >> 16);
241  sum = htons(0xffff - sum);
242  return sum;
243 }
244 
245 
251 static void
252 send_icmp_echo(const struct in_addr *my_ip)
253 {
254  char packet[sizeof(struct ip_header) + sizeof(struct icmp_echo_header)];
255  struct icmp_echo_header icmp_echo;
256  struct ip_header ip_pkt;
257  struct sockaddr_in dst;
258  size_t off;
259  int err;
260 
261  off = 0;
262  ip_pkt.vers_ihl = 0x45;
263  ip_pkt.tos = 0;
264  ip_pkt.pkt_len = htons(sizeof(packet));
265  ip_pkt.id = htons(PACKET_ID);
266  ip_pkt.flags_frag_offset = 0;
267  ip_pkt.ttl = IPDEFTTL;
268  ip_pkt.proto = IPPROTO_ICMP;
269  ip_pkt.checksum = 0;
270  ip_pkt.src_ip = my_ip->s_addr;
271  ip_pkt.dst_ip = dummy.s_addr;
272  ip_pkt.checksum =
273  htons(calc_checksum((uint16_t *)&ip_pkt,
274  sizeof(struct ip_header)));
275  GNUNET_memcpy(&packet[off],
276  &ip_pkt,
277  sizeof(struct ip_header));
278  off += sizeof(struct ip_header);
279 
280  icmp_echo.type = ICMP_ECHO;
281  icmp_echo.code = 0;
282  icmp_echo.checksum = 0;
283  icmp_echo.reserved = 0;
284  icmp_echo.checksum =
285  htons(calc_checksum
286  ((uint16_t *)&icmp_echo,
287  sizeof(struct icmp_echo_header)));
288  GNUNET_memcpy(&packet[off],
289  &icmp_echo,
290  sizeof(struct icmp_echo_header));
291  off += sizeof(struct icmp_echo_header);
292 
293  memset(&dst, 0, sizeof(dst));
294  dst.sin_family = AF_INET;
295 #if HAVE_SOCKADDR_IN_SIN_LEN
296  dst.sin_len = sizeof(struct sockaddr_in);
297 #endif
298  dst.sin_addr = dummy;
299  err = sendto(rawsock,
300  packet,
301  off,
302  0,
303  (struct sockaddr *)&dst,
304  sizeof(dst));
305  if (err < 0)
306  {
307 #if VERBOSE
308  fprintf(stderr,
309  "sendto failed: %s\n",
310  strerror(errno));
311 #endif
312  }
313  else if (sizeof(packet) != err)
314  {
315  fprintf(stderr,
316  "Error: partial send of ICMP message\n");
317  }
318 }
319 
320 
324 static void
326 {
327  struct sockaddr_in dst;
328  ssize_t err;
329 
330  memset(&dst, 0, sizeof(dst));
331  dst.sin_family = AF_INET;
332 #if HAVE_SOCKADDR_IN_SIN_LEN
333  dst.sin_len = sizeof(struct sockaddr_in);
334 #endif
335  dst.sin_addr = dummy;
336  dst.sin_port = htons(NAT_TRAV_PORT);
337  err = sendto(udpsock,
338  NULL,
339  0,
340  0,
341  (struct sockaddr *)&dst,
342  sizeof(dst));
343  if (err < 0)
344  {
345 #if VERBOSE
346  fprintf(stderr,
347  "sendto failed: %s\n",
348  strerror(errno));
349 #endif
350  }
351  else if (0 != err)
352  {
353  fprintf(stderr,
354  "Error: partial send of ICMP message\n");
355  }
356 }
357 
358 
362 static void
364 {
365  char buf[65536];
366  ssize_t have;
367  struct in_addr source_ip;
368  struct ip_header ip_pkt;
369  struct icmp_ttl_exceeded_header icmp_ttl;
370  struct icmp_echo_header icmp_echo;
371  struct udp_header udp_pkt;
372  size_t off;
373  uint16_t port;
374 
375  have = read(icmpsock, buf, sizeof(buf));
376  if (-1 == have)
377  {
378  fprintf(stderr,
379  "Error reading raw socket: %s\n",
380  strerror(errno));
381  return;
382  }
383 #if VERBOSE
