1 files changed, 0 insertions, 714 deletions
diff --git a/src/nat/gnunet-helper-nat-server.c b/src/nat/gnunet-helper-nat-server.c
deleted file mode 100644
index 38d7d22c8..000000000
--- a/src/nat/gnunet-helper-nat-server.c
+++ /dev/null
@@ -1,714 +0,0 @@
-/*
-     This file is part of GNUnet.
-     Copyright (C) 2010 GNUnet e.V.
-     GNUnet is free software: you can redistribute it and/or modify it
-     under the terms of the GNU Affero General Public License as published
-     by the Free Software Foundation, either version 3 of the License,
-     or (at your option) any later version.
-     GNUnet is distributed in the hope that it will be useful, but
-     WITHOUT ANY WARRANTY; without even the implied warranty of
-     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-     Affero General Public License for more details.
-     You should have received a copy of the GNU Affero General Public License
-     along with this program.  If not, see <http://www.gnu.org/licenses/>.
-     SPDX-License-Identifier: AGPL3.0-or-later
- */
-/**
- * @file src/nat/gnunet-helper-nat-server.c
- * @brief Tool to help bypass NATs using ICMP method; must run as root (SUID will do)
- *        This code will work under GNU/Linux only (or maybe BSDs, but never W32)
- * @author Christian Grothoff
- *
- * This program will send ONE ICMP message every 500 ms RAW sockets
- * to a DUMMY IP address and also listens for ICMP replies.  Since
- * it uses RAW sockets, it must be installed SUID or run as 'root'.
- * In order to keep the security risk of the resulting SUID binary
- * minimal, the program ONLY opens the two RAW sockets with root
- * privileges, then drops them and only then starts to process
- * command line arguments.  The code also does not link against
- * any shared libraries (except libc) and is strictly minimal
- * (except for checking for errors).  The following list of people
- * have reviewed this code and considered it safe since the last
- * modification (if you reviewed it, please have your name added
- * to the list):
- *
- * - Christian Grothoff
- * - Nathan Evans
- * - Benjamin Kuperman (22 Aug 2010)
- * - Jacob Appelbaum (19 Dec 2011)
- */
-#if HAVE_CONFIG_H
-/* Just needed for HAVE_SOCKADDR_IN_SIN_LEN test macro! */
-#include "gnunet_config.h"
-#else
-#define _GNU_SOURCE
-#endif
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <arpa/inet.h>
-#include <sys/select.h>
-#include <sys/time.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <time.h>
-#include <netinet/ip.h>
-#include <netinet/ip_icmp.h>
-#include <netinet/in.h>
-/* The following constant is missing from FreeBSD 9.2 */
-#ifndef ICMP_TIME_EXCEEDED
-#define ICMP_TIME_EXCEEDED 11
-#endif
-/**
- * Call memcpy() but check for @a n being 0 first. In the latter
- * case, it is now safe to pass NULL for @a src or @a dst.
- * Unlike traditional memcpy(), returns nothing.
- *
- * @param dst destination of the copy, may be NULL if @a n is zero
- * @param src source of the copy, may be NULL if @a n is zero
- * @param n number of bytes to copy
- */
-#define GNUNET_memcpy(dst, src, n) do { if (0 != n) { (void) memcpy (dst, src, \
-                                                                     n); \
-                                        } } while (0)
-/**
- * Should we print some debug output?
- */
-#define VERBOSE 0
-/**
- * Must match packet ID used by gnunet-helper-nat-client.c
- */
-#define PACKET_ID 256
-/**
- * Must match IP given in the client.
- */
-#define DUMMY_IP "192.0.2.86"
-/**
- * Port for UDP
- */
-#define NAT_TRAV_PORT 22225
-/**
- * How often do we send our ICMP messages to receive replies?
- */
-#define ICMP_SEND_FREQUENCY_MS 500
-/**
- * IPv4 header.
- */
-struct ip_header
-{
-  /**
-   * Version (4 bits) + Internet header length (4 bits)
-   */
-  uint8_t vers_ihl;
-  /**
-   * Type of service
-   */
-  uint8_t tos;
-  /**
-   * Total length
-   */
-  uint16_t pkt_len;
-  /**
-   * Identification
-   */
-  uint16_t id;
-  /**
-   * Flags (3 bits) + Fragment offset (13 bits)
-   */
-  uint16_t flags_frag_offset;
-  /**
-   * Time to live
-   */
-  uint8_t ttl;
-  /**
-   * Protocol
-   */
-  uint8_t proto;
-  /**
-   * Header checksum
-   */
-  uint16_t checksum;
-  /**
-   * Source address
-   */
-  uint32_t src_ip;
-  /**
-   * Destination address
-   */
-  uint32_t dst_ip;
-};
-/**
- * Format of ICMP packet.
- */
-struct icmp_ttl_exceeded_header
-{
-  uint8_t type;
-  uint8_t code;
-  uint16_t checksum;
-  uint32_t unused;
-  /* followed by original payload */
-};
-struct icmp_echo_header
-{
-  uint8_t type;
-  uint8_t code;
-  uint16_t checksum;
-  uint32_t reserved;
-};
-/**
- * Beginning of UDP packet.
