miniupnp/miniupnpd/upnpstun.c

476 lines
12 KiB
C

/* $Id: $ */
/* vim: tabstop=4 shiftwidth=4 noexpandtab
* MiniUPnP project
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
* (c) 2018 Pali Rohár
* This software is subject to the conditions detailed
* in the LICENCE file provided within the distribution */
#include <sys/select.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <unistd.h>
#include <netdb.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
#ifndef TEST_LINUX_DEBUG_APP
#include "config.h"
#endif
#include "upnpstun.h"
#if defined(USE_NETFILTER)
#include "netfilter/iptcrdr.h"
#endif
#if defined(USE_PF)
#include "pf/obsdrdr.h"
#endif
#if defined(USE_IPF)
#include "ipf/ipfrdr.h"
#endif
#if defined(USE_IPFW)
#include "ipfw/ipfwrdr.h"
#endif
#ifdef TEST_LINUX_DEBUG_APP
static int add_filter_rule2(const char *ifname, const char *rhost, const char *iaddr, unsigned short eport, unsigned short iport, int proto, const char *desc);
static int delete_filter_rule(const char * ifname, unsigned short port, int proto);
#endif
/* Generate random STUN Transaction Id */
static void generate_transaction_id(unsigned char transaction_id[12])
{
size_t i, n;
long value;
i = 0;
while (i < 12) {
value = random();
n = sizeof(value);
if (i + n > 12)
n = 12 - i;
memcpy(transaction_id + i, &value, n);
i += n;
}
}
/* Create and fill STUN Binding Request */
static void fill_request(unsigned char buffer[28], int change_ip, int change_port)
{
/* Type: Binding Request */
buffer[0] = 0x00;
buffer[1] = 0x01;
/* Length: One 8-byte attribute */
buffer[2] = 0x00;
buffer[3] = 0x08;
/* Magic Cookie: 0x2120A442 */
buffer[4] = 0x21;
buffer[5] = 0x12;
buffer[6] = 0xA4;
buffer[7] = 0x42;
/* Transaction Id */
generate_transaction_id(buffer+8);
/* Attribute Type: Change Request */
buffer[20] = 0x00;
buffer[21] = 0x03;
/* Attribute Length: 4 bytes */
buffer[22] = 0x00;
buffer[23] = 0x04;
buffer[24] = 0x00;
buffer[25] = 0x00;
buffer[26] = 0x00;
buffer[27] = 0x00;
/* Change IP */
buffer[27] |= change_ip ? 0x4 : 0x00;
/* Change Port */
buffer[27] |= change_port ? 0x2 : 0x00;
}
/* Resolve STUN host+port and return sockaddr_in structure */
/* When port is 0 then use default STUN port */
static int resolve_stun_host(const char *stun_host, unsigned short stun_port, struct sockaddr_in *sock_addr)
{
int have_sock;
struct addrinfo hints;
struct addrinfo *result, *rp;
char service[6];
if (stun_port == 0)
stun_port = (unsigned short)3478;
snprintf(service, sizeof(service), "%hu", stun_port);
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_DGRAM;
hints.ai_protocol = IPPROTO_UDP;
hints.ai_flags = AI_NUMERICSERV;
if (getaddrinfo(stun_host, service, &hints, &result) != 0) {
errno = EHOSTUNREACH;
return -1;
}
have_sock = 0;
for (rp = result; rp != NULL; rp = rp->ai_next) {
if (rp->ai_addrlen > sizeof(*sock_addr) || rp->ai_addr->sa_family != AF_INET)
continue;
memcpy(sock_addr, rp->ai_addr, rp->ai_addrlen);
have_sock = 1;
break;
}
freeaddrinfo(result);
if (!have_sock) {
errno = EHOSTUNREACH;
return -1;
}
return 0;
}
/* Create a new UDP socket for STUN connection and return file descriptor and local UDP port */
static int stun_socket(unsigned short *local_port)
{
int fd;
socklen_t addr_len;
struct sockaddr_in local_addr;
fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
if (fd < 0)
return -1;
memset(&local_addr, 0, sizeof(local_addr));
local_addr.sin_family = AF_INET;
local_addr.sin_addr.s_addr = htonl(INADDR_ANY);
local_addr.sin_port = 0;
if (bind(fd, (struct sockaddr *)&local_addr, sizeof(local_addr)) != 0) {
close(fd);
return -1;
}
addr_len = sizeof(local_addr);
if (getsockname(fd, (struct sockaddr *)&local_addr, &addr_len) != 0) {
close(fd);
return -1;
}
*local_port = ntohs(local_addr.sin_port);
return fd;
}
/* Receive STUN response message for specified Transaction Id and returns message and peer address */
