From b4e21c6afcb6cd772c66b2c0ae3199f193c972c7 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sun, 22 Aug 2010 13:36:33 +0000 Subject: [PATCH] audit --- src/transport/gnunet-nat-client.c | 101 ++++++++++++------------ src/transport/gnunet-nat-server.c | 125 +++++++++++++++--------------- 2 files changed, 114 insertions(+), 112 deletions(-) diff --git a/src/transport/gnunet-nat-client.c b/src/transport/gnunet-nat-client.c index bff86cc93..3e35aa8f4 100644 --- a/src/transport/gnunet-nat-client.c +++ b/src/transport/gnunet-nat-client.c @@ -21,7 +21,7 @@ /** * @file src/transport/gnunet-nat-client.c * @brief Tool to help bypass NATs using ICMP method; must run as root (SUID will do) - * This code will work under GNU/Linux only. + * This code will work under GNU/Linux only. * @author Christian Grothoff * * This program will send ONE ICMP message using RAW sockets @@ -39,6 +39,7 @@ * * - Christian Grothoff * - Nathan Evans + * - Benjamin Kuperman (22 Aug 2010) */ #if HAVE_CONFIG_H /* Just needed for HAVE_SOCKADDR_IN_SIN_LEN test macro! */ @@ -46,7 +47,7 @@ #else #define _GNU_SOURCE #endif -#include +#include #include #include #include @@ -58,7 +59,7 @@ #include #include #include -#include +#include /** * Must match IP given in the server. @@ -70,11 +71,11 @@ /** * IPv4 header. */ -struct ip_header +struct ip_header { /** - * Version (4 bits) + Internet header length (4 bits) + * Version (4 bits) + Internet header length (4 bits) */ uint8_t vers_ihl; @@ -104,10 +105,10 @@ struct ip_header uint8_t ttl; /** - * Protocol + * Protocol */ uint8_t proto; - + /** * Header checksum */ @@ -119,7 +120,7 @@ struct ip_header uint32_t src_ip; /** - * Destination address + * Destination address */ uint32_t dst_ip; }; @@ -127,7 +128,7 @@ struct ip_header /** * Format of ICMP packet. */ -struct icmp_ttl_exceeded_header +struct icmp_ttl_exceeded_header { uint8_t type; @@ -161,7 +162,7 @@ struct udp_header uint16_t dst_port; uint16_t length; - + uint16_t crc; }; @@ -174,7 +175,7 @@ static int rawsock; * Target "dummy" address of the packet we pretend to respond to. */ static struct in_addr dummy; - + /** * Our "source" port. */ @@ -188,16 +189,16 @@ static uint16_t port; * @param bytes number of bytes in data (must be multiple of 2) * @return the CRC 16. */ -static uint16_t -calc_checksum (const uint16_t *data, +static uint16_t +calc_checksum (const uint16_t *data, unsigned int bytes) { uint32_t sum; unsigned int i; sum = 0; - for (i=0;i> 16); sum = htons(0xffff - sum); return sum; @@ -214,8 +215,8 @@ static void send_icmp_udp (const struct in_addr *my_ip, const struct in_addr *other) { - char packet[sizeof(struct ip_header) * 2 + - sizeof(struct icmp_ttl_exceeded_header) + + char packet[sizeof(struct ip_header) * 2 + + sizeof(struct icmp_ttl_exceeded_header) + sizeof(struct udp_header)]; struct ip_header ip_pkt; struct icmp_ttl_exceeded_header icmp_pkt; @@ -236,10 +237,10 @@ send_icmp_udp (const struct in_addr *my_ip, ip_pkt.checksum = 0; ip_pkt.src_ip = my_ip->s_addr; ip_pkt.dst_ip = other->s_addr; - ip_pkt.checksum = htons(calc_checksum((uint16_t*)&ip_pkt, + ip_pkt.checksum = htons(calc_checksum((uint16_t*)&ip_pkt, sizeof (struct ip_header))); - memcpy(&packet[off], - &ip_pkt, + memcpy(&packet[off], + &ip_pkt, sizeof(struct