2 This file is part of GNUnet.
3 Copyright (C) 2016 GNUnet e.V.
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
22 * @file nat/gnunet-service-nat.c
23 * @brief network address translation traversal service
24 * @author Christian Grothoff
26 * The purpose of this service is to enable transports to
27 * traverse NAT routers, by providing traversal options and
28 * knowledge about the local network topology.
31 * - call GN_start_gnunet_nat_server_() if possible (i.e.
32 * when we find we have a non-global IPv4 address)
33 * - implement autoconfig
34 * - implmeent UPnPC/PMP-based NAT traversal
35 * - implement NEW logic for external IP detection
39 #include "gnunet_util_lib.h"
40 #include "gnunet_protocols.h"
41 #include "gnunet_signatures.h"
42 #include "gnunet_statistics_service.h"
43 #include "gnunet_nat_service.h"
44 #include "gnunet-service-nat_stun.h"
45 #include "gnunet-service-nat_helper.h"
51 * How often should we ask the OS about a list of active
54 #define SCAN_FREQ GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 15)
58 * Internal data structure we track for each of our clients.
66 struct ClientHandle *next;
71 struct ClientHandle *prev;
74 * Underlying handle for this client with the service.
76 struct GNUNET_SERVICE_Client *client;
79 * Message queue for communicating with the client.
81 struct GNUNET_MQ_Handle *mq;
84 * Array of addresses used by the service.
86 struct sockaddr **addrs;
89 * What does this client care about?
91 enum GNUNET_NAT_RegisterFlags flags;
94 * Port we would like as we are configured to use this one for
95 * advertising (in addition to the one we are binding to).
100 * Number of addresses that this service is bound to.
105 * Client's IPPROTO, e.g. IPPROTO_UDP or IPPROTO_TCP.
113 * List of local addresses this system has.
115 struct LocalAddressList
118 * This is a linked list.
120 struct LocalAddressList *next;
125 struct LocalAddressList *prev;
128 * The address itself (i.e. `struct sockaddr_in` or `struct
129 * sockaddr_in6`, in the respective byte order).
131 struct sockaddr_storage addr;
139 * What type of address is this?
141 enum GNUNET_NAT_AddressClass ac;
147 * Handle to our current configuration.
149 static const struct GNUNET_CONFIGURATION_Handle *cfg;
152 * Handle to the statistics service.
154 static struct GNUNET_STATISTICS_Handle *stats;
157 * Task scheduled to periodically scan our network interfaces.
159 static struct GNUNET_SCHEDULER_Task *scan_task;
162 * Head of client DLL.
164 static struct ClientHandle *ch_head;
167 * Tail of client DLL.
169 static struct ClientHandle *ch_tail;
172 * Head of DLL of local addresses.
174 static struct LocalAddressList *lal_head;
177 * Tail of DLL of local addresses.
179 static struct LocalAddressList *lal_tail;
183 * Free the DLL starting at #lal_head.
188 struct LocalAddressList *lal;
190 while (NULL != (lal = lal_head))
192 GNUNET_CONTAINER_DLL_remove (lal_head,
201 * Check validity of #GNUNET_MESSAGE_TYPE_NAT_REGISTER message from
204 * @param cls client who sent the message
205 * @param message the message received
206 * @return #GNUNET_OK if message is well-formed
209 check_register (void *cls,
210 const struct GNUNET_NAT_RegisterMessage *message)
212 uint16_t num_addrs = ntohs (message->num_addrs);
213 const char *off = (const char *) &message[1];
214 size_t left = ntohs (message->header.size) - sizeof (*message);
216 for (unsigned int i=0;i<num_addrs;i++)
219 const struct sockaddr *sa = (const struct sockaddr *) off;
221 if (sizeof (sa_family_t) > left)
224 return GNUNET_SYSERR;
226 switch (sa->sa_family)
229 alen = sizeof (struct sockaddr_in);
232 alen = sizeof (struct sockaddr_in6);
236 alen = sizeof (struct sockaddr_un);
241 return GNUNET_SYSERR;
246 return GNUNET_SYSERR;
254 * Handler for #GNUNET_MESSAGE_TYPE_NAT_REGISTER message from client.
