1 files changed, 0 insertions, 546 deletions
diff --git a/src/nat/gnunet-helper-nat-client.c b/src/nat/gnunet-helper-nat-client.c
deleted file mode 100644
index 0271d6e0f..000000000
--- a/src/nat/gnunet-helper-nat-client.c
+++ /dev/null
@@ -1,546 +0,0 @@
-/*
-     This file is part of GNUnet.
-     Copyright (C) 2010 GNUnet e.V.
-     GNUnet is free software: you can redistribute it and/or modify it
-     under the terms of the GNU Affero General Public License as published
-     by the Free Software Foundation, either version 3 of the License,
-     or (at your option) any later version.
-     GNUnet is distributed in the hope that it will be useful, but
-     WITHOUT ANY WARRANTY; without even the implied warranty of
-     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-     Affero General Public License for more details.
-     You should have received a copy of the GNU Affero General Public License
-     along with this program.  If not, see <http://www.gnu.org/licenses/>.
-     SPDX-License-Identifier: AGPL3.0-or-later
- */
-/**
- * @file src/nat/gnunet-helper-nat-client.c
- * @brief Tool to help bypass NATs using ICMP method; must run as root (SUID will do)
- *        This code will work under GNU/Linux only.
- * @author Christian Grothoff
- *
- * This program will send ONE ICMP message using RAW sockets
- * to the IP address specified as the second argument.  Since
- * it uses RAW sockets, it must be installed SUID or run as 'root'.
- * In order to keep the security risk of the resulting SUID binary
- * minimal, the program ONLY opens the RAW socket with root
- * privileges, then drops them and only then starts to process
- * command line arguments.  The code also does not link against
- * any shared libraries (except libc) and is strictly minimal
- * (except for checking for errors).  The following list of people
- * have reviewed this code and considered it safe since the last
- * modification (if you reviewed it, please have your name added
- * to the list):
- *
- * - Christian Grothoff
- * - Nathan Evans
- * - Benjamin Kuperman (22 Aug 2010)
- */
-#if HAVE_CONFIG_H
-/* Just needed for HAVE_SOCKADDR_IN_SIN_LEN test macro! */
-#include "gnunet_config.h"
-#else
-#define _GNU_SOURCE
-#endif
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <arpa/inet.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <netinet/ip.h>
-#include <netinet/ip_icmp.h>
-#include <netinet/in.h>
-/* The following constant is missing from FreeBSD 9.2 */
-#ifndef ICMP_TIME_EXCEEDED
-#define ICMP_TIME_EXCEEDED 11
-#endif
-/**
- * Call memcpy() but check for @a n being 0 first. In the latter
- * case, it is now safe to pass NULL for @a src or @a dst.
- * Unlike traditional memcpy(), returns nothing.
- *
- * @param dst destination of the copy, may be NULL if @a n is zero
- * @param src source of the copy, may be NULL if @a n is zero
- * @param n number of bytes to copy
- */
-#define GNUNET_memcpy(dst, src, n) do { if (0 != n) { (void) memcpy (dst, src, \
-                                                                     n); \
-                                        } } while (0)
-/**
- * Must match IP given in the server.
- */
-#define DUMMY_IP "192.0.2.86"
-#define NAT_TRAV_PORT 22225
-/**
- * Must match packet ID used by gnunet-helper-nat-server.c
- */
-#define PACKET_ID 256
-/**
- * IPv4 header.
- */
-struct ip_header
-{
-  /**
-   * Version (4 bits) + Internet header length (4 bits)
-   */
-  uint8_t vers_ihl;
-  /**
-   * Type of service
-   */
-  uint8_t tos;
-  /**
-   * Total length
-   */
-  uint16_t pkt_len;
-  /**
-   * Identification
-   */
-  uint16_t id;
-  /**
-   * Flags (3 bits) + Fragment offset (13 bits)
-   */
-  uint16_t flags_frag_offset;
-  /**
-   * Time to live
-   */
-  uint8_t ttl;
-  /**
-   * Protocol
-   */
-  uint8_t proto;
-  /**
-   * Header checksum
-   */
-  uint16_t checksum;
-  /**
-   * Source address
-   */
-  uint32_t src_ip;
-  /**
-   * Destination address
-   */
-  uint32_t dst_ip;
-};
-/**
- * Format of ICMP packet.
- */
-struct icmp_ttl_exceeded_header
-{
-  uint8_t type;
-  uint8_t code;
-  uint16_t checksum;
-  uint32_t unused;
-  /* followed by original payload */
-};
-struct icmp_echo_header
-{
-  uint8_t type;
-  uint8_t code;
-  uint16_t checksum;
-  uint32_t reserved;
-};
-/**
- * Beginning of UDP packet.