- */
-struct udp_header
-{
-  uint16_t src_port;
-  uint16_t dst_port;
-  uint16_t length;
-  uint16_t crc;
-};
-/**
- * Socket we use to receive "fake" ICMP replies.
- */
-static int icmpsock;
-/**
- * Socket we use to send our ICMP requests.
- */
-static int rawsock;
-/**
- * Socket we use to send our UDP requests.
- */
-static int udpsock;
-/**
- * Target "dummy" address.
- */
-static struct in_addr dummy;
-/**
- * CRC-16 for IP/ICMP headers.
- *
- * @param data what to calculate the CRC over
- * @param bytes number of bytes in data (must be multiple of 2)
- * @return the CRC 16.
- */
-static uint16_t
-calc_checksum (const uint16_t *data, unsigned int bytes)
-{
-  uint32_t sum;
-  unsigned int i;
-  sum = 0;
-  for (i = 0; i < bytes / 2; i++)
-    sum += data[i];
-  sum = (sum & 0xffff) + (sum >> 16);
-  sum = htons (0xffff - sum);
-  return sum;
-}
-/**
- * Send an ICMP message to the dummy IP.
- *
- * @param my_ip source address (our ip address)
- */
-static void
-send_icmp_echo (const struct in_addr *my_ip)
-{
-  char packet[sizeof(struct ip_header) + sizeof(struct icmp_echo_header)];
-  struct icmp_echo_header icmp_echo;
-  struct ip_header ip_pkt;
-  struct sockaddr_in dst;
-  size_t off;
-  int err;
-  off = 0;
-  ip_pkt.vers_ihl = 0x45;
-  ip_pkt.tos = 0;
-  ip_pkt.pkt_len = htons (sizeof(packet));
-  ip_pkt.id = htons (PACKET_ID);
-  ip_pkt.flags_frag_offset = 0;
-  ip_pkt.ttl = IPDEFTTL;
-  ip_pkt.proto = IPPROTO_ICMP;
-  ip_pkt.checksum = 0;
-  ip_pkt.src_ip = my_ip->s_addr;
-  ip_pkt.dst_ip = dummy.s_addr;
-  ip_pkt.checksum =
-    htons (calc_checksum ((uint16_t *) &ip_pkt,
-                          sizeof(struct ip_header)));
-  GNUNET_memcpy (&packet[off],
-                 &ip_pkt,
-                 sizeof(struct ip_header));
-  off += sizeof(struct ip_header);
-  icmp_echo.type = ICMP_ECHO;
-  icmp_echo.code = 0;
-  icmp_echo.checksum = 0;
-  icmp_echo.reserved = 0;
-  icmp_echo.checksum =
-    htons (calc_checksum
-             ((uint16_t *) &icmp_echo,
-             sizeof(struct icmp_echo_header)));
-  GNUNET_memcpy (&packet[off],
-                 &icmp_echo,
-                 sizeof(struct icmp_echo_header));
-  off += sizeof(struct icmp_echo_header);
-  memset (&dst, 0, sizeof(dst));
-  dst.sin_family = AF_INET;
-#if HAVE_SOCKADDR_IN_SIN_LEN
-  dst.sin_len = sizeof(struct sockaddr_in);
-#endif
-  dst.sin_addr = dummy;
-  err = sendto (rawsock,
-                packet,
-                off,
-                0,
-                (struct sockaddr *) &dst,
-                sizeof(dst));
-  if (err < 0)
-  {
-#if VERBOSE
-    fprintf (stderr,
-             "sendto failed: %s\n",
-             strerror (errno));
-#endif
-  }
-  else if (sizeof(packet) != err)
-  {
-    fprintf (stderr,
-             "Error: partial send of ICMP message\n");
-  }
-}
-/**
- * Send a UDP message to the dummy IP.
- */
-static void
-send_udp ()
-{
-  struct sockaddr_in dst;
-  ssize_t err;
-  memset (&dst, 0, sizeof(dst));
-  dst.sin_family = AF_INET;
-#if HAVE_SOCKADDR_IN_SIN_LEN
-  dst.sin_len = sizeof(struct sockaddr_in);
-#endif
-  dst.sin_addr = dummy;
-  dst.sin_port = htons (NAT_TRAV_PORT);
-  err = sendto (udpsock,
-                NULL,
-                0,
-                0,
-                (struct sockaddr *) &dst,
-                sizeof(dst));
-  if (err < 0)
-  {
-#if VERBOSE
-    fprintf (stderr,
-             "sendto failed: %s\n",
-             strerror (errno));
-#endif
-  }
-  else if (0 != err)
-  {
-    fprintf (stderr,
-             "Error: partial send of ICMP message\n");
-  }
-}
-/**
- * We've received an ICMP response.  Process it.
