aboutsummaryrefslogtreecommitdiff
path: root/src/nat/gnunet-helper-nat-client.c
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2011-07-01 08:46:27 +0000
committerChristian Grothoff <christian@grothoff.org>2011-07-01 08:46:27 +0000
commit11a2d8cd5b619a0fea63e766585c6ec4687a0707 (patch)
tree0b18ea0e567fd7bf5ca50b5994df5abe1ba77d95 /src/nat/gnunet-helper-nat-client.c
parent9b986bcca579585f4f113d22b7c841a2ab28de0c (diff)
downloadgnunet-11a2d8cd5b619a0fea63e766585c6ec4687a0707.tar.gz
gnunet-11a2d8cd5b619a0fea63e766585c6ec4687a0707.zip
renaming gnunet-nat-server/client for consistency, other minor fixes
Diffstat (limited to 'src/nat/gnunet-helper-nat-client.c')
-rw-r--r--src/nat/gnunet-helper-nat-client.c527
1 files changed, 527 insertions, 0 deletions
diff --git a/src/nat/gnunet-helper-nat-client.c b/src/nat/gnunet-helper-nat-client.c
new file mode 100644
index 000000000..10aa2f438
--- /dev/null
+++ b/src/nat/gnunet-helper-nat-client.c
@@ -0,0 +1,527 @@
1/*
2 This file is part of GNUnet.
3 (C) 2010 Christian Grothoff (and other contributing authors)
4
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
19*/
20
21/**
22 * @file src/nat/gnunet-helper-nat-client.c
23 * @brief Tool to help bypass NATs using ICMP method; must run as root (SUID will do)
24 * This code will work under GNU/Linux only.
25 * @author Christian Grothoff
26 *
27 * This program will send ONE ICMP message using RAW sockets
28 * to the IP address specified as the second argument. Since
29 * it uses RAW sockets, it must be installed SUID or run as 'root'.
30 * In order to keep the security risk of the resulting SUID binary
31 * minimal, the program ONLY opens the RAW socket with root
32 * privileges, then drops them and only then starts to process
33 * command line arguments. The code also does not link against
34 * any shared libraries (except libc) and is strictly minimal
35 * (except for checking for errors). The following list of people
36 * have reviewed this code and considered it safe since the last
37 * modification (if you reviewed it, please have your name added
38 * to the list):
39 *
40 * - Christian Grothoff
41 * - Nathan Evans
42 * - Benjamin Kuperman (22 Aug 2010)
43 */
44#if HAVE_CONFIG_H
45/* Just needed for HAVE_SOCKADDR_IN_SIN_LEN test macro! */
46#include "gnunet_config.h"
47#else
48#define _GNU_SOURCE
49#endif
50#include <sys/types.h>
51#include <sys/socket.h>
52#include <arpa/inet.h>
53#include <sys/types.h>
54#include <unistd.h>
55#include <stdio.h>
56#include <string.h>
57#include <errno.h>
58#include <stdlib.h>
59#include <stdint.h>
60#include <netinet/ip.h>
61#include <netinet/ip_icmp.h>
62#include <netinet/in.h>
63
64/**
65 * Must match IP given in the server.
66 */
67#define DUMMY_IP "192.0.2.86"
68
69#define NAT_TRAV_PORT 22225
70
71/**
72 * IPv4 header.
73 */
74struct ip_header
75{
76
77 /**
78 * Version (4 bits) + Internet header length (4 bits)
79 */
80 uint8_t vers_ihl;
81
82 /**
83 * Type of service
84 */
85 uint8_t tos;
86
87 /**
88 * Total length
89 */
90 uint16_t pkt_len;
91
92 /**
93 * Identification
94 */
95 uint16_t id;
96
97 /**
98 * Flags (3 bits) + Fragment offset (13 bits)
99 */
100 uint16_t flags_frag_offset;
101
102 /**
103 * Time to live
104 */
105 uint8_t ttl;
106
107 /**
108 * Protocol
109 */
110 uint8_t proto;
111
112 /**
113 * Header checksum
114 */
115 uint16_t checksum;
116
117 /**
118 * Source address
119 */
120 uint32_t src_ip;
121
122 /**
123 * Destination address
124 */
125 uint32_t dst_ip;
126};
127
128/**
129 * Format of ICMP packet.
