1 files changed, 79 insertions, 320 deletions

diff --git a/src/transport/gnunet-nat-server.c b/src/transport/gnunet-nat-server.c
index 936726fb3..225c0af5f 100644
--- a/src/transport/gnunet-nat-server.c
+++ b/src/transport/gnunet-nat-server.c
@@ -20,11 +20,11 @@
 
 /**
  * @file src/transport/gnunet-nat-server.c
- * @brief Tool to help bypass NATs using ICMP method; must run as root (for now, later SUID will do)
+ * @brief Tool to help bypass NATs using ICMP method; must run as root (SUID will do)
  *        This code will work under GNU/Linux only (or maybe BSDs, but never W32)
  * @author Christian Grothoff
  */
-
+#define _GNU_SOURCE
 #include <sys/types.h> 
 #include <sys/socket.h>
 #include <arpa/inet.h>
@@ -42,37 +42,18 @@
 #include <netinet/ip_icmp.h>
 #include <netinet/in.h> 
 
-#define DEBUG 0
-
-/**
- * Number of UDP ports to keep open (typically >= 256).
- */
-#define NUM_UDP_PORTS 256
-
-/**
- * Number of ICMP replies to send per message received (typically >= 1024)
- */
-#define NUM_ICMP_REPLIES 1024
-
 /**
- * How often do we send our UDP messages to keep ports open? (typically < 100ms)
+ * Must match IP given in the client.
  */
-#define UDP_SEND_FREQUENCY_MS 50
+#define DUMMY_IP "1.2.3.4"
 
 /**
- * Port we use for the dummy target.
+ * How often do we send our ICMP messages to receive replies?
  */
-#define NAT_TRAV_PORT 2222
-
-/**
- * How often do we retry to open and bind a UDP socket before giving up?
- */
-#define MAX_TRIES 10
-
+#define ICMP_SEND_FREQUENCY_MS 500
 
 struct ip_packet 
 {
-
   uint8_t vers_ihl;
   uint8_t tos;
   uint16_t pkt_len;
@@ -85,112 +66,20 @@ struct ip_packet
   uint32_t dst_ip;
 };
 
-
-struct udp_packet
-{
-  uint16_t source_port;
-  uint16_t dst_port;
-  uint16_t mlen_aka_reply_port_magic;
-  uint16_t checksum_aka_my_magic;
-};
-
-
 struct icmp_packet 
 {
   uint8_t type;
   uint8_t code;
   uint16_t checksum;
   uint32_t reserved;
-  struct ip_packet ip;
-  struct udp_packet udp;
-};
-
-
-/**
- * Structure of the data we tack on to the fake ICMP reply
- * (last 4 bytes of the 64 bytes).
- */
-struct extra_packet
-{
-  /**
-   * if this is a reply to an icmp, what was the 'my_magic'
-   * value from the original icmp?
-   */
-  uint16_t reply_port_magic;
-
-  /**
-   * magic value of the sender of this icmp message.
-   */
-  uint16_t my_magic;
 };
 
-static int udpsocks[NUM_UDP_PORTS];
 
-static uint16_t udpports[NUM_UDP_PORTS];
- 
 static int icmpsock;
 
 static int rawsock;
 