- */
-static void
-process_icmp_response ()
-{
-  char buf[65536];
-  ssize_t have;
-  struct in_addr source_ip;
-  struct ip_header ip_pkt;
-  struct icmp_ttl_exceeded_header icmp_ttl;
-  struct icmp_echo_header icmp_echo;
-  struct udp_header udp_pkt;
-  size_t off;
-  uint16_t port;
-  have = read (icmpsock, buf, sizeof(buf));
-  if (-1 == have)
-  {
-    fprintf (stderr,
-             "Error reading raw socket: %s\n",
-             strerror (errno));
-    return;
-  }
-#if VERBOSE
-  fprintf (stderr,
-           "Received message of %u bytes\n",
-           (unsigned int) have);
-#endif
-  if (have <
-      (ssize_t) (sizeof(struct ip_header)
-                 + sizeof(struct icmp_ttl_exceeded_header)
-                 + sizeof(struct ip_header)))
-  {
-    /* malformed */
-    return;
-  }
-  off = 0;
-  GNUNET_memcpy (&ip_pkt,
-                 &buf[off],
-                 sizeof(struct ip_header));
-  off += sizeof(struct ip_header);
-  GNUNET_memcpy (&icmp_ttl,
-                 &buf[off],
-                 sizeof(struct icmp_ttl_exceeded_header));
-  off += sizeof(struct icmp_ttl_exceeded_header);
-  if ((ICMP_TIME_EXCEEDED != icmp_ttl.type) || (0 != icmp_ttl.code))
-  {
-    /* different type than what we want */
-    return;
-  }
-  /* grab source IP of 1st IP header */
-  source_ip.s_addr = ip_pkt.src_ip;
-  /* skip 2nd IP header */
-  GNUNET_memcpy (&ip_pkt,
-                 &buf[off],
-                 sizeof(struct ip_header));
-  off += sizeof(struct ip_header);
-  switch (ip_pkt.proto)
-  {
-  case IPPROTO_ICMP:
-    if (have !=
-        (sizeof(struct ip_header) * 2
-         + sizeof(struct icmp_ttl_exceeded_header)
-         + sizeof(struct icmp_echo_header)))
-    {
-      /* malformed */
-      return;
-    }
-    /* grab ICMP ECHO content */
-    GNUNET_memcpy (&icmp_echo,
-                   &buf[off],
-                   sizeof(struct icmp_echo_header));
-    port = (uint16_t) ntohl (icmp_echo.reserved);
-    break;
-  case IPPROTO_UDP:
-    if (have !=
-        (sizeof(struct ip_header) * 2
-         + sizeof(struct icmp_ttl_exceeded_header) + sizeof(struct udp_header)))
-    {
-      /* malformed */
-      return;
-    }
-    /* grab UDP content */
-    GNUNET_memcpy (&udp_pkt,
-                   &buf[off],
-                   sizeof(struct udp_header));
-    port = ntohs (udp_pkt.length);
-    break;
-  default:
-    /* different type than what we want */
-    return;
-  }
-  if (port == 0)
-    fprintf (stdout, "%s\n",
-             inet_ntop (AF_INET, &source_ip, buf, sizeof(buf)));
-  else
-    fprintf (stdout, "%s:%u\n",
-             inet_ntop (AF_INET, &source_ip, buf, sizeof(buf)),
-             (unsigned int) port);
-  fflush (stdout);
-}
-/**
- * Fully initialize the raw socket.
- *
- * @return -1 on error, 0 on success
- */
-static int
-setup_raw_socket ()
-{
-  const int one = 1;
-  if (-1 ==
-      setsockopt (rawsock,
-                  SOL_SOCKET,
-                  SO_BROADCAST,
-                  (char *) &one,
-                  sizeof(one)))
-  {
-    fprintf (stderr,
-             "setsockopt failed: %s\n",
-             strerror (errno));
-    return -1;
-  }
-  if (-1 ==
-      setsockopt (rawsock,
-                  IPPROTO_IP,
-                  IP_HDRINCL,
-                  (char *) &one,
-                  sizeof(one)))
-  {
-    fprintf (stderr,
-             "setsockopt failed: %s\n",
-             strerror (errno));
-    return -1;
-  }
-  return 0;
-}
-/**
- * Create a UDP socket for writing.