384  fprintf(stderr,
385  "Received message of %u bytes\n",
386  (unsigned int)have);
387 #endif
388  if (have <
389  (ssize_t)(sizeof(struct ip_header) +
390  sizeof(struct icmp_ttl_exceeded_header) +
391  sizeof(struct ip_header)))
392  {
393  /* malformed */
394  return;
395  }
396  off = 0;
397  GNUNET_memcpy(&ip_pkt,
398  &buf[off],
399  sizeof(struct ip_header));
400  off += sizeof(struct ip_header);
401  GNUNET_memcpy(&icmp_ttl,
402  &buf[off],
403  sizeof(struct icmp_ttl_exceeded_header));
404  off += sizeof(struct icmp_ttl_exceeded_header);
405  if ((ICMP_TIME_EXCEEDED != icmp_ttl.type) || (0 != icmp_ttl.code))
406  {
407  /* different type than what we want */
408  return;
409  }
410  /* grab source IP of 1st IP header */
411  source_ip.s_addr = ip_pkt.src_ip;
412 
413  /* skip 2nd IP header */
414  GNUNET_memcpy(&ip_pkt,
415  &buf[off],
416  sizeof(struct ip_header));
417  off += sizeof(struct ip_header);
418 
419  switch (ip_pkt.proto)
420  {
421  case IPPROTO_ICMP:
422  if (have !=
423  (sizeof(struct ip_header) * 2 +
424  sizeof(struct icmp_ttl_exceeded_header) +
425  sizeof(struct icmp_echo_header)))
426  {
427  /* malformed */
428  return;
429  }
430  /* grab ICMP ECHO content */
431  GNUNET_memcpy(&icmp_echo,
432  &buf[off],
433  sizeof(struct icmp_echo_header));
434  port = (uint16_t)ntohl(icmp_echo.reserved);
435  break;
436 
437  case IPPROTO_UDP:
438  if (have !=
439  (sizeof(struct ip_header) * 2 +
440  sizeof(struct icmp_ttl_exceeded_header) + sizeof(struct udp_header)))
441  {
442  /* malformed */
443  return;
444  }
445  /* grab UDP content */
446  GNUNET_memcpy(&udp_pkt,
447  &buf[off],
448  sizeof(struct udp_header));
449  port = ntohs(udp_pkt.length);
450  break;
451 
452  default:
453  /* different type than what we want */
454  return;
455  }
456 
457  if (port == 0)
458  fprintf(stdout, "%s\n",
459  inet_ntop(AF_INET, &source_ip, buf, sizeof(buf)));
460  else
461  fprintf(stdout, "%s:%u\n",
462  inet_ntop(AF_INET, &source_ip, buf, sizeof(buf)),
463  (unsigned int)port);
464  fflush(stdout);
465 }
466 
467 
473 static int
475 {
476  const int one = 1;
477 
478  if (-1 ==
479  setsockopt(rawsock,
480  SOL_SOCKET,
481  SO_BROADCAST,
482  (char *)&one,
483  sizeof(one)))
484  {
485  fprintf(stderr,
486  "setsockopt failed: %s\n",
487  strerror(errno));
488  return -1;
489  }
490  if (-1 ==
491  setsockopt(rawsock,
492  IPPROTO_IP,
493  IP_HDRINCL,
494  (char *)&one,
495  sizeof(one)))
496  {
497  fprintf(stderr,
498  "setsockopt failed: %s\n",
499  strerror(errno));
500  return -1;
501  }
502  return 0;
503 }
504 
505 
512 static int
513 make_udp_socket(const struct in_addr *my_ip)
514 {
515  int ret;
516  struct sockaddr_in addr;
517 
518  ret = socket(AF_INET, SOCK_DGRAM, 0);
519  if (-1 == ret)
520  {
521  fprintf(stderr,
522  "Error opening UDP socket: %s\n",
523  strerror(errno));
524  return -1;
525  }
526  memset(&addr, 0, sizeof(addr));
527  addr.sin_family = AF_INET;
528 #if HAVE_SOCKADDR_IN_SIN_LEN
