2 This file is part of GNUnet.
3 Copyright (C) 2007-2016 GNUnet e.V.
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
22 * @author Christian Grothoff
23 * @author Milan Bouchet-Valat
26 * Service for handling UPnP and NAT-PMP port forwarding
27 * and external IP address retrieval
30 #include "gnunet_nat_service.h"
36 * Entry in DLL of addresses of this peer.
44 struct AddrEntry *next;
49 struct AddrEntry *prev;
52 * Number of bytes that follow.
59 * Handle for active NAT registrations.
61 struct GNUNET_NAT_Handle
65 * Configuration we use.
67 const struct GNUNET_CONFIGURATION_Handle *cfg;
70 * Message queue for communicating with the NAT service.
72 struct GNUNET_MQ_Handle *mq;
75 * Our registration message.
77 struct GNUNET_MessageHeader *reg;
80 * Head of address DLL.
82 struct AddrEntry *ae_head;
85 * Tail of address DLL.
87 struct AddrEntry *ae_tail;
90 * Function to call when our addresses change.
92 GNUNET_NAT_AddressCallback address_callback;
95 * Function to call when another peer requests connection reversal.
97 GNUNET_NAT_ReversalCallback reversal_callback;
100 * Closure for the various callbacks.
105 * Task scheduled to reconnect to the service.
107 struct GNUNET_SCHEDULER_Task *reconnect_task;
110 * How long to wait until we reconnect.
112 struct GNUNET_TIME_Relative reconnect_delay;
117 * Task to connect to the NAT service.
119 * @param cls our `struct GNUNET_NAT_Handle *`
122 do_connect (void *cls);
126 * Task to connect to the NAT service.
128 * @param nh handle to reconnect
131 reconnect (struct GNUNET_NAT_Handle *nh)
135 GNUNET_MQ_destroy (nh->mq);
139 = GNUNET_TIME_STD_BACKOFF (nh->reconnect_delay);
141 = GNUNET_SCHEDULER_add_delayed (nh->reconnect_delay,
148 * Check connection reversal request.
150 * @param cls our `struct GNUNET_NAT_Handle`
151 * @param crm the message
152 * @return #GNUNET_OK if @a crm is well-formed
155 check_connection_reversal_request (void *cls,
156 const struct GNUNET_NAT_ConnectionReversalRequestedMessage *crm)
158 if (ntohs (crm->header.size) !=
160 ntohs (crm->local_addr_size) +
161 ntohs (crm->remote_addr_size) )
164 return GNUNET_SYSERR;
166 if ( (sizeof (struct sockaddr_in) != ntohs (crm->local_addr_size)) ||
167 (sizeof (struct sockaddr_in) != ntohs (crm->remote_addr_size)) )
170 return GNUNET_SYSERR;
177 * Handle connection reversal request.
179 * @param cls our `struct GNUNET_NAT_Handle`
180 * @param crm the message
183 handle_connection_reversal_request (void *cls,
184 const struct GNUNET_NAT_ConnectionReversalRequestedMessage *crm)
186 struct GNUNET_NAT_Handle *nh = cls;
187 const struct sockaddr_in *local_sa = (const struct sockaddr_in *) &crm[1];
188 const struct sockaddr_in *remote_sa = &local_sa[1];
190 nh->reversal_callback (nh->callback_cls,
191 (const struct sockaddr *) local_sa,
192 sizeof (struct sockaddr_in),
193 (const struct sockaddr *) remote_sa,
194 sizeof (struct sockaddr_in));
199 * Check address change notification.
201 * @param cls our `struct GNUNET_NAT_Handle`
202 * @param acn the message
203 * @return #GNUNET_OK if @a crm is well-formed
206 check_address_change_notification (void *cls,
207 const struct GNUNET_NAT_AddressChangeNotificationMessage *acn)
209 size_t alen = ntohs (acn->header.size) - sizeof (*acn);
213 case sizeof (struct sockaddr_in):
215 const struct sockaddr_in *s4
216 = (const struct sockaddr_in *) &acn[1];
217 if (AF_INET != s4->sin_family)
220 return GNUNET_SYSERR;
224 case sizeof (struct sockaddr_in6):
226 const struct sockaddr_in6 *s6
227 = (const struct sockaddr_in6 *) &acn[1];
228 if (AF_INET6 != s6->sin6_family)
231 return GNUNET_SYSERR;
237 return GNUNET_SYSERR;
244 * Handle connection reversal request.