- */
-struct udp_header
-{
-  uint16_t src_port;
-  uint16_t dst_port;
-  uint16_t length;
-  uint16_t crc;
-};
-/**
- * Socket we use to send our fake ICMP replies.
- */
-static int rawsock;
-/**
- * Target "dummy" address of the packet we pretend to respond to.
- */
-static struct in_addr dummy;
-/**
- * Our "source" port.
- */
-static uint16_t port;
-/**
- * CRC-16 for IP/ICMP headers.
- *
- * @param data what to calculate the CRC over
- * @param bytes number of bytes in data (must be multiple of 2)
- * @return the CRC 16.
- */
-static uint16_t
-calc_checksum (const uint16_t *data, unsigned int bytes)
-{
-  uint32_t sum;
-  unsigned int i;
-  sum = 0;
-  for (i = 0; i < bytes / 2; i++)
-    sum += data[i];
-  sum = (sum & 0xffff) + (sum >> 16);
-  sum = htons (0xffff - sum);
-  return sum;
-}
-/**
- * Send an ICMP message to the target.
- *
- * @param my_ip source address
- * @param other target address
- */
-static void
-send_icmp_udp (const struct in_addr *my_ip, const struct in_addr *other)
-{
-  char packet[sizeof(struct ip_header) * 2
-              + sizeof(struct icmp_ttl_exceeded_header)
-              + sizeof(struct udp_header)];
-  struct ip_header ip_pkt;
-  struct icmp_ttl_exceeded_header icmp_pkt;
-  struct udp_header udp_pkt;
-  struct sockaddr_in dst;
-  size_t off;
-  int err;
-  /* ip header: send to (known) ip address */
-  off = 0;
-  ip_pkt.vers_ihl = 0x45;
-  ip_pkt.tos = 0;
-  /* should this be BSD only? */
-#if defined(BSD) && defined(__FreeBSD__) && defined(__FreeBSD_kernel__)
-  ip_pkt.pkt_len = sizeof(packet);  /* Workaround PR kern/21737 */
-#else
-  ip_pkt.pkt_len = htons (sizeof(packet));
-#endif
-  ip_pkt.id = htons (PACKET_ID);
-  ip_pkt.flags_frag_offset = 0;
-  ip_pkt.ttl = 128;
-  ip_pkt.proto = IPPROTO_ICMP;
-  ip_pkt.checksum = 0;
-  ip_pkt.src_ip = my_ip->s_addr;
-  ip_pkt.dst_ip = other->s_addr;
-  ip_pkt.checksum =
-    htons (calc_checksum ((uint16_t *) &ip_pkt, sizeof(struct ip_header)));
-  GNUNET_memcpy (&packet[off],
-                 &ip_pkt,
-                 sizeof(struct ip_header));
-  off += sizeof(struct ip_header);
-  icmp_pkt.type = ICMP_TIME_EXCEEDED;
-  icmp_pkt.code = 0;
-  icmp_pkt.checksum = 0;
-  icmp_pkt.unused = 0;
-  GNUNET_memcpy (&packet[off],
-                 &icmp_pkt,
-                 sizeof(struct icmp_ttl_exceeded_header));
-  off += sizeof(struct icmp_ttl_exceeded_header);
-  /* ip header of the presumably 'lost' udp packet */
-  ip_pkt.vers_ihl = 0x45;
-  ip_pkt.tos = 0;
-  ip_pkt.pkt_len =
-    htons (sizeof(struct ip_header) + sizeof(struct udp_header));
-  ip_pkt.id = htons (0);
-  ip_pkt.flags_frag_offset = 0;
-  ip_pkt.ttl = 128;
-  ip_pkt.proto = IPPROTO_UDP;
-  ip_pkt.checksum = 0;
-  ip_pkt.src_ip = other->s_addr;
-  ip_pkt.dst_ip = dummy.s_addr;
-  ip_pkt.checksum =
-    htons (calc_checksum ((uint16_t *) &ip_pkt, sizeof(struct ip_header)));
-  GNUNET_memcpy (&packet[off],
-                 &ip_pkt,
-                 sizeof(struct ip_header));
-  off += sizeof(struct ip_header);
-  /* build UDP header */
-  udp_pkt.src_port = htons (NAT_TRAV_PORT);
-  udp_pkt.dst_port = htons (NAT_TRAV_PORT);
-  udp_pkt.length = htons (port);
-  udp_pkt.crc = 0;
-  GNUNET_memcpy (&packet[off],
-                 &udp_pkt,
-                 sizeof(struct udp_header));
-  off += sizeof(struct udp_header);
-  /* set ICMP checksum */
-  icmp_pkt.checksum =
-    htons (calc_checksum
-             ((uint16_t *) &packet[sizeof(struct ip_header)],
-             sizeof(struct icmp_ttl_exceeded_header)
-             + sizeof(struct ip_header) + sizeof(struct udp_header)));
-  GNUNET_memcpy (&packet[sizeof(struct ip_header)],
-                 &icmp_pkt,
-                 sizeof(struct icmp_ttl_exceeded_header));
-  memset (&dst, 0, sizeof(dst));
-  dst.sin_family = AF_INET;
-#if HAVE_SOCKADDR_IN_SIN_LEN
-  dst.sin_len = sizeof(struct sockaddr_in);
-#endif
-  dst.sin_addr = *other;
-  err =
-    sendto (rawsock, packet, sizeof(packet), 0, (struct sockaddr *) &dst,
-            sizeof(dst));
-  if (err < 0)
-  {
-    fprintf (stderr, "sendto failed: %s\n", strerror (errno));
-  }
-  else if (sizeof(packet) != (size_t) err)
-  {
-    fprintf (stderr, "Error: partial send of ICMP message with size %lu\n",
-             (unsigned long) off);
-  }
-}
-/**
- * Send an ICMP message to the target.