- *
- * @param my_ip source address (our ip address)
- * @return -1 on error
- */
-static int
-make_udp_socket (const struct in_addr *my_ip)
-{
-  int ret;
-  struct sockaddr_in addr;
-  ret = socket (AF_INET, SOCK_DGRAM, 0);
-  if (-1 == ret)
-  {
-    fprintf (stderr,
-             "Error opening UDP socket: %s\n",
-             strerror (errno));
-    return -1;
-  }
-  memset (&addr, 0, sizeof(addr));
-  addr.sin_family = AF_INET;
-#if HAVE_SOCKADDR_IN_SIN_LEN
-  addr.sin_len = sizeof(struct sockaddr_in);
-#endif
-  addr.sin_addr = *my_ip;
-  addr.sin_port = htons (NAT_TRAV_PORT);
-  if (0 != bind (ret,
-                 (struct sockaddr *) &addr,
-                 sizeof(addr)))
-  {
-    fprintf (stderr,
-             "Error binding UDP socket to port %u: %s\n",
-             NAT_TRAV_PORT,
-             strerror (errno));
-    (void) close (ret);
-    return -1;
-  }
-  return ret;
-}
-int
-main (int argc,
-      char *const *argv)
-{
-  struct in_addr external;
-  fd_set rs;
-  struct timeval tv;
-  uid_t uid;
-  unsigned int alt;
-  int icmp_eno;
-  int raw_eno;
-  int global_ret;
-  /* Create an ICMP raw socket for reading (we'll check errors later) */
-  icmpsock = socket (AF_INET,
-                     SOCK_RAW,
-                     IPPROTO_ICMP);
-  icmp_eno = errno;
-  /* Create an (ICMP) raw socket for writing (we'll check errors later) */
-  rawsock = socket (AF_INET,
-                    SOCK_RAW,
-                    IPPROTO_RAW);
-  raw_eno = errno;
-  udpsock = -1;
-  /* drop root rights */
-  uid = getuid ();
-#ifdef HAVE_SETRESUID
-  if (0 != setresuid (uid, uid, uid))
-  {
-    fprintf (stderr,
-             "Failed to setresuid: %s\n",
-             strerror (errno));
-    global_ret = 1;
-    goto error_exit;
-  }
-#else
-  if (0 != (setuid (uid) | seteuid (uid)))
-  {
-    fprintf (stderr,
-             "Failed to setuid: %s\n",
-             strerror (errno));
-    global_ret = 2;
-    goto error_exit;
-  }
-#endif
-  /* Now that we run without root rights, we can do error checking... */
-  if (2 != argc)
-  {
-    fprintf (stderr,
-             "This program must be started with our (internal NAT) IP as the only argument.\n");
-    global_ret = 3;
-    goto error_exit;
-  }
-  if (1 != inet_pton (AF_INET, argv[1], &external))
-  {
-    fprintf (stderr,
-             "Error parsing IPv4 address: %s\n",
-             strerror (errno));
-    global_ret = 4;
-    goto error_exit;
-  }
-  if (1 != inet_pton (AF_INET, DUMMY_IP, &dummy))
-  {
-    fprintf (stderr,
-             "Internal error converting dummy IP to binary.\n");
-    global_ret = 5;
-    goto error_exit;
-  }
-  /* error checking icmpsock */
-  if (-1 == icmpsock)
-  {
-    fprintf (stderr,
-             "Error opening RAW socket: %s\n",
-             strerror (icmp_eno));
-    global_ret = 6;
-    goto error_exit;
-  }
-  if (icmpsock >= FD_SETSIZE)
-  {
-    /* this could happen if we were started with a large number of already-open
-       file descriptors... */
-    fprintf (stderr,
-             "Socket number too large (%d > %u)\n",
-             icmpsock,
-             (unsigned int) FD_SETSIZE);
-    global_ret = 7;
-    goto error_exit;
-  }
-  /* error checking rawsock */
-  if (-1 == rawsock)
-  {
-    fprintf (stderr,
-             "Error opening RAW socket: %s\n",
-             strerror (raw_eno));
-    global_ret = 8;
-    goto error_exit;
-  }
-  /* no need to check 'rawsock' against FD_SETSIZE as it is never used
-     with 'select' */
-  if (0 != setup_raw_socket ())
-  {
-    global_ret = 9;
-    goto error_exit;
-  }
-  if (-1 == (udpsock = make_udp_socket (&external)))
-  {
-    global_ret = 10;
-    goto error_exit;
-  }
-  alt = 0;
-  while (1)
-  {
-    FD_ZERO (&rs);
-    FD_SET (icmpsock, &rs);
-    tv.tv_sec = 0;
-    tv.tv_usec = ICMP_SEND_FREQUENCY_MS * 1000;
-    if (-1 == select (icmpsock + 1, &rs, NULL, NULL, &tv))
-    {
-      if (errno == EINTR)
-        continue;
-      fprintf (stderr,
-               "select failed: %s\n",
-               strerror (errno));
-      break;
-    }
-    if (1 == getppid ())        /* Check the parent process id, if 1 the parent has died, so we should die too */
-      break;
-    if (FD_ISSET (icmpsock, &rs))
-    {
-      process_icmp_response ();
-      continue;
-    }
-    if (0 == (++alt % 2))
-      send_icmp_echo (&external);
-    else
-      send_udp ();
-  }
-  /* select failed (internal error or OS out of resources) */
-  global_ret = 11;
-error_exit:
-  if (-1 != icmpsock)
-    (void) close (icmpsock);
-  if (-1 != rawsock)
-    (void) close (rawsock);
-  if (-1 != udpsock)
-    (void) close (udpsock);
-  return global_ret;
-}
-/* end of gnunet-helper-nat-server.c */

diff --git a/src/nat/gnunet-helper-nat-server.c b/src/nat/gnunet-helper-nat-server.c deleted file mode 100644 index 38d7d22c8..000000000 --- a/src/nat/gnunet-helper-nat-server.c +++ /dev/null
@@ -1,714 +0,0 @@
1	/*
2	This file is part of GNUnet.
3	Copyright (C) 2010 GNUnet e.V.
4
5	GNUnet is free software: you can redistribute it and/or modify it
6	under the terms of the GNU Affero General Public License as published
7	by the Free Software Foundation, either version 3 of the License,
8	or (at your option) any later version.