246 * @param cls our `struct GNUNET_NAT_Handle`
247 * @param acn the message
250 handle_address_change_notification (void *cls,
251 const struct GNUNET_NAT_AddressChangeNotificationMessage *acn)
253 struct GNUNET_NAT_Handle *nh = cls;
254 size_t alen = ntohs (acn->header.size) - sizeof (*acn);
255 const struct sockaddr *sa = (const struct sockaddr *) &acn[1];
256 enum GNUNET_NAT_AddressClass ac;
257 struct AddrEntry *ae;
259 ac = (enum GNUNET_NAT_AddressClass) ntohl (acn->addr_class);
260 if (GNUNET_YES == ntohl (acn->add_remove))
262 ae = GNUNET_malloc (sizeof (*ae) + alen);
264 GNUNET_memcpy (&ae[1],
267 GNUNET_CONTAINER_DLL_insert (nh->ae_head,
273 for (ae = nh->ae_head; NULL != ae; ae = ae->next)
274 if ( (ae->addrlen == alen) &&
275 (0 == memcmp (&ae[1],
285 GNUNET_CONTAINER_DLL_remove (nh->ae_head,
290 nh->address_callback (nh->callback_cls,
291 ntohl (acn->add_remove),
299 * Handle queue errors by reconnecting to NAT.
301 * @param cls the `struct GNUNET_NAT_Handle *`
302 * @param error details about the error
305 mq_error_handler (void *cls,
306 enum GNUNET_MQ_Error error)
308 struct GNUNET_NAT_Handle *nh = cls;
315 * Task to connect to the NAT service.
317 * @param cls our `struct GNUNET_NAT_Handle *`
320 do_connect (void *cls)
322 struct GNUNET_NAT_Handle *nh = cls;
323 struct GNUNET_MQ_MessageHandler handlers[] = {
324 GNUNET_MQ_hd_var_size (connection_reversal_request,
325 GNUNET_MESSAGE_TYPE_NAT_CONNECTION_REVERSAL_REQUESTED,
326 struct GNUNET_NAT_ConnectionReversalRequestedMessage,
328 GNUNET_MQ_hd_var_size (address_change_notification,
329 GNUNET_MESSAGE_TYPE_NAT_ADDRESS_CHANGE,
330 struct GNUNET_NAT_AddressChangeNotificationMessage,
332 GNUNET_MQ_handler_end ()
335 nh->reconnect_task = NULL;
336 nh->mq = GNUNET_CLIENT_connecT (nh->cfg,
347 * Attempt to enable port redirection and detect public IP address
348 * contacting UPnP or NAT-PMP routers on the local network. Use @a
349 * addr to specify to which of the local host's addresses should the
350 * external port be mapped. The port is taken from the corresponding
351 * sockaddr_in[6] field. The NAT module should call the given @a
352 * address_callback for any 'plausible' external address.
354 * @param cfg configuration to use
355 * @param proto protocol this is about, IPPROTO_TCP or IPPROTO_UDP
356 * @param adv_port advertised port (port we are either bound to or that our OS
357 * locally performs redirection from to our bound port).