255 * We remember the client for updates upon future NAT events.
257 * @param cls client who sent the message
258 * @param message the message received
261 handle_register (void *cls,
262 const struct GNUNET_NAT_RegisterMessage *message)
264 struct ClientHandle *ch = cls;
268 if ( (0 != ch->proto) ||
269 (NULL != ch->addrs) )
271 /* double registration not allowed */
273 GNUNET_SERVICE_client_drop (ch->client);
276 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
277 "Received REGISTER message from client\n");
278 ch->flags = message->flags;
279 ch->proto = message->proto;
280 ch->adv_port = ntohs (message->adv_port);
281 ch->num_addrs = ntohs (message->adv_port);
282 ch->addrs = GNUNET_new_array (ch->num_addrs,
284 left = ntohs (message->header.size) - sizeof (*message);
285 off = (const char *) &message[1];
286 for (unsigned int i=0;i<ch->num_addrs;i++)
289 const struct sockaddr *sa = (const struct sockaddr *) off;
291 if (sizeof (sa_family_t) > left)
294 GNUNET_SERVICE_client_drop (ch->client);
297 switch (sa->sa_family)
300 alen = sizeof (struct sockaddr_in);
303 alen = sizeof (struct sockaddr_in6);
307 alen = sizeof (struct sockaddr_un);
312 GNUNET_SERVICE_client_drop (ch->client);
315 GNUNET_assert (alen <= left);
316 ch->addrs[i] = GNUNET_malloc (alen);
317 GNUNET_memcpy (ch->addrs[i],
322 GNUNET_SERVICE_client_continue (ch->client);
327 * Check validity of #GNUNET_MESSAGE_TYPE_NAT_HANDLE_STUN message from
330 * @param cls client who sent the message
331 * @param message the message received
332 * @return #GNUNET_OK if message is well-formed
335 check_stun (void *cls,
336 const struct GNUNET_NAT_HandleStunMessage *message)
338 size_t sa_len = ntohs (message->sender_addr_size);
339 size_t expect = sa_len + ntohs (message->payload_size);
341 if (ntohs (message->header.size) - sizeof (*message) != expect)
344 return GNUNET_SYSERR;
346 if (sa_len < sizeof (sa_family_t))
349 return GNUNET_SYSERR;
356 * Handler for #GNUNET_MESSAGE_TYPE_NAT_HANDLE_STUN message from
359 * @param cls client who sent the message
360 * @param message the message received
363 handle_stun (void *cls,
364 const struct GNUNET_NAT_HandleStunMessage *message)
366 struct ClientHandle *ch = cls;
367 const char *buf = (const char *) &message[1];
368 const struct sockaddr *sa;
372 struct sockaddr_in external_addr;
374 sa_len = ntohs (message->sender_addr_size);
375 payload_size = ntohs (message->payload_size);
376 sa = (const struct sockaddr *) &buf[0];
377 payload = (const struct sockaddr *) &buf[sa_len];
378 switch (sa->sa_family)
381 if (sa_len != sizeof (struct sockaddr_in))
384 GNUNET_SERVICE_client_drop (ch->client);
389 if (sa_len != sizeof (struct sockaddr_in6))
392 GNUNET_SERVICE_client_drop (ch->client);
397 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
398 "Received HANDLE_STUN message from client\n");
400 GNUNET_NAT_stun_handle_packet_ (payload,
404 /* FIXME: do something with "external_addr"! We
405 now know that a server at "sa" claims that
406 we are visible at IP "external_addr".
408 We should (for some fixed period of time) tell
409 all of our clients that listen to a NAT'ed address
410 that they might want to consider the given 'external_ip'
411 as their public IP address (this includes TCP and UDP
412 clients, even if only UDP sends STUN requests).
