GNUnet 0.21.1
gnunet-helper-nat-server.c
Go to the documentation of this file.
1/*
2 This file is part of GNUnet.
3 Copyright (C) 2010 GNUnet e.V.
4
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
14
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18 SPDX-License-Identifier: AGPL3.0-or-later
19 */
20
45#if HAVE_CONFIG_H
46/* Just needed for HAVE_SOCKADDR_IN_SIN_LEN test macro! */
47#include "platform.h"
48#include "gnunet_private_config.h"
49#else
50#define _GNU_SOURCE
51#endif
52#include <sys/types.h>
53#include <sys/socket.h>
54#include <arpa/inet.h>
55#include <sys/select.h>
56#include <sys/time.h>
57#include <sys/types.h>
58#include <unistd.h>
59#include <stdio.h>
60#include <string.h>
61#include <errno.h>
62#include <stdlib.h>
63#include <stdint.h>
64#include <time.h>
65#include <netinet/ip.h>
66#include <netinet/ip_icmp.h>
67#include <netinet/in.h>
68
69/* The following constant is missing from FreeBSD 9.2 */
70#ifndef ICMP_TIME_EXCEEDED
71#define ICMP_TIME_EXCEEDED 11
72#endif
73
83#define GNUNET_memcpy(dst, src, n) do { if (0 != n) { (void) memcpy (dst, src, \
84 n); \
85 } } while (0)
86
90#define VERBOSE 0
91
95#define PACKET_ID 256
96
100#define DUMMY_IP "192.0.2.86"
101
105#define NAT_TRAV_PORT 22225
106
110#define ICMP_SEND_FREQUENCY_MS 500
111
115struct ip_header
116{
120 uint8_t vers_ihl;
121
125 uint8_t tos;
126
130 uint16_t pkt_len;
131
135 uint16_t id;
136
140 uint16_t flags_frag_offset;
141
145 uint8_t ttl;
146
150 uint8_t proto;
151
155 uint16_t checksum;
156
160 uint32_t src_ip;
161
165 uint32_t dst_ip;
166};
167
172{
173 uint8_t type;
174
175 uint8_t code;
176
177 uint16_t checksum;
178
179 uint32_t unused;
180
181 /* followed by original payload */
182};
183
184struct icmp_echo_header
185{
186 uint8_t type;
187
188 uint8_t code;
189
190 uint16_t checksum;
191
192 uint32_t reserved;
193};
194
195
199struct udp_header
200{
201 uint16_t src_port;
202
203 uint16_t dst_port;
204
205 uint16_t length;
206
207 uint16_t crc;
208};
209
213static int icmpsock;
214
218static int rawsock;
219
223static int udpsock;
224
228static struct in_addr dummy;
229
230
238static uint16_t
239calc_checksum (const uint16_t *data, unsigned int bytes)
240{
241 uint32_t sum;
242 unsigned int i;
243
244 sum = 0;
245 for (i = 0; i < bytes / 2; i++)
246 sum += data[i];
247 sum = (sum & 0xffff) + (sum >> 16);
248 sum = htons (0xffff - sum);
249 return sum;
250}
251
252
258static void
259send_icmp_echo (const struct in_addr *my_ip)
260{
261 char packet[sizeof(struct ip_header) + sizeof(struct icmp_echo_header)];
262 struct icmp_echo_header icmp_echo;
263 struct ip_header ip_pkt;
264 struct sockaddr_in dst;
265 size_t off;
266 int err;
267
268 off = 0;
269 ip_pkt.vers_ihl = 0x45;
270 ip_pkt.tos = 0;
271 ip_pkt.pkt_len = htons (sizeof(packet));
272 ip_pkt.id = htons (PACKET_ID);
273 ip_pkt.flags_frag_offset = 0;
274 ip_pkt.ttl = IPDEFTTL;
275 ip_pkt.proto = IPPROTO_ICMP;
276 ip_pkt.checksum = 0;
277 ip_pkt.src_ip = my_ip->s_addr;
278 ip_pkt.dst_ip = dummy.s_addr;
279 ip_pkt.checksum =
280 htons (calc_checksum ((uint16_t *) &ip_pkt,
281 sizeof(struct ip_header)));
282 GNUNET_memcpy (&packet[off],
283 &ip_pkt,
284 sizeof(struct ip_header));
285 off += sizeof(struct ip_header);
286
287 icmp_echo.type = ICMP_ECHO;
288 icmp_echo.code = 0;
289 icmp_echo.checksum = 0;
290 icmp_echo.reserved = 0;
291 icmp_echo.checksum =
292 htons (calc_checksum
293 ((uint16_t *) &icmp_echo,