358 * @param num_addrs number of addresses in @a addrs
359 * @param addrs list of local addresses packets should be redirected to
360 * @param addrlens actual lengths of the addresses in @a addrs
361 * @param address_callback function to call everytime the public IP address changes
362 * @param reversal_callback function to call if someone wants connection reversal from us,
363 * NULL if connection reversal is not supported
364 * @param callback_cls closure for callbacks
365 * @return NULL on error, otherwise handle that can be used to unregister
367 struct GNUNET_NAT_Handle *
368 GNUNET_NAT_register (const struct GNUNET_CONFIGURATION_Handle *cfg,
371 unsigned int num_addrs,
372 const struct sockaddr **addrs,
373 const socklen_t *addrlens,
374 GNUNET_NAT_AddressCallback address_callback,
375 GNUNET_NAT_ReversalCallback reversal_callback,
378 struct GNUNET_NAT_Handle *nh;
379 struct GNUNET_NAT_RegisterMessage *rm;
384 for (unsigned int i=0;i<num_addrs;i++)
386 if ( (len > GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (*rm)) ||
387 (num_addrs > UINT16_MAX) )
392 rm = GNUNET_malloc (sizeof (*rm) + len);
393 rm->header.size = htons (sizeof (*rm) + len);
394 rm->header.type = htons (GNUNET_MESSAGE_TYPE_NAT_REGISTER);
395 rm->flags = GNUNET_NAT_RF_NONE;
396 if (NULL != address_callback)
397 rm->flags |= GNUNET_NAT_RF_ADDRESSES;
398 if (NULL != reversal_callback)
399 rm->flags |= GNUNET_NAT_RF_REVERSAL;
401 rm->adv_port = htons (adv_port);
402 rm->num_addrs = htons ((uint16_t) num_addrs);
403 off = (char *) &rm[1];
404 for (unsigned int i=0;i<num_addrs;i++)
406 switch (addrs[i]->sa_family)
409 if (sizeof (struct sockaddr_in) != addrlens[i])
416 if (sizeof (struct sockaddr_in6) != addrlens[i])
424 if (sizeof (struct sockaddr_un) != addrlens[i])
441 nh = GNUNET_new (struct GNUNET_NAT_Handle);
442 nh->reg = &rm->header;
444 nh->address_callback = address_callback;
445 nh->reversal_callback = reversal_callback;
446 nh->callback_cls = callback_cls;
453 * Check if an incoming message is a STUN message.
455 * @param data the packet
456 * @param len the length of the packet in @a data
457 * @return #GNUNET_YES if @a data is a STUN packet,
458 * #GNUNET_NO if the packet is invalid (not a stun packet)
461 test_stun_packet (const void *data,
464 const struct stun_header *hdr;
465 const struct stun_attr *attr;
466 uint32_t advertised_message_size;
467 uint32_t message_magic_cookie;
469 /* On entry, 'len' is the length of the UDP payload. After the
470 * initial checks it becomes the size of unprocessed options,
471 * while 'data' is advanced accordingly.
473 if (len < sizeof(struct stun_header))
475 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
476 "STUN packet too short (only %d, wanting at least %d)\n",
478 (int) sizeof (struct stun_header));
481 hdr = (const struct stun_header *) data;
482 /* Skip header as it is already in hdr */
483 len -= sizeof (struct stun_header);
484 data += sizeof (struct stun_header);
486 /* len as advertised in the message */
487 advertised_message_size = ntohs (hdr->msglen);
489 message_magic_cookie = ntohl (hdr->magic);
490 /* Compare if the cookie match */
491 if (STUN_MAGIC_COOKIE != message_magic_cookie)
493 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
494 "Invalid magic cookie for STUN\n");
498 if (advertised_message_size > len)
500 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
501 "Scrambled STUN packet length (got %d, expecting %d)\n",
502 advertised_message_size,
506 len = advertised_message_size;
509 if (len < sizeof (struct stun_attr))
511 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
512 "Attribute too short in STUN packet (got %d, expecting %d)\n",
514 (int) sizeof(struct stun_attr));
517 attr = (const struct stun_attr *) data;
519 /* compute total attribute length */
520 advertised_message_size = ntohs (attr->len) + sizeof(struct stun_attr);
522 /* Check if we still have space in our buffer */
523 if (advertised_message_size > len)
525 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
526 "Inconsistent Attribute (length %d exceeds remaining msg len %d)\n",
527 advertised_message_size,
531 data += advertised_message_size;
532 len -= advertised_message_size;
534 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
535 "STUN Packet, msg %04x, length: %d\n",
536 ntohs (hdr->msgtype),
537 advertised_message_size);
543 * Handle an incoming STUN message. This function is useful as
544 * some GNUnet service may be listening on a UDP port and might
545 * thus receive STUN messages while trying to receive other data.