9
10	GNUnet is distributed in the hope that it will be useful, but
11	WITHOUT ANY WARRANTY; without even the implied warranty of
12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13	Affero General Public License for more details.
14
15	You should have received a copy of the GNU Affero General Public License
16	along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18	SPDX-License-Identifier: AGPL3.0-or-later
19	*/
20
21	/**
22	* @file src/nat/gnunet-helper-nat-server.c
23	* @brief Tool to help bypass NATs using ICMP method; must run as root (SUID will do)
24	* This code will work under GNU/Linux only (or maybe BSDs, but never W32)
25	* @author Christian Grothoff
26	*
27	* This program will send ONE ICMP message every 500 ms RAW sockets
28	* to a DUMMY IP address and also listens for ICMP replies. Since
29	* it uses RAW sockets, it must be installed SUID or run as 'root'.
30	* In order to keep the security risk of the resulting SUID binary
31	* minimal, the program ONLY opens the two RAW sockets with root
32	* privileges, then drops them and only then starts to process
33	* command line arguments. The code also does not link against
34	* any shared libraries (except libc) and is strictly minimal
35	* (except for checking for errors). The following list of people
36	* have reviewed this code and considered it safe since the last
37	* modification (if you reviewed it, please have your name added
38	* to the list):
39	*
40	* - Christian Grothoff
41	* - Nathan Evans
42	* - Benjamin Kuperman (22 Aug 2010)
43	* - Jacob Appelbaum (19 Dec 2011)
44	*/
45	#if HAVE_CONFIG_H
46	/* Just needed for HAVE_SOCKADDR_IN_SIN_LEN test macro! */
47	#include "gnunet_config.h"
48	#else
49	#define _GNU_SOURCE
50	#endif
51	#include <sys/types.h>
52	#include <sys/socket.h>
53	#include <arpa/inet.h>
54	#include <sys/select.h>
55	#include <sys/time.h>
56	#include <sys/types.h>
57	#include <unistd.h>
58	#include <stdio.h>
59	#include <string.h>
60	#include <errno.h>
61	#include <stdlib.h>
62	#include <stdint.h>
63	#include <time.h>
64	#include <netinet/ip.h>
65	#include <netinet/ip_icmp.h>
66	#include <netinet/in.h>
67
68	/* The following constant is missing from FreeBSD 9.2 */
69	#ifndef ICMP_TIME_EXCEEDED
70	#define ICMP_TIME_EXCEEDED 11
71	#endif
72
73	/**
74	* Call memcpy() but check for @a n being 0 first. In the latter
75	* case, it is now safe to pass NULL for @a src or @a dst.
76	* Unlike traditional memcpy(), returns nothing.
77	*
78	* @param dst destination of the copy, may be NULL if @a n is zero
79	* @param src source of the copy, may be NULL if @a n is zero
80	* @param n number of bytes to copy
81	*/
82	#define GNUNET_memcpy(dst, src, n) do { if (0 != n) { (void) memcpy (dst, src, \
83	n); \
84	} } while (0)
85
86	/**
87	* Should we print some debug output?
88	*/
89	#define VERBOSE 0
90
91	/**
92	* Must match packet ID used by gnunet-helper-nat-client.c
93	*/
94	#define PACKET_ID 256
95
96	/**
97	* Must match IP given in the client.
98	*/
99	#define DUMMY_IP "192.0.2.86"
100
101	/**
102	* Port for UDP
103	*/
104	#define NAT_TRAV_PORT 22225
105
106	/**
107	* How often do we send our ICMP messages to receive replies?
108	*/
109	#define ICMP_SEND_FREQUENCY_MS 500
110
111	/**
112	* IPv4 header.
113	*/
114	struct ip_header
115	{
116	/**
117	* Version (4 bits) + Internet header length (4 bits)
118	*/
119	uint8_t vers_ihl;
120
121	/**
122	* Type of service
123	*/
124	uint8_t tos;
125
126	/**
127	* Total length
128	*/
129	uint16_t pkt_len;
130
131	/**
132	* Identification
133	*/
134	uint16_t id;
135
136	/**
137	* Flags (3 bits) + Fragment offset (13 bits)
138	*/
139	uint16_t flags_frag_offset;
140
141	/**
142	* Time to live
143	*/
144	uint8_t ttl;
145
146	/**
147	* Protocol
148	*/
149	uint8_t proto;
150
151	/**
152	* Header checksum
153	*/
154	uint16_t checksum;
155
156	/**
157	* Source address
158	*/
159	uint32_t src_ip;
160
161	/**
162	* Destination address
163	*/
164	uint32_t dst_ip;
165	};
166
167	/**
168	* Format of ICMP packet.
169	*/
170	struct icmp_ttl_exceeded_header
171	{
172	uint8_t type;
173
174	uint8_t code;
175
176	uint16_t checksum;
177
178	uint32_t unused;
179
180	/* followed by original payload */
181	};
182
183	struct icmp_echo_header
184	{
185	uint8_t type;
186
187	uint8_t code;
188
189	uint16_t checksum;
190
191	uint32_t reserved;
192	};
193
194
195	/**
196	* Beginning of UDP packet.