529  addr.sin_len = sizeof(struct sockaddr_in);
530 #endif
531  addr.sin_addr = *my_ip;
532  addr.sin_port = htons(NAT_TRAV_PORT);
533 
534  if (0 != bind(ret,
535  (struct sockaddr *)&addr,
536  sizeof(addr)))
537  {
538  fprintf(stderr,
539  "Error binding UDP socket to port %u: %s\n",
541  strerror(errno));
542  (void)close(ret);
543  return -1;
544  }
545  return ret;
546 }
547 
548 
549 int
550 main(int argc,
551  char *const *argv)
552 {
553  struct in_addr external;
554  fd_set rs;
555  struct timeval tv;
556  uid_t uid;
557  unsigned int alt;
558  int icmp_eno;
559  int raw_eno;
560  int global_ret;
561 
562  /* Create an ICMP raw socket for reading (we'll check errors later) */
563  icmpsock = socket(AF_INET,
564  SOCK_RAW,
565  IPPROTO_ICMP);
566  icmp_eno = errno;
567 
568  /* Create an (ICMP) raw socket for writing (we'll check errors later) */
569  rawsock = socket(AF_INET,
570  SOCK_RAW,
571  IPPROTO_RAW);
572  raw_eno = errno;
573  udpsock = -1;
574 
575  /* drop root rights */
576  uid = getuid();
577 #ifdef HAVE_SETRESUID
578  if (0 != setresuid(uid, uid, uid))
579  {
580  fprintf(stderr,
581  "Failed to setresuid: %s\n",
582  strerror(errno));
583  global_ret = 1;
584  goto error_exit;
585  }
586 #else
587  if (0 != (setuid(uid) | seteuid(uid)))
588  {
589  fprintf(stderr,
590  "Failed to setuid: %s\n",
591  strerror(errno));
592  global_ret = 2;
593  goto error_exit;
594  }
595 #endif
596 
597  /* Now that we run without root rights, we can do error checking... */
598  if (2 != argc)
599  {
600  fprintf(stderr,
601  "This program must be started with our (internal NAT) IP as the only argument.\n");
602  global_ret = 3;
603  goto error_exit;
604  }
605  if (1 != inet_pton(AF_INET, argv[1], &external))
606  {
607  fprintf(stderr,
608  "Error parsing IPv4 address: %s\n",
609  strerror(errno));
610  global_ret = 4;
611  goto error_exit;
612  }
613  if (1 != inet_pton(AF_INET, DUMMY_IP, &dummy))
614  {
615  fprintf(stderr,
616  "Internal error converting dummy IP to binary.\n");
617  global_ret = 5;
618  goto error_exit;
619  }
620 
621  /* error checking icmpsock */
622  if (-1 == icmpsock)
623  {
624  fprintf(stderr,
625  "Error opening RAW socket: %s\n",
626  strerror(icmp_eno));
627  global_ret = 6;
628  goto error_exit;
629  }
630  if (icmpsock >= FD_SETSIZE)
631  {
632  /* this could happen if we were started with a large number of already-open
633  file descriptors... */
634  fprintf(stderr,
635  "Socket number too large (%d > %u)\n",
636  icmpsock,
637  (unsigned int)FD_SETSIZE);
638  global_ret = 7;
639  goto error_exit;
640  }
641 
642  /* error checking rawsock */
643  if (-1 == rawsock)
644  {
645  fprintf(stderr,
646  "Error opening RAW socket: %s\n",
647  strerror(raw_eno));
648  global_ret = 8;
649  goto error_exit;
650  }
651  /* no need to check 'rawsock' against FD_SETSIZE as it is never used
652  with 'select' */
653 
654  if (0 != setup_raw_socket())
655  {
656  global_ret = 9;