546 * In this case, this function can be used to process replies
549 * The function does some basic sanity checks on packet size and
550 * content, try to extract a bit of information.
552 * At the moment this only processes BIND requests, and returns the
553 * externally visible address of the request to the rest of the
556 * @param nh handle to the NAT service
557 * @param sender_addr address from which we got @a data
558 * @param sender_addr_len number of bytes in @a sender_addr
559 * @param data the packet
560 * @param data_size number of bytes in @a data
561 * @return #GNUNET_OK on success
562 * #GNUNET_NO if the packet is not a STUN packet
563 * #GNUNET_SYSERR on internal error handling the packet
566 GNUNET_NAT_stun_handle_packet (struct GNUNET_NAT_Handle *nh,
567 const struct sockaddr *sender_addr,
568 size_t sender_addr_len,
572 struct GNUNET_MQ_Envelope *env;
573 struct GNUNET_NAT_HandleStunMessage *hsn;
577 test_stun_packet (data,
581 return GNUNET_SYSERR;
582 env = GNUNET_MQ_msg_extra (hsn,
583 data_size + sender_addr_len,
584 GNUNET_MESSAGE_TYPE_NAT_HANDLE_STUN);
585 hsn->sender_addr_size = htons ((uint16_t) sender_addr_len);
586 hsn->payload_size = htons ((uint16_t) data_size);
587 buf = (char *) &hsn[1];
591 buf += sender_addr_len;
595 GNUNET_MQ_send (nh->mq,
602 * Test if the given address is (currently) a plausible IP address for
603 * this peer. Mostly a convenience function so that clients do not
604 * have to explicitly track all IPs that the #GNUNET_NAT_AddressCallback
605 * has returned so far.
607 * @param nh the handle returned by register
608 * @param addr IP address to test (IPv4 or IPv6)
609 * @param addrlen number of bytes in @a addr
610 * @return #GNUNET_YES if the address is plausible,
611 * #GNUNET_NO if the address is not plausible,
612 * #GNUNET_SYSERR if the address is malformed
615 GNUNET_NAT_test_address (struct GNUNET_NAT_Handle *nh,
619 struct AddrEntry *ae;
621 if ( (addrlen != sizeof (struct sockaddr_in)) &&
622 (addrlen != sizeof (struct sockaddr_in6)) )
625 return GNUNET_SYSERR;
627 for (ae = nh->ae_head; NULL != ae; ae = ae->next)
628 if ( (addrlen == ae->addrlen) &&
638 * We learned about a peer (possibly behind NAT) so run the
639 * gnunet-nat-client to send dummy ICMP responses to cause
640 * that peer to connect to us (connection reversal).
642 * @param nh handle (used for configuration)
643 * @param local_sa our local address of the peer (IPv4-only)
644 * @param remote_sa the remote address of the peer (IPv4-only)
645 * @return #GNUNET_SYSERR on error,
646 * #GNUNET_NO if connection reversal is unavailable,
647 * #GNUNET_OK otherwise (presumably in progress)
650 GNUNET_NAT_request_reversal (struct GNUNET_NAT_Handle *nh,
651 const struct sockaddr_in *local_sa,
652 const struct sockaddr_in *remote_sa)
654 struct GNUNET_MQ_Envelope *env;
655 struct GNUNET_NAT_RequestConnectionReversalMessage *req;
659 return GNUNET_SYSERR;
660 env = GNUNET_MQ_msg_extra (req,
661 2 * sizeof (struct sockaddr_in),
662 GNUNET_MESSAGE_TYPE_NAT_REQUEST_CONNECTION_REVERSAL);
663 req->local_addr_size = htons (sizeof (struct sockaddr_in));
664 req->remote_addr_size = htons (sizeof (struct sockaddr_in));
665 buf = (char *) &req[1];
668 sizeof (struct sockaddr_in));
669 buf += sizeof (struct sockaddr_in);
672 sizeof (struct sockaddr_in));
673 GNUNET_MQ_send (nh->mq,
680 * Stop port redirection and public IP address detection for the given
681 * handle. This frees the handle, after having sent the needed
682 * commands to close open ports.
