2 This file is part of GNUnet.
3 Copyright (C) 2009, 2010, 2011 Christian Grothoff (and other contributing authors)
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
23 * @brief Library handling UPnP and NAT-PMP port forwarding and
24 * external IP address retrieval
25 * @author Milan Bouchet-Valat
26 * @author Christian Grothoff
29 #include "gnunet_util_lib.h"
30 #include "gnunet_resolver_service.h"
31 #include "gnunet_nat_lib.h"
34 #define LOG(kind,...) GNUNET_log_from (kind, "nat", __VA_ARGS__)
37 * How often do we scan for changes in our IP address from our local
40 #define IFC_SCAN_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 15)
43 * How often do we scan for changes in how our hostname resolves?
45 #define HOSTNAME_DNS_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 20)
49 * How often do we scan for changes in how our external (dyndns) hostname resolves?
51 #define DYNDNS_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 7)
54 * How long until we give up trying to resolve our own hostname?
56 #define HOSTNAME_RESOLVE_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 1)
60 * Where did the given local address originate from?
61 * To be used for debugging as well as in the future
62 * to remove all addresses from a certain source when
63 * we reevaluate the source.
65 enum LocalAddressSource
68 * Address was obtained by DNS resolution of the external hostname
69 * given in the configuration (i.e. hole-punched DynDNS setup).
74 * Address was obtained by an external STUN server
79 * Address was obtained by DNS resolution of the external hostname
80 * given in the configuration (i.e. hole-punched DynDNS setup)
81 * during the previous iteration (see #3213).
86 * Address was obtained by looking up our own hostname in DNS.
91 * Address was obtained by scanning our hosts's network interfaces
92 * and taking their address (no DNS involved).
94 LAL_INTERFACE_ADDRESS,
97 * Addresses we were explicitly bound to.
102 * Addresses from UPnP or PMP
114 * List of local addresses that we currently deem valid. Actual
115 * struct is followed by the 'struct sockaddr'. Note that the code
116 * intentionally makes no attempt to ensure that a particular address
117 * is only listed once (especially since it may come from different
118 * sources, and the source is an "internal" construct).
120 struct LocalAddressList
123 * This is a linked list.
125 struct LocalAddressList *next;
130 struct LocalAddressList *prev;
133 * Number of bytes of address that follow.
138 * Origin of the local address.
140 enum LocalAddressSource source;
145 * Handle for miniupnp-based NAT traversal actions.
151 * Doubly-linked list.
153 struct MiniList *next;
156 * Doubly-linked list.
158 struct MiniList *prev;
161 * Handle to mini-action.
163 struct GNUNET_NAT_MiniHandle *mini;
166 * Local port number that was mapped.
174 * Handle for active NAT registrations.
176 struct GNUNET_NAT_Handle
180 * Configuration to use.
182 const struct GNUNET_CONFIGURATION_Handle *cfg;
185 * Function to call when we learn about a new address.
187 GNUNET_NAT_AddressCallback address_callback;
190 * Function to call when we notice another peer asking for
191 * connection reversal.
193 GNUNET_NAT_ReversalCallback reversal_callback;
196 * Closure for callbacks (@e address_callback and @e reversal_callback)
201 * Handle for (DYN)DNS lookup of our external IP.
203 struct GNUNET_RESOLVER_RequestHandle *ext_dns;
206 * Handle for request of hostname resolution, non-NULL if pending.
208 struct GNUNET_RESOLVER_RequestHandle *hostname_dns;
211 * stdout pipe handle for the gnunet-helper-nat-server process
213 struct GNUNET_DISK_PipeHandle *server_stdout;
216 * stdout file handle (for reading) for the gnunet-helper-nat-server process
218 const struct GNUNET_DISK_FileHandle *server_stdout_handle;
221 * Linked list of currently valid addresses (head).
223 struct LocalAddressList *lal_head;
226 * Linked list of currently valid addresses (tail).
228 struct LocalAddressList *lal_tail;
231 * How long do we wait for restarting a crashed gnunet-helper-nat-server?
233 struct GNUNET_TIME_Relative server_retry_delay;
236 * ID of select gnunet-helper-nat-server stdout read task
238 struct GNUNET_SCHEDULER_Task * server_read_task;
241 * ID of interface IP-scan task
243 struct GNUNET_SCHEDULER_Task * ifc_task;
246 * ID of hostname DNS lookup task
248 struct GNUNET_SCHEDULER_Task * hostname_task;
251 * ID of DynDNS lookup task
253 struct GNUNET_SCHEDULER_Task *dns_task;
256 * How often do we scan for changes in our IP address from our local
259 struct GNUNET_TIME_Relative ifc_scan_frequency;
262 * How often do we scan for changes in how our hostname resolves?
264 struct GNUNET_TIME_Relative hostname_dns_frequency;
267 * How often do we scan for changes in how our external (dyndns) hostname resolves?
269 struct GNUNET_TIME_Relative dyndns_frequency;
272 * The process id of the server process (if behind NAT)
274 struct GNUNET_OS_Process *server_proc;
277 * LAN address as passed by the caller (array).
279 struct sockaddr **local_addrs;
282 * Length of the @e local_addrs.
284 socklen_t *local_addrlens;
287 * List of handles for UPnP-traversal, one per local port (if
290 struct MiniList *mini_head;
293 * List of handles for UPnP-traversal, one per local port (if
296 struct MiniList *mini_tail;
299 * Number of entries in 'local_addrs' array.
301 unsigned int num_local_addrs;
304 * Our external address (according to config, UPnP may disagree...),
305 * in dotted decimal notation, IPv4-only. Or NULL if not known.
307 char *external_address;
310 * Presumably our internal address (according to config)
312 char *internal_address;
315 * Is this transport configured to be behind a NAT?
320 * Has the NAT been punched? (according to config)
325 * Is this transport configured to allow connections to NAT'd peers?
327 int enable_nat_client;
330 * Should we run the gnunet-helper-nat-server?
332 int enable_nat_server;
335 * Are we allowed to try UPnP/PMP for NAT traversal?