130 */
131struct icmp_ttl_exceeded_header
132{
133 uint8_t type;
134
135 uint8_t code;
136
137 uint16_t checksum;
138
139 uint32_t unused;
140
141 /* followed by original payload */
142};
143
144struct icmp_echo_header
145{
146 uint8_t type;
147
148 uint8_t code;
149
150 uint16_t checksum;
151
152 uint32_t reserved;
153};
154
155/**
156 * Beginning of UDP packet.
157 */
158struct udp_header
159{
160 uint16_t src_port;
161
162 uint16_t dst_port;
163
164 uint16_t length;
165
166 uint16_t crc;
167};
168
169/**
170 * Socket we use to send our fake ICMP replies.
171 */
172static int rawsock;
173
174/**
175 * Target "dummy" address of the packet we pretend to respond to.
176 */
177static struct in_addr dummy;
178
179/**
180 * Our "source" port.
181 */
182static uint16_t port;
183
184
185/**
186 * CRC-16 for IP/ICMP headers.
187 *
188 * @param data what to calculate the CRC over
189 * @param bytes number of bytes in data (must be multiple of 2)
190 * @return the CRC 16.
191 */
192static uint16_t
193calc_checksum (const uint16_t *data,
194 unsigned int bytes)
195{
196 uint32_t sum;
197 unsigned int i;
198
199 sum = 0;
200 for (i=0;i<bytes/2;i++)
201 sum += data[i];
202 sum = (sum & 0xffff) + (sum >> 16);
203 sum = htons(0xffff - sum);
204 return sum;
205}
206
207
208/**
209 * Send an ICMP message to the target.
210 *
211 * @param my_ip source address
212 * @param other target address
213 */
214static void
215send_icmp_udp (const struct in_addr *my_ip,
216 const struct in_addr *other)
217{
218 char packet[sizeof(struct ip_header) * 2 +
219 sizeof(struct icmp_ttl_exceeded_header) +
220 sizeof(struct udp_header)];
221 struct ip_header ip_pkt;
222 struct icmp_ttl_exceeded_header icmp_pkt;
223 struct udp_header udp_pkt;
224 struct sockaddr_in dst;
225 size_t off;
226 int err;
227
228 /* ip header: send to (known) ip address */
229 off = 0;
230 ip_pkt.vers_ihl = 0x45;
231 ip_pkt.tos = 0;
232 ip_pkt.pkt_len = htons (sizeof (packet));
233 ip_pkt.id = htons(256);
234 ip_pkt.flags_frag_offset = 0;
235 ip_pkt.ttl = 128;
236 ip_pkt.proto = IPPROTO_ICMP;
237 ip_pkt.checksum = 0;
238 ip_pkt.src_ip = my_ip->s_addr;
239 ip_pkt.dst_ip = other->s_addr;
240 ip_pkt.checksum = htons(calc_checksum((uint16_t*)&ip_pkt,
241 sizeof (struct ip_header)));
242 memcpy(&packet[off],
243 &ip_pkt,
244 sizeof(struct ip_header));
245 off += sizeof(struct ip_header);
246
247 icmp_pkt.type = ICMP_TIME_EXCEEDED;
248 icmp_pkt.code = 0;
249 icmp_pkt.checksum = 0;
250 icmp_pkt.unused = 0;
251 memcpy(&packet[off],
252 &icmp_pkt,
253 sizeof(struct icmp_ttl_exceeded_header));
254 off += sizeof(struct icmp_ttl_exceeded_header);
255
256 /* ip header of the presumably 'lost' udp packet */
257 ip_pkt.vers_ihl = 0x45;
258 ip_pkt.tos = 0;
259 ip_pkt.pkt_len = htons(sizeof (struct ip_header) +
260 sizeof (struct udp_header));
261 ip_pkt.id = htons(0);
262 ip_pkt.flags_frag_offset = 0;
263 ip_pkt.ttl = 128;
264 ip_pkt.proto = IPPROTO_UDP;
265 ip_pkt.checksum = 0;
266 ip_pkt.src_ip = other->s_addr;
267 ip_pkt.dst_ip = dummy.s_addr;
268 ip_pkt.checksum = htons(calc_checksum((uint16_t*)&ip_pkt,
269 sizeof (struct ip_header)));
270 memcpy(&packet[off],
271 &ip_pkt,
272 sizeof(struct ip_header));
273 off += sizeof(struct ip_header);
274
275 /* build UDP header */
