diff options
author | Nathan S. Evans <evans@in.tum.de> | 2010-08-18 15:37:41 +0000 |
---|---|---|
committer | Nathan S. Evans <evans@in.tum.de> | 2010-08-18 15:37:41 +0000 |
commit | 192a6a6663b55a491987f8423c22527f12d1f46b (patch) | |
tree | 3f515f5ab1ee7e7fca2374931fef262b4577e8ff /src/transport/gnunet-nat-client-windows.c | |
parent | 78f94904007317852f6a2016f9afe7483a22f4cd (diff) | |
download | gnunet-192a6a6663b55a491987f8423c22527f12d1f46b.tar.gz gnunet-192a6a6663b55a491987f8423c22527f12d1f46b.zip |
windoze suckssss
Diffstat (limited to 'src/transport/gnunet-nat-client-windows.c')
-rw-r--r-- | src/transport/gnunet-nat-client-windows.c | 457 |
1 files changed, 457 insertions, 0 deletions
diff --git a/src/transport/gnunet-nat-client-windows.c b/src/transport/gnunet-nat-client-windows.c new file mode 100644 index 000000000..107851f4a --- /dev/null +++ b/src/transport/gnunet-nat-client-windows.c | |||
@@ -0,0 +1,457 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | (C) 2010 Christian Grothoff (and other contributing authors) | ||
4 | |||
5 | GNUnet is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 3, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 59 Temple Place - Suite 330, | ||
18 | Boston, MA 02111-1307, USA. | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file src/transport/gnunet-nat-client-windows.c | ||
23 | * @brief Tool to help bypass NATs using ICMP method; must run as | ||
24 | * root (SUID will do) or administrator on W32 | ||
25 | * This code will work under GNU/Linux or W32. | ||
26 | * @author Nathan Evans | ||
27 | * | ||
28 | * This program will send ONE ICMP message using RAW sockets | ||
29 | * to the IP address specified as the second argument. Since | ||
30 | * it uses RAW sockets, it must be installed SUID or run as 'root'. | ||
31 | * In order to keep the security risk of the resulting SUID binary | ||
32 | * minimal, the program ONLY opens the RAW socket with root | ||
33 | * privileges, then drops them and only then starts to process | ||
34 | * command line arguments. The code also does not link against | ||
35 | * any shared libraries (except libc) and is strictly minimal | ||
36 | * (except for checking for errors). The following list of people | ||
37 | * have reviewed this code and considered it safe since the last | ||
38 | * modification (if you reviewed it, please have your name added | ||
39 | * to the list): | ||
40 | * | ||
41 | * - Christian Grothoff | ||
42 | * - Nathan Evans | ||
43 | */ | ||
44 | #define _GNU_SOURCE | ||
45 | #ifdef WIN32 | ||
46 | #include <winsock2.h> | ||
47 | #else | ||
48 | #include <sys/types.h> | ||
49 | #include <sys/socket.h> | ||
50 | #include <arpa/inet.h> | ||
51 | #include <sys/select.h> | ||
52 | #include <netinet/ip.h> | ||
53 | #include <netinet/ip_icmp.h> | ||
54 | #include <netinet/in.h> | ||
55 | #endif | ||
56 | #include <sys/time.h> | ||
57 | #include <sys/types.h> | ||
58 | #include <unistd.h> | ||
59 | #include <stdio.h> | ||
60 | #include <string.h> | ||
61 | #include <errno.h> | ||
62 | #include <stdlib.h> | ||
63 | #include <stdint.h> | ||
64 | #include <time.h> | ||
65 | |||
66 | |||
67 | #ifdef WIN32 | ||