340 * Should we use local addresses (loopback)? (according to config)
342 int use_localaddresses;
345 * Should we return local addresses to clients
347 int return_localaddress;
350 * Should we do a DNS lookup of our hostname to find out our own IP?
355 * Is using IPv6 disabled?
360 * Is this TCP or UDP?
365 * Port we advertise to the outside.
373 * Try to start the gnunet-helper-nat-server (if it is not
376 * @param h handle to NAT
379 start_gnunet_nat_server (struct GNUNET_NAT_Handle *h);
383 * Remove all addresses from the list of 'local' addresses
384 * that originated from the given source.
386 * @param h handle to NAT
387 * @param src source that identifies addresses to remove
390 remove_from_address_list_by_source (struct GNUNET_NAT_Handle *h,
391 enum LocalAddressSource src)
393 struct LocalAddressList *pos;
394 struct LocalAddressList *next;
397 while (NULL != (pos = next))
400 if (pos->source != src)
402 GNUNET_CONTAINER_DLL_remove (h->lal_head, h->lal_tail, pos);
403 if (NULL != h->address_callback)
404 h->address_callback (h->callback_cls, GNUNET_NO,
405 (const struct sockaddr *) &pos[1], pos->addrlen);
412 * Add the given address to the list of 'local' addresses, thereby
413 * making it a 'legal' address for this peer to have.
415 * @param h handle to NAT
416 * @param src where did the local address originate from?
417 * @param arg the address, some `struct sockaddr`
418 * @param arg_size number of bytes in @a arg
421 add_to_address_list_as_is (struct GNUNET_NAT_Handle *h,
422 enum LocalAddressSource src,
423 const struct sockaddr *arg, socklen_t arg_size)
425 struct LocalAddressList *lal;
427 lal = GNUNET_malloc (sizeof (struct LocalAddressList) + arg_size);
428 memcpy (&lal[1], arg, arg_size);
429 lal->addrlen = arg_size;
431 GNUNET_CONTAINER_DLL_insert (h->lal_head, h->lal_tail, lal);
432 LOG (GNUNET_ERROR_TYPE_DEBUG,
433 "Adding address `%s' from source %d\n",
434 GNUNET_a2s (arg, arg_size),
436 if (NULL != h->address_callback)
437 h->address_callback (h->callback_cls, GNUNET_YES, arg, arg_size);
442 * Add the given address to the list of 'local' addresses, thereby
443 * making it a 'legal' address for this peer to have. Set the
444 * port number in the process to the advertised port and possibly
445 * also to zero (if we have the gnunet-helper-nat-server).
447 * @param h handle to NAT
448 * @param src where did the local address originate from?
449 * @param arg the address, some `struct sockaddr`
450 * @param arg_size number of bytes in @a arg
453 add_to_address_list (struct GNUNET_NAT_Handle *h,
454 enum LocalAddressSource src,
455 const struct sockaddr *arg,
458 struct sockaddr_in s4;
459 const struct sockaddr_in *in4;
460 struct sockaddr_in6 s6;
461 const struct sockaddr_in6 *in6;
463 if (arg_size == sizeof (struct sockaddr_in))
465 in4 = (const struct sockaddr_in *) arg;
467 s4.sin_port = htons (h->adv_port);
468 add_to_address_list_as_is (h, src, (const struct sockaddr *) &s4,
469 sizeof (struct sockaddr_in));
470 if (GNUNET_YES == h->enable_nat_server)
472 /* also add with PORT = 0 to indicate NAT server is enabled */
473 s4.sin_port = htons (0);
474 add_to_address_list_as_is (h, src, (const struct sockaddr *) &s4,
475 sizeof (struct sockaddr_in));
478 else if (arg_size == sizeof (struct sockaddr_in6))
480 if (GNUNET_YES != h->disable_ipv6)
482 in6 = (const struct sockaddr_in6 *) arg;
484 s6.sin6_port = htons (h->adv_port);
485 add_to_address_list_as_is (h, src, (const struct sockaddr *) &s6,
486 sizeof (struct sockaddr_in6));
497 * Add the given IP address to the list of 'local' addresses, thereby
498 * making it a 'legal' address for this peer to have.
500 * @param h handle to NAT
501 * @param src where did the local address originate from?
502 * @param addr the address, some `struct in_addr` or `struct in6_addr`
503 * @param addrlen number of bytes in addr
506 add_ip_to_address_list (struct GNUNET_NAT_Handle *h,
507 enum LocalAddressSource src, const void *addr,
510 struct sockaddr_in s4;
511 const struct in_addr *in4;
512 struct sockaddr_in6 s6;
513 const struct in6_addr *in6;
515 if (addrlen == sizeof (struct in_addr))
517 in4 = (const struct in_addr *) addr;
518 memset (&s4, 0, sizeof (s4));
519 s4.sin_family = AF_INET;
521 #if HAVE_SOCKADDR_IN_SIN_LEN
522 s4.sin_len = (u_char) sizeof (struct sockaddr_in);
525 add_to_address_list (h, src, (const struct sockaddr *) &s4,
526 sizeof (struct sockaddr_in));
527 if (GNUNET_YES == h->enable_nat_server)
529 /* also add with PORT = 0 to indicate NAT server is enabled */
530 s4.sin_port = htons (0);
531 add_to_address_list (h, src, (const struct sockaddr *) &s4,
532 sizeof (struct sockaddr_in));
536 else if (addrlen == sizeof (struct in6_addr))
538 if (GNUNET_YES != h->disable_ipv6)
540 in6 = (const struct in6_addr *) addr;
541 memset (&s6, 0, sizeof (s6));
542 s6.sin6_family = AF_INET6;
543 s6.sin6_port = htons (h->adv_port);
544 #if HAVE_SOCKADDR_IN_SIN_LEN
545 s6.sin6_len = (u_char) sizeof (struct sockaddr_in6);
548 add_to_address_list (h, src, (const struct sockaddr *) &s6,
549 sizeof (struct sockaddr_in6));
560 * Task to do DNS lookup on our external hostname to
561 * get DynDNS-IP addresses.
563 * @param cls the NAT handle
564 * @param tc scheduler context
567 resolve_dns (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc);
571 * Our (external) hostname was resolved and the configuration says that
572 * the NAT was hole-punched.