294 sizeof(struct icmp_echo_header)));
295 GNUNET_memcpy (&packet[off],
296 &icmp_echo,
297 sizeof(struct icmp_echo_header));
298 off += sizeof(struct icmp_echo_header);
299
300 memset (&dst, 0, sizeof(dst));
301 dst.sin_family = AF_INET;
302#if HAVE_SOCKADDR_IN_SIN_LEN
303 dst.sin_len = sizeof(struct sockaddr_in);
304#endif
305 dst.sin_addr = dummy;
306 err = sendto (rawsock,
307 packet,
308 off,
309 0,
310 (struct sockaddr *) &dst,
311 sizeof(dst));
312 if (err < 0)
313 {
314#if VERBOSE
315 fprintf (stderr,
316 "sendto failed: %s\n",
317 strerror (errno));
318#endif
319 }
320 else if (sizeof(packet) != err)
321 {
322 fprintf (stderr,
323 "Error: partial send of ICMP message\n");
324 }
325}
326
327
331static void
333{
334 struct sockaddr_in dst;
335 ssize_t err;
336
337 memset (&dst, 0, sizeof(dst));
338 dst.sin_family = AF_INET;
339#if HAVE_SOCKADDR_IN_SIN_LEN
340 dst.sin_len = sizeof(struct sockaddr_in);
341#endif
342 dst.sin_addr = dummy;
343 dst.sin_port = htons (NAT_TRAV_PORT);
344 err = sendto (udpsock,
345 NULL,
346 0,
347 0,
348 (struct sockaddr *) &dst,
349 sizeof(dst));
350 if (err < 0)
351 {
352#if VERBOSE
353 fprintf (stderr,
354 "sendto failed: %s\n",
355 strerror (errno));
356#endif
357 }
358 else if (0 != err)
359 {
360 fprintf (stderr,
361 "Error: partial send of ICMP message\n");
362 }
363}
364
365
369static void
371{
372 char buf[65536];
373 ssize_t have;
374 struct in_addr source_ip;
375 struct ip_header ip_pkt;
376 struct icmp_ttl_exceeded_header icmp_ttl;
377 struct icmp_echo_header icmp_echo;
378 struct udp_header udp_pkt;
379 size_t off;
380 uint16_t port;
381
382 have = read (icmpsock, buf, sizeof(buf));
383 if (-1 == have)
384 {
385 fprintf (stderr,
386 "Error reading raw socket: %s\n",
387 strerror (errno));
388 return;
389 }
390#if VERBOSE
391 fprintf (stderr,
392 "Received message of %u bytes\n",
393 (unsigned int) have);
394#endif
395 if (have <
396 (ssize_t) (sizeof(struct ip_header)
397 + sizeof(struct icmp_ttl_exceeded_header)
398 + sizeof(struct ip_header)))
399 {
400 /* malformed */
401 return;
402 }
403 off = 0;
404 GNUNET_memcpy (&ip_pkt,
405 &buf[off],
406 sizeof(struct ip_header));
407 off += sizeof(struct ip_header);
408 GNUNET_memcpy (&icmp_ttl,
409 &buf[off],
410 sizeof(struct icmp_ttl_exceeded_header));
411 off += sizeof(struct icmp_ttl_exceeded_header);
412 if ((ICMP_TIME_EXCEEDED != icmp_ttl.type) || (0 != icmp_ttl.code))
413 {
414 /* different type than what we want */
415 return;
416 }
417 /* grab source IP of 1st IP header */
418 source_ip.s_addr = ip_pkt.src_ip;
419
420 /* skip 2nd IP header */
421 GNUNET_memcpy (&ip_pkt,
422 &buf[off],
423 sizeof(struct ip_header));
424 off += sizeof(struct ip_header);
425
426 switch (ip_pkt.proto)
427 {
428 case IPPROTO_ICMP:
429 if (have !=
430 (sizeof(struct ip_header) * 2
431 + sizeof(struct icmp_ttl_exceeded_header)
432 + sizeof(struct icmp_echo_header)))
433 {
434 /* malformed */
435 return;
436 }
437 /* grab ICMP ECHO content */
438 GNUNET_memcpy (&icmp_echo,
439 &buf[off],
440 sizeof(struct icmp_echo_header));
441 port = (uint16_t) ntohl (icmp_echo.reserved);
442 break;
443
444 case IPPROTO_UDP:
445 if (have !=
446 (sizeof(struct ip_header) * 2
447 + sizeof(struct icmp_ttl_exceeded_header) + sizeof(struct udp_header)))
448 {
449 /* malformed */
450 return;
451 }
452 /* grab UDP content */
453 GNUNET_memcpy (&udp_pkt,
454 &buf[off],
455 sizeof(struct udp_header));
456 port = ntohs (udp_pkt.length);
457 break;