 static struct in_addr dummy;
- 
-
-/**
- * create a random port number that is not totally
- * unlikely to be chosen by the nat box.
- */ 
-static uint16_t make_port ()
-{
-  return 1024 + ( (unsigned int)rand ()) % (63 * 1024 - 2);
-}
-
-
-/**
- * create a fresh udp socket bound to a random local port.
- */
-static int
-make_udp_socket (uint16_t *port)
-{
-  int ret;
-  int tries;
-  struct sockaddr_in src;
-
-  for (tries=0;tries<MAX_TRIES;tries++)
-    {
-      ret = socket (AF_INET, SOCK_DGRAM, 0);
-      if (-1 == ret)
-        {
-          fprintf (stderr,
-                   "Error opening udp socket: %s\n",
-                   strerror (errno));
-          return -1;
-        }
-      if (ret >= FD_SETSIZE)       
-        {
-          fprintf (stderr,
-                   "Socket number too large (%d > %u)\n",
-                   ret,
-                   (unsigned int) FD_SETSIZE);
-          close (ret);
-          return -1;
-        }
-      memset (&src, 0, sizeof (src));
-      src.sin_family = AF_INET;
-      src.sin_port = htons (make_port ());
-      if (0 != bind (ret, (struct sockaddr*) &src, sizeof (src)))
-        {
-          close (ret);
-          continue;
-        }
-      *port = ntohs (src.sin_port);
-      return ret;
-    }
-  fprintf (stderr,
-           "Error binding udp socket: %s\n",
-           strerror (errno));
-  return -1;
-}
-
 
 static uint16_t 
 calc_checksum(const uint16_t *data, 
@@ -208,144 +97,93 @@ calc_checksum(const uint16_t *data,
 }
 
 
+static void
+make_echo (const struct in_addr *src_ip,
+           struct icmp_packet *echo)
+{
+  memset(echo, 0, sizeof(struct icmp_packet));
+  echo->type = ICMP_ECHO;
+  echo->code = 0;
+  echo->reserved = 0;
+  echo->checksum = 0;
+  echo->checksum = htons(calc_checksum((uint16_t*)echo, sizeof (struct icmp_packet)));
+}
+
+
 /**
- * send an icmp message to the target.
+ * Send an ICMP message to the dummy IP.
  *
  * @param my_ip source address (our ip address)
- * @param other target address
- * @param target_port_number fake port number to put into icmp response 
- *                           as well as the icmpextradata as 'my_magic'
- * @param source_port_number magic_number that enables the other peer to
- *                           identify our port number ('reply in response to') to
- *                           put in the data portion; 0 if we are initiating;
- *                           goes into 'reply_port_magic' of the icmpextradata
  */
 static void
-send_icmp (const struct in_addr *my_ip,
-           const struct in_addr *other,
-           uint16_t target_port_number,
-           uint16_t source_port_number)
+send_icmp_echo (const struct in_addr *my_ip)
 {
-  struct ip_packet ip_pkt;
-  struct icmp_packet icmp_pkt;
+  struct icmp_packet icmp_echo;
   struct sockaddr_in dst;
-  char packet[sizeof (ip_pkt) + sizeof (icmp_pkt)];
   size_t off;
   int err;
+  struct ip_packet ip_pkt;
+  struct icmp_packet icmp_pkt;
+  char packet[sizeof (ip_pkt) + sizeof (icmp_pkt)];
 