414 If we do not get a renewal, the "external_addr" should be
415 removed again. The timeout frequency should be configurable
416 (with a sane default), so that the UDP plugin can tell how
417 often to re-request STUN.
421 GNUNET_SERVICE_client_continue (ch->client);
427 * #GNUNET_MESSAGE_TYPE_NAT_REQUEST_CONNECTION_REVERSAL message from
430 * @param cls client who sent the message
431 * @param message the message received
432 * @return #GNUNET_OK if message is well-formed
435 check_request_connection_reversal (void *cls,
436 const struct GNUNET_NAT_RequestConnectionReversalMessage *message)
440 expect = ntohs (message->local_addr_size)
441 + ntohs (message->remote_addr_size);
442 if (ntohs (message->header.size) - sizeof (*message) != expect)
445 return GNUNET_SYSERR;
452 * Handler for #GNUNET_MESSAGE_TYPE_NAT_REQUEST_CONNECTION_REVERSAL
453 * message from client.
455 * @param cls client who sent the message
456 * @param message the message received
459 handle_request_connection_reversal (void *cls,
460 const struct GNUNET_NAT_RequestConnectionReversalMessage *message)
462 struct ClientHandle *ch = cls;
463 const char *buf = (const char *) &message[1];
464 size_t local_sa_len = ntohs (message->local_addr_size);
465 size_t remote_sa_len = ntohs (message->remote_addr_size);
466 const struct sockaddr *local_sa = (const struct sockaddr *) &buf[0];
467 const struct sockaddr *remote_sa = (const struct sockaddr *) &buf[local_sa_len];
469 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
470 "Received REQUEST CONNECTION REVERSAL message from client\n");
471 switch (local_sa->sa_family)
474 if (local_sa_len != sizeof (struct sockaddr_in))
477 GNUNET_SERVICE_client_drop (ch->client);
482 if (local_sa_len != sizeof (struct sockaddr_in6))
485 GNUNET_SERVICE_client_drop (ch->client);
491 GNUNET_SERVICE_client_drop (ch->client);
494 switch (remote_sa->sa_family)
497 if (remote_sa_len != sizeof (struct sockaddr_in))
500 GNUNET_SERVICE_client_drop (ch->client);
505 if (remote_sa_len != sizeof (struct sockaddr_in6))
508 GNUNET_SERVICE_client_drop (ch->client);
514 GNUNET_SERVICE_client_drop (ch->client);
517 /* FIXME: actually run the logic by
518 calling 'GN_request_connection_reversal()' */
520 GNUNET_SERVICE_client_continue (ch->client);
525 * Check validity of #GNUNET_MESSAGE_TYPE_NAT_REQUEST_AUTO_CFG message
528 * @param cls client who sent the message
529 * @param message the message received
530 * @return #GNUNET_OK if message is well-formed
533 check_autoconfig_request (void *cls,
534 const struct GNUNET_NAT_AutoconfigRequestMessage *message)
536 return GNUNET_OK; /* checked later */
541 * Handler for #GNUNET_MESSAGE_TYPE_NAT_REQUEST_AUTO_CFG message from
544 * @param cls client who sent the message
545 * @param message the message received
548 handle_autoconfig_request (void *cls,
549 const struct GNUNET_NAT_AutoconfigRequestMessage *message)
551 struct ClientHandle *ch = cls;
552 size_t left = ntohs (message->header.size);
553 struct GNUNET_CONFIGURATION_Handle *c;
555 c = GNUNET_CONFIGURATION_create ();
557 GNUNET_CONFIGURATION_deserialize (c,
558 (const char *) &message[1],
563 GNUNET_SERVICE_client_drop (ch->client);
566 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
567 "Received REQUEST_AUTO_CONFIG message from client\n");
568 // FIXME: actually handle request...
569 GNUNET_CONFIGURATION_destroy (c);
570 GNUNET_SERVICE_client_continue (ch->client);
575 * Task run during shutdown.