458
459 default:
460 /* different type than what we want */
461 return;
462 }
463
464 if (port == 0)
465 fprintf (stdout, "%s\n",
466 inet_ntop (AF_INET, &source_ip, buf, sizeof(buf)));
467 else
468 fprintf (stdout, "%s:%u\n",
469 inet_ntop (AF_INET, &source_ip, buf, sizeof(buf)),
470 (unsigned int) port);
471 fflush (stdout);
472}
473
474
480static int
482{
483 const int one = 1;
484
485 if (-1 ==
486 setsockopt (rawsock,
487 SOL_SOCKET,
488 SO_BROADCAST,
489 (char *) &one,
490 sizeof(one)))
491 {
492 fprintf (stderr,
493 "setsockopt failed: %s\n",
494 strerror (errno));
495 return -1;
496 }
497 if (-1 ==
498 setsockopt (rawsock,
499 IPPROTO_IP,
500 IP_HDRINCL,
501 (char *) &one,
502 sizeof(one)))
503 {
504 fprintf (stderr,
505 "setsockopt failed: %s\n",
506 strerror (errno));
507 return -1;
508 }
509 return 0;
510}
511
512
519static int
520make_udp_socket (const struct in_addr *my_ip)
521{
522 int ret;
523 struct sockaddr_in addr;
524
525 ret = socket (AF_INET, SOCK_DGRAM, 0);
526 if (-1 == ret)
527 {
528 fprintf (stderr,
529 "Error opening UDP socket: %s\n",
530 strerror (errno));
531 return -1;
532 }
533 memset (&addr, 0, sizeof(addr));
534 addr.sin_family = AF_INET;
535#if HAVE_SOCKADDR_IN_SIN_LEN
536 addr.sin_len = sizeof(struct sockaddr_in);
537#endif
538 addr.sin_addr = *my_ip;
539 addr.sin_port = htons (NAT_TRAV_PORT);
540
541 if (0 != bind (ret,
542 (struct sockaddr *) &addr,
543 sizeof(addr)))
544 {
545 fprintf (stderr,
546 "Error binding UDP socket to port %u: %s\n",
548 strerror (errno));
549 (void) close (ret);
550 return -1;
551 }
552 return ret;
553}
554
555
556int
557main (int argc,
558 char *const *argv)
559{
560 struct in_addr external;
561 fd_set rs;
562 struct timeval tv;
563 uid_t uid;
564 unsigned int alt;
565 int icmp_eno;
566 int raw_eno;
567 int global_ret;
568
569 /* Create an ICMP raw socket for reading (we'll check errors later) */
570 icmpsock = socket (AF_INET,
571 SOCK_RAW,
572 IPPROTO_ICMP);
573 icmp_eno = errno;
574
575 /* Create an (ICMP) raw socket for writing (we'll check errors later) */
576 rawsock = socket (AF_INET,
577 SOCK_RAW,
578 IPPROTO_RAW);
579 raw_eno = errno;
580 udpsock = -1;
581
582 /* drop root rights */
583 uid = getuid ();
584#ifdef HAVE_SETRESUID
585 if (0 != setresuid (uid, uid, uid))
586 {
587 fprintf (stderr,
588 "Failed to setresuid: %s\n",
589 strerror (errno));
590 global_ret = 1;
591 goto error_exit;
592 }
593#else
594 if (0 != (setuid (uid) | seteuid (uid)))
595 {
596 fprintf (stderr,
597 "Failed to setuid: %s\n",
598 strerror (errno));
599 global_ret = 2;
600 goto error_exit;
601 }
602#endif
603
604 /* Now that we run without root rights, we can do error checking... */
605 if (2 != argc)
606 {
607 fprintf (stderr,
608 "This program must be started with our (internal NAT) IP as the only argument.\n");
609 global_ret = 3;
610 goto error_exit;
611 }
612 if (1 != inet_pton (AF_INET, argv[1], &external))
613 {
614 fprintf (stderr,
615 "Error parsing IPv4 address: %s\n",
616 strerror (errno));
617 global_ret = 4;
618 goto error_exit;
619 }
620 if (1 != inet_pton (AF_INET, DUMMY_IP, &dummy))
621 {
622 fprintf (stderr,
623 "Internal error converting dummy IP to binary.\n");
624 global_ret = 5;
625 goto error_exit;
626 }
627
628 /* error checking icmpsock */
629 if (-1 == icmpsock)
630 {
631 fprintf (stderr,
632 "Error opening RAW socket: %s\n",
633 strerror (icmp_eno));
634 global_ret = 6;
635 goto error_exit;
636 }