- *
- * @param my_ip source address
- * @param other target address
- */
-static void
-send_icmp (const struct in_addr *my_ip, const struct in_addr *other)
-{
-  struct ip_header ip_pkt;
-  struct icmp_ttl_exceeded_header icmp_ttl;
-  struct icmp_echo_header icmp_echo;
-  struct sockaddr_in dst;
-  char packet[sizeof(struct ip_header) * 2
-              + sizeof(struct icmp_ttl_exceeded_header)
-              + sizeof(struct icmp_echo_header)];
-  size_t off;
-  int err;
-  /* ip header: send to (known) ip address */
-  off = 0;
-  ip_pkt.vers_ihl = 0x45;
-  ip_pkt.tos = 0;
-#if defined(BSD) && defined(__FreeBSD__) && defined(__FreeBSD_kernel__)
-  ip_pkt.pkt_len = sizeof(packet);  /* Workaround PR kern/21737 */
-#else
-  ip_pkt.pkt_len = htons (sizeof(packet));
-#endif
-  ip_pkt.id = htons (PACKET_ID);
-  ip_pkt.flags_frag_offset = 0;
-  ip_pkt.ttl = IPDEFTTL;
-  ip_pkt.proto = IPPROTO_ICMP;
-  ip_pkt.checksum = 0;
-  ip_pkt.src_ip = my_ip->s_addr;
-  ip_pkt.dst_ip = other->s_addr;
-  ip_pkt.checksum =
-    htons (calc_checksum ((uint16_t *) &ip_pkt, sizeof(struct ip_header)));
-  GNUNET_memcpy (&packet[off],
-                 &ip_pkt,
-                 sizeof(struct ip_header));
-  off = sizeof(ip_pkt);
-  /* icmp reply: time exceeded */
-  icmp_ttl.type = ICMP_TIME_EXCEEDED;
-  icmp_ttl.code = 0;
-  icmp_ttl.checksum = 0;
-  icmp_ttl.unused = 0;
-  GNUNET_memcpy (&packet[off],
-                 &icmp_ttl,
-                 sizeof(struct icmp_ttl_exceeded_header));
-  off += sizeof(struct icmp_ttl_exceeded_header);
-  /* ip header of the presumably 'lost' udp packet */
-  ip_pkt.vers_ihl = 0x45;
-  ip_pkt.tos = 0;
-  ip_pkt.pkt_len =
-    htons (sizeof(struct ip_header) + sizeof(struct icmp_echo_header));
-  ip_pkt.id = htons (PACKET_ID);
-  ip_pkt.flags_frag_offset = 0;
-  ip_pkt.ttl = 1;               /* real TTL would be 1 on a time exceeded packet */
-  ip_pkt.proto = IPPROTO_ICMP;
-  ip_pkt.src_ip = other->s_addr;
-  ip_pkt.dst_ip = dummy.s_addr;
-  ip_pkt.checksum = 0;
-  ip_pkt.checksum =
-    htons (calc_checksum ((uint16_t *) &ip_pkt, sizeof(struct ip_header)));
-  GNUNET_memcpy (&packet[off],
-                 &ip_pkt,
-                 sizeof(struct ip_header));
-  off += sizeof(struct ip_header);
-  icmp_echo.type = ICMP_ECHO;
-  icmp_echo.code = 0;
-  icmp_echo.reserved = htonl (port);
-  icmp_echo.checksum = 0;
-  icmp_echo.checksum =
-    htons (calc_checksum
-             ((uint16_t *) &icmp_echo, sizeof(struct icmp_echo_header)));
-  GNUNET_memcpy (&packet[off],
-                 &icmp_echo,
-                 sizeof(struct icmp_echo_header));
-  /* no go back to calculate ICMP packet checksum */
-  off = sizeof(struct ip_header);
-  icmp_ttl.checksum =
-    htons (calc_checksum
-             ((uint16_t *) &packet[off],
-             sizeof(struct icmp_ttl_exceeded_header)
-             + sizeof(struct ip_header) + sizeof(struct icmp_echo_header)));
-  GNUNET_memcpy (&packet[off],
-                 &icmp_ttl,
-                 sizeof(struct icmp_ttl_exceeded_header));
-  /* prepare for transmission */
-  memset (&dst, 0, sizeof(dst));
-  dst.sin_family = AF_INET;
-#if HAVE_SOCKADDR_IN_SIN_LEN
-  dst.sin_len = sizeof(struct sockaddr_in);
-#endif
-  dst.sin_addr = *other;
-  err =