574 * @param cls the `struct GNUNET_NAT_Handle`
575 * @param addr NULL on error, otherwise result of DNS lookup
576 * @param addrlen number of bytes in @a addr
579 process_external_ip (void *cls,
580 const struct sockaddr *addr,
583 struct GNUNET_NAT_Handle *h = cls;
584 struct in_addr dummy;
589 /* Current iteration is over, remove 'old' IPs now */
590 LOG (GNUNET_ERROR_TYPE_DEBUG,
591 "Purging old IPs for external address\n");
592 remove_from_address_list_by_source (h, LAL_EXTERNAL_IP_OLD);
593 if (1 == inet_pton (AF_INET,
597 LOG (GNUNET_ERROR_TYPE_DEBUG,
598 "Got numeric IP for external address, not repeating lookup\n");
599 return; /* repated lookup pointless: was numeric! */
602 GNUNET_SCHEDULER_add_delayed (h->dyndns_frequency,
606 LOG (GNUNET_ERROR_TYPE_DEBUG,
607 "Got IP `%s' for external address `%s'\n",
608 GNUNET_a2s (addr, addrlen),
609 h->external_address);
610 add_to_address_list (h, LAL_EXTERNAL_IP, addr, addrlen);
615 * Task to do a lookup on our hostname for IP addresses.
617 * @param cls the NAT handle
618 * @param tc scheduler context
621 resolve_hostname (void *cls,
622 const struct GNUNET_SCHEDULER_TaskContext *tc);
626 * Function called by the resolver for each address obtained from DNS
627 * for our own hostname. Add the addresses to the list of our IP
631 * @param addr one of the addresses of the host, NULL for the last address
632 * @param addrlen length of the @a addr
635 process_hostname_ip (void *cls,
636 const struct sockaddr *addr,
639 struct GNUNET_NAT_Handle *h = cls;
643 h->hostname_dns = NULL;
645 GNUNET_SCHEDULER_add_delayed (h->hostname_dns_frequency,
646 &resolve_hostname, h);
649 add_to_address_list (h, LAL_HOSTNAME_DNS, addr, addrlen);
654 * Add the IP of our network interface to the list of
657 * @param cls the `struct GNUNET_NAT_Handle`
658 * @param name name of the interface
659 * @param isDefault do we think this may be our default interface
660 * @param addr address of the interface
661 * @param broadcast_addr the broadcast address (can be NULL for unknown or unassigned)
662 * @param netmask the network mask (can be NULL for unknown or unassigned))
663 * @param addrlen number of bytes in @a addr and @a broadcast_addr
664 * @return #GNUNET_OK to continue iterating
667 process_interfaces (void *cls,
670 const struct sockaddr *addr,
671 const struct sockaddr *broadcast_addr,
672 const struct sockaddr *netmask,
675 const static struct in6_addr any6 = IN6ADDR_ANY_INIT;
676 struct GNUNET_NAT_Handle *h = cls;
677 const struct sockaddr_in *s4;
678 const struct sockaddr_in6 *s6;
680 char buf[INET6_ADDRSTRLEN];
685 /* skip virtual interfaces created by GNUnet-vpn */
687 GNUNET_CONFIGURATION_get_value_string (h->cfg,
692 if (0 == strcmp (name,
695 GNUNET_free (tun_if);
699 /* skip virtual interfaces created by GNUnet-dns */
701 GNUNET_CONFIGURATION_get_value_string (h->cfg,
706 if (0 == strcmp (name,
709 GNUNET_free (tun_if);
713 /* skip virtual interfaces created by GNUnet-exit */
715 GNUNET_CONFIGURATION_get_value_string (h->cfg,
720 if (0 == strcmp (name,
723 GNUNET_free (tun_if);
729 switch (addr->sa_family)
732 /* check if we're bound to the "ANY" IP address */
733 have_any = GNUNET_NO;
734 for (i=0;i<h->num_local_addrs;i++)
736 if (h->local_addrs[i]->sa_family != AF_INET)
741 if (INADDR_ANY == ((struct sockaddr_in*) h->local_addrs[i])->sin_addr.s_addr)
743 have_any = GNUNET_YES;
747 if (GNUNET_NO == have_any)
748 return GNUNET_OK; /* not bound to IP 0.0.0.0 but to specific IP addresses,
749 do not use those from interfaces */
750 s4 = (struct sockaddr_in *) addr;
753 /* Check if address is in 127.0.0.0/8 */
754 uint32_t address = ntohl ((uint32_t) (s4->sin_addr.s_addr));
755 uint32_t value = (address & 0xFF000000) ^ 0x7F000000;
757 if ((h->return_localaddress == GNUNET_NO) && (value == 0))
761 if ((GNUNET_YES == h->use_localaddresses) || (value != 0))
763 add_ip_to_address_list (h, LAL_INTERFACE_ADDRESS, &s4->sin_addr,
764 sizeof (struct in_addr));
768 /* check if we're bound to the "ANY" IP address */
769 have_any = GNUNET_NO;
770 for (i=0;i<h->num_local_addrs;i++)
772 if (h->local_addrs[i]->sa_family != AF_INET6)
774 if (0 == memcmp (&any6,
775 &((struct sockaddr_in6*) h->local_addrs[i])->sin6_addr,
776 sizeof (struct in6_addr)))
778 have_any = GNUNET_YES;
782 if (GNUNET_NO == have_any)
783 return GNUNET_OK; /* not bound to "ANY" IP (::0) but to specific IP addresses,
784 do not use those from interfaces */
786 s6 = (struct sockaddr_in6 *) addr;
787 if (IN6_IS_ADDR_LINKLOCAL (&((struct sockaddr_in6 *) addr)->sin6_addr))
789 /* skip link local addresses */
792 if ((h->return_localaddress == GNUNET_NO) &&
793 (IN6_IS_ADDR_LOOPBACK (&((struct sockaddr_in6 *) addr)->sin6_addr)))
798 if (GNUNET_YES == h->use_localaddresses)
800 add_ip_to_address_list (h, LAL_INTERFACE_ADDRESS, &s6->sin6_addr,
801 sizeof (struct in6_addr));
808 if ((h->internal_address == NULL) && (h->server_proc == NULL) &&
809 (h->server_read_task == NULL) &&
810 (GNUNET_YES == isDefault) && ((addr->sa_family == AF_INET) ||
811 (addr->sa_family == AF_INET6)))
813 /* no internal address configured, but we found a "default"
814 * interface, try using that as our 'internal' address */
815 h->internal_address =
816 GNUNET_strdup (inet_ntop (addr->sa_family, ip, buf, sizeof (buf)));
817 start_gnunet_nat_server (h);
824 * Task that restarts the gnunet-helper-nat-server process after a crash
825 * after a certain delay.