197	*/
198	struct udp_header
199	{
200	uint16_t src_port;
201
202	uint16_t dst_port;
203
204	uint16_t length;
205
206	uint16_t crc;
207	};
208
209	/**
210	* Socket we use to receive "fake" ICMP replies.
211	*/
212	static int icmpsock;
213
214	/**
215	* Socket we use to send our ICMP requests.
216	*/
217	static int rawsock;
218
219	/**
220	* Socket we use to send our UDP requests.
221	*/
222	static int udpsock;
223
224	/**
225	* Target "dummy" address.
226	*/
227	static struct in_addr dummy;
228
229
230	/**
231	* CRC-16 for IP/ICMP headers.
232	*
233	* @param data what to calculate the CRC over
234	* @param bytes number of bytes in data (must be multiple of 2)
235	* @return the CRC 16.
236	*/
237	static uint16_t
238	calc_checksum (const uint16_t *data, unsigned int bytes)
239	{
240	uint32_t sum;
241	unsigned int i;
242
243	sum = 0;
244	for (i = 0; i < bytes / 2; i++)
245	sum += data[i];
246	sum = (sum & 0xffff) + (sum >> 16);
247	sum = htons (0xffff - sum);
248	return sum;
249	}
250
251
252	/**
253	* Send an ICMP message to the dummy IP.
254	*
255	* @param my_ip source address (our ip address)
256	*/
257	static void
258	send_icmp_echo (const struct in_addr *my_ip)
259	{
260	char packet[sizeof(struct ip_header) + sizeof(struct icmp_echo_header)];
261	struct icmp_echo_header icmp_echo;
262	struct ip_header ip_pkt;
263	struct sockaddr_in dst;
264	size_t off;
265	int err;
266
267	off = 0;
268	ip_pkt.vers_ihl = 0x45;
269	ip_pkt.tos = 0;
270	ip_pkt.pkt_len = htons (sizeof(packet));
271	ip_pkt.id = htons (PACKET_ID);
272	ip_pkt.flags_frag_offset = 0;
273	ip_pkt.ttl = IPDEFTTL;
274	ip_pkt.proto = IPPROTO_ICMP;
275	ip_pkt.checksum = 0;
276	ip_pkt.src_ip = my_ip->s_addr;
277	ip_pkt.dst_ip = dummy.s_addr;
278	ip_pkt.checksum =
279	htons (calc_checksum ((uint16_t *) &ip_pkt,
280	sizeof(struct ip_header)));
281	GNUNET_memcpy (&packet[off],
282	&ip_pkt,
283	sizeof(struct ip_header));
284	off += sizeof(struct ip_header);
285
286	icmp_echo.type = ICMP_ECHO;
287	icmp_echo.code = 0;
288	icmp_echo.checksum = 0;
289	icmp_echo.reserved = 0;
290	icmp_echo.checksum =
291	htons (calc_checksum
292	((uint16_t *) &icmp_echo,
293	sizeof(struct icmp_echo_header)));
294	GNUNET_memcpy (&packet[off],
295	&icmp_echo,
296	sizeof(struct icmp_echo_header));
297	off += sizeof(struct icmp_echo_header);
298
299	memset (&dst, 0, sizeof(dst));
300	dst.sin_family = AF_INET;
301	#if HAVE_SOCKADDR_IN_SIN_LEN
302	dst.sin_len = sizeof(struct sockaddr_in);
303	#endif
304	dst.sin_addr = dummy;
305	err = sendto (rawsock,
306	packet,
307	off,
308	0,
309	(struct sockaddr *) &dst,
310	sizeof(dst));
311	if (err < 0)
312	{
313	#if VERBOSE
314	fprintf (stderr,
315	"sendto failed: %s\n",
316	strerror (errno));
317	#endif
318	}
319	else if (sizeof(packet) != err)
320	{
321	fprintf (stderr,
322	"Error: partial send of ICMP message\n");
323	}
324	}
325
326
327	/**
328	* Send a UDP message to the dummy IP.
329	*/
330	static void
331	send_udp ()
332	{
333	struct sockaddr_in dst;
334	ssize_t err;
335
336	memset (&dst, 0, sizeof(dst));
337	dst.sin_family = AF_INET;
338	#if HAVE_SOCKADDR_IN_SIN_LEN
339	dst.sin_len = sizeof(struct sockaddr_in);
340	#endif
341	dst.sin_addr = dummy;
342	dst.sin_port = htons (NAT_TRAV_PORT);
343	err = sendto (udpsock,
344	NULL,
345	0,
346	0,
347	(struct sockaddr *) &dst,
348	sizeof(dst));
349	if (err < 0)
350	{
351	#if VERBOSE
352	fprintf (stderr,
353	"sendto failed: %s\n",
354	strerror (errno));
355	#endif
356	}
357	else if (0 != err)
358	{
359	fprintf (stderr,
360	"Error: partial send of ICMP message\n");
361	}
362	}
363
364
365	/**
366	* We've received an ICMP response. Process it.
