2 This file is part of GNUnet.
3 Copyright (C) 2007-2017 GNUnet e.V.
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 * @author Christian Grothoff
21 * @author Milan Bouchet-Valat
24 * Service for handling UPnP and NAT-PMP port forwarding
25 * and external IP address retrieval
27 * @defgroup nat NAT library
28 * Service for handling UPnP and NAT-PMP port forwarding
29 * and external IP address retrieval
34 #ifndef GNUNET_NAT_SERVICE_H
35 #define GNUNET_NAT_SERVICE_H
37 #include "gnunet_util_lib.h"
41 * Some addresses contain sensitive information or are
42 * not suitable for global distribution. We use address
43 * classes to filter addresses by which domain they make
44 * sense to be used in. These are used in a bitmask.
46 * FIXME: might want to define this elsewhere; we have
47 * an equivalent enum in gnunet_transport_hello_service.h;
48 * might ultimately belong with the new HELLO definition.
50 enum GNUNET_NAT_AddressClass
56 GNUNET_NAT_AC_NONE = 0,
59 * Addresses that fall into no other category
60 * (i.e. incoming which we cannot use elsewhere).
62 GNUNET_NAT_AC_OTHER = 1,
65 * Flag for addresses that are highly sensitive
66 * (i.e. IPv6 with our MAC).
68 GNUNET_NAT_AC_PRIVATE = 2,
71 * Addresses that are global (i.e. IPv4).
73 GNUNET_NAT_AC_GLOBAL = 4,
76 * Addresses that are global and are sensitive
77 * (i.e. IPv6 with our MAC).
79 GNUNET_NAT_AC_GLOBAL_PRIVATE = 6,
82 * Addresses useful in the local wired network,
83 * i.e. a MAC. Sensitive, but obvious to people nearby.
85 * Useful for broadcasts.
87 GNUNET_NAT_AC_LAN = 8,
90 * Addresses useful in the local wired network,
91 * i.e. a MAC. Sensitive, but obvious to people nearby.
92 * Useful for broadcasts.
94 GNUNET_NAT_AC_LAN_PRIVATE = 10,
97 * Addresses useful in the local wireless network,
98 * i.e. a MAC. Sensitive, but obvious to people nearby.
99 * Useful for broadcasts.
101 GNUNET_NAT_AC_WLAN = 16,
104 * Addresses useful in the local bluetooth network. Sensitive, but
105 * obvious to people nearby. Useful for broadcasts.
107 GNUNET_NAT_AC_BT = 32,
110 * Loopback addresses, only useful under special cirumstances.
112 GNUNET_NAT_AC_LOOPBACK = 64,
115 * Addresses that should be our external IP address
116 * on the outside of a NAT. Might be incorrectly determined.
117 * Used as a bit in combination with #GNUNET_NAT_AC_GLOBAL,
118 * or in case of double-NAT with
119 * #GNUNET_NAT_AC_LAN.
121 GNUNET_NAT_AC_EXTERN = 128,
124 * Addresses that were manually configured by the user.
125 * Used as a bit in combination with #GNUNET_NAT_AC_GLOBAL.
127 GNUNET_NAT_AC_MANUAL = 256,
130 * Bitmask for "any" address.