-    sendto (rawsock, packet, sizeof(packet), 0, (struct sockaddr *) &dst,
-            sizeof(dst));
-  if (err < 0)
-  {
-    fprintf (stderr, "sendto failed: %s\n", strerror (errno));
-  }
-  else if (sizeof(packet) != (size_t) err)
-  {
-    fprintf (stderr, "Error: partial send of ICMP message\n");
-  }
-}
-int
-main (int argc, char *const *argv)
-{
-  const int one = 1;
-  struct in_addr external;
-  struct in_addr target;
-  uid_t uid;
-  unsigned int p;
-  int raw_eno;
-  int global_ret;
-  /* Create an ICMP raw socket for writing (only operation that requires root) */
-  rawsock = socket (AF_INET, SOCK_RAW, IPPROTO_RAW);
-  raw_eno = errno; /* for later error checking */
-  /* now drop root privileges */
-  uid = getuid ();
-#ifdef HAVE_SETRESUID
-  if (0 != setresuid (uid, uid, uid))
-  {
-    fprintf (stderr, "Failed to setresuid: %s\n", strerror (errno));
-    global_ret = 1;
-    goto cleanup;
-  }
-#else
-  if (0 != (setuid (uid) | seteuid (uid)))
-  {
-    fprintf (stderr, "Failed to setuid: %s\n", strerror (errno));
-    global_ret = 2;
-    goto cleanup;
-  }
-#endif
-  if (-1 == rawsock)
-  {
-    fprintf (stderr, "Error opening RAW socket: %s\n", strerror (raw_eno));
-    global_ret = 3;
-    goto cleanup;
-  }
-  if (0 !=
-      setsockopt (rawsock, SOL_SOCKET, SO_BROADCAST, (char *) &one,
-                  sizeof(one)))
-  {
-    fprintf (stderr, "setsockopt failed: %s\n", strerror (errno));
-    global_ret = 4;
-    goto cleanup;
-  }
-  if (0 !=
-      setsockopt (rawsock, IPPROTO_IP, IP_HDRINCL, (char *) &one, sizeof(one)))
-  {
-    fprintf (stderr, "setsockopt failed: %s\n", strerror (errno));
-    global_ret = 5;
-    goto cleanup;
-  }
-  if (4 != argc)
-  {
-    fprintf (stderr,
-             "This program must be started with our IP, the targets external IP, and our port as arguments.\n");
-    global_ret = 6;
-    goto cleanup;
-  }
-  if ((1 != inet_pton (AF_INET, argv[1], &external)) ||
-      (1 != inet_pton (AF_INET, argv[2], &target)))
-  {
-    fprintf (stderr, "Error parsing IPv4 address: %s\n", strerror (errno));
-    global_ret = 7;
-    goto cleanup;
-  }
-  if ((1 != sscanf (argv[3], "%u", &p)) || (0 == p) || (0xFFFF < p))
-  {
-    fprintf (stderr, "Error parsing port value `%s'\n", argv[3]);
-    global_ret = 8;
-    goto cleanup;
-  }
-  port = (uint16_t) p;
-  if (1 != inet_pton (AF_INET, DUMMY_IP, &dummy))
-  {
-    fprintf (stderr, "Internal error converting dummy IP to binary.\n");
-    global_ret = 9;
-    goto cleanup;
-  }
-  send_icmp (&external, &target);
-  send_icmp_udp (&external, &target);
-  global_ret = 0;
-cleanup:
-  if (-1 != rawsock)
-    (void) close (rawsock);
-  return global_ret;
-}
-/* end of gnunet-helper-nat-client.c */

diff --git a/src/nat/gnunet-helper-nat-client.c b/src/nat/gnunet-helper-nat-client.c deleted file mode 100644 index 0271d6e0f..000000000 --- a/src/nat/gnunet-helper-nat-client.c +++ /dev/null
@@ -1,546 +0,0 @@
1	/*
2	This file is part of GNUnet.
3	Copyright (C) 2010 GNUnet e.V.
4
5	GNUnet is free software: you can redistribute it and/or modify it
6	under the terms of the GNU Affero General Public License as published
7	by the Free Software Foundation, either version 3 of the License,
8	or (at your option) any later version.