static size_t receive_stun_response(int fd, unsigned char *buffer, unsigned char transaction_id[12], size_t buffer_len, struct sockaddr_in *peer_addr)
{
ssize_t len;
socklen_t peer_addr_len = sizeof(*peer_addr);
len = recvfrom(fd, buffer, buffer_len, 0, (struct sockaddr *)peer_addr, &peer_addr_len);
if (len < 20 || peer_addr_len != sizeof(*peer_addr))
return 0;
/* Check that buffer is STUN message with class Response and Binding method with transaction id */
if ((buffer[0] & 0xFF) != 0x01 || (buffer[1] & 0xEF) != 0x01 || memcmp(buffer+8, transaction_id, 12) != 0)
return 0;
return len;
}
/* Wait for STUN response messages and try to receive them */
static int wait_for_stun_responses(int fds[4], unsigned char *transaction_ids[4], unsigned char *buffers[4], size_t buffers_lens[4], struct sockaddr_in peer_addrs[4], size_t lens[4])
{
fd_set fdset;
struct timeval timeout;
int max_fd;
int ret;
int i;
max_fd = fds[0];
for (i = 1; i < 4; i++) {
if (fds[i] > max_fd)
max_fd = fds[i];
}
timeout.tv_sec = 3;
timeout.tv_usec = 0;
while (timeout.tv_sec > 0 || timeout.tv_usec > 0) {
FD_ZERO(&fdset);
for (i = 0; i < 4; i++) {
FD_SET(fds[i], &fdset);
}
ret = select(max_fd+1, &fdset, NULL, NULL, &timeout);
if (ret < 0)
return -1;
if (ret == 0)
return 0;
for (i = 0; i < 4; ++i)
if (FD_ISSET(fds[i], &fdset))
lens[i] = receive_stun_response(fds[i], buffers[i], transaction_ids[i], buffers_lens[i], &peer_addrs[i]);
if (lens[0] && lens[1] && lens[2] && lens[3])
return 0;
}
return 0;
}
/* Parse Mapped Address (with port) from STUN response message */
static int parse_stun_response(unsigned char *buffer, size_t len, struct sockaddr_in *mapped_addr)
{
unsigned char *ptr, *end;
uint16_t attr_type;
uint16_t attr_len;
int have_address;
if (len < 20)
return -1;
/* Check that buffer is STUN message with class Success Response and Binding method */
if (buffer[0] != 0x01 || buffer[1] != 0x01)
return -1;
/* Check that STUN message is not longer as buffer length */
if (((size_t)buffer[2] << 8) + buffer[3] + 20 > len)
return -1;
ptr = buffer + 20;
end = buffer + len;
have_address = 0;
while (ptr + 4 <= end) {
attr_type = ((uint16_t)ptr[0] << 8) + ptr[1];
attr_len = ((uint16_t)ptr[2] << 8) + ptr[3];
ptr += 4;
if (ptr + attr_len > end)
break;
if (attr_type == 0x0001 || attr_type == 0x8020) {
/* Mapped Address or XOR Mapped Address */
if (attr_len == 8 && ptr[1] == 1) {
/* IPv4 address */
if (attr_type == 0x8020) {
/* Restore XOR Mapped Address */
ptr[2] ^= buffer[4];
ptr[3] ^= buffer[5];
ptr[4] ^= buffer[4];
ptr[5] ^= buffer[5];
ptr[6] ^= buffer[6];
ptr[7] ^= buffer[7];
}
mapped_addr->sin_family = AF_INET;
mapped_addr->sin_port = htons(((uint16_t)ptr[2] << 8) + ptr[3]);
mapped_addr->sin_addr.s_addr = htonl(((uint32_t)ptr[4] << 24) + (ptr[5] << 16) + (ptr[6] << 8) + ptr[7]);
/* Prefer XOR Mapped Address, some NATs change IP addresses in UDP packets */
if (attr_type == 0x8020)
return 0;
have_address = 1;
}
}
ptr += attr_len;
}
return have_address ? 0 : -1;
}
/* Perform main STUN operation, return external IP address and check if host is behind restrictive NAT */
/* Restrictive NAT means any NAT which do some filtering and which is not static 1:1, basically NAT which is not usable for port forwarding */
int perform_stun(const char *if_name, const char *if_addr, const char *stun_host, unsigned short stun_port, struct in_addr *ext_addr, int *restrictive_nat)
{
int fds[4];
size_t responses_lens[4];
unsigned char responses_bufs[4][1024];
unsigned char *responses[4];
size_t responses_sizes[4];
unsigned char requests[4][28];
unsigned char *transaction_ids[4];
int have_mapped_addrs[4];
struct sockaddr_in remote_addr, peer_addrs[4], mapped_addrs[4];
unsigned short local_ports[4];
int have_ext_addr;
int i, j;
if (resolve_stun_host(stun_host, stun_port, &remote_addr) != 0)