580 shutdown_task (void *cls)
582 if (NULL != scan_task)
584 GNUNET_SCHEDULER_cancel (scan_task);
589 GNUNET_STATISTICS_destroy (stats, GNUNET_NO);
597 * Closure for #ifc_proc.
599 struct IfcProcContext
603 * Head of DLL of local addresses.
605 struct LocalAddressList *lal_head;
608 * Tail of DLL of local addresses.
610 struct LocalAddressList *lal_tail;
616 * Check if @a ip is in @a network with @a bits netmask.
618 * @param network to test
619 * @param ip IP address to test
620 * @param bits bitmask for the network
621 * @return #GNUNET_YES if @a ip is in @a network
624 match_ipv4 (const char *network,
625 const struct in_addr *ip,
632 GNUNET_assert (1 == inet_pton (AF_INET,
635 return ! ((ip->s_addr ^ net.s_addr) & htonl (0xFFFFFFFFu << (32 - bits)));
640 * Check if @a ip is in @a network with @a bits netmask.
642 * @param network to test
643 * @param ip IP address to test
644 * @param bits bitmask for the network
645 * @return #GNUNET_YES if @a ip is in @a network
648 match_ipv6 (const char *network,
649 const struct in6_addr *ip,
653 struct in6_addr mask;
658 GNUNET_assert (1 == inet_pton (AF_INET,
661 memset (&mask, 0, sizeof (mask));
665 mask.s6_addr[off++] = 0xFF;
670 mask.s6_addr[off] = (mask.s6_addr[off] >> 1) + 0x80;
673 for (unsigned j = 0; j < sizeof (struct in6_addr) / sizeof (uint32_t); j++)
674 if (((((uint32_t *) ip)[j] & ((uint32_t *) &mask)[j])) !=
675 (((uint32_t *) &net)[j] & ((int *) &mask)[j]))
682 * Test if the given IPv4 address is in a known range
683 * for private networks.
685 * @param ip address to test
686 * @return #GNUNET_YES if @a ip is in a NAT range
689 is_nat_v4 (const struct in_addr *ip)
692 match_ipv4 ("10.0.0.0", ip, 8) || /* RFC 1918 */
693 match_ipv4 ("100.64.0.0", ip, 10) || /* CG-NAT, RFC 6598 */
694 match_ipv4 ("192.168.0.0", ip, 12) || /* RFC 1918 */
695 match_ipv4 ("169.254.0.0", ip, 16) || /* AUTO, RFC 3927 */
696 match_ipv4 ("172.16.0.0", ip, 16); /* RFC 1918 */
701 * Test if the given IPv6 address is in a known range
702 * for private networks.
704 * @param ip address to test
705 * @return #GNUNET_YES if @a ip is in a NAT range
708 is_nat_v6 (const struct in6_addr *ip)
711 match_ipv6 ("fc00::", ip, 7) || /* RFC 4193 */
712 match_ipv6 ("fec0::", ip, 10) || /* RFC 3879 */
713 match_ipv6 ("fe80::", ip, 10); /* RFC 4291, link-local */
718 * Callback function invoked for each interface found. Adds them
719 * to our new address list.