684 * @param nh the handle to stop
687 GNUNET_NAT_unregister (struct GNUNET_NAT_Handle *nh)
689 GNUNET_MQ_destroy (nh->mq);
690 GNUNET_free (nh->reg);
697 * Handle to auto-configuration in progress.
699 struct GNUNET_NAT_AutoHandle
703 * Configuration we use.
705 const struct GNUNET_CONFIGURATION_Handle *cfg;
708 * Message queue for communicating with the NAT service.
710 struct GNUNET_MQ_Handle *mq;
713 * Function called with the result from the autoconfiguration.
715 GNUNET_NAT_AutoResultCallback arc;
718 * Closure for @e arc.
726 * Converts `enum GNUNET_NAT_StatusCode` to string
728 * @param err error code to resolve to a string
729 * @return point to a static string containing the error code
732 GNUNET_NAT_status2string (enum GNUNET_NAT_StatusCode err)
736 case GNUNET_NAT_ERROR_SUCCESS:
737 return _ ("Operation Successful");
738 case GNUNET_NAT_ERROR_IPC_FAILURE:
739 return _ ("IPC failure");
740 case GNUNET_NAT_ERROR_INTERNAL_NETWORK_ERROR:
741 return _ ("Failure in network subsystem, check permissions.");
742 case GNUNET_NAT_ERROR_TIMEOUT:
743 return _ ("Encountered timeout while performing operation");
744 case GNUNET_NAT_ERROR_NOT_ONLINE:
745 return _ ("detected that we are offline");
746 case GNUNET_NAT_ERROR_UPNPC_NOT_FOUND:
747 return _ ("`upnpc` command not found");
748 case GNUNET_NAT_ERROR_UPNPC_FAILED:
749 return _ ("Failed to run `upnpc` command");
750 case GNUNET_NAT_ERROR_UPNPC_TIMEOUT:
751 return _ ("`upnpc' command took too long, process killed");
752 case GNUNET_NAT_ERROR_UPNPC_PORTMAP_FAILED:
753 return _ ("`upnpc' command failed to establish port mapping");
754 case GNUNET_NAT_ERROR_EXTERNAL_IP_UTILITY_NOT_FOUND:
755 return _ ("`external-ip' command not found");
756 case GNUNET_NAT_ERROR_EXTERNAL_IP_UTILITY_FAILED:
757 return _ ("Failed to run `external-ip` command");
758 case GNUNET_NAT_ERROR_EXTERNAL_IP_UTILITY_OUTPUT_INVALID:
759 return _ ("`external-ip' command output invalid");
760 case GNUNET_NAT_ERROR_EXTERNAL_IP_ADDRESS_INVALID:
761 return _ ("no valid address was returned by `external-ip'");
762 case GNUNET_NAT_ERROR_NO_VALID_IF_IP_COMBO:
763 return _ ("Could not determine interface with internal/local network address");
764 case GNUNET_NAT_ERROR_HELPER_NAT_SERVER_NOT_FOUND:
765 return _ ("No functioning gnunet-helper-nat-server installation found");
766 case GNUNET_NAT_ERROR_NAT_TEST_START_FAILED:
767 return _ ("NAT test could not be initialized");
768 case GNUNET_NAT_ERROR_NAT_TEST_TIMEOUT:
769 return _ ("NAT test timeout reached");
770 case GNUNET_NAT_ERROR_NAT_REGISTER_FAILED:
771 return _ ("could not register NAT");
772 case GNUNET_NAT_ERROR_HELPER_NAT_CLIENT_NOT_FOUND:
773 return _ ("No working gnunet-helper-nat-client installation found");
775 return "unknown status code";
781 * Check result from autoconfiguration attempt.