-  /* ip header: send to (known) ip address */
   off = 0;
   memset(&ip_pkt, 0, sizeof(ip_pkt));
-  ip_pkt.vers_ihl = 0x45;//|(pkt_len>>2);//5;//(ipversion << 4) | (iphdr_size >> 2);
+  ip_pkt.vers_ihl = 0x45;
   ip_pkt.tos = 0;
-  ip_pkt.pkt_len = sizeof (packet); /* huh? */
-  ip_pkt.id = 1; /* kernel will change anyway!? */
+  ip_pkt.pkt_len = sizeof (packet);
+  ip_pkt.id = 1;
   ip_pkt.flags_frag_offset = 0;
   ip_pkt.ttl = IPDEFTTL;
   ip_pkt.proto = IPPROTO_ICMP;
-  ip_pkt.checksum = 0; /* maybe the kernel helps us out..? */
+  ip_pkt.checksum = 0; 
   ip_pkt.src_ip = my_ip->s_addr;
-  ip_pkt.dst_ip = other->s_addr;
+  ip_pkt.dst_ip = dummy.s_addr;
   ip_pkt.checksum = htons(calc_checksum((uint16_t*)&ip_pkt, sizeof (ip_pkt)));
   memcpy (packet, &ip_pkt, sizeof (ip_pkt));
   off += sizeof (ip_pkt);
-
-  /* icmp reply: time exceeded */
-  memset(&icmp_pkt, 0, sizeof(icmp_pkt));
-  icmp_pkt.type = ICMP_TIME_EXCEEDED;
-  icmp_pkt.code = ICMP_NET_UNREACH;
-  icmp_pkt.reserved = 0;
-  icmp_pkt.checksum = 0;
-
-  /* ip header of the presumably 'lost' udp packet */
-  icmp_pkt.ip.vers_ihl = 0x45;
-  icmp_pkt.ip.tos = 0;
-  /* no idea why i need to shift the bits here, but not on ip_pkt->pkt_len... */
-  icmp_pkt.ip.pkt_len = (sizeof (ip_pkt) + sizeof (icmp_pkt)) << 8;
-  icmp_pkt.ip.id = 1; /* kernel sets proper value htons(ip_id_counter); */
-  icmp_pkt.ip.flags_frag_offset = 0;
-  icmp_pkt.ip.ttl = 1; /* real TTL would be 1 on a time exceeded packet */
-  icmp_pkt.ip.proto = IPPROTO_UDP;
-  icmp_pkt.ip.src_ip = other->s_addr;
-  icmp_pkt.ip.dst_ip = dummy.s_addr;
-  icmp_pkt.ip.checksum = 0;
-  icmp_pkt.ip.checksum = htons(calc_checksum((uint16_t*)&icmp_pkt.ip, sizeof (icmp_pkt.ip)));
-  icmp_pkt.udp.source_port = htons (target_port_number);
-  icmp_pkt.udp.dst_port = htons (NAT_TRAV_PORT);
-  icmp_pkt.udp.mlen_aka_reply_port_magic = htons (source_port_number);
-  icmp_pkt.udp.checksum_aka_my_magic = htons (target_port_number);
-  icmp_pkt.checksum = htons(calc_checksum((uint16_t*)&icmp_pkt, sizeof (icmp_pkt)));
-  memcpy (&packet[off], &icmp_pkt, sizeof (icmp_pkt));
-  off += sizeof (icmp_pkt);
+  make_echo (my_ip, &icmp_echo);
+  memcpy (&packet[off], &icmp_echo, sizeof (icmp_echo));
+  off += sizeof (icmp_echo);
  
   memset (&dst, 0, sizeof (dst));
   dst.sin_family = AF_INET;
-  dst.sin_addr = *other;
+  dst.sin_addr = dummy;
   err = sendto(rawsock, 
-               packet, 
-               off, 0, 
+               packet, off, 0, 
                (struct sockaddr*)&dst, 
-               sizeof(dst)); /* or sizeof 'struct sockaddr'? */
-  if (err < 0) {
-    fprintf(stderr,
-            "sendto failed: %s\n", strerror(errno));
-  } else if (err != off) 
-    fprintf(stderr,
-            "Error: partial send of ICMP message\n");
-}
-
-
-/**
- * We discovered the IP address of the other peer.
- * Try to connect back to it.
- */
-static void
-try_connect (const struct in_addr *my_ip,
-             const struct in_addr *other,
-             uint16_t port_magic)
-{
-  unsigned int i;
-#if DEBUG
-  char sbuf [INET_ADDRSTRLEN];
-
-  fprintf (stderr,
-           "Sending %u ICMPs to `%s' with reply magic %u\n",
-           NUM_ICMP_REPLIES,
-           inet_ntop (AF_INET,
-                      other,
-                      sbuf,
-                      sizeof (sbuf)),
-           port_magic);  
-#endif
-  for (i=0;i<NUM_ICMP_REPLIES;i++)
-    send_icmp (my_ip, other, make_port(), port_magic);
+               sizeof(dst));
+  if (err < 0) 
+    {
+      fprintf(stderr,
+              "sendto failed: %s\n", strerror(errno));
+    }
+  else if (err != off) 
+    {
+      fprintf(stderr,
+              "Error: partial send of ICMP message\n");
+    }
 }
 
 
 static void
-process_icmp_response (const struct in_addr *my_ip,
-                       int s)
+process_icmp_response ()
 {
   char buf[65536];
   ssize_t have;
   struct in_addr sip;
-  uint16_t my_magic;
-  uint16_t reply_magic;
-  uint16_t local_port;
   struct ip_packet ip_pkt;
   struct icmp_packet icmp_pkt;
   size_t off;
   