827 * @param cls the `struct GNUNET_NAT_Handle`
828 * @param tc scheduler context
831 restart_nat_server (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
833 struct GNUNET_NAT_Handle *h = cls;
835 h->server_read_task = NULL;
836 if (0 != (tc->reason & GNUNET_SCHEDULER_REASON_SHUTDOWN))
838 start_gnunet_nat_server (h);
843 * We have been notified that gnunet-helper-nat-server has written
844 * something to stdout. Handle the output, then reschedule this
845 * function to be called again once more is available.
847 * @param cls the NAT handle
848 * @param tc the scheduling context
851 nat_server_read (void *cls,
852 const struct GNUNET_SCHEDULER_TaskContext *tc)
854 struct GNUNET_NAT_Handle *h = cls;
859 const char *port_start;
860 struct sockaddr_in sin_addr;
862 h->server_read_task = NULL;
863 if ((tc->reason & GNUNET_SCHEDULER_REASON_SHUTDOWN) != 0)
865 memset (mybuf, 0, sizeof (mybuf));
867 GNUNET_DISK_file_read (h->server_stdout_handle, mybuf, sizeof (mybuf));
870 LOG (GNUNET_ERROR_TYPE_DEBUG,
871 "Finished reading from server stdout with code: %d\n",
873 if (0 != GNUNET_OS_process_kill (h->server_proc, GNUNET_TERM_SIG))
874 GNUNET_log_from_strerror (GNUNET_ERROR_TYPE_WARNING, "nat", "kill");
875 GNUNET_OS_process_wait (h->server_proc);
876 GNUNET_OS_process_destroy (h->server_proc);
877 h->server_proc = NULL;
878 GNUNET_DISK_pipe_close (h->server_stdout);
879 h->server_stdout = NULL;
880 h->server_stdout_handle = NULL;
881 /* now try to restart it */
882 h->server_retry_delay = GNUNET_TIME_STD_BACKOFF (h->server_retry_delay);
883 h->server_read_task =
884 GNUNET_SCHEDULER_add_delayed (h->server_retry_delay,
885 &restart_nat_server, h);
890 for (i = 0; i < sizeof (mybuf); i++)
892 if (mybuf[i] == '\n')
897 if ((mybuf[i] == ':') && (i + 1 < sizeof (mybuf)))
900 port_start = &mybuf[i + 1];
904 /* construct socket address of sender */
905 memset (&sin_addr, 0, sizeof (sin_addr));
906 sin_addr.sin_family = AF_INET;
907 #if HAVE_SOCKADDR_IN_SIN_LEN
908 sin_addr.sin_len = sizeof (sin_addr);
910 if ((NULL == port_start) || (1 != SSCANF (port_start, "%d", &port)) ||
911 (-1 == inet_pton (AF_INET, mybuf, &sin_addr.sin_addr)))
913 /* should we restart gnunet-helper-nat-server? */
914 LOG (GNUNET_ERROR_TYPE_WARNING, "nat",
915 _("gnunet-helper-nat-server generated malformed address `%s'\n"),
917 h->server_read_task =
918 GNUNET_SCHEDULER_add_read_file (GNUNET_TIME_UNIT_FOREVER_REL,
919 h->server_stdout_handle,
920 &nat_server_read, h);
923 sin_addr.sin_port = htons ((uint16_t) port);
924 LOG (GNUNET_ERROR_TYPE_DEBUG, "gnunet-helper-nat-server read: %s:%d\n", mybuf,
926 h->reversal_callback (h->callback_cls, (const struct sockaddr *) &sin_addr,
928 h->server_read_task =
929 GNUNET_SCHEDULER_add_read_file (GNUNET_TIME_UNIT_FOREVER_REL,
930 h->server_stdout_handle, &nat_server_read,
936 * Try to start the gnunet-helper-nat-server (if it is not
939 * @param h handle to NAT
942 start_gnunet_nat_server (struct GNUNET_NAT_Handle *h)
946 if ((h->behind_nat == GNUNET_YES) && (h->enable_nat_server == GNUNET_YES) &&
947 (h->internal_address != NULL) &&
950 GNUNET_DISK_pipe (GNUNET_YES, GNUNET_YES, GNUNET_NO, GNUNET_YES))))
952 LOG (GNUNET_ERROR_TYPE_DEBUG,
953 "Starting `%s' at `%s'\n",
954 "gnunet-helper-nat-server", h->internal_address);
955 /* Start the server process */
956 binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-nat-server");
958 GNUNET_OS_start_process (GNUNET_NO, 0, NULL, h->server_stdout, NULL,
960 "gnunet-helper-nat-server",
961 h->internal_address, NULL);
962 GNUNET_free (binary);
963 if (h->server_proc == NULL)
965 LOG (GNUNET_ERROR_TYPE_WARNING, "nat", _("Failed to start %s\n"),
966 "gnunet-helper-nat-server");
967 GNUNET_DISK_pipe_close (h->server_stdout);
968 h->server_stdout = NULL;
972 /* Close the write end of the read pipe */
973 GNUNET_DISK_pipe_close_end (h->server_stdout, GNUNET_DISK_PIPE_END_WRITE);
974 h->server_stdout_handle =
975 GNUNET_DISK_pipe_handle (h->server_stdout, GNUNET_DISK_PIPE_END_READ);
976 h->server_read_task =
977 GNUNET_SCHEDULER_add_read_file (GNUNET_TIME_UNIT_FOREVER_REL,
978 h->server_stdout_handle,
979 &nat_server_read, h);
986 * Task to scan the local network interfaces for IP addresses.