783 * @param cls the `struct GNUNET_NAT_AutoHandle`
784 * @param res the result
785 * @return #GNUNET_OK if @a res is well-formed (always for now)
788 check_auto_result (void *cls,
789 const struct GNUNET_NAT_AutoconfigResultMessage *res)
796 * Handle result from autoconfiguration attempt.
798 * @param cls the `struct GNUNET_NAT_AutoHandle`
799 * @param res the result
802 handle_auto_result (void *cls,
803 const struct GNUNET_NAT_AutoconfigResultMessage *res)
805 struct GNUNET_NAT_AutoHandle *ah = cls;
807 struct GNUNET_CONFIGURATION_Handle *cfg;
808 enum GNUNET_NAT_Type type
809 = (enum GNUNET_NAT_Type) ntohl (res->type);
810 enum GNUNET_NAT_StatusCode status
811 = (enum GNUNET_NAT_StatusCode) ntohl (res->status_code);
813 left = ntohs (res->header.size) - sizeof (*res);
814 cfg = GNUNET_CONFIGURATION_create ();
816 GNUNET_CONFIGURATION_deserialize (cfg,
817 (const char *) &res[1],
822 ah->arc (ah->arc_cls,
824 GNUNET_NAT_ERROR_IPC_FAILURE,
829 ah->arc (ah->arc_cls,
834 GNUNET_CONFIGURATION_destroy (cfg);
835 GNUNET_NAT_autoconfig_cancel (ah);
840 * Handle queue errors by reporting autoconfiguration failure.
842 * @param cls the `struct GNUNET_NAT_AutoHandle *`
843 * @param error details about the error
846 ah_error_handler (void *cls,
847 enum GNUNET_MQ_Error error)
849 struct GNUNET_NAT_AutoHandle *ah = cls;
851 ah->arc (ah->arc_cls,
853 GNUNET_NAT_ERROR_IPC_FAILURE,
854 GNUNET_NAT_TYPE_UNKNOWN);
855 GNUNET_NAT_autoconfig_cancel (ah);
860 * Start auto-configuration routine. The transport adapters should
861 * be stopped while this function is called.
863 * @param cfg initial configuration
864 * @param cb function to call with autoconfiguration result
865 * @param cb_cls closure for @a cb
866 * @return handle to cancel operation
868 struct GNUNET_NAT_AutoHandle *
869 GNUNET_NAT_autoconfig_start (const struct GNUNET_CONFIGURATION_Handle *cfg,
870 GNUNET_NAT_AutoResultCallback cb,
873 struct GNUNET_NAT_AutoHandle *ah = GNUNET_new (struct GNUNET_NAT_AutoHandle);
874 struct GNUNET_MQ_MessageHandler handlers[] = {
875 GNUNET_MQ_hd_var_size (auto_result,
876 GNUNET_MESSAGE_TYPE_NAT_AUTO_CFG_RESULT,
877 struct GNUNET_NAT_AutoconfigResultMessage,
879 GNUNET_MQ_handler_end ()
881 struct GNUNET_MQ_Envelope *env;
882 struct GNUNET_NAT_AutoconfigRequestMessage *req;
886 buf = GNUNET_CONFIGURATION_serialize (cfg,
888 if (size > GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (*req))
896 ah->arc_cls = cb_cls;
897 ah->mq = GNUNET_CLIENT_connecT (cfg,
909 env = GNUNET_MQ_msg_extra (req,
911 GNUNET_MESSAGE_TYPE_NAT_REQUEST_AUTO_CFG);
912 GNUNET_memcpy (&req[1],
916 GNUNET_MQ_send (ah->mq,
923 * Abort autoconfiguration.
925 * @param ah handle for operation to abort
928 GNUNET_NAT_autoconfig_cancel (struct GNUNET_NAT_AutoHandle *ah)
930 GNUNET_MQ_destroy (ah->mq);
934 /* end of nat_api.c */