721 * @param cls a `struct IfcProcContext *`
722 * @param name name of the interface (can be NULL for unknown)
723 * @param isDefault is this presumably the default interface
724 * @param addr address of this interface (can be NULL for unknown or unassigned)
725 * @param broadcast_addr the broadcast address (can be NULL for unknown or unassigned)
726 * @param netmask the network mask (can be NULL for unknown or unassigned)
727 * @param addrlen length of the address
728 * @return #GNUNET_OK to continue iteration, #GNUNET_SYSERR to abort
734 const struct sockaddr *addr,
735 const struct sockaddr *broadcast_addr,
736 const struct sockaddr *netmask,
739 struct IfcProcContext *ifc_ctx = cls;
740 struct LocalAddressList *lal;
742 const struct in_addr *ip4;
743 const struct in6_addr *ip6;
744 enum GNUNET_NAT_AddressClass ac;
746 switch (addr->sa_family)
749 alen = sizeof (struct sockaddr_in);
750 ip4 = &((const struct sockaddr_in *) addr)->sin_addr;
751 if (match_ipv4 ("127.0.0.0", ip4, 8))
752 ac = GNUNET_NAT_AC_LOOPBACK;
753 else if (is_nat_v4 (ip4))
754 ac = GNUNET_NAT_AC_LAN;
756 ac = GNUNET_NAT_AC_GLOBAL;
759 alen = sizeof (struct sockaddr_in6);
760 ip6 = &((const struct sockaddr_in6 *) addr)->sin6_addr;
761 if (match_ipv6 ("::1", ip6, 128))
762 ac = GNUNET_NAT_AC_LOOPBACK;
763 else if (is_nat_v6 (ip6))
764 ac = GNUNET_NAT_AC_LAN;
766 ac = GNUNET_NAT_AC_GLOBAL;
767 if ( (ip6->s6_addr[11] == 0xFF) &&
768 (ip6->s6_addr[12] == 0xFE) )
770 /* contains a MAC, be extra careful! */
771 ac |= GNUNET_NAT_AC_PRIVATE;
783 lal = GNUNET_malloc (sizeof (*lal));
784 lal->af = addr->sa_family;
786 GNUNET_memcpy (&lal->addr,
789 GNUNET_CONTAINER_DLL_insert (ifc_ctx->lal_head,
797 * Notify client about a change in the list
798 * of addresses this peer has.
800 * @param delta the entry in the list that changed
801 * @param ch client to contact
802 * @param add #GNUNET_YES to add, #GNUNET_NO to remove
803 * @param addr the address that changed
804 * @param addr_len number of bytes in @a addr
807 notify_client (struct LocalAddressList *delta,
808 struct ClientHandle *ch,
813 struct GNUNET_MQ_Envelope *env;
814 struct GNUNET_NAT_AddressChangeNotificationMessage *msg;
816 env = GNUNET_MQ_msg_extra (msg,
818 GNUNET_MESSAGE_TYPE_NAT_ADDRESS_CHANGE);
819 msg->add_remove = htonl (add);
820 msg->addr_class = htonl (delta->ac);
821 GNUNET_memcpy (&msg[1],
824 GNUNET_MQ_send (ch->mq,
830 * Notify all clients about a change in the list
831 * of addresses this peer has.
833 * @param delta the entry in the list that changed
834 * @param add #GNUNET_YES to add, #GNUNET_NO to remove
837 notify_clients (struct LocalAddressList *delta,
840 for (struct ClientHandle *ch = ch_head;
845 struct sockaddr_in v4;
846 struct sockaddr_in6 v6;
848 if (0 == (ch->flags & GNUNET_NAT_RF_ADDRESSES))
853 alen = sizeof (struct sockaddr_in);
857 for (unsigned int i=0;i<ch->num_addrs;i++)
859 const struct sockaddr_in *c4;
861 if (AF_INET != ch->addrs[i]->sa_family)
862 continue; /* IPv4 not relevant */
863 c4 = (const struct sockaddr_in *) ch->addrs[i];
864 v4.sin_port = c4->sin_port;
865 notify_client (delta,
873 alen = sizeof (struct sockaddr_in6);
877 for (unsigned int i=0;i<ch->num_addrs;i++)
879 const struct sockaddr_in6 *c6;
881 if (AF_INET6 != ch->addrs[i]->sa_family)
882 continue; /* IPv4 not relevant */
883 c6 = (const struct sockaddr_in6 *) ch->addrs[i];
884 v6.sin6_port = c6->sin6_port;
885 notify_client (delta,
901 * Task we run periodically to scan for network interfaces.