276 udp_pkt.src_port = htons(NAT_TRAV_PORT);
277 udp_pkt.dst_port = htons(NAT_TRAV_PORT);
278 udp_pkt.length = htons (port);
279 udp_pkt.crc = 0;
280 memcpy(&packet[off],
281 &udp_pkt,
282 sizeof(struct udp_header));
283 off += sizeof(struct udp_header);
284
285 /* set ICMP checksum */
286 icmp_pkt.checksum = htons(calc_checksum((uint16_t*)&packet[sizeof(struct ip_header)],
287 sizeof (struct icmp_ttl_exceeded_header) +
288 sizeof (struct ip_header) +
289 sizeof (struct udp_header)));
290 memcpy (&packet[sizeof(struct ip_header)],
291 &icmp_pkt,
292 sizeof (struct icmp_ttl_exceeded_header));
293
294 memset (&dst, 0, sizeof (dst));
295 dst.sin_family = AF_INET;
296#if HAVE_SOCKADDR_IN_SIN_LEN
297 dst.sin_len = sizeof (struct sockaddr_in);
298#endif
299 dst.sin_addr = *other;
300 err = sendto(rawsock,
301 packet,
302 sizeof (packet), 0,
303 (struct sockaddr*)&dst,
304 sizeof(dst));
305 if (err < 0)
306 {
307 fprintf(stderr,
308 "sendto failed: %s\n", strerror(errno));
309 }
310 else if (sizeof (packet) != (size_t) err)
311 {
312 fprintf(stderr,
313 "Error: partial send of ICMP message\n");
314 }
315}
316
317
318/**
319 * Send an ICMP message to the target.
320 *
321 * @param my_ip source address
322 * @param other target address
323 */
324static void
325send_icmp (const struct in_addr *my_ip,
326 const struct in_addr *other)
327{
328 struct ip_header ip_pkt;
329 struct icmp_ttl_exceeded_header icmp_ttl;
330 struct icmp_echo_header icmp_echo;
331 struct sockaddr_in dst;
332 char packet[sizeof (struct ip_header) * 2 +
333 sizeof (struct icmp_ttl_exceeded_header) +
334 sizeof (struct icmp_echo_header)];
335 size_t off;
336 int err;
337
338 /* ip header: send to (known) ip address */
339 off = 0;
340 ip_pkt.vers_ihl = 0x45;
341 ip_pkt.tos = 0;
342 ip_pkt.pkt_len = htons (sizeof (packet));
343 ip_pkt.id = htons (256);
344 ip_pkt.flags_frag_offset = 0;
345 ip_pkt.ttl = IPDEFTTL;
346 ip_pkt.proto = IPPROTO_ICMP;
347 ip_pkt.checksum = 0;
348 ip_pkt.src_ip = my_ip->s_addr;
349 ip_pkt.dst_ip = other->s_addr;
350 ip_pkt.checksum = htons(calc_checksum((uint16_t*)&ip_pkt,
351 sizeof (struct ip_header)));
352 memcpy (&packet[off],
353 &ip_pkt,
354 sizeof (struct ip_header));
355 off = sizeof (ip_pkt);
356
357 /* icmp reply: time exceeded */
358 icmp_ttl.type = ICMP_TIME_EXCEEDED;
359 icmp_ttl.code = 0;
360 icmp_ttl.checksum = 0;
361 icmp_ttl.unused = 0;
362 memcpy (&packet[off],
363 &icmp_ttl,
364 sizeof (struct icmp_ttl_exceeded_header));
365 off += sizeof (struct icmp_ttl_exceeded_header);
366
367 /* ip header of the presumably 'lost' udp packet */
368 ip_pkt.vers_ihl = 0x45;
369 ip_pkt.tos = 0;
370 ip_pkt.pkt_len = htons (sizeof (struct ip_header) + sizeof (struct icmp_echo_header));
371 ip_pkt.id = htons (256);
372 ip_pkt.flags_frag_offset = 0;
373 ip_pkt.ttl = 1; /* real TTL would be 1 on a time exceeded packet */
374 ip_pkt.proto = IPPROTO_ICMP;
375 ip_pkt.src_ip = other->s_addr;
376 ip_pkt.dst_ip = dummy.s_addr;
377 ip_pkt.checksum = 0;
378 ip_pkt.checksum = htons(calc_checksum((uint16_t*)&ip_pkt,
379 sizeof (struct ip_header)));
380 memcpy (&packet[off],
381 &ip_pkt,
382 sizeof (struct ip_header));
383 off += sizeof (struct ip_header);
384
385 icmp_echo.type = ICMP_ECHO;
386 icmp_echo.code = 0;
387 icmp_echo.reserved = htonl (port);