-  have = read (s, buf, sizeof (buf));
+  have = read (icmpsock, buf, sizeof (buf));
   if (have == -1)
     {
       fprintf (stderr,
                "Error reading raw socket: %s\n",
                strerror (errno));
-      /* What now? */
       return; 
     }
-  if (have != sizeof (struct ip_packet) + sizeof (struct icmp_packet))
+  if (have != sizeof (struct ip_packet) *2 + sizeof (struct icmp_packet) * 2)
     {
       fprintf (stderr,
                "Received ICMP message of unexpected size: %u bytes\n",
@@ -357,66 +195,22 @@ process_icmp_response (const struct in_addr *my_ip,
   off += sizeof (ip_pkt);
   memcpy (&icmp_pkt, &buf[off], sizeof (icmp_pkt));
   off += sizeof (icmp_pkt);
-
-  if ( (ip_pkt.proto == IPPROTO_ICMP) &&
-       (icmp_pkt.type == ICMP_DEST_UNREACH) && 
-       (icmp_pkt.code == ICMP_HOST_UNREACH) )
-    {
-      /* this is what is normal due to our UDP traffic */
-      return;
-    }
-  if ( (ip_pkt.proto == IPPROTO_ICMP) &&
-       (icmp_pkt.type == ICMP_TIME_EXCEEDED) &&
-       (icmp_pkt.code == ICMP_NET_UNREACH) )
-    {
-      /* this is what we might see on loopback: this is the format
-         we as the server send out (the client uses 'ICMP_HOST_UNREACH');
-         Ignore! */
-      return;
-    }
-
   if ( (ip_pkt.proto != IPPROTO_ICMP) ||
        (icmp_pkt.type != ICMP_TIME_EXCEEDED) || 
-       (icmp_pkt.code != ICMP_HOST_UNREACH) )
+       (icmp_pkt.code != 0) )
     {
-      /* Note the expected client response and not the normal network response */
-      fprintf (stderr,
-               "Received unexpected ICMP message contents (%u, %u, %u), ignoring\n",
-               ip_pkt.proto,
-               icmp_pkt.type,
-               icmp_pkt.code);
-      return;
+      /* maybe we got an actual reply back... */
+      return;    
     }
-  memcpy(&sip, &ip_pkt.src_ip, sizeof (sip));
-  reply_magic = ntohs (icmp_pkt.udp.checksum_aka_my_magic);
-  my_magic = ntohs (icmp_pkt.udp.mlen_aka_reply_port_magic);
-  local_port = ntohs (icmp_pkt.udp.source_port);
-#if DEBUG
-  fprintf (stderr,
-           "Received ICMP from `%s' with outgoing port %u, listen port %u and incoming port hint for other peer %u\n",
+  memcpy(&sip, 
+         &ip_pkt.src_ip, 
+         sizeof (sip));
+  fprintf (stdout,
+           "%s\n",
            inet_ntop (AF_INET,
                       &sip,
                       buf,
-                      sizeof (buf)),
-           my_magic,
-           local_port,
-           reply_magic);
-#endif
-  if (my_magic == 0)
-    {
-      try_connect (my_ip, &sip, reply_magic);
-    }
-  else
-    {
-      /* FIXME: should close 'local_port' */
-      printf ("%s:%u listen on %u\n",
-              inet_ntop (AF_INET,
-                         &sip,
-                         buf,
-                         sizeof(buf)),
-              my_magic,
-              local_port);    
-    }
+                      sizeof (buf)));
 }
 