908 struct IfcProcContext ifc_ctx;
911 scan_task = GNUNET_SCHEDULER_add_delayed (SCAN_FREQ,
917 GNUNET_OS_network_interfaces_list (&ifc_proc,
919 for (struct LocalAddressList *lal = lal_head;
924 for (struct LocalAddressList *pos = ifc_ctx.lal_head;
928 if ( (pos->af == lal->af) &&
929 (0 == memcmp (&lal->addr,
932 ? sizeof (struct sockaddr_in)
933 : sizeof (struct sockaddr_in6))) )
936 if (GNUNET_NO == found)
941 for (struct LocalAddressList *pos = ifc_ctx.lal_head;
946 for (struct LocalAddressList *lal = lal_head;
950 if ( (pos->af == lal->af) &&
951 (0 == memcmp (&lal->addr,
954 ? sizeof (struct sockaddr_in)
955 : sizeof (struct sockaddr_in6))) )
958 if (GNUNET_NO == found)
964 lal_head = ifc_ctx.lal_head;
965 lal_tail = ifc_ctx.lal_tail;
970 * Handle network size estimate clients.
973 * @param c configuration to use
974 * @param service the initialized service
978 const struct GNUNET_CONFIGURATION_Handle *c,
979 struct GNUNET_SERVICE_Handle *service)
982 GNUNET_SCHEDULER_add_shutdown (&shutdown_task,
984 stats = GNUNET_STATISTICS_create ("nat",
986 scan_task = GNUNET_SCHEDULER_add_now (&run_scan,
992 * Callback called when a client connects to the service.
994 * @param cls closure for the service
995 * @param c the new client that connected to the service
996 * @param mq the message queue used to send messages to the client
997 * @return a `struct ClientHandle`
1000 client_connect_cb (void *cls,
1001 struct GNUNET_SERVICE_Client *c,
1002 struct GNUNET_MQ_Handle *mq)
1004 struct ClientHandle *ch;
1006 ch = GNUNET_new (struct ClientHandle);
1009 GNUNET_CONTAINER_DLL_insert (ch_head,
1017 * Callback called when a client disconnected from the service
1019 * @param cls closure for the service
1020 * @param c the client that disconnected
1021 * @param internal_cls a `struct ClientHandle *`
1024 client_disconnect_cb (void *cls,
1025 struct GNUNET_SERVICE_Client *c,
1028 struct ClientHandle *ch = internal_cls;
1030 GNUNET_CONTAINER_DLL_remove (ch_head,
1033 for (unsigned int i=0;i<ch->num_addrs;i++)
1034 GNUNET_free_non_null (ch->addrs[i]);
1035 GNUNET_free_non_null (ch->addrs);
1041 * Define "main" method using service macro.
1045 GNUNET_SERVICE_OPTION_NONE,
1048 &client_disconnect_cb,
1050 GNUNET_MQ_hd_var_size (register,
1051 GNUNET_MESSAGE_TYPE_NAT_REGISTER,
1052 struct GNUNET_NAT_RegisterMessage,
1054 GNUNET_MQ_hd_var_size (stun,
1055 GNUNET_MESSAGE_TYPE_NAT_HANDLE_STUN,
1056 struct GNUNET_NAT_HandleStunMessage,
1058 GNUNET_MQ_hd_var_size (request_connection_reversal,
1059 GNUNET_MESSAGE_TYPE_NAT_REQUEST_CONNECTION_REVERSAL,
1060 struct GNUNET_NAT_RequestConnectionReversalMessage,
1062 GNUNET_MQ_hd_var_size (autoconfig_request,
1063 GNUNET_MESSAGE_TYPE_NAT_REQUEST_AUTO_CFG,
1064 struct GNUNET_NAT_AutoconfigRequestMessage,
1066 GNUNET_MQ_handler_end ());
1069 #if defined(LINUX) && defined(__GLIBC__)
1073 * MINIMIZE heap size (way below 128k) since this process doesn't need much.
1075 void __attribute__ ((constructor))
1076 GNUNET_ARM_memory_init ()
1078 mallopt (M_TRIM_THRESHOLD, 4 * 1024);
1079 mallopt (M_TOP_PAD, 1 * 1024);
1084 /* end of gnunet-service-nat.c */