132 GNUNET_NAT_AC_ANY = 65535
138 * Error Types for the NAT subsystem (which can then later be converted/resolved to a string)
140 enum GNUNET_NAT_StatusCode
145 GNUNET_NAT_ERROR_SUCCESS = GNUNET_OK,
150 GNUNET_NAT_ERROR_IPC_FAILURE,
153 * Failure in network subsystem, check permissions
155 GNUNET_NAT_ERROR_INTERNAL_NETWORK_ERROR,
160 GNUNET_NAT_ERROR_TIMEOUT,
163 * detected that we are offline
165 GNUNET_NAT_ERROR_NOT_ONLINE,
168 * `upnpc` command not found
170 GNUNET_NAT_ERROR_UPNPC_NOT_FOUND,
173 * Failed to run `upnpc` command
175 GNUNET_NAT_ERROR_UPNPC_FAILED,
178 * `upnpc' command took too long, process killed
180 GNUNET_NAT_ERROR_UPNPC_TIMEOUT,
183 * `upnpc' command failed to establish port mapping
185 GNUNET_NAT_ERROR_UPNPC_PORTMAP_FAILED,
188 * `external-ip' command not found
190 GNUNET_NAT_ERROR_EXTERNAL_IP_UTILITY_NOT_FOUND,
193 * Failed to run `external-ip` command
195 GNUNET_NAT_ERROR_EXTERNAL_IP_UTILITY_FAILED,
198 * `external-ip' command output invalid
200 GNUNET_NAT_ERROR_EXTERNAL_IP_UTILITY_OUTPUT_INVALID,
203 * "no valid address was returned by `external-ip'"
205 GNUNET_NAT_ERROR_EXTERNAL_IP_ADDRESS_INVALID,
208 * Could not determine interface with internal/local network address
210 GNUNET_NAT_ERROR_NO_VALID_IF_IP_COMBO,
213 * No working gnunet-helper-nat-server found
215 GNUNET_NAT_ERROR_HELPER_NAT_SERVER_NOT_FOUND,
218 * NAT test could not be initialized
220 GNUNET_NAT_ERROR_NAT_TEST_START_FAILED,
225 GNUNET_NAT_ERROR_NAT_TEST_TIMEOUT,
228 * NAT test failed to initiate
230 GNUNET_NAT_ERROR_NAT_REGISTER_FAILED,
235 GNUNET_NAT_ERROR_HELPER_NAT_CLIENT_NOT_FOUND
242 * What the situation of the NAT connectivity
247 * We have a direct connection
249 GNUNET_NAT_TYPE_NO_NAT = GNUNET_OK,
252 * We are under a NAT but cannot traverse it
254 GNUNET_NAT_TYPE_UNREACHABLE_NAT,
257 * We can traverse using STUN
259 GNUNET_NAT_TYPE_STUN_PUNCHED_NAT,
262 * We can traverse using UPNP
264 GNUNET_NAT_TYPE_UPNP_NAT,
267 * We know nothing about the NAT.
269 GNUNET_NAT_TYPE_UNKNOWN
276 * Signature of the callback passed to #GNUNET_NAT_register() for
277 * a function to call whenever our set of 'valid' addresses changes.
280 * @param add_remove #GNUNET_YES to add a new public IP address,
281 * #GNUNET_NO to remove a previous (now invalid) one
282 * @param ac address class the address belongs to
283 * @param addr either the previous or the new public IP address
284 * @param addrlen actual length of the @a addr
287 (*GNUNET_NAT_AddressCallback) (void *cls,
289 enum GNUNET_NAT_AddressClass ac,
290 const struct sockaddr *addr,
295 * Signature of the callback passed to #GNUNET_NAT_register().
296 * for a function to call whenever someone asks us to do connection
300 * @param remote_addr public IP address of the other peer
301 * @param remote_addrlen actual length of the @a remote_addr
304 (*GNUNET_NAT_ReversalCallback) (void *cls,
305 const struct sockaddr *remote_addr,
306 socklen_t remote_addrlen);
310 * Handle for active NAT registrations.
312 struct GNUNET_NAT_Handle;
316 * Attempt to enable port redirection and detect public IP address
317 * contacting UPnP or NAT-PMP routers on the local network. Use @a
318 * addr to specify to which of the local host's addresses should the
319 * external port be mapped. The port is taken from the corresponding
320 * sockaddr_in[6] field. The NAT module should call the given @a
321 * address_callback for any 'plausible' external address.
323 * @param cfg configuration to use
324 * @param config_section name of the configuration section for options
325 * @param proto protocol this is about, IPPROTO_TCP or IPPROTO_UDP
326 * @param num_addrs number of addresses in @a addrs
327 * @param addrs list of local addresses packets should be redirected to
328 * @param addrlens actual lengths of the addresses in @a addrs
329 * @param address_callback function to call everytime the public IP address changes
330 * @param reversal_callback function to call if someone wants connection reversal from us,
331 * NULL if connection reversal is not supported
332 * @param callback_cls closure for callbacks
333 * @return NULL on error, otherwise handle that can be used to unregister
335 struct GNUNET_NAT_Handle *
336 GNUNET_NAT_register (const struct GNUNET_CONFIGURATION_Handle *cfg,
337 const char *config_section,
339 unsigned int num_addrs,
340 const struct sockaddr **addrs,
341 const socklen_t *addrlens,
342 GNUNET_NAT_AddressCallback address_callback,
343 GNUNET_NAT_ReversalCallback reversal_callback,
348 * Test if the given address is (currently) a plausible IP address for
349 * this peer. Mostly a convenience function so that clients do not
350 * have to explicitly track all IPs that the #GNUNET_NAT_AddressCallback
351 * has returned so far.