988 * @param cls the NAT handle
989 * @param tc scheduler context
992 list_interfaces (void *cls,
993 const struct GNUNET_SCHEDULER_TaskContext *tc)
995 struct GNUNET_NAT_Handle *h = cls;
998 remove_from_address_list_by_source (h, LAL_INTERFACE_ADDRESS);
999 GNUNET_OS_network_interfaces_list (&process_interfaces, h);
1001 GNUNET_SCHEDULER_add_delayed (h->ifc_scan_frequency,
1002 &list_interfaces, h);
1007 * Task to do a lookup on our hostname for IP addresses.
1009 * @param cls the NAT handle
1010 * @param tc scheduler context
1013 resolve_hostname (void *cls,
1014 const struct GNUNET_SCHEDULER_TaskContext *tc)
1016 struct GNUNET_NAT_Handle *h = cls;
1018 h->hostname_task = NULL;
1019 remove_from_address_list_by_source (h, LAL_HOSTNAME_DNS);
1021 GNUNET_RESOLVER_hostname_resolve (AF_UNSPEC, HOSTNAME_RESOLVE_TIMEOUT,
1022 &process_hostname_ip, h);
1027 * Task to do DNS lookup on our external hostname to
1028 * get DynDNS-IP addresses.
1030 * @param cls the NAT handle
1031 * @param tc scheduler context
1034 resolve_dns (void *cls,
1035 const struct GNUNET_SCHEDULER_TaskContext *tc)
1037 struct GNUNET_NAT_Handle *h = cls;
1038 struct LocalAddressList *pos;
1041 for (pos = h->lal_head; NULL != pos; pos = pos->next)
1042 if (pos->source == LAL_EXTERNAL_IP)
1043 pos->source = LAL_EXTERNAL_IP_OLD;
1044 LOG (GNUNET_ERROR_TYPE_DEBUG,
1045 "Resolving external address `%s'\n",
1046 h->external_address);
1048 GNUNET_RESOLVER_ip_get (h->external_address, AF_INET,
1049 GNUNET_TIME_UNIT_MINUTES,
1050 &process_external_ip, h);
1055 * Add or remove UPnP-mapped addresses.
1057 * @param cls the `struct GNUNET_NAT_Handle`
1058 * @param add_remove #GNUNET_YES to mean the new public IP address, #GNUNET_NO to mean
1059 * the previous (now invalid) one
1060 * @param addr either the previous or the new public IP address
1061 * @param addrlen actual lenght of @a addr
1062 * @param ret GNUNET_NAT_ERROR_SUCCESS on success, otherwise an error code
1065 upnp_add (void *cls,
1067 const struct sockaddr *addr,
1069 enum GNUNET_NAT_StatusCode ret)
1071 struct GNUNET_NAT_Handle *h = cls;
1072 struct LocalAddressList *pos;
1073 struct LocalAddressList *next;
1076 if (GNUNET_NAT_ERROR_SUCCESS != ret)
1078 /* Error while running upnp client */
1079 LOG (GNUNET_ERROR_TYPE_ERROR,
1080 _("Error while running upnp client:\n"));
1082 //FIXME: convert error code to string
1087 if (GNUNET_YES == add_remove)
1089 add_to_address_list (h, LAL_UPNP, addr, addrlen);
1092 else if (GNUNET_NO == add_remove)
1094 /* remove address */
1096 while (NULL != (pos = next))
1099 if ((pos->source != LAL_UPNP) || (pos->addrlen != addrlen) ||
1100 (0 != memcmp (&pos[1], addr, addrlen)))
1102 GNUNET_CONTAINER_DLL_remove (h->lal_head, h->lal_tail, pos);
1103 if (NULL != h->address_callback)
1104 h->address_callback (h->callback_cls, GNUNET_NO,
1105 (const struct sockaddr *) &pos[1], pos->addrlen);
1107 return; /* only remove once */
1109 /* asked to remove address that does not exist */
1110 LOG (GNUNET_ERROR_TYPE_ERROR,
1111 "Asked to remove unkown address `%s'\n",
1112 GNUNET_a2s(addr, addrlen));
1124 * Try to add a port mapping using UPnP.
1126 * @param h overall NAT handle
1127 * @param port port to map with UPnP
1130 add_minis (struct GNUNET_NAT_Handle *h,
1133 struct MiniList *ml;
1138 if (port == ml->port)
1139 return; /* already got this port */
1143 ml = GNUNET_new (struct MiniList);
1145 ml->mini = GNUNET_NAT_mini_map_start (port, h->is_tcp, &upnp_add, h);
1147 if (NULL == ml->mini)
1149 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1150 _("Failed to run upnp client for port %u\n"), ml->port);
1155 GNUNET_CONTAINER_DLL_insert (h->mini_head, h->mini_tail, ml);
1160 * Task to add addresses from original bind to set of valid addrs.
1162 * @param h the NAT handle
1165 add_from_bind (struct GNUNET_NAT_Handle *h)
1167 static struct in6_addr any = IN6ADDR_ANY_INIT;
1170 struct sockaddr *sa;
1171 const struct sockaddr_in *v4;
1173 for (i = 0; i < h->num_local_addrs; i++)
1175 sa = h->local_addrs[i];
1176 switch (sa->sa_family)
1179 if (sizeof (struct sockaddr_in) != h->local_addrlens[i])
1184 v4 = (const struct sockaddr_in *) sa;
1185 if (0 != v4->sin_addr.s_addr)
1186 add_to_address_list (h,
1187 LAL_BINDTO_ADDRESS, sa,
1188 sizeof (struct sockaddr_in));
1191 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1192 "Running upnp client for address `%s'\n",
1193 GNUNET_a2s (sa,sizeof (struct sockaddr_in)));
1194 add_minis (h, ntohs (v4->sin_port));
1198 if (sizeof (struct sockaddr_in6) != h->local_addrlens[i])
1204 memcmp (&((const struct sockaddr_in6 *) sa)->sin6_addr,
1206 sizeof (struct in6_addr)))
1207 add_to_address_list (h,
1210 sizeof (struct sockaddr_in6));
1220 * Attempt to enable port redirection and detect public IP address contacting
1221 * UPnP or NAT-PMP routers on the local network. Use addr to specify to which
1222 * of the local host's addresses should the external port be mapped. The port
1223 * is taken from the corresponding sockaddr_in[6] field.