68 | typedef unsigned int uid_t; | ||
69 | typedef SOCKET Socket; | ||
70 | typedef unsigned short ushort; | ||
71 | #define ICMP_ECHO 8 | ||
72 | #define IPDEFTTL 64 /* default ttl, from RFC 1340 */ | ||
73 | #define ICMP_TIME_EXCEEDED 11 /* Time Exceeded */ | ||
74 | #define IP_HDRINCL 3 /* int; Header is included with data. */ | ||
75 | #else | ||
76 | typedef int Socket; | ||
77 | #endif | ||
78 | |||
79 | /** | ||
80 | * Must match IP given in the server. | ||
81 | */ | ||
82 | #define DUMMY_IP "192.0.2.86" | ||
83 | |||
84 | #define NAT_TRAV_PORT 22225 | ||
85 | |||
86 | struct ip_packet | ||
87 | { | ||
88 | uint8_t vers_ihl; | ||
89 | uint8_t tos; | ||
90 | uint16_t pkt_len; | ||
91 | uint16_t id; | ||
92 | uint16_t flags_frag_offset; | ||
93 | uint8_t ttl; | ||
94 | uint8_t proto; | ||
95 | uint16_t checksum; | ||
96 | uint32_t src_ip; | ||
97 | uint32_t dst_ip; | ||
98 | }; | ||
99 | |||
100 | struct icmp_packet | ||
101 | { | ||
102 | uint8_t type; | ||
103 | uint8_t code; | ||
104 | uint16_t checksum; | ||
105 | uint32_t reserved; | ||
106 | |||
107 | }; | ||
108 | |||
109 | struct icmp_echo_packet | ||
110 | { | ||
111 | uint8_t type; | ||
112 | uint8_t code; | ||
113 | uint16_t checksum; | ||
114 | uint32_t reserved; | ||
115 | uint32_t data; | ||
116 | }; | ||
117 | |||
118 | struct udp_packet | ||
119 | { | ||
120 | uint16_t src_port; | ||
121 | |||
122 | uint16_t dst_port; | ||
123 | |||
124 | uint32_t length; | ||
125 | }; | ||
126 | |||
127 | static Socket rawsock; | ||
128 | |||
129 | static struct in_addr dummy; | ||
130 | |||
131 | static uint32_t port; | ||
132 | |||
133 | #if WIN32 | ||
134 | /** | ||
135 | * @param af address family | ||
136 | * @param cp the address to print | ||
137 | * @param buf where to write the address result | ||
138 | */ | ||
139 | static int inet_pton (int af, char *cp, struct in_addr *buf) | ||
140 | { | ||
141 | //ret = WSAStringToAddress (cp, af, NULL, (LPSOCKADDR)buf, &ssize); | ||
142 | buf->s_addr = inet_addr(cp); | ||
143 | if (buf->s_addr == INADDR_NONE) | ||
144 | { | ||
145 | fprintf(stderr, "Error %d handling address %s", WSAGetLastError(), cp); | ||
146 | return 0; | ||
147 | } | ||
148 | else | ||
149 | return 1; | ||
150 | } | ||
151 | #endif | ||
152 | |||
153 | static uint16_t | ||
154 | calc_checksum(const uint16_t *data, | ||
155 | unsigned int bytes) | ||
156 | { | ||
157 | uint32_t sum; | ||
158 | unsigned int i; | ||
159 | |||
160 | sum = 0; | ||
161 | for (i=0;i<bytes/2;i++) | ||
162 | sum += data[i]; | ||
163 | sum = (sum & 0xffff) + (sum >> 16); | ||
164 | sum = htons(0xffff - sum); | ||
165 | return sum; | ||
166 | } | ||
167 | |||
168 | |||
169 | static void | ||
170 | make_echo (const struct in_addr *src_ip, | ||
171 | struct icmp_echo_packet *echo, uint32_t num) | ||
172 | { | ||
173 | memset(echo, 0, sizeof(struct icmp_echo_packet)); | ||
174 | echo->type = ICMP_ECHO; | ||
175 | echo->code = 0; | ||
176 | echo->reserved = 0; | ||
177 | echo->checksum = 0; | ||
178 | echo->data = htons(num); | ||
179 | echo->checksum = htons(calc_checksum((uint16_t*)echo, | ||
180 | sizeof (struct icmp_echo_packet))); | ||
181 | } | ||
182 | |||
183 | |||