657  goto error_exit;
658  }
659 
660  if (-1 == (udpsock = make_udp_socket(&external)))
661  {
662  global_ret = 10;
663  goto error_exit;
664  }
665 
666  alt = 0;
667  while (1)
668  {
669  FD_ZERO(&rs);
670  FD_SET(icmpsock, &rs);
671  tv.tv_sec = 0;
672  tv.tv_usec = ICMP_SEND_FREQUENCY_MS * 1000;
673  if (-1 == select(icmpsock + 1, &rs, NULL, NULL, &tv))
674  {
675  if (errno == EINTR)
676  continue;
677  fprintf(stderr,
678  "select failed: %s\n",
679  strerror(errno));
680  break;
681  }
682  if (1 == getppid()) /* Check the parent process id, if 1 the parent has died, so we should die too */
683  break;
684  if (FD_ISSET(icmpsock, &rs))
685  {
687  continue;
688  }
689  if (0 == (++alt % 2))
690  send_icmp_echo(&external);
691  else
692  send_udp();
693  }
694 
695  /* select failed (internal error or OS out of resources) */
696  global_ret = 11;
697 error_exit:
698  if (-1 != icmpsock)
699  (void)close(icmpsock);
700  if (-1 != rawsock)
701  (void)close(rawsock);
702  if (-1 != udpsock)
703  (void)close(udpsock);
704  return global_ret;
705 }
706 
707 
708 /* end of gnunet-helper-nat-server.c */
static void send_udp()
Send a UDP message to the dummy IP.
static int udpsock
Socket we use to send our UDP requests.
uint32_t src_ip
Source address.
uint16_t checksum
Header checksum.
#define PACKET_ID
Must match packet ID used by gnunet-helper-nat-client.c.
static int icmpsock
Socket we use to receive "fake" ICMP replies.
uint16_t id
Identification.
#define DUMMY_IP
Must match IP given in the client.
#define NAT_TRAV_PORT
Port for UDP.
static void process_icmp_response()
We&#39;ve received an ICMP response.
uint32_t dst_ip
Destination address.
uint8_t vers_ihl
Version (4 bits) + Internet header length (4 bits)
uint8_t tos
Type of service.
int main(int argc, char *const *argv)
static int ret
Final status code.
Definition: gnunet-arm.c:89
uint16_t pkt_len
Total length.
static void send_icmp_echo(const struct in_addr *my_ip)
Send an ICMP message to the dummy IP.
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
#define ICMP_TIME_EXCEEDED
uint16_t flags_frag_offset
Flags (3 bits) + Fragment offset (13 bits)
static int make_udp_socket(const struct in_addr *my_ip)
Create a UDP socket for writing.
static uint16_t calc_checksum(const uint16_t *data, unsigned int bytes)
CRC-16 for IP/ICMP headers.
static char buf[2048]
static struct in_addr dummy
Target "dummy" address.
uint8_t proto
Protocol.
uint8_t ttl
Time to live.
static int rawsock
Socket we use to send our ICMP requests.
static uint16_t port
Port number.
Definition: gnunet-bcd.c:81
#define ICMP_SEND_FREQUENCY_MS
How often do we send our ICMP messages to receive replies?
enum GNUNET_TESTBED_UnderlayLinkModelType type
the type of this model
static unsigned long long reserved
How much space have we currently reserved?
Beginning of UDP packet.
static int setup_raw_socket()
Fully initialize the raw socket.
uint32_t data
The data value.
static int global_ret
Return value from main.