9
10	GNUnet is distributed in the hope that it will be useful, but
11	WITHOUT ANY WARRANTY; without even the implied warranty of
12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13	Affero General Public License for more details.
14
15	You should have received a copy of the GNU Affero General Public License
16	along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18	SPDX-License-Identifier: AGPL3.0-or-later
19	*/
20
21	/**
22	* @file src/nat/gnunet-helper-nat-client.c
23	* @brief Tool to help bypass NATs using ICMP method; must run as root (SUID will do)
24	* This code will work under GNU/Linux only.
25	* @author Christian Grothoff
26	*
27	* This program will send ONE ICMP message using RAW sockets
28	* to the IP address specified as the second argument. Since
29	* it uses RAW sockets, it must be installed SUID or run as 'root'.
30	* In order to keep the security risk of the resulting SUID binary
31	* minimal, the program ONLY opens the RAW socket with root
32	* privileges, then drops them and only then starts to process
33	* command line arguments. The code also does not link against
34	* any shared libraries (except libc) and is strictly minimal
35	* (except for checking for errors). The following list of people
36	* have reviewed this code and considered it safe since the last
37	* modification (if you reviewed it, please have your name added
38	* to the list):
39	*
40	* - Christian Grothoff
41	* - Nathan Evans
42	* - Benjamin Kuperman (22 Aug 2010)
43	*/
44	#if HAVE_CONFIG_H
45	/* Just needed for HAVE_SOCKADDR_IN_SIN_LEN test macro! */
46	#include "gnunet_config.h"
47	#else
48	#define _GNU_SOURCE
49	#endif
50	#include <sys/types.h>
51	#include <sys/socket.h>
52	#include <arpa/inet.h>
53	#include <sys/types.h>
54	#include <unistd.h>
55	#include <stdio.h>
56	#include <string.h>
57	#include <errno.h>
58	#include <stdlib.h>
59	#include <stdint.h>
60	#include <netinet/ip.h>
61	#include <netinet/ip_icmp.h>
62	#include <netinet/in.h>
63
64	/* The following constant is missing from FreeBSD 9.2 */
65	#ifndef ICMP_TIME_EXCEEDED
66	#define ICMP_TIME_EXCEEDED 11
67	#endif
68
69	/**
70	* Call memcpy() but check for @a n being 0 first. In the latter
71	* case, it is now safe to pass NULL for @a src or @a dst.
72	* Unlike traditional memcpy(), returns nothing.
73	*
74	* @param dst destination of the copy, may be NULL if @a n is zero
75	* @param src source of the copy, may be NULL if @a n is zero
76	* @param n number of bytes to copy
77	*/
78	#define GNUNET_memcpy(dst, src, n) do { if (0 != n) { (void) memcpy (dst, src, \
79	n); \
80	} } while (0)
81
82	/**
83	* Must match IP given in the server.
84	*/
85	#define DUMMY_IP "192.0.2.86"
86
87	#define NAT_TRAV_PORT 22225
88
89	/**
90	* Must match packet ID used by gnunet-helper-nat-server.c
91	*/
92	#define PACKET_ID 256
93
94	/**
95	* IPv4 header.
96	*/
97	struct ip_header
98	{
99	/**
100	* Version (4 bits) + Internet header length (4 bits)
101	*/
102	uint8_t vers_ihl;
103
104	/**
105	* Type of service
106	*/
107	uint8_t tos;
108
109	/**
110	* Total length
111	*/
112	uint16_t pkt_len;
113
114	/**
115	* Identification
116	*/
117	uint16_t id;
118
119	/**
120	* Flags (3 bits) + Fragment offset (13 bits)
121	*/
122	uint16_t flags_frag_offset;
123
124	/**
125	* Time to live
126	*/
127	uint8_t ttl;
128
129	/**
130	* Protocol
131	*/
132	uint8_t proto;
133
134	/**
135	* Header checksum
136	*/
137	uint16_t checksum;
138
139	/**
140	* Source address
141	*/
142	uint32_t src_ip;
143
144	/**
145	* Destination address
146	*/
147	uint32_t dst_ip;
148	};
149
150	/**
151	* Format of ICMP packet.
152	*/
153	struct icmp_ttl_exceeded_header
154	{
155	uint8_t type;
156
157	uint8_t code;
158
159	uint16_t checksum;
160
161	uint32_t unused;
162
163	/* followed by original payload */
164	};
165
166	struct icmp_echo_header
167	{
168	uint8_t type;
169
170	uint8_t code;
171
172	uint16_t checksum;
173
174	uint32_t reserved;
175	};
176
177	/**
178	* Beginning of UDP packet.