184 | /** | ||
185 | * Send an ICMP message to the target. | ||
186 | * | ||
187 | * @param my_ip source address | ||
188 | * @param other target address | ||
189 | */ | ||
190 | static void | ||
191 | send_icmp_udp (const struct in_addr *my_ip, | ||
192 | const struct in_addr *other) | ||
193 | { | ||
194 | struct ip_packet ip_pkt; | ||
195 | struct icmp_packet icmp_pkt; | ||
196 | struct udp_packet udp_pkt; | ||
197 | |||
198 | struct sockaddr_in dst; | ||
199 | char packet[sizeof(ip_pkt) * 2 + sizeof(icmp_pkt) * 2 + sizeof(uint32_t)]; | ||
200 | |||
201 | size_t off; | ||
202 | int err; | ||
203 | |||
204 | /* ip header: send to (known) ip address */ | ||
205 | off = 0; | ||
206 | memset(&ip_pkt, 0, sizeof(ip_pkt)); | ||
207 | ip_pkt.vers_ihl = 0x45; | ||
208 | ip_pkt.tos = 0; | ||
209 | ip_pkt.pkt_len = htons(sizeof (packet)); | ||
210 | ip_pkt.id = htons(256); | ||
211 | ip_pkt.flags_frag_offset = 0; | ||
212 | ip_pkt.ttl = 128; | ||
213 | ip_pkt.proto = IPPROTO_ICMP; | ||
214 | ip_pkt.checksum = 0; | ||
215 | ip_pkt.src_ip = my_ip->s_addr; | ||
216 | ip_pkt.dst_ip = other->s_addr; | ||
217 | ip_pkt.checksum = htons(calc_checksum((uint16_t*)&ip_pkt, sizeof (ip_pkt))); | ||
218 | memcpy(&packet[off], &ip_pkt, sizeof(ip_pkt)); | ||
219 | off += sizeof(ip_pkt); | ||
220 | |||
221 | /* ip header of the presumably 'lost' udp packet */ | ||
222 | ip_pkt.vers_ihl = 0x45; | ||
223 | ip_pkt.tos = 0; | ||
224 | ip_pkt.pkt_len = (sizeof (struct ip_packet) + sizeof (struct icmp_echo_packet)); | ||
225 | |||
226 | icmp_pkt.type = 11; /* TTL exceeded */ | ||
227 | icmp_pkt.code = 0; | ||
228 | icmp_pkt.checksum = 0; | ||
229 | icmp_pkt.reserved = 0; | ||
230 | memcpy(&packet[off], &icmp_pkt, sizeof(icmp_pkt)); | ||
231 | off += sizeof(icmp_pkt); | ||
232 | |||
233 | /* build inner IP header */ | ||
234 | memset(&ip_pkt, 0, sizeof(ip_pkt)); | ||
235 | ip_pkt.vers_ihl = 0x45; | ||
236 | ip_pkt.tos = 0; | ||
237 | ip_pkt.pkt_len = htons(sizeof (ip_pkt) + sizeof(udp_pkt)); | ||
238 | ip_pkt.id = htons(0); | ||
239 | ip_pkt.flags_frag_offset = 0; | ||
240 | ip_pkt.ttl = 128; | ||
241 | ip_pkt.proto = IPPROTO_UDP; | ||
242 | ip_pkt.checksum = 0; | ||
243 | ip_pkt.src_ip = other->s_addr; | ||
244 | ip_pkt.dst_ip = dummy.s_addr; | ||
245 | ip_pkt.checksum = htons(calc_checksum((uint16_t*)&ip_pkt, sizeof (ip_pkt))); | ||
246 | memcpy(&packet[off], &ip_pkt, sizeof(ip_pkt)); | ||
247 | off += sizeof(ip_pkt); | ||
248 | |||
249 | /* build UDP header */ | ||
250 | udp_pkt.src_port = htons(NAT_TRAV_PORT); /* FIXME: does this port matter? */ | ||
251 | udp_pkt.dst_port = htons(NAT_TRAV_PORT); | ||
252 | |||
253 | memset(&udp_pkt.length, 0, sizeof(uint32_t)); | ||
254 | udp_pkt.length = htonl(port); | ||
255 | memcpy(&packet[off], &udp_pkt, sizeof(udp_pkt)); | ||
256 | off += sizeof(udp_pkt); | ||
257 | |||
258 | /* set ICMP checksum */ | ||
259 | icmp_pkt.checksum = htons(calc_checksum((uint16_t*)&packet[sizeof(ip_pkt)], | ||
260 | sizeof (icmp_pkt) + sizeof(ip_pkt) + sizeof(udp_pkt))); | ||
261 | memcpy (&packet[sizeof(ip_pkt)], &icmp_pkt, sizeof (icmp_pkt)); | ||
262 | |||
263 | |||
264 | memset (&dst, 0, sizeof (dst)); | ||
265 | dst.sin_family = AF_INET; | ||