1225 * @param cfg configuration to use
1226 * @param is_tcp #GNUNET_YES for TCP, #GNUNET_NO for UDP
1227 * @param adv_port advertised port (port we are either bound to or that our OS
1228 * locally performs redirection from to our bound port).
1229 * @param num_addrs number of addresses in @a addrs
1230 * @param addrs the local addresses packets should be redirected to
1231 * @param addrlens actual lengths of the addresses
1232 * @param address_callback function to call everytime the public IP address changes
1233 * @param reversal_callback function to call if someone wants connection reversal from us
1234 * @param callback_cls closure for callbacks
1235 * @return NULL on error, otherwise handle that can be used to unregister
1237 struct GNUNET_NAT_Handle *
1238 GNUNET_NAT_register (const struct GNUNET_CONFIGURATION_Handle *cfg,
1241 unsigned int num_addrs,
1242 const struct sockaddr **addrs,
1243 const socklen_t *addrlens,
1244 GNUNET_NAT_AddressCallback address_callback,
1245 GNUNET_NAT_ReversalCallback reversal_callback,
1248 struct GNUNET_NAT_Handle *h;
1249 struct in_addr in_addr;
1253 LOG (GNUNET_ERROR_TYPE_DEBUG,
1254 "Registered with NAT service at port %u with %u IP bound local addresses\n",
1255 (unsigned int) adv_port, num_addrs);
1256 h = GNUNET_new (struct GNUNET_NAT_Handle);
1257 h->server_retry_delay = GNUNET_TIME_UNIT_SECONDS;
1260 h->address_callback = address_callback;
1261 h->reversal_callback = reversal_callback;
1262 h->callback_cls = callback_cls;
1263 h->num_local_addrs = num_addrs;
1264 h->adv_port = adv_port;
1267 h->local_addrs = GNUNET_malloc (num_addrs * sizeof (struct sockaddr *));
1268 h->local_addrlens = GNUNET_malloc (num_addrs * sizeof (socklen_t));
1269 for (i = 0; i < num_addrs; i++)
1271 GNUNET_assert (addrlens[i] > 0);
1272 GNUNET_assert (addrs[i] != NULL);
1273 h->local_addrlens[i] = addrlens[i];
1274 h->local_addrs[i] = GNUNET_malloc (addrlens[i]);
1275 memcpy (h->local_addrs[i], addrs[i], addrlens[i]);
1279 GNUNET_CONFIGURATION_have_value (cfg, "nat", "INTERNAL_ADDRESS"))
1281 (void) GNUNET_CONFIGURATION_get_value_string (cfg, "nat",
1283 &h->internal_address);
1285 if ((h->internal_address != NULL) &&
1286 (inet_pton (AF_INET, h->internal_address, &in_addr) != 1))
1288 GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_WARNING,
1289 "nat", "INTERNAL_ADDRESS",
1291 GNUNET_free (h->internal_address);
1292 h->internal_address = NULL;
1296 GNUNET_CONFIGURATION_have_value (cfg, "nat", "EXTERNAL_ADDRESS"))
1298 (void) GNUNET_CONFIGURATION_get_value_string (cfg, "nat",
1300 &h->external_address);
1303 GNUNET_CONFIGURATION_get_value_yesno (cfg, "nat", "BEHIND_NAT");
1305 GNUNET_CONFIGURATION_get_value_yesno (cfg, "nat", "PUNCHED_NAT");
1306 h->enable_nat_client =
1307 GNUNET_CONFIGURATION_get_value_yesno (cfg, "nat", "ENABLE_ICMP_CLIENT");
1308 h->enable_nat_server =
1309 GNUNET_CONFIGURATION_get_value_yesno (cfg, "nat", "ENABLE_ICMP_SERVER");
1311 GNUNET_CONFIGURATION_get_value_yesno (cfg, "nat", "ENABLE_UPNP");
1312 h->use_localaddresses =
1313 GNUNET_CONFIGURATION_get_value_yesno (cfg, "nat", "USE_LOCALADDR");
1314 h->return_localaddress =
1315 GNUNET_CONFIGURATION_get_value_yesno (cfg, "nat",
1316 "RETURN_LOCAL_ADDRESSES");
1319 GNUNET_CONFIGURATION_get_value_yesno (cfg, "nat", "USE_HOSTNAME");
1321 GNUNET_CONFIGURATION_get_value_yesno (cfg, "nat", "DISABLEV6");
1323 GNUNET_CONFIGURATION_get_value_time (cfg, "nat", "DYNDNS_FREQUENCY",
1324 &h->dyndns_frequency))
1325 h->dyndns_frequency = DYNDNS_FREQUENCY;
1327 GNUNET_CONFIGURATION_get_value_time (cfg, "nat", "IFC_SCAN_FREQUENCY",
1328 &h->ifc_scan_frequency))
1329 h->ifc_scan_frequency = IFC_SCAN_FREQUENCY;
1331 GNUNET_CONFIGURATION_get_value_time (cfg, "nat", "HOSTNAME_DNS_FREQUENCY",
1332 &h->hostname_dns_frequency))
1333 h->hostname_dns_frequency = HOSTNAME_DNS_FREQUENCY;
1335 if (NULL == reversal_callback)
1336 h->enable_nat_server = GNUNET_NO;
1338 /* Check for UPnP client, disable immediately if not available */
1339 if ( (GNUNET_YES == h->enable_upnp) &&
1341 GNUNET_OS_check_helper_binary ("upnpc", GNUNET_NO, NULL)) )
1343 LOG (GNUNET_ERROR_TYPE_ERROR,
1344 _("UPnP enabled in configuration, but UPnP client `upnpc` command not found, disabling UPnP \n"));