367	*/
368	static void
369	process_icmp_response ()
370	{
371	char buf[65536];
372	ssize_t have;
373	struct in_addr source_ip;
374	struct ip_header ip_pkt;
375	struct icmp_ttl_exceeded_header icmp_ttl;
376	struct icmp_echo_header icmp_echo;
377	struct udp_header udp_pkt;
378	size_t off;
379	uint16_t port;
380
381	have = read (icmpsock, buf, sizeof(buf));
382	if (-1 == have)
383	{
384	fprintf (stderr,
385	"Error reading raw socket: %s\n",
386	strerror (errno));
387	return;
388	}
389	#if VERBOSE
390	fprintf (stderr,
391	"Received message of %u bytes\n",
392	(unsigned int) have);
393	#endif
394	if (have <
395	(ssize_t) (sizeof(struct ip_header)
396	+ sizeof(struct icmp_ttl_exceeded_header)
397	+ sizeof(struct ip_header)))
398	{
399	/* malformed */
400	return;
401	}
402	off = 0;
403	GNUNET_memcpy (&ip_pkt,
404	&buf[off],
405	sizeof(struct ip_header));
406	off += sizeof(struct ip_header);
407	GNUNET_memcpy (&icmp_ttl,
408	&buf[off],
409	sizeof(struct icmp_ttl_exceeded_header));
410	off += sizeof(struct icmp_ttl_exceeded_header);
411	if ((ICMP_TIME_EXCEEDED != icmp_ttl.type) \|\| (0 != icmp_ttl.code))
412	{
413	/* different type than what we want */
414	return;
415	}
416	/* grab source IP of 1st IP header */
417	source_ip.s_addr = ip_pkt.src_ip;
418
419	/* skip 2nd IP header */
420	GNUNET_memcpy (&ip_pkt,
421	&buf[off],
422	sizeof(struct ip_header));
423	off += sizeof(struct ip_header);
424
425	switch (ip_pkt.proto)
426	{
427	case IPPROTO_ICMP:
428	if (have !=
429	(sizeof(struct ip_header) * 2
430	+ sizeof(struct icmp_ttl_exceeded_header)
431	+ sizeof(struct icmp_echo_header)))
432	{
433	/* malformed */
434	return;
435	}
436	/* grab ICMP ECHO content */
437	GNUNET_memcpy (&icmp_echo,
438	&buf[off],
439	sizeof(struct icmp_echo_header));
440	port = (uint16_t) ntohl (icmp_echo.reserved);
441	break;
442
443	case IPPROTO_UDP:
444	if (have !=
445	(sizeof(struct ip_header) * 2
446	+ sizeof(struct icmp_ttl_exceeded_header) + sizeof(struct udp_header)))
447	{
448	/* malformed */
449	return;
450	}
451	/* grab UDP content */
452	GNUNET_memcpy (&udp_pkt,
453	&buf[off],
454	sizeof(struct udp_header));
455	port = ntohs (udp_pkt.length);
456	break;
457
458	default:
459	/* different type than what we want */
460	return;
461	}
462
463	if (port == 0)
464	fprintf (stdout, "%s\n",
465	inet_ntop (AF_INET, &source_ip, buf, sizeof(buf)));
466	else
467	fprintf (stdout, "%s:%u\n",
468	inet_ntop (AF_INET, &source_ip, buf, sizeof(buf)),
469	(unsigned int) port);
470	fflush (stdout);
471	}
472
473
474	/**
475	* Fully initialize the raw socket.
476	*
477	* @return -1 on error, 0 on success
478	*/
479	static int
480	setup_raw_socket ()
481	{
482	const int one = 1;
483
484	if (-1 ==
485	setsockopt (rawsock,
486	SOL_SOCKET,
487	SO_BROADCAST,
488	(char *) &one,
489	sizeof(one)))
490	{
491	fprintf (stderr,
492	"setsockopt failed: %s\n",
493	strerror (errno));
494	return -1;
495	}
496	if (-1 ==
497	setsockopt (rawsock,
498	IPPROTO_IP,
499	IP_HDRINCL,
500	(char *) &one,
501	sizeof(one)))
502	{
503	fprintf (stderr,
504	"setsockopt failed: %s\n",
505	strerror (errno));
506	return -1;
507	}
508	return 0;
509	}
510
511
512	/**
513	* Create a UDP socket for writing.