266 | dst.sin_addr = *other; | ||
267 | err = sendto(rawsock, | ||
268 | packet, | ||
269 | off, 0, | ||
270 | (struct sockaddr*)&dst, | ||
271 | sizeof(dst)); | ||
272 | |||
273 | if (err < 0) | ||
274 | { | ||
275 | fprintf(stderr, | ||
276 | "sendto failed: %s\n", strerror(errno)); | ||
277 | } | ||
278 | else if (err != off) | ||
279 | { | ||
280 | fprintf(stderr, | ||
281 | "Error: partial send of ICMP message\n"); | ||
282 | } | ||
283 | } | ||
284 | |||
285 | |||
286 | /** | ||
287 | * Send an ICMP message to the target. | ||
288 | * | ||
289 | * @param my_ip source address | ||
290 | * @param other target address | ||
291 | */ | ||
292 | static void | ||
293 | send_icmp (const struct in_addr *my_ip, | ||
294 | const struct in_addr *other) | ||
295 | { | ||
296 | struct ip_packet ip_pkt; | ||
297 | struct icmp_packet *icmp_pkt; | ||
298 | struct icmp_echo_packet icmp_echo; | ||
299 | struct sockaddr_in dst; | ||
300 | char packet[sizeof (struct ip_packet)*2 + sizeof (struct icmp_packet) + sizeof(struct icmp_echo_packet)]; | ||
301 | |||
302 | size_t off; | ||
303 | int err; | ||
304 | |||
305 | /* ip header: send to (known) ip address */ | ||
306 | off = 0; | ||
307 | memset(&ip_pkt, 0, sizeof(ip_pkt)); | ||
308 | ip_pkt.vers_ihl = 0x45; | ||
309 | ip_pkt.tos = 0; | ||
310 | ip_pkt.pkt_len = sizeof (packet); /* huh? */ | ||
311 | ip_pkt.id = 1; | ||
312 | ip_pkt.flags_frag_offset = 0; | ||
313 | ip_pkt.ttl = IPDEFTTL; | ||
314 | ip_pkt.proto = IPPROTO_ICMP; | ||
315 | ip_pkt.checksum = 0; | ||
316 | ip_pkt.src_ip = my_ip->s_addr; | ||
317 | ip_pkt.dst_ip = other->s_addr; | ||
318 | ip_pkt.checksum = htons(calc_checksum((uint16_t*)&ip_pkt, sizeof (struct ip_packet))); | ||
319 | memcpy (packet, &ip_pkt, sizeof (struct ip_packet)); | ||
320 | off += sizeof (ip_pkt); | ||
321 | /* icmp reply: time exceeded */ | ||
322 | icmp_pkt = (struct icmp_packet*) &packet[off]; | ||
323 | memset(icmp_pkt, 0, sizeof(struct icmp_packet)); | ||
324 | icmp_pkt->type = ICMP_TIME_EXCEEDED; | ||
325 | icmp_pkt->code = 0; | ||
326 | icmp_pkt->reserved = 0; | ||
327 | icmp_pkt->checksum = 0; | ||
328 | |||
329 | off += sizeof (struct icmp_packet); | ||
330 | |||
331 | /* ip header of the presumably 'lost' udp packet */ | ||
332 | ip_pkt.vers_ihl = 0x45; | ||
333 | ip_pkt.tos = 0; | ||
334 | ip_pkt.pkt_len = (sizeof (struct ip_packet) + sizeof (struct icmp_echo_packet)); | ||
335 | |||
336 | ip_pkt.id = 1; | ||
337 | ip_pkt.flags_frag_offset = 0; | ||
338 | ip_pkt.ttl = 1; /* real TTL would be 1 on a time exceeded packet */ | ||
339 | ip_pkt.proto = IPPROTO_ICMP; | ||
340 | ip_pkt.src_ip = other->s_addr; | ||
341 | ip_pkt.dst_ip = dummy.s_addr; | ||
342 | ip_pkt.checksum = 0; | ||
343 | ip_pkt.checksum = htons(calc_checksum((uint16_t*)&ip_pkt, sizeof (struct ip_packet))); | ||
344 | memcpy (&packet[off], &ip_pkt, sizeof (struct ip_packet)); | ||
345 | off += sizeof (struct ip_packet); | ||
346 | |||
347 | make_echo (other, &icmp_echo, port); | ||
348 | memcpy (&packet[off], &icmp_echo, sizeof(struct icmp_echo_packet)); | ||
349 | off += sizeof (struct icmp_echo_packet); | ||
350 | |||
351 | icmp_pkt->checksum = htons(calc_checksum((uint16_t*)icmp_pkt, | ||