1345 h->enable_upnp = GNUNET_NO;
1348 /* Check if NAT was hole-punched */
1349 if ((NULL != h->address_callback) &&
1350 (NULL != h->external_address) &&
1351 (GNUNET_YES == h->nat_punched))
1353 h->dns_task = GNUNET_SCHEDULER_add_now (&resolve_dns, h);
1354 h->enable_nat_server = GNUNET_NO;
1355 h->enable_upnp = GNUNET_NO;
1359 LOG (GNUNET_ERROR_TYPE_DEBUG,
1360 "No external IP address given to add to our list of addresses\n");
1363 /* Test for SUID binaries */
1364 binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-nat-server");
1365 if ((h->behind_nat == GNUNET_YES) && (GNUNET_YES == h->enable_nat_server) &&
1367 GNUNET_OS_check_helper_binary (binary, GNUNET_YES, "-d 127.0.0.1" ))) // use localhost as source for that one udp-port, ok for testing
1369 h->enable_nat_server = GNUNET_NO;
1370 LOG (GNUNET_ERROR_TYPE_WARNING,
1371 _("Configuration requires `%s', but binary is not installed properly (SUID bit not set). Option disabled.\n"),
1372 "gnunet-helper-nat-server");
1374 GNUNET_free (binary);
1375 binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-nat-client");
1376 if ((GNUNET_YES == h->enable_nat_client) &&
1378 GNUNET_OS_check_helper_binary (binary, GNUNET_YES, "-d 127.0.0.1 127.0.0.2 42"))) // none of these parameters are actually used in privilege testing mode
1380 h->enable_nat_client = GNUNET_NO;
1381 LOG (GNUNET_ERROR_TYPE_WARNING,
1383 ("Configuration requires `%s', but binary is not installed properly (SUID bit not set). Option disabled.\n"),
1384 "gnunet-helper-nat-client");
1386 GNUNET_free (binary);
1387 start_gnunet_nat_server (h);
1389 /* FIXME: add support for UPnP, etc */
1391 if (NULL != h->address_callback)
1393 h->ifc_task = GNUNET_SCHEDULER_add_now (&list_interfaces,
1395 if (GNUNET_YES == h->use_hostname)
1396 h->hostname_task = GNUNET_SCHEDULER_add_now (&resolve_hostname,
1406 * Stop port redirection and public IP address detection for the given handle.
1407 * This frees the handle, after having sent the needed commands to close open ports.
1409 * @param h the handle to stop
1412 GNUNET_NAT_unregister (struct GNUNET_NAT_Handle *h)
1415 struct LocalAddressList *lal;
1416 struct MiniList *ml;
1418 LOG (GNUNET_ERROR_TYPE_DEBUG,
1419 "NAT unregister called\n");
1420 while (NULL != (ml = h->mini_head))
1422 GNUNET_CONTAINER_DLL_remove (h->mini_head,
1425 if (NULL != ml->mini)
1426 GNUNET_NAT_mini_map_stop (ml->mini);
1429 if (NULL != h->ext_dns)
1431 GNUNET_RESOLVER_request_cancel (h->ext_dns);
1434 if (NULL != h->hostname_dns)
1436 GNUNET_RESOLVER_request_cancel (h->hostname_dns);
1437 h->hostname_dns = NULL;
1439 if (NULL != h->server_read_task)
1441 GNUNET_SCHEDULER_cancel (h->server_read_task);
1442 h->server_read_task = NULL;
1444 if (NULL != h->ifc_task)
1446 GNUNET_SCHEDULER_cancel (h->ifc_task);
1449 if (NULL != h->hostname_task)
1451 GNUNET_SCHEDULER_cancel (h->hostname_task);
1452 h->hostname_task = NULL;
1454 if (NULL != h->dns_task)
1456 GNUNET_SCHEDULER_cancel (h->dns_task);
1459 if (NULL != h->server_proc)
1461 if (0 != GNUNET_OS_process_kill (h->server_proc, GNUNET_TERM_SIG))
1462 GNUNET_log_from_strerror (GNUNET_ERROR_TYPE_WARNING, "nat", "kill");
1463 GNUNET_OS_process_wait (h->server_proc);
1464 GNUNET_OS_process_destroy (h->server_proc);
1465 h->server_proc = NULL;
1466 GNUNET_DISK_pipe_close (h->server_stdout);
1467 h->server_stdout = NULL;
1468 h->server_stdout_handle = NULL;
1470 if (NULL != h->server_stdout)
1472 GNUNET_DISK_pipe_close (h->server_stdout);
1473 h->server_stdout = NULL;
1474 h->server_stdout_handle = NULL;
1476 while (NULL != (lal = h->lal_head))
1478 GNUNET_CONTAINER_DLL_remove (h->lal_head, h->lal_tail, lal);
1479 if (NULL != h->address_callback)
1480 h->address_callback (h->callback_cls, GNUNET_NO,
1481 (const struct sockaddr *) &lal[1], lal->addrlen);
1484 for (i = 0; i < h->num_local_addrs; i++)
1485 GNUNET_free (h->local_addrs[i]);
1486 GNUNET_free_non_null (h->local_addrs);
1487 GNUNET_free_non_null (h->local_addrlens);
1488 GNUNET_free_non_null (h->external_address);
1489 GNUNET_free_non_null (h->internal_address);
1495 * We learned about a peer (possibly behind NAT) so run the
1496 * gnunet-helper-nat-client to send dummy ICMP responses to cause
1497 * that peer to connect to us (connection reversal).