514	*
515	* @param my_ip source address (our ip address)
516	* @return -1 on error
517	*/
518	static int
519	make_udp_socket (const struct in_addr *my_ip)
520	{
521	int ret;
522	struct sockaddr_in addr;
523
524	ret = socket (AF_INET, SOCK_DGRAM, 0);
525	if (-1 == ret)
526	{
527	fprintf (stderr,
528	"Error opening UDP socket: %s\n",
529	strerror (errno));
530	return -1;
531	}
532	memset (&addr, 0, sizeof(addr));
533	addr.sin_family = AF_INET;
534	#if HAVE_SOCKADDR_IN_SIN_LEN
535	addr.sin_len = sizeof(struct sockaddr_in);
536	#endif
537	addr.sin_addr = *my_ip;
538	addr.sin_port = htons (NAT_TRAV_PORT);
539
540	if (0 != bind (ret,
541	(struct sockaddr *) &addr,
542	sizeof(addr)))
543	{
544	fprintf (stderr,
545	"Error binding UDP socket to port %u: %s\n",
546	NAT_TRAV_PORT,
547	strerror (errno));
548	(void) close (ret);
549	return -1;
550	}
551	return ret;
552	}
553
554
555	int
556	main (int argc,
557	char const argv)
558	{
559	struct in_addr external;
560	fd_set rs;
561	struct timeval tv;
562	uid_t uid;
563	unsigned int alt;
564	int icmp_eno;
565	int raw_eno;
566	int global_ret;
567
568	/* Create an ICMP raw socket for reading (we'll check errors later) */
569	icmpsock = socket (AF_INET,
570	SOCK_RAW,
571	IPPROTO_ICMP);
572	icmp_eno = errno;
573
574	/* Create an (ICMP) raw socket for writing (we'll check errors later) */
575	rawsock = socket (AF_INET,
576	SOCK_RAW,
577	IPPROTO_RAW);
578	raw_eno = errno;
579	udpsock = -1;
580
581	/* drop root rights */
582	uid = getuid ();
583	#ifdef HAVE_SETRESUID
584	if (0 != setresuid (uid, uid, uid))
585	{
586	fprintf (stderr,
587	"Failed to setresuid: %s\n",
588	strerror (errno));
589	global_ret = 1;
590	goto error_exit;
591	}
592	#else
593	if (0 != (setuid (uid) \| seteuid (uid)))
594	{
595	fprintf (stderr,
596	"Failed to setuid: %s\n",
597	strerror (errno));
598	global_ret = 2;
599	goto error_exit;
600	}
601	#endif
602
603	/* Now that we run without root rights, we can do error checking... */
604	if (2 != argc)
605	{
606	fprintf (stderr,
607	"This program must be started with our (internal NAT) IP as the only argument.\n");
608	global_ret = 3;
609	goto error_exit;
610	}
611	if (1 != inet_pton (AF_INET, argv[1], &external))
612	{
613	fprintf (stderr,
614	"Error parsing IPv4 address: %s\n",
615	strerror (errno));
616	global_ret = 4;
617	goto error_exit;
618	}
619	if (1 != inet_pton (AF_INET, DUMMY_IP, &dummy))
620	{
621	fprintf (stderr,
622	"Internal error converting dummy IP to binary.\n");
623	global_ret = 5;
624	goto error_exit;
625	}
626
627	/* error checking icmpsock */
628	if (-1 == icmpsock)
629	{
630	fprintf (stderr,
631	"Error opening RAW socket: %s\n",
632	strerror (icmp_eno));
633	global_ret = 6;
634	goto error_exit;
635	}
636	if (icmpsock >= FD_SETSIZE)
637	{
638	/* this could happen if we were started with a large number of already-open
639	file descriptors... */
640	fprintf (stderr,
641	"Socket number too large (%d > %u)\n",
642	icmpsock,
643	(unsigned int) FD_SETSIZE);
644	global_ret = 7;
645	goto error_exit;
646	}
647
648	/* error checking rawsock */
649	if (-1 == rawsock)
650	{
651	fprintf (stderr,
652	"Error opening RAW socket: %s\n",
653	strerror (raw_eno));
654	global_ret = 8;
655	goto error_exit;
656	}
657	/* no need to check 'rawsock' against FD_SETSIZE as it is never used
658	with 'select' */
659
660	if (0 != setup_raw_socket ())
661	{
662	global_ret = 9;
663	goto error_exit;
664	}
665
666	if (-1 == (udpsock = make_udp_socket (&external)))
667	{
668	global_ret = 10;
669	goto error_exit;
670	}
671
672	alt = 0;
673	while (1)
674	{
675	FD_ZERO (&rs);
676	FD_SET (icmpsock, &rs);
677	tv.tv_sec = 0;
678	tv.tv_usec = ICMP_SEND_FREQUENCY_MS * 1000;
679	if (-1 == select (icmpsock + 1, &rs, NULL, NULL, &tv))
680	{
681	if (errno == EINTR)
682	continue;
683	fprintf (stderr,
684	"select failed: %s\n",
685	strerror (errno));
686	break;
687	}
688	if (1 == getppid ()) /* Check the parent process id, if 1 the parent has died, so we should die too */
689	break;
690	if (FD_ISSET (icmpsock, &rs))
691	{
692	process_icmp_response ();
693	continue;
694	}
695	if (0 == (++alt % 2))
696	send_icmp_echo (&external);
697	else
698	send_udp ();
699	}
700
701	/* select failed (internal error or OS out of resources) */
702	global_ret = 11;
703	error_exit:
704	if (-1 != icmpsock)
705	(void) close (icmpsock);
706	if (-1 != rawsock)
707	(void) close (rawsock);
708	if (-1 != udpsock)
709	(void) close (udpsock);
710	return global_ret;
711	}
712
713
714	/* end of gnunet-helper-nat-server.c */