352 | sizeof (struct icmp_packet) + sizeof(struct ip_packet) + sizeof(struct icmp_echo_packet))); | ||
353 | |||
354 | memset (&dst, 0, sizeof (dst)); | ||
355 | dst.sin_family = AF_INET; | ||
356 | dst.sin_addr = *other; | ||
357 | err = sendto(rawsock, | ||
358 | packet, | ||
359 | off, 0, | ||
360 | (struct sockaddr*)&dst, | ||
361 | sizeof(dst)); /* or sizeof 'struct sockaddr'? */ | ||
362 | if (err < 0) | ||
363 | { | ||
364 | fprintf(stderr, | ||
365 | "sendto failed: %s\n", strerror(errno)); | ||
366 | } | ||
367 | else if (err != off) | ||
368 | { | ||
369 | fprintf(stderr, | ||
370 | "Error: partial send of ICMP message\n"); | ||
371 | } | ||
372 | } | ||
373 | |||
374 | |||
375 | static Socket | ||
376 | make_raw_socket () | ||
377 | { | ||
378 | const int one = 1; | ||
379 | int ret; | ||
380 | |||
381 | ret = socket (AF_INET, SOCK_RAW, IPPROTO_RAW); | ||
382 | if (-1 == ret) | ||
383 | { | ||
384 | fprintf (stderr, | ||
385 | "Error opening RAW socket: %s\n", | ||
386 | strerror (errno)); | ||
387 | return -1; | ||
388 | } | ||
389 | if (setsockopt(ret, SOL_SOCKET, SO_BROADCAST, | ||
390 | (char *)&one, sizeof(one)) == -1) | ||
391 | fprintf(stderr, | ||
392 | "setsockopt failed: %s\n", | ||
393 | strerror (errno)); | ||
394 | if (setsockopt(ret, IPPROTO_IP, IP_HDRINCL, | ||
395 | (char *)&one, sizeof(one)) == -1) | ||
396 | fprintf(stderr, | ||
397 | "setsockopt failed: %s\n", | ||
398 | strerror (errno)); | ||
399 | return ret; | ||
400 | } | ||
401 | |||
402 | |||
403 | int | ||
404 | main (int argc, char *const *argv) | ||
405 | { | ||
406 | struct in_addr external; | ||
407 | struct in_addr target; | ||
408 | #ifndef WIN32 | ||
409 | uid_t uid; | ||
410 | #endif | ||
411 | |||
412 | #ifdef WIN32 | ||
413 | // WSA startup | ||
414 | WSADATA wsaData; | ||
415 | if (WSAStartup (MAKEWORD (2, 1), &wsaData) != 0) | ||
416 | { | ||
417 | fprintf (stderr, "Failed to find Winsock 2.1 or better.\n"); | ||
418 | return 4; // ERROR | ||
419 | } | ||
420 | #endif | ||
421 | |||
422 | if (-1 == (rawsock = make_raw_socket())) | ||
423 | return 1; | ||
424 | |||
425 | #ifndef WIN32 | ||
426 | uid = getuid (); | ||
427 | if (0 != setresuid (uid, uid, uid)) | ||
428 | fprintf (stderr, | ||
429 | "Failed to setresuid: %s\n", | ||
430 | strerror (errno)); | ||
431 | #endif | ||
432 | if (argc != 4) | ||
433 | { | ||
434 | fprintf (stderr, | ||
435 | "This program must be started with our IP, the targets external IP, and our port as arguments.\n"); | ||
436 | return 1; | ||
437 | } | ||
438 | port = atoi(argv[3]); | ||
439 | |||
440 | if ( (1 != inet_pton (AF_INET, argv[1], &external)) || | ||
441 | (1 != inet_pton (AF_INET, argv[2], &target)) ) | ||
442 | { | ||
443 | fprintf (stderr, | ||
444 | "Error parsing IPv4 address: %s\n", | ||
445 | strerror (errno)); | ||
446 | return 1; | ||
447 | } | ||
448 | if (1 != inet_pton (AF_INET, DUMMY_IP, &dummy)) abort (); | ||
449 | send_icmp (&external, | ||
450 | &target); | ||
451 | send_icmp_udp (&external, | ||
452 | &target); | ||
453 | close (rawsock); | ||
454 | return 0; | ||
455 | } | ||
456 | |||
457 | /* end of gnunet-nat-client.c */ | ||