179	*/
180	struct udp_header
181	{
182	uint16_t src_port;
183
184	uint16_t dst_port;
185
186	uint16_t length;
187
188	uint16_t crc;
189	};
190
191	/**
192	* Socket we use to send our fake ICMP replies.
193	*/
194	static int rawsock;
195
196	/**
197	* Target "dummy" address of the packet we pretend to respond to.
198	*/
199	static struct in_addr dummy;
200
201	/**
202	* Our "source" port.
203	*/
204	static uint16_t port;
205
206
207	/**
208	* CRC-16 for IP/ICMP headers.
209	*
210	* @param data what to calculate the CRC over
211	* @param bytes number of bytes in data (must be multiple of 2)
212	* @return the CRC 16.
213	*/
214	static uint16_t
215	calc_checksum (const uint16_t *data, unsigned int bytes)
216	{
217	uint32_t sum;
218	unsigned int i;
219
220	sum = 0;
221	for (i = 0; i < bytes / 2; i++)
222	sum += data[i];
223	sum = (sum & 0xffff) + (sum >> 16);
224	sum = htons (0xffff - sum);
225	return sum;
226	}
227
228
229	/**
230	* Send an ICMP message to the target.
231	*
232	* @param my_ip source address
233	* @param other target address
234	*/
235	static void
236	send_icmp_udp (const struct in_addr my_ip, const struct in_addr other)
237	{
238	char packet[sizeof(struct ip_header) * 2
239	+ sizeof(struct icmp_ttl_exceeded_header)
240	+ sizeof(struct udp_header)];
241	struct ip_header ip_pkt;
242	struct icmp_ttl_exceeded_header icmp_pkt;
243	struct udp_header udp_pkt;
244	struct sockaddr_in dst;
245	size_t off;
246	int err;
247
248	/* ip header: send to (known) ip address */
249	off = 0;
250	ip_pkt.vers_ihl = 0x45;
251	ip_pkt.tos = 0;
252	/* should this be BSD only? */
253	#if defined(BSD) && defined(__FreeBSD__) && defined(__FreeBSD_kernel__)
254	ip_pkt.pkt_len = sizeof(packet); /* Workaround PR kern/21737 */
255	#else
256	ip_pkt.pkt_len = htons (sizeof(packet));
257	#endif
258	ip_pkt.id = htons (PACKET_ID);
259	ip_pkt.flags_frag_offset = 0;
260	ip_pkt.ttl = 128;
261	ip_pkt.proto = IPPROTO_ICMP;
262	ip_pkt.checksum = 0;
263	ip_pkt.src_ip = my_ip->s_addr;
264	ip_pkt.dst_ip = other->s_addr;
265	ip_pkt.checksum =
266	htons (calc_checksum ((uint16_t *) &ip_pkt, sizeof(struct ip_header)));
267	GNUNET_memcpy (&packet[off],
268	&ip_pkt,
269	sizeof(struct ip_header));
270	off += sizeof(struct ip_header);
271
272	icmp_pkt.type = ICMP_TIME_EXCEEDED;
273	icmp_pkt.code = 0;
274	icmp_pkt.checksum = 0;
275	icmp_pkt.unused = 0;
276	GNUNET_memcpy (&packet[off],
277	&icmp_pkt,
278	sizeof(struct icmp_ttl_exceeded_header));
279	off += sizeof(struct icmp_ttl_exceeded_header);
280
281	/* ip header of the presumably 'lost' udp packet */
282	ip_pkt.vers_ihl = 0x45;
283	ip_pkt.tos = 0;
284	ip_pkt.pkt_len =
285	htons (sizeof(struct ip_header) + sizeof(struct udp_header));
286	ip_pkt.id = htons (0);
287	ip_pkt.flags_frag_offset = 0;
288	ip_pkt.ttl = 128;
289	ip_pkt.proto = IPPROTO_UDP;
290	ip_pkt.checksum = 0;
291	ip_pkt.src_ip = other->s_addr;
292	ip_pkt.dst_ip = dummy.s_addr;
293	ip_pkt.checksum =
294	htons (calc_checksum ((uint16_t *) &ip_pkt, sizeof(struct ip_header)));
295	GNUNET_memcpy (&packet[off],
296	&ip_pkt,
297	sizeof(struct ip_header));
298	off += sizeof(struct ip_header);
299
300	/* build UDP header */
301	udp_pkt.src_port = htons (NAT_TRAV_PORT);
302	udp_pkt.dst_port = htons (NAT_TRAV_PORT);
303	udp_pkt.length = htons (port);
304	udp_pkt.crc = 0;
305	GNUNET_memcpy (&packet[off],
306	&udp_pkt,
307	sizeof(struct udp_header));
308	off += sizeof(struct udp_header);
309
310	/* set ICMP checksum */
311	icmp_pkt.checksum =
312	htons (calc_checksum
313	((uint16_t *) &packet[sizeof(struct ip_header)],
314	sizeof(struct icmp_ttl_exceeded_header)
315	+ sizeof(struct ip_header) + sizeof(struct udp_header)));
316	GNUNET_memcpy (&packet[sizeof(struct ip_header)],
317	&icmp_pkt,
318	sizeof(struct icmp_ttl_exceeded_header));
319
320	memset (&dst, 0, sizeof(dst));
321	dst.sin_family = AF_INET;
322	#if HAVE_SOCKADDR_IN_SIN_LEN
323	dst.sin_len = sizeof(struct sockaddr_in);
324	#endif
325	dst.sin_addr = *other;
326	err =
327	sendto (rawsock, packet, sizeof(packet), 0, (struct sockaddr *) &dst,
328	sizeof(dst));
329	if (err < 0)
330	{
331	fprintf (stderr, "sendto failed: %s\n", strerror (errno));
332	}
333	else if (sizeof(packet) != (size_t) err)
334	{
335	fprintf (stderr, "Error: partial send of ICMP message with size %lu\n",
336	(unsigned long) off);
337	}
338	}
339
340
341	/**
342	* Send an ICMP message to the target.
