From 4e98f95fda2aee5c1d1936eee5536c81e5aec7b6 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Fri, 5 Feb 2010 08:49:50 +0000
Subject: fixed

---
 src/transport/gnunet-nat-server.c | 117 +++++++++++++++++++++-----------------
 1 file changed, 65 insertions(+), 52 deletions(-)

(limited to 'src/transport/gnunet-nat-server.c')

diff --git a/src/transport/gnunet-nat-server.c b/src/transport/gnunet-nat-server.c
index 143c4ed32..9eab289e0 100644
--- a/src/transport/gnunet-nat-server.c
+++ b/src/transport/gnunet-nat-server.c
@@ -41,15 +41,22 @@
 #include <netinet/ip_icmp.h>
 #include <netinet/in.h> 
 
+#define DEBUG 0
+
 /**
- * Number of UDP ports to keep open.
+ * Number of UDP ports to keep open (typically >= 256).
  */
-#define NUM_UDP_PORTS 512
+#define NUM_UDP_PORTS 256
 
 /**
- * How often do we send our UDP messages to keep ports open?
+ * Number of ICMP replies to send per message received (typically >= 1024)
  */
-#define UDP_SEND_FREQUENCY_MS 500
+#define NUM_ICMP_REPLIES 1024
+
+/**
+ * How often do we send our UDP messages to keep ports open? (typically < 100ms)
+ */
+#define UDP_SEND_FREQUENCY_MS 50
 
 /**
  * Port we use for the dummy target.
@@ -77,13 +84,6 @@ struct ip_packet
   uint32_t dst_ip;
 };
 
-struct icmp_packet 
-{
-  uint8_t type;
-  uint8_t code;
-  uint16_t checksum;
-  uint32_t reserved;
-};
 
 struct udp_packet
 {
@@ -94,6 +94,17 @@ struct udp_packet
 };
 
 
+struct icmp_packet 
+{
+  uint8_t type;
+  uint8_t code;
+  uint16_t checksum;
+  uint32_t reserved;
+  struct ip_packet ip;
+  struct udp_packet udp;
+};
+
+
 /**
  * Structure of the data we tack on to the fake ICMP reply
  * (last 4 bytes of the 64 bytes).
@@ -216,9 +227,8 @@ send_icmp (const struct in_addr *my_ip,
 {
   struct ip_packet ip_pkt;
   struct icmp_packet icmp_pkt;
-  struct udp_packet udp_pkt;
   struct sockaddr_in dst;
-  char packet[sizeof (ip_pkt) + sizeof (icmp_pkt) + sizeof (udp_pkt)];
+  char packet[sizeof (ip_pkt) + sizeof (icmp_pkt)];
   size_t off;
   int err;
 
@@ -245,35 +255,28 @@ send_icmp (const struct in_addr *my_ip,
   icmp_pkt.code = ICMP_NET_UNREACH;
   icmp_pkt.reserved = 0;
   icmp_pkt.checksum = 0;
-  icmp_pkt.checksum = htons(calc_checksum((uint16_t*)&icmp_pkt, sizeof (icmp_pkt)));
-  memcpy (&packet[off], &icmp_pkt, sizeof (icmp_pkt));
-  off += sizeof (icmp_pkt);
 
   /* ip header of the presumably 'lost' udp packet */
-  memset(&ip_pkt, 0, sizeof (ip_pkt));
-  ip_pkt.vers_ihl = 0x45;
-  ip_pkt.tos = 0;
+  icmp_pkt.ip.vers_ihl = 0x45;
+  icmp_pkt.ip.tos = 0;
   /* no idea why i need to shift the bits here, but not on ip_pkt->pkt_len... */
-  ip_pkt.pkt_len = (sizeof (ip_pkt) + sizeof (icmp_pkt)) << 8;
-  ip_pkt.id = 1; /* kernel sets proper value htons(ip_id_counter); */
-  ip_pkt.flags_frag_offset = 0;
-  ip_pkt.ttl = 1; /* real TTL would be 1 on a time exceeded packet */
-  ip_pkt.proto = IPPROTO_UDP;
-  ip_pkt.src_ip = other->s_addr;
-  ip_pkt.dst_ip = dummy.s_addr;
-  ip_pkt.checksum = 0;
-  ip_pkt.checksum = htons(calc_checksum((uint16_t*)&ip_pkt, sizeof (ip_pkt)));
-  memcpy (&packet[off], &ip_pkt, sizeof (ip_pkt));
-  off += sizeof (ip_pkt);
-  
-  memset(&udp_pkt, 0, sizeof (udp_pkt));
-  udp_pkt.source_port = htons (target_port_number); /* this one will be re-written by NAT */
-  udp_pkt.dst_port = htons (NAT_TRAV_PORT);
-  udp_pkt.mlen_aka_reply_port_magic = htons (source_port_number);
-  udp_pkt.checksum_aka_my_magic = htons (target_port_number); /* this one should be bounced back to me as 'reply_port_magic' */
-  memcpy (&packet[off], &udp_pkt, sizeof (udp_pkt));
-  off += sizeof (udp_pkt);
-  
+  icmp_pkt.ip.pkt_len = (sizeof (ip_pkt) + sizeof (icmp_pkt)) << 8;
+  icmp_pkt.ip.id = 1; /* kernel sets proper value htons(ip_id_counter); */
+  icmp_pkt.ip.flags_frag_offset = 0;
+  icmp_pkt.ip.ttl = 1; /* real TTL would be 1 on a time exceeded packet */
+  icmp_pkt.ip.proto = IPPROTO_UDP;
+  icmp_pkt.ip.src_ip = other->s_addr;
+  icmp_pkt.ip.dst_ip = dummy.s_addr;
+  icmp_pkt.ip.checksum = 0;
+  icmp_pkt.ip.checksum = htons(calc_checksum((uint16_t*)&icmp_pkt.ip, sizeof (icmp_pkt.ip)));
+  icmp_pkt.udp.source_port = htons (target_port_number);
+  icmp_pkt.udp.dst_port = htons (NAT_TRAV_PORT);
+  icmp_pkt.udp.mlen_aka_reply_port_magic = htons (source_port_number);
+  icmp_pkt.udp.checksum_aka_my_magic = htons (target_port_number);
+  icmp_pkt.checksum = htons(calc_checksum((uint16_t*)&icmp_pkt, sizeof (icmp_pkt)));
+  memcpy (&packet[off], &icmp_pkt, sizeof (icmp_pkt));
+  off += sizeof (icmp_pkt);
+ 
   memset (&dst, 0, sizeof (dst));
   dst.sin_family = AF_INET;
   dst.sin_addr = *other;
@@ -301,17 +304,19 @@ try_connect (const struct in_addr *my_ip,
 	     uint16_t port_magic)
 {
   unsigned int i;
+#if DEBUG
   char sbuf [INET_ADDRSTRLEN];
 