ip_header)); off += sizeof(struct ip_header); @@ -248,7 +249,7 @@ send_icmp_udp (const struct in_addr *my_ip, icmp_pkt.checksum = 0; icmp_pkt.unused = 0; memcpy(&packet[off], - &icmp_pkt, + &icmp_pkt, sizeof(struct icmp_ttl_exceeded_header)); off += sizeof(struct icmp_ttl_exceeded_header); @@ -266,8 +267,8 @@ send_icmp_udp (const struct in_addr *my_ip, ip_pkt.dst_ip = dummy.s_addr; ip_pkt.checksum = htons(calc_checksum((uint16_t*)&ip_pkt, sizeof (struct ip_header))); - memcpy(&packet[off], - &ip_pkt, + memcpy(&packet[off], + &ip_pkt, sizeof(struct ip_header)); off += sizeof(struct ip_header); @@ -276,7 +277,7 @@ send_icmp_udp (const struct in_addr *my_ip, udp_pkt.dst_port = htons(NAT_TRAV_PORT); udp_pkt.length = htons (port); udp_pkt.crc = 0; - memcpy(&packet[off], + memcpy(&packet[off], &udp_pkt, sizeof(struct udp_header)); off += sizeof(struct udp_header); @@ -286,9 +287,9 @@ send_icmp_udp (const struct in_addr *my_ip, sizeof (struct icmp_ttl_exceeded_header) + sizeof (struct ip_header) + sizeof (struct udp_header))); - memcpy (&packet[sizeof(struct ip_header)], - &icmp_pkt, - sizeof (struct icmp_ttl_exceeded_header)); + memcpy (&packet[sizeof(struct ip_header)], + &icmp_pkt, + sizeof (struct icmp_ttl_exceeded_header)); memset (&dst, 0, sizeof (dst)); dst.sin_family = AF_INET; @@ -339,23 +340,23 @@ send_icmp (const struct in_addr *my_ip, ip_pkt.vers_ihl = 0x45; ip_pkt.tos = 0; ip_pkt.pkt_len = htons (sizeof (packet)); - ip_pkt.id = htons (256); + ip_pkt.id = htons (256); ip_pkt.flags_frag_offset = 0; ip_pkt.ttl = IPDEFTTL; ip_pkt.proto = IPPROTO_ICMP; - ip_pkt.checksum = 0; + ip_pkt.checksum = 0; ip_pkt.src_ip = my_ip->s_addr; ip_pkt.dst_ip = other->s_addr; - ip_pkt.checksum = htons(calc_checksum((uint16_t*)&ip_pkt, + ip_pkt.checksum = htons(calc_checksum((uint16_t*)&ip_pkt, sizeof (struct ip_header))); - memcpy (&packet[off], - &ip_pkt, + memcpy (&packet[off], + &ip_pkt, sizeof (struct ip_header)); off = sizeof (ip_pkt); /* icmp reply: time exceeded */ icmp_ttl.type = ICMP_TIME_EXCEEDED; - icmp_ttl.code = 0; + icmp_ttl.code = 0; icmp_ttl.checksum = 0; icmp_ttl.unused = 0; memcpy (&packet[off], @@ -367,7 +368,7 @@ send_icmp (const struct in_addr *my_ip, ip_pkt.vers_ihl = 0x45; ip_pkt.tos = 0; ip_pkt.pkt_len = htons (sizeof (struct ip_header) + sizeof (struct icmp_echo_header)); - ip_pkt.id = htons (256); + ip_pkt.id = htons (256); ip_pkt.flags_frag_offset = 0; ip_pkt.ttl = 1; /* real TTL would be 1 on a time exceeded packet */ ip_pkt.proto = IPPROTO_ICMP; @@ -375,9 +376,9 @@ send_icmp (const struct in_addr *my_ip, ip_pkt.dst_ip = dummy.s_addr; ip_pkt.checksum = 0; ip_pkt.checksum = htons(calc_checksum((uint16_t*)&ip_pkt, - sizeof (struct ip_header))); - memcpy (&packet[off], - &ip_pkt, + sizeof (struct ip_header))); + memcpy (&packet[off], + &ip_pkt, sizeof (struct ip_header)); off += sizeof (struct ip_header); @@ -385,17 +386,17 @@ send_icmp (const struct in_addr *my_ip, icmp_echo.code = 0; icmp_echo.reserved = htonl (port); icmp_echo.checksum = 0; - icmp_echo.checksum = htons(calc_checksum((uint16_t*) &icmp_echo, + icmp_echo.checksum = htons(calc_checksum((uint16_t*) &icmp_echo, sizeof (struct icmp_echo_header))); - memcpy (&packet[off], + memcpy (&packet[off], &icmp_echo, sizeof(struct icmp_echo_header)); /* no go back to calculate ICMP packet checksum */ off = sizeof (struct ip_header); icmp_ttl.checksum = htons(calc_checksum((uint16_t*) &packet[off], - sizeof (struct icmp_ttl_exceeded_header) + - sizeof (struct ip_header) + + sizeof (struct icmp_ttl_exceeded_header) + + sizeof (struct ip_header) + sizeof (struct icmp_echo_header))); memcpy (&packet[off], &icmp_ttl, @@ -408,17 +409,17 @@ send_icmp (const struct in_addr *my_ip, dst.sin_len = sizeof (struct sockaddr_in); #endif dst.sin_addr = *other; - err = sendto(rawsock, - packet, - sizeof (packet), 0, - (struct sockaddr*)&dst, + err = sendto(rawsock, + packet, + sizeof (packet), 0, + (struct sockaddr*)&dst, sizeof(dst)); - if (err < 0) + if (err < 0) { fprintf(stderr, "sendto failed: %s\n", strerror(errno)); } - else if (sizeof (packet) != (size_t) err) + else if (sizeof (packet) != (size_t) err) { fprintf(stderr, "Error: partial send of ICMP message\n"); @@ -444,7 +445,7 @@ make_raw_socket () "Error opening RAW socket: %s\n", strerror (errno)); return -1; - } + } if (0 != setsockopt(ret, SOL_SOCKET, SO_BROADCAST, (char *)&one, sizeof(one))) { @@ -499,14 +500,14 @@ main (int argc, char *const *argv) return 1; } port = (uint16_t) p; - if (1 != inet_pton (AF_INET, DUMMY_IP, &dummy)) + if (1 != inet_pton (AF_INET, DUMMY_IP, &dummy)) { fprintf (stderr, "Internal error converting dummy IP to binary.\n"); return 2; } if (-1 == (rawsock = make_raw_socket())) - return 2; + return 2; uid = getuid (); if (0 != setresuid (uid, uid, uid)) { diff --git a/src/transport/gnunet-nat-server.c b/src/transport/gnunet-nat-server.c index 5cedb35e3..7892d8f93 100644 --- a/src/transport/gnunet-nat-server.c +++ b/src/transport/gnunet-nat-server.c @@ -39,6 +39,7 @@ * * - Christian Grothoff * - Nathan Evans + * - Benjamin Kuperman (22 Aug 2010) */ #if HAVE_CONFIG_H /* Just needed for HAVE_SOCKADDR_IN_SIN_LEN test macro! */ @@ -46,7 +47,7 @@ #else #define _GNU_SOURCE #endif -#include +#include #include #include #include @@ -61,7 +62,7 @@ #include #include #include -#include +#include /** * Should we print some debug output? @@ -75,7 +76,7 @@ /** * Port for UDP - */ + */ #define NAT_TRAV_PORT 22225 /** @@ -86,11 +87,11 @@ /** * IPv4 header. */ -struct ip_header +struct ip_header { /** - * Version (4 bits) + Internet header length (4 bits) + * Version (4 bits) + Internet header length (4 bits) */ uint8_t vers_ihl; @@ -120,10 +121,10 @@ struct ip_header uint8_t ttl; /** - * Protocol + * Protocol */ uint8_t proto; - + /** * Header checksum */ @@ -135,7 +136,7 @@ struct ip_header uint32_t src_ip; /** - * Destination address + * Destination address */ uint32_t dst_ip; }; @@ -143,7 +144,7 @@ struct ip_header /** * Format of ICMP packet. */ -struct icmp_ttl_exceeded_header +struct icmp_ttl_exceeded_header { uint8_t type; @@ -210,16 +211,16 @@ static struct in_addr dummy; * @param bytes number of bytes in data (must be multiple of 2) * @return the CRC 16. */ -static uint16_t -calc_checksum(const uint16_t *data, +static uint16_t +calc_checksum(const uint16_t *data, unsigned int bytes) { uint32_t sum; unsigned int i; sum = 0; - for (i=0;i> 16); sum = htons(0xffff - sum); return sum; @@ -240,7 +241,7 @@ send_icmp_echo (const struct in_addr *my_ip) struct sockaddr_in dst; size_t off; int err; - + off = 0; ip_pkt.vers_ihl = 0x45; ip_pkt.tos = 0; @@ -249,13 +250,13 @@ send_icmp_echo (const struct in_addr *my_ip) ip_pkt.flags_frag_offset = 0; ip_pkt.ttl = IPDEFTTL; ip_pkt.proto = IPPROTO_ICMP; - ip_pkt.checksum = 0; + ip_pkt.checksum = 0; ip_pkt.src_ip = my_ip->s_addr; ip_pkt.dst_ip = dummy.s_addr; - ip_pkt.checksum = htons(calc_checksum((uint16_t*)&ip_pkt, + ip_pkt.checksum = htons(calc_checksum((uint16_t*)&ip_pkt, sizeof (struct ip_header))); memcpy (&packet[off], - &ip_pkt, + &ip_pkt, sizeof (struct ip_header)); off += sizeof (struct ip_header); @@ -263,31 +264,31 @@ send_icmp_echo (const struct in_addr *my_ip) icmp_echo.code = 0; icmp_echo.checksum = 0; icmp_echo.reserved = 0; - icmp_echo.checksum = htons(calc_checksum((uint16_t*)&icmp_echo, + icmp_echo.checksum = htons(calc_checksum((uint16_t*)&icmp_echo, sizeof (struct icmp_echo_header))); memcpy (&packet[off], &icmp_echo, sizeof (struct icmp_echo_header)); off += sizeof (struct icmp_echo_header); - + memset (&dst, 0, sizeof (dst)); dst.sin_family = AF_INET; #if HAVE_SOCKADDR_IN_SIN_LEN dst.sin_len = sizeof (struct sockaddr_in); #endif dst.sin_addr = dummy; - err = sendto(rawsock, - packet, off, 0, - (struct sockaddr*)&dst, + err = sendto(rawsock, + packet, off, 0, + (struct sockaddr*)&dst, sizeof(dst)); - if (err < 0) + if (err < 0) { #if VERBOSE fprintf(stderr, "sendto failed: %s\n", strerror(errno)); #endif } - else if (sizeof (packet) != err) + else if (sizeof (packet) != err) { fprintf(stderr, "Error: partial send of ICMP message\n"); @@ -303,7 +304,7 @@ send_udp () { struct sockaddr_in dst; ssize_t err; - + memset (&dst, 0, sizeof (dst)); dst.sin_family = AF_INET; #if HAVE_SOCKADDR_IN_SIN_LEN @@ -311,18 +312,18 @@ send_udp () #endif dst.sin_addr = dummy; dst.sin_port = htons (NAT_TRAV_PORT); - err = sendto(udpsock, - NULL, 0, 0, - (struct sockaddr*)&dst, + err = sendto(udpsock, + NULL, 0, 0, + (struct sockaddr*)&dst, sizeof(dst)); - if (err < 0) + if (err < 0) { #if VERBOSE fprintf(stderr, "sendto failed: %s\n", strerror(errno)); #endif } - else if (0 != err) + else if (0 != err) { fprintf(stderr, "Error: partial send of ICMP message\n"); @@ -345,14 +346,14 @@ process_icmp_response () struct udp_header udp_pkt; size_t off; uint16_t port; - + have = read (icmpsock, buf, sizeof (buf)); if (-1 == have) { fprintf (stderr, "Error reading raw socket: %s\n", strerror (errno)); - return; + return; } #if VERBOSE fprintf (stderr, @@ -366,17 +367,17 @@ process_icmp_response () } off = 0; memcpy (&ip_pkt, - &buf[off], + &buf[off], sizeof (struct ip_header)); off += sizeof (struct ip_header); - memcpy(&source_ip, - &ip_pkt.src_ip, + memcpy(&source_ip, + &ip_pkt.src_ip, sizeof (source_ip)); - memcpy (&icmp_ttl, - &buf[off], + memcpy (&icmp_ttl, + &buf[off], sizeof (struct icmp_ttl_exceeded_header)); off += sizeof (struct icmp_ttl_exceeded_header); - if ( (ICMP_TIME_EXCEEDED != icmp_ttl.type) || + if ( (ICMP_TIME_EXCEEDED != icmp_ttl.type) || (0 != icmp_ttl.code) ) { /* different type than what we want */ @@ -384,15 +385,15 @@ process_icmp_response () } /* skip 2nd IP header */ memcpy (&ip_pkt, - &buf[off], + &buf[off], sizeof (struct ip_header)); off += sizeof (struct ip_header); switch (ip_pkt.proto) { case IPPROTO_ICMP: - if (have != (sizeof (struct ip_header) * 2 + - sizeof (struct icmp_ttl_exceeded_header) + + if (have != (sizeof (struct ip_header) * 2 + + sizeof (struct icmp_ttl_exceeded_header) + sizeof (struct icmp_echo_header)) ) { /* malformed */ @@ -405,8 +406,8 @@ process_icmp_response () port = (uint16_t) ntohl (icmp_echo.reserved); break; case IPPROTO_UDP: - if (have != (sizeof (struct ip_header) * 2 + - sizeof (struct icmp_ttl_exceeded_header) + + if (have != (sizeof (struct ip_header) * 2 + + sizeof (struct icmp_ttl_exceeded_header) + sizeof (struct udp_header)) ) { /* malformed */ @@ -418,7 +419,7 @@ process_icmp_response () sizeof (struct udp_header)); port = ntohs (udp_pkt.length); break; - default: + default: /* different type than what we want */ return; } @@ -436,7 +437,7 @@ process_icmp_response () inet_ntop (AF_INET, &source_ip, buf, - sizeof (buf)), + sizeof (buf)), (unsigned int) port); fflush (stdout); } @@ -459,8 +460,8 @@ make_icmp_socket () "Error opening RAW socket: %s\n", strerror (errno)); return -1; - } - if (ret >= FD_SETSIZE) + } + if (ret >= FD_SETSIZE) { fprintf (stderr, "Socket number too large (%d > %u)\n", @@ -491,9 +492,9 @@ make_raw_socket () "Error opening RAW socket: %s\n", strerror (errno)); return -1; - } - if (-1 == setsockopt(ret, - SOL_SOCKET, + } + if (-1 == setsockopt(ret, + SOL_SOCKET, SO_BROADCAST, (char *)&one, sizeof(one))) { @@ -503,8 +504,8 @@ make_raw_socket () close (ret); return -1; } - if (-1 == setsockopt(ret, - IPPROTO_IP, + if (-1 == setsockopt(ret, + IPPROTO_IP, IP_HDRINCL, (char *)&one, sizeof(one))) { @@ -538,8 +539,8 @@ make_udp_socket (const struct in_addr *my_ip) strerror (errno)); return -1; } - memset (&addr, - 0, + memset (&addr, + 0, sizeof (addr)); addr.sin_family = AF_INET; #if HAVE_SOCKADDR_IN_SIN_LEN @@ -563,7 +564,7 @@ make_udp_socket (const struct in_addr *my_ip) int -main (int argc, +main (int argc, char *const *argv) { struct in_addr external; @@ -585,7 +586,7 @@ main (int argc, strerror (errno)); return 1; } - if (1 != inet_pton (AF_INET, DUMMY_IP, &dummy)) + if (1 != inet_pton (AF_INET, DUMMY_IP, &dummy)) { fprintf (stderr, "Internal error converting dummy IP to binary.\n"); @@ -593,26 +594,26 @@ main (int argc, } if (-1 == (icmpsock = make_icmp_socket())) { - return 3; + return 3; } if (-1 == (rawsock = make_raw_socket())) { close (icmpsock); - return 3; + return 3; } uid = getuid (); if (0 != setresuid (uid, uid, uid)) { fprintf (stderr, "Failed to setresuid: %s\n", - strerror (errno)); + strerror (errno)); /* not critical, continue anyway */ } if (-1 == (udpsock = make_udp_socket(&external))) { close (icmpsock); close (rawsock); - return 3; + return 3; } alt = 0; while (1) @@ -620,7 +621,7 @@ main (int argc, FD_ZERO (&rs); FD_SET (icmpsock, &rs); tv.tv_sec = 0; - tv.tv_usec = ICMP_SEND_FREQUENCY_MS * 1000; + tv.tv_usec = ICMP_SEND_FREQUENCY_MS * 1000; if (-1 == select (icmpsock + 1, &rs, NULL, NULL, &tv)) { if (errno == EINTR) @@ -636,7 +637,7 @@ main (int argc, send_icmp_echo (&external); else send_udp (); - } + } /* select failed (internal error or OS out of resources) */ close (icmpsock); close (rawsock); -- 2.25.1