353 * @param nh the handle returned by register
354 * @param addr IP address to test (IPv4 or IPv6)
355 * @param addrlen number of bytes in @a addr
356 * @return #GNUNET_YES if the address is plausible,
357 * #GNUNET_NO if the address is not plausible,
358 * #GNUNET_SYSERR if the address is malformed
361 GNUNET_NAT_test_address (struct GNUNET_NAT_Handle *nh,
367 * We learned about a peer (possibly behind NAT) so run the
368 * gnunet-nat-client to send dummy ICMP responses to cause
369 * that peer to connect to us (connection reversal).
371 * @param nh handle (used for configuration)
372 * @param local_sa our local address of the peer (IPv4-only)
373 * @param remote_sa the remote address of the peer (IPv4-only)
374 * @return #GNUNET_SYSERR on error,
375 * #GNUNET_NO if connection reversal is unavailable,
376 * #GNUNET_OK otherwise (presumably in progress)
379 GNUNET_NAT_request_reversal (struct GNUNET_NAT_Handle *nh,
380 const struct sockaddr_in *local_sa,
381 const struct sockaddr_in *remote_sa);
385 * Stop port redirection and public IP address detection for the given
386 * handle. This frees the handle, after having sent the needed
387 * commands to close open ports.
389 * @param nh the handle to unregister
392 GNUNET_NAT_unregister (struct GNUNET_NAT_Handle *nh);
396 * Handle an incoming STUN message. This function is useful as
397 * some GNUnet service may be listening on a UDP port and might
398 * thus receive STUN messages while trying to receive other data.
399 * In this case, this function can be used to process replies
402 * The function does some basic sanity checks on packet size and
403 * content, try to extract a bit of information.
405 * At the moment this only processes BIND requests, and returns the
406 * externally visible address of the request to the rest of the
409 * @param nh handle to the NAT service
410 * @param sender_addr address from which we got @a data
411 * @param sender_addr_len number of bytes in @a sender_addr
412 * @param data the packet
413 * @param data_size number of bytes in @a data
414 * @return #GNUNET_OK on success
415 * #GNUNET_NO if the packet is not a STUN packet
416 * #GNUNET_SYSERR on internal error handling the packet
419 GNUNET_NAT_stun_handle_packet (struct GNUNET_NAT_Handle *nh,
420 const struct sockaddr *sender_addr,
421 size_t sender_addr_len,
427 * Handle to a request given to the resolver. Can be used to cancel
428 * the request prior to the timeout or successful execution. Also
429 * used to track our internal state for the request.
431 struct GNUNET_NAT_STUN_Handle;
435 * Function called to report success or failure for
436 * NAT configuration test.
439 * @param result #GNUNET_NAT_ERROR_SUCCESS on success, otherwise the specific error code
442 (*GNUNET_NAT_TestCallback) (void *cls,
443 enum GNUNET_NAT_StatusCode result);
447 * Make Generic STUN request. Sends a generic stun request to the
448 * server specified using the specified socket. If we do this,
449 * we need to watch for possible responses and call
450 * #GNUNET_NAT_stun_handle_packet() on incoming packets.
452 * @param server the address of the stun server
453 * @param port port of the stun server, in host byte order
454 * @param sock the socket used to send the request, must be a
456 * @param cb callback in case of error
457 * @param cb_cls closure for @a cb
458 * @return NULL on error
460 struct GNUNET_NAT_STUN_Handle *
461 GNUNET_NAT_stun_make_request (const char *server,
463 struct GNUNET_NETWORK_Handle *sock,
464 GNUNET_NAT_TestCallback cb,
469 * Cancel active STUN request. Frees associated resources
470 * and ensures that the callback is no longer invoked.
472 * @param rh request to cancel
475 GNUNET_NAT_stun_make_request_cancel (struct GNUNET_NAT_STUN_Handle *rh);
480 /** @} */ /* end of group */
482 /* end of gnunet_nat_service.h */