 
@@ -460,15 +254,6 @@ make_raw_socket ()
                strerror (errno));
       return -1;
     }  
-  if (ret >= FD_SETSIZE) 
-    {
-      fprintf (stderr,
-               "Socket number too large (%d > %u)\n",
-               ret,
-               (unsigned int) FD_SETSIZE);
-      close (ret);
-      return -1;
-    }
   if (setsockopt(ret, SOL_SOCKET, SO_BROADCAST,
                  (char *)&one, sizeof(one)) == -1)
     fprintf(stderr,
@@ -487,72 +272,46 @@ int
 main (int argc, char *const *argv)
 {
   struct in_addr external;
-  unsigned int i;  
-  unsigned int pos;
   fd_set rs;
   struct timeval tv;
-  struct sockaddr_in dst;  
-  
-  if (argc != 3)
+  uid_t uid;
+
+  if (-1 == (icmpsock = make_icmp_socket()))
+    return 1; 
+  if (-1 == (rawsock = make_raw_socket()))
+    {
+      close (icmpsock);
+      return 1; 
+    }
+  uid = getuid ();
+  if (0 != setresuid (uid, uid, uid))
+    fprintf (stderr,
+             "Failed to setresuid: %s\n",
+             strerror (errno));    
+  if (argc != 2)
     {
       fprintf (stderr,
-               "This program must be started with our external IP and the dummy IP address as arguments.\n");
+               "This program must be started with our external IP as the only argument.\n");
       return 1;
     }
-  if ( (1 != inet_pton (AF_INET, argv[1], &external)) ||
-       (1 != inet_pton (AF_INET, argv[2], &dummy)) )
+  if (1 != inet_pton (AF_INET, argv[1], &external))
     {
       fprintf (stderr,
                "Error parsing IPv4 address: %s\n",
                strerror (errno));
       return 1;
     }
-  srand (time(NULL));
-  memset (&dst, 0, sizeof (dst));
-  dst.sin_family = AF_INET;
-  dst.sin_port = htons (NAT_TRAV_PORT);
-  dst.sin_addr = dummy;
-
-  if (-1 == (icmpsock = make_icmp_socket()))
-    return 1; 
-  if (-1 == (rawsock = make_raw_socket()))
-    {
-      close (icmpsock);
-      return 1; 
-    }
-  for (i=0;i<NUM_UDP_PORTS;i++)
-    udpsocks[i] = make_udp_socket (&udpports[i]);
-  pos = 0;
+  inet_pton (AF_INET, DUMMY_IP, &dummy);
   while (1)
     {
       FD_ZERO (&rs);
       FD_SET (icmpsock, &rs);
       tv.tv_sec = 0;
-      tv.tv_usec = UDP_SEND_FREQUENCY_MS * 1000; 
+      tv.tv_usec = ICMP_SEND_FREQUENCY_MS * 1000; 
       select (icmpsock + 1, &rs, NULL, NULL, &tv);
-      /* FIXME: do I need my external IP here? */
       if (FD_ISSET (icmpsock, &rs))
-        {
-          process_icmp_response (&external, icmpsock);
-          continue;
-        }
-#if DEBUG
-      fprintf (stderr,
-               "Sending UDP message to %s:%u\n",
-               argv[2],
-               NAT_TRAV_PORT);
-#endif
-      if (-1 == sendto (udpsocks[pos],
-                        NULL, 0, 0,
-                        (struct sockaddr*) &dst, sizeof (dst)))
-        {
-          fprintf (stderr, 
-                   "sendto failed: %s\n",
-                   strerror (errno));
-          close (udpsocks[pos]);
-          udpsocks[pos] = make_udp_socket (&udpports[pos]);
-        }
-      pos = (pos+1) % NUM_UDP_PORTS;
+        process_icmp_response ();
+      send_icmp_echo (&external);
     }  
   return 0;
 }