343	*
344	* @param my_ip source address
345	* @param other target address
346	*/
347	static void
348	send_icmp (const struct in_addr my_ip, const struct in_addr other)
349	{
350	struct ip_header ip_pkt;
351	struct icmp_ttl_exceeded_header icmp_ttl;
352	struct icmp_echo_header icmp_echo;
353	struct sockaddr_in dst;
354	char packet[sizeof(struct ip_header) * 2
355	+ sizeof(struct icmp_ttl_exceeded_header)
356	+ sizeof(struct icmp_echo_header)];
357	size_t off;
358	int err;
359
360	/* ip header: send to (known) ip address */
361	off = 0;
362	ip_pkt.vers_ihl = 0x45;
363	ip_pkt.tos = 0;
364	#if defined(BSD) && defined(__FreeBSD__) && defined(__FreeBSD_kernel__)
365	ip_pkt.pkt_len = sizeof(packet); /* Workaround PR kern/21737 */
366	#else
367	ip_pkt.pkt_len = htons (sizeof(packet));
368	#endif
369	ip_pkt.id = htons (PACKET_ID);
370	ip_pkt.flags_frag_offset = 0;
371	ip_pkt.ttl = IPDEFTTL;
372	ip_pkt.proto = IPPROTO_ICMP;
373	ip_pkt.checksum = 0;
374	ip_pkt.src_ip = my_ip->s_addr;
375	ip_pkt.dst_ip = other->s_addr;
376	ip_pkt.checksum =
377	htons (calc_checksum ((uint16_t *) &ip_pkt, sizeof(struct ip_header)));
378	GNUNET_memcpy (&packet[off],
379	&ip_pkt,
380	sizeof(struct ip_header));
381	off = sizeof(ip_pkt);
382
383	/* icmp reply: time exceeded */
384	icmp_ttl.type = ICMP_TIME_EXCEEDED;
385	icmp_ttl.code = 0;
386	icmp_ttl.checksum = 0;
387	icmp_ttl.unused = 0;
388	GNUNET_memcpy (&packet[off],
389	&icmp_ttl,
390	sizeof(struct icmp_ttl_exceeded_header));
391	off += sizeof(struct icmp_ttl_exceeded_header);
392
393	/* ip header of the presumably 'lost' udp packet */
394	ip_pkt.vers_ihl = 0x45;
395	ip_pkt.tos = 0;
396	ip_pkt.pkt_len =
397	htons (sizeof(struct ip_header) + sizeof(struct icmp_echo_header));
398	ip_pkt.id = htons (PACKET_ID);
399	ip_pkt.flags_frag_offset = 0;
400	ip_pkt.ttl = 1; /* real TTL would be 1 on a time exceeded packet */
401	ip_pkt.proto = IPPROTO_ICMP;
402	ip_pkt.src_ip = other->s_addr;
403	ip_pkt.dst_ip = dummy.s_addr;
404	ip_pkt.checksum = 0;
405	ip_pkt.checksum =
406	htons (calc_checksum ((uint16_t *) &ip_pkt, sizeof(struct ip_header)));
407	GNUNET_memcpy (&packet[off],
408	&ip_pkt,
409	sizeof(struct ip_header));
410	off += sizeof(struct ip_header);
411
412	icmp_echo.type = ICMP_ECHO;
413	icmp_echo.code = 0;
414	icmp_echo.reserved = htonl (port);
415	icmp_echo.checksum = 0;
416	icmp_echo.checksum =
417	htons (calc_checksum
418	((uint16_t *) &icmp_echo, sizeof(struct icmp_echo_header)));
419	GNUNET_memcpy (&packet[off],
420	&icmp_echo,
421	sizeof(struct icmp_echo_header));
422
423	/* no go back to calculate ICMP packet checksum */
424	off = sizeof(struct ip_header);
425	icmp_ttl.checksum =
426	htons (calc_checksum
427	((uint16_t *) &packet[off],
428	sizeof(struct icmp_ttl_exceeded_header)
429	+ sizeof(struct ip_header) + sizeof(struct icmp_echo_header)));
430	GNUNET_memcpy (&packet[off],
431	&icmp_ttl,
432	sizeof(struct icmp_ttl_exceeded_header));
433
434	/* prepare for transmission */