637 if (icmpsock >= FD_SETSIZE)
638 {
639 /* this could happen if we were started with a large number of already-open
640 file descriptors... */
641 fprintf (stderr,
642 "Socket number too large (%d > %u)\n",
643 icmpsock,
644 (unsigned int) FD_SETSIZE);
645 global_ret = 7;
646 goto error_exit;
647 }
648
649 /* error checking rawsock */
650 if (-1 == rawsock)
651 {
652 fprintf (stderr,
653 "Error opening RAW socket: %s\n",
654 strerror (raw_eno));
655 global_ret = 8;
656 goto error_exit;
657 }
658 /* no need to check 'rawsock' against FD_SETSIZE as it is never used
659 with 'select' */
660
661 if (0 != setup_raw_socket ())
662 {
663 global_ret = 9;
664 goto error_exit;
665 }
666
667 if (-1 == (udpsock = make_udp_socket (&external)))
668 {
669 global_ret = 10;
670 goto error_exit;
671 }
672
673 alt = 0;
674 while (1)
675 {
676 FD_ZERO (&rs);
677 FD_SET (icmpsock, &rs);
678 tv.tv_sec = 0;
679 tv.tv_usec = ICMP_SEND_FREQUENCY_MS * 1000;
680 if (-1 == select (icmpsock + 1, &rs, NULL, NULL, &tv))
681 {
682 if (errno == EINTR)
683 continue;
684 fprintf (stderr,
685 "select failed: %s\n",
686 strerror (errno));
687 break;
688 }
689 if (1 == getppid ()) /* Check the parent process id, if 1 the parent has died, so we should die too */
690 break;
691 if (FD_ISSET (icmpsock, &rs))
692 {
694 continue;
695 }
696 if (0 == (++alt % 2))
697 send_icmp_echo (&external);
698 else
699 send_udp ();
700 }
701
702 /* select failed (internal error or OS out of resources) */
703 global_ret = 11;
704error_exit:
705 if (-1 != icmpsock)
706 (void) close (icmpsock);
707 if (-1 != rawsock)
708 (void) close (rawsock);
709 if (-1 != udpsock)
710 (void) close (udpsock);
711 return global_ret;
712}
713
714
715/* end of gnunet-helper-nat-server.c */
static int ret
Final status code.
Definition: gnunet-arm.c:94
static uint16_t port
Port number.
Definition: gnunet-bcd.c:147
static int global_ret
Global status value.
static char * data
The data to insert into the dht.
static void process_icmp_response()
We've received an ICMP response.
#define ICMP_TIME_EXCEEDED
static uint16_t calc_checksum(const uint16_t *data, unsigned int bytes)
CRC-16 for IP/ICMP headers.
static void send_udp()
Send a UDP message to the dummy IP.
#define NAT_TRAV_PORT
Port for UDP.
#define DUMMY_IP
Must match IP given in the client.
static int rawsock
Socket we use to send our ICMP requests.
static int setup_raw_socket()
Fully initialize the raw socket.
static int icmpsock
Socket we use to receive "fake" ICMP replies.
#define ICMP_SEND_FREQUENCY_MS
How often do we send our ICMP messages to receive replies?
static struct in_addr dummy
Target "dummy" address.
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
static int make_udp_socket(const struct in_addr *my_ip)
Create a UDP socket for writing.
int main(int argc, char *const *argv)
static void send_icmp_echo(const struct in_addr *my_ip)
Send an ICMP message to the dummy IP.
static int udpsock
Socket we use to send our UDP requests.
#define PACKET_ID
Must match packet ID used by gnunet-helper-nat-client.c.
uint16_t flags_frag_offset
Flags (3 bits) + Fragment offset (13 bits)
uint8_t ttl
Time to live.
uint8_t tos
Type of service.
uint32_t src_ip
Source address.
uint8_t proto
Protocol.
uint16_t checksum
Header checksum.
uint8_t vers_ihl
Version (4 bits) + Internet header length (4 bits)
uint16_t id
Identification.
uint32_t dst_ip
Destination address.
uint16_t pkt_len
Total length.
Beginning of UDP packet.