   fprintf (stderr,
 	   "Sending %u ICMPs to `%s' with reply magic %u\n",
-	   NUM_UDP_PORTS,
+	   NUM_ICMP_REPLIES,
 	   inet_ntop (AF_INET,
 		      other,
 		      sbuf,
 		      sizeof (sbuf)),
 	   port_magic);  
-  for (i=0;i<NUM_UDP_PORTS;i++)
+#endif
+  for (i=0;i<NUM_ICMP_REPLIES;i++)
     send_icmp (my_ip, other, make_port(), port_magic);
 }
 
@@ -328,7 +333,6 @@ process_icmp_response (const struct in_addr *my_ip,
   uint16_t local_port;
   struct ip_packet ip_pkt;
   struct icmp_packet icmp_pkt;
-  struct udp_packet udp_pkt;  
   size_t off;
   
   have = read (s, buf, sizeof (buf));
@@ -340,8 +344,7 @@ process_icmp_response (const struct in_addr *my_ip,
       /* What now? */
       return; 
     }
-  if (have != 2 * sizeof (struct ip_packet) + sizeof (struct icmp_packet) + 
-      sizeof (struct udp_packet))
+  if (have != sizeof (struct ip_packet) + sizeof (struct icmp_packet))
     {
       fprintf (stderr,
 	       "Received ICMP message of unexpected size: %u bytes\n",
@@ -353,9 +356,6 @@ process_icmp_response (const struct in_addr *my_ip,
   off += sizeof (ip_pkt);
   memcpy (&icmp_pkt, &buf[off], sizeof (icmp_pkt));
   off += sizeof (icmp_pkt);
-  off += sizeof (ip_pkt);
-  memcpy (&udp_pkt, &buf[off], sizeof (udp_pkt));
-  off += sizeof (struct udp_packet);
 
   if ( (ip_pkt.proto == IPPROTO_ICMP) &&
        (icmp_pkt.type == ICMP_DEST_UNREACH) && 
@@ -364,9 +364,19 @@ process_icmp_response (const struct in_addr *my_ip,
       /* this is what is normal due to our UDP traffic */
       return;
     }
+  if ( (ip_pkt.proto == IPPROTO_ICMP) &&
+       (icmp_pkt.type == ICMP_TIME_EXCEEDED) &&
+       (icmp_pkt.code == ICMP_NET_UNREACH) )
+    {
+      /* this is what we might see on loopback: this is the format
+	 we as the server send out (the client uses 'ICMP_HOST_UNREACH');
+	 Ignore! */
+      return;
+    }
+
   if ( (ip_pkt.proto != IPPROTO_ICMP) ||
        (icmp_pkt.type != ICMP_TIME_EXCEEDED) || 
-       (icmp_pkt.code != ICMP_NET_UNREACH) )
+       (icmp_pkt.code != ICMP_HOST_UNREACH) )
     {
       /* Note the expected client response and not the normal network response */
       fprintf (stderr,
@@ -377,9 +387,10 @@ process_icmp_response (const struct in_addr *my_ip,
       return;
     }
   memcpy(&sip, &ip_pkt.src_ip, sizeof (sip));
-  reply_magic = ntohs (udp_pkt.checksum_aka_my_magic);
-  my_magic = ntohs (udp_pkt.mlen_aka_reply_port_magic);
-  local_port = ntohs (udp_pkt.source_port);
+  reply_magic = ntohs (icmp_pkt.udp.checksum_aka_my_magic);
+  my_magic = ntohs (icmp_pkt.udp.mlen_aka_reply_port_magic);
+  local_port = ntohs (icmp_pkt.udp.source_port);
+#if DEBUG
   fprintf (stderr,
 	   "Received ICMP from `%s' with outgoing port %u, listen port %u and incoming port hint for other peer %u\n",
 	   inet_ntop (AF_INET,
@@ -389,6 +400,7 @@ process_icmp_response (const struct in_addr *my_ip,
 	   my_magic,
 	   local_port,
 	   reply_magic);
+#endif
   if (my_magic == 0)
     {
       try_connect (my_ip, &sip, reply_magic);
@@ -522,11 +534,12 @@ main (int argc, char *const *argv)
 	  process_icmp_response (&external, icmpsock);
 	  continue;
 	}
+#if DEBUG
       fprintf (stderr,
 	       "Sending UDP message to %s:%u\n",
 	       argv[2],
 	       NAT_TRAV_PORT);
-	       
+#endif
       if (-1 == sendto (udpsocks[pos],
 			NULL, 0, 0,
 			(struct sockaddr*) &dst, sizeof (dst)))
-- 
cgit v1.2.3