388 icmp_echo.checksum = 0;
389 icmp_echo.checksum = htons(calc_checksum((uint16_t*) &icmp_echo,
390 sizeof (struct icmp_echo_header)));
391 memcpy (&packet[off],
392 &icmp_echo,
393 sizeof(struct icmp_echo_header));
394
395 /* no go back to calculate ICMP packet checksum */
396 off = sizeof (struct ip_header);
397 icmp_ttl.checksum = htons(calc_checksum((uint16_t*) &packet[off],
398 sizeof (struct icmp_ttl_exceeded_header) +
399 sizeof (struct ip_header) +
400 sizeof (struct icmp_echo_header)));
401 memcpy (&packet[off],
402 &icmp_ttl,
403 sizeof (struct icmp_ttl_exceeded_header));
404
405 /* prepare for transmission */
406 memset (&dst, 0, sizeof (dst));
407 dst.sin_family = AF_INET;
408#if HAVE_SOCKADDR_IN_SIN_LEN
409 dst.sin_len = sizeof (struct sockaddr_in);
410#endif
411 dst.sin_addr = *other;
412 err = sendto(rawsock,
413 packet,
414 sizeof (packet), 0,
415 (struct sockaddr*)&dst,
416 sizeof(dst));
417 if (err < 0)
418 {
419 fprintf(stderr,
420 "sendto failed: %s\n", strerror(errno));
421 }
422 else if (sizeof (packet) != (size_t) err)
423 {
424 fprintf(stderr,
425 "Error: partial send of ICMP message\n");
426 }
427}
428
429
430/**
431 * Create an ICMP raw socket for writing.
432 *
433 * @return -1 on error
434 */
435static int
436make_raw_socket ()
437{
438 const int one = 1;
439 int ret;
440
441 ret = socket (AF_INET, SOCK_RAW, IPPROTO_RAW);
442 if (-1 == ret)
443 {
444 fprintf (stderr,
445 "Error opening RAW socket: %s\n",
446 strerror (errno));
447 return -1;
448 }
449 if (0 != setsockopt(ret, SOL_SOCKET, SO_BROADCAST,
450 (char *)&one, sizeof(one)))
451 {
452 fprintf(stderr,
453 "setsockopt failed: %s\n",
454 strerror (errno));
455 close (ret);
456 return -1;
457 }
458 if (0 != setsockopt(ret, IPPROTO_IP, IP_HDRINCL,
459 (char *)&one, sizeof(one)))
460 {
461 fprintf(stderr,
462 "setsockopt failed: %s\n",
463 strerror (errno));
464 close (ret);
465 return -1;
466 }
467 return ret;
468}
469
470
471int
472main (int argc, char *const *argv)
473{
474 struct in_addr external;
475 struct in_addr target;
476 uid_t uid;
477 unsigned int p;
478
479 if (4 != argc)
480 {
481 fprintf (stderr,
482 "This program must be started with our IP, the targets external IP, and our port as arguments.\n");
483 return 1;
484 }
485 if ( (1 != inet_pton (AF_INET, argv[1], &external)) ||
486 (1 != inet_pton (AF_INET, argv[2], &target)) )
487 {
488 fprintf (stderr,
489 "Error parsing IPv4 address: %s\n",
490 strerror (errno));
491 return 1;
492 }
493 if ( (1 != sscanf (argv[3], "%u", &p) ) ||
494 (0 == p) ||
495 (0xFFFF < p) )
496 {
497 fprintf (stderr,
498 "Error parsing port value `%s'\n",
499 argv[3]);
500 return 1;
501 }
502 port = (uint16_t) p;
503 if (1 != inet_pton (AF_INET, DUMMY_IP, &dummy))
504 {
505 fprintf (stderr,
506 "Internal error converting dummy IP to binary.\n");
507 return 2;
508 }
509 if (-1 == (rawsock = make_raw_socket()))
510 return 2;
511 uid = getuid ();
512 if (0 != setresuid (uid, uid, uid))
513 {
514 fprintf (stderr,
515 "Failed to setresuid: %s\n",
516 strerror (errno));
517 /* not critical, continue anyway */
518 }
519 send_icmp (&external,
520 &target);
521 send_icmp_udp (&external,
522 &target);
523 close (rawsock);
524 return 0;
525}
526
527/* end of gnunet-helper-nat-client.c */