1499 * @param h handle (used for configuration)
1500 * @param sa the address of the peer (IPv4-only)
1501 * @return #GNUNET_SYSERR on error, #GNUNET_NO if nat client is disabled,
1502 * #GNUNET_OK otherwise
1505 GNUNET_NAT_run_client (struct GNUNET_NAT_Handle *h,
1506 const struct sockaddr_in *sa)
1510 char inet4[INET_ADDRSTRLEN];
1511 char port_as_string[6];
1512 struct GNUNET_OS_Process *proc;
1515 if (GNUNET_YES != h->enable_nat_client)
1516 return GNUNET_NO; /* not permitted / possible */
1518 if (h->internal_address == NULL)
1520 LOG (GNUNET_ERROR_TYPE_WARNING, "nat",
1521 _("Internal IP address not known, cannot use ICMP NAT traversal method\n"));
1522 return GNUNET_SYSERR;
1524 GNUNET_assert (sa->sin_family == AF_INET);
1525 if (NULL == inet_ntop (AF_INET, &sa->sin_addr, inet4, INET_ADDRSTRLEN))
1527 GNUNET_log_from_strerror (GNUNET_ERROR_TYPE_WARNING,
1530 return GNUNET_SYSERR;
1532 GNUNET_snprintf (port_as_string,
1533 sizeof (port_as_string),
1536 LOG (GNUNET_ERROR_TYPE_DEBUG,
1537 _("Running gnunet-helper-nat-client %s %s %u\n"),
1538 h->internal_address,
1540 (unsigned int) h->adv_port);
1541 binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-nat-client");
1543 GNUNET_OS_start_process (GNUNET_NO, 0, NULL, NULL, NULL,
1545 "gnunet-helper-nat-client",
1546 h->internal_address,
1547 inet4, port_as_string, NULL);
1548 GNUNET_free (binary);
1550 return GNUNET_SYSERR;
1551 /* we know that the gnunet-helper-nat-client will terminate virtually
1553 GNUNET_OS_process_wait (proc);
1554 GNUNET_OS_process_destroy (proc);
1560 * Test if the given address is (currently) a plausible IP address for this peer.
1562 * @param h the handle returned by register
1563 * @param addr IP address to test (IPv4 or IPv6)
1564 * @param addrlen number of bytes in @a addr
1565 * @return #GNUNET_YES if the address is plausible,
1566 * #GNUNET_NO if the address is not plausible,
1567 * #GNUNET_SYSERR if the address is malformed
1570 GNUNET_NAT_test_address (struct GNUNET_NAT_Handle *h,
1574 struct LocalAddressList *pos;
1575 const struct sockaddr_in *in4;
1576 const struct sockaddr_in6 *in6;
1578 if ((addrlen != sizeof (struct in_addr)) &&
1579 (addrlen != sizeof (struct in6_addr)))
1582 return GNUNET_SYSERR;
1584 for (pos = h->lal_head; NULL != pos; pos = pos->next)
1586 if (pos->addrlen == sizeof (struct sockaddr_in))
1588 in4 = (struct sockaddr_in *) &pos[1];
1589 if ((addrlen == sizeof (struct in_addr)) &&
1590 (0 == memcmp (&in4->sin_addr, addr, sizeof (struct in_addr))))
1593 else if (pos->addrlen == sizeof (struct sockaddr_in6))
1595 in6 = (struct sockaddr_in6 *) &pos[1];
1596 if ((addrlen == sizeof (struct in6_addr)) &&
1597 (0 == memcmp (&in6->sin6_addr, addr, sizeof (struct in6_addr))))
1605 LOG (GNUNET_ERROR_TYPE_WARNING,
1606 "Asked to validate one of my addresses and validation failed!\n");
1611 * Converts enum GNUNET_NAT_StatusCode to a string
1613 * @param err error code to resolve to a string
1614 * @return pointer to a static string containing the error code
1617 GNUNET_NAT_status2string (enum GNUNET_NAT_StatusCode err)
1621 case GNUNET_NAT_ERROR_SUCCESS:
1622 return _ ("Operation Successful");
1623 case GNUNET_NAT_ERROR_IPC_FAILURE:
1624 return _ ("Internal Failure (IPC, ...)");
1625 case GNUNET_NAT_ERROR_INTERNAL_NETWORK_ERROR:
1626 return _ ("Failure in network subsystem, check permissions.");
1627 case GNUNET_NAT_ERROR_TIMEOUT:
1628 return _ ("Encountered timeout while performing operation");
1629 case GNUNET_NAT_ERROR_NOT_ONLINE:
1630 return _ ("detected that we are offline");
1631 case GNUNET_NAT_ERROR_UPNPC_NOT_FOUND:
1632 return _ ("`upnpc` command not found");
1633 case GNUNET_NAT_ERROR_UPNPC_FAILED:
1634 return _ ("Failed to run `upnpc` command");
1635 case GNUNET_NAT_ERROR_UPNPC_TIMEOUT:
1636 return _ ("`upnpc' command took too long, process killed");
1637 case GNUNET_NAT_ERROR_UPNPC_PORTMAP_FAILED:
1638 return _ ("`upnpc' command failed to establish port mapping");
1639 case GNUNET_NAT_ERROR_EXTERNAL_IP_UTILITY_NOT_FOUND:
1640 return _ ("`external-ip' command not found");
1641 case GNUNET_NAT_ERROR_EXTERNAL_IP_UTILITY_FAILED:
1642 return _ ("Failed to run `external-ip` command");
1643 case GNUNET_NAT_ERROR_EXTERNAL_IP_UTILITY_OUTPUT_INVALID:
1644 return _ ("`external-ip' command output invalid");
1645 case GNUNET_NAT_ERROR_EXTERNAL_IP_ADDRESS_INVALID:
1646 return _ ("no valid address was returned by `external-ip'");
1647 case GNUNET_NAT_ERROR_NO_VALID_IF_IP_COMBO:
1648 return _ ("Could not determine interface with internal/local network address");
1649 case GNUNET_NAT_ERROR_HELPER_NAT_SERVER_NOT_FOUND:
1650 return _ ("No functioning gnunet-helper-nat-server installation found");
1651 case GNUNET_NAT_ERROR_NAT_TEST_START_FAILED:
1652 return _ ("NAT test could not be initialized");
1653 case GNUNET_NAT_ERROR_NAT_TEST_TIMEOUT:
1654 return _ ("NAT test timeout reached");
1655 case GNUNET_NAT_ERROR_NAT_REGISTER_FAILED:
1656 return _ ("could not register NAT");
1657 case GNUNET_NAT_ERROR_HELPER_NAT_CLIENT_NOT_FOUND:
1658 return _ ("No working gnunet-helper-nat-client installation found");
1662 return "unknown status code";