435	memset (&dst, 0, sizeof(dst));
436	dst.sin_family = AF_INET;
437	#if HAVE_SOCKADDR_IN_SIN_LEN
438	dst.sin_len = sizeof(struct sockaddr_in);
439	#endif
440	dst.sin_addr = *other;
441	err =
442	sendto (rawsock, packet, sizeof(packet), 0, (struct sockaddr *) &dst,
443	sizeof(dst));
444	if (err < 0)
445	{
446	fprintf (stderr, "sendto failed: %s\n", strerror (errno));
447	}
448	else if (sizeof(packet) != (size_t) err)
449	{
450	fprintf (stderr, "Error: partial send of ICMP message\n");
451	}
452	}
453
454
455	int
456	main (int argc, char const argv)
457	{
458	const int one = 1;
459	struct in_addr external;
460	struct in_addr target;
461	uid_t uid;
462	unsigned int p;
463	int raw_eno;
464	int global_ret;
465
466	/* Create an ICMP raw socket for writing (only operation that requires root) */
467	rawsock = socket (AF_INET, SOCK_RAW, IPPROTO_RAW);
468	raw_eno = errno; /* for later error checking */
469
470	/* now drop root privileges */
471	uid = getuid ();
472	#ifdef HAVE_SETRESUID
473	if (0 != setresuid (uid, uid, uid))
474	{
475	fprintf (stderr, "Failed to setresuid: %s\n", strerror (errno));
476	global_ret = 1;
477	goto cleanup;
478	}
479	#else
480	if (0 != (setuid (uid) \| seteuid (uid)))
481	{
482	fprintf (stderr, "Failed to setuid: %s\n", strerror (errno));
483	global_ret = 2;
484	goto cleanup;
485	}
486	#endif
487	if (-1 == rawsock)
488	{
489	fprintf (stderr, "Error opening RAW socket: %s\n", strerror (raw_eno));
490	global_ret = 3;
491	goto cleanup;
492	}
493	if (0 !=
494	setsockopt (rawsock, SOL_SOCKET, SO_BROADCAST, (char *) &one,
495	sizeof(one)))
496	{
497	fprintf (stderr, "setsockopt failed: %s\n", strerror (errno));
498	global_ret = 4;
499	goto cleanup;
500	}
501	if (0 !=
502	setsockopt (rawsock, IPPROTO_IP, IP_HDRINCL, (char *) &one, sizeof(one)))
503	{
504	fprintf (stderr, "setsockopt failed: %s\n", strerror (errno));
505	global_ret = 5;
506	goto cleanup;
507	}
508
509	if (4 != argc)
510	{
511	fprintf (stderr,
512	"This program must be started with our IP, the targets external IP, and our port as arguments.\n");
513	global_ret = 6;
514	goto cleanup;
515	}
516	if ((1 != inet_pton (AF_INET, argv[1], &external)) \|\|
517	(1 != inet_pton (AF_INET, argv[2], &target)))
518	{
519	fprintf (stderr, "Error parsing IPv4 address: %s\n", strerror (errno));
520	global_ret = 7;
521	goto cleanup;
522	}
523	if ((1 != sscanf (argv[3], "%u", &p)) \|\| (0 == p) \|\| (0xFFFF < p))
524	{
525	fprintf (stderr, "Error parsing port value `%s'\n", argv[3]);
526	global_ret = 8;
527	goto cleanup;
528	}
529	port = (uint16_t) p;
530	if (1 != inet_pton (AF_INET, DUMMY_IP, &dummy))
531	{
532	fprintf (stderr, "Internal error converting dummy IP to binary.\n");
533	global_ret = 9;
534	goto cleanup;
535	}
536	send_icmp (&external, &target);
537	send_icmp_udp (&external, &target);
538	global_ret = 0;
539	cleanup:
540	if (-1 != rawsock)
541	(void) close (rawsock);
542	return global_ret;
543	}
544
545
546	/* end of gnunet-helper-nat-client.c */