return -1;
/* Prepare four different STUN requests */
for (i = 0; i < 4; ++i) {
responses_lens[i] = 0;
responses[i] = responses_bufs[i];
responses_sizes[i] = sizeof(responses_bufs[i]);
fds[i] = stun_socket(&local_ports[i]);
if (fds[i] < 0) {
for (j = 0; j < i; ++j)
close(fds[j]);
return -1;
}
fill_request(requests[i], i/2, i%2);
transaction_ids[i] = requests[i]+8;
}
/* Unblock local ports */
for (i = 0; i < 4; ++i)
add_filter_rule2(if_name, NULL, if_addr, local_ports[i], local_ports[i], IPPROTO_UDP, "stun test");
/* Send STUN requests and wait for responses */
for (j = 0; j < 3; ++j) {
for (i = 0; i < 4; ++i) {
if (responses_lens[i])
continue;
if (sendto(fds[i], requests[i], sizeof(requests[i]), 0, (struct sockaddr *)&remote_addr, sizeof(remote_addr)) != sizeof(requests[i]))
break;
}
if (wait_for_stun_responses(fds, transaction_ids, responses, responses_sizes, peer_addrs, responses_lens) != 0)
break;
if (responses_lens[0] && responses_lens[1] && responses_lens[2] && responses_lens[3])
break;
}
/* Remove unblock for local ports */
for (i = 0; i < 4; ++i) {
delete_filter_rule(if_name, local_ports[i], IPPROTO_UDP);
close(fds[i]);
}
/* Parse received STUN messages */
have_ext_addr = 0;
for (i = 0; i < 4; ++i) {
if (parse_stun_response(responses[i], responses_lens[i], &mapped_addrs[i]) == 0)
have_mapped_addrs[i] = 1;
else
have_mapped_addrs[i] = 0;
if (!have_ext_addr && have_mapped_addrs[i]) {
memcpy(ext_addr, &mapped_addrs[i].sin_addr, sizeof(*ext_addr));
have_ext_addr = 1;
}
}
/* We have no external address */
if (!have_ext_addr) {
errno = ENXIO;
return -1;
}
for (i = 0; i < 4; ++i) {
if (!have_mapped_addrs[i]) {
/* We have not received all four responses, therefore NAT or firewall is doing some filtering */
*restrictive_nat = 1;
return 0;
}
}
if (memcmp(&remote_addr, &peer_addrs[0], sizeof(peer_addrs[0])) != 0) {
/* We received STUN response from different address even we did not asked for it, so some strange NAT is active */
*restrictive_nat = 1;
return 0;
}
for (i = 0; i < 4; ++i) {
if (ntohs(mapped_addrs[i].sin_port) != local_ports[i] || memcmp(&mapped_addrs[i].sin_addr, ext_addr, sizeof(*ext_addr)) != 0) {
/* External IP address or port was changed, therefore symmetric NAT is active */
*restrictive_nat = 1;
return 0;
}
}
/* Otherwise we are either directly connected or behind unrestricted NAT 1:1 */
/* There is no filtering, so port forwarding would work fine */
*restrictive_nat = 0;
return 0;
}
#ifdef TEST_LINUX_DEBUG_APP
/* This linux test application for debugging purposes can be compiled as: */
/* gcc upnpstun.c -o upnpstun -g3 -W -Wall -O2 -DTEST_LINUX_DEBUG_APP */
#include <arpa/inet.h>
#include <time.h>
static int add_filter_rule2(const char *ifname, const char *rhost, const char *iaddr, unsigned short eport, unsigned short iport, int proto, const char *desc)
{
char buffer[100];
ifname = ifname;
rhost = rhost;
iaddr = iaddr;
iport = iport;
desc = desc;
snprintf(buffer, sizeof(buffer), "/sbin/iptables -t filter -I INPUT -p %d --dport %hu -j ACCEPT", proto, eport);
printf("Executing: %s\n", buffer);
return system(buffer);
}
static int delete_filter_rule(const char * ifname, unsigned short port, int proto)
{
char buffer[100];
ifname = ifname;
snprintf(buffer, sizeof(buffer), "/sbin/iptables -t filter -D INPUT -p %d --dport %hu -j ACCEPT", proto, port);
printf("Executing: %s\n", buffer);
return system(buffer);
}
int main(int argc, char *argv[])
{
struct in_addr ext_addr;
int restrictive_nat;
int ret;
char str[INET_ADDRSTRLEN];
if (argc != 3 && argc != 2) {
printf("Usage: %s stun_host [stun_port]\n", argv[0]);
return 1;
}
if (argc == 2)
argv[2] = "0";
srandom(time(NULL) * getpid());
ret = perform_stun(NULL, NULL, argv[1], atoi(argv[2]), &ext_addr, &restrictive_nat);
if (ret != 0) {
printf("STUN Failed: %s\n", strerror(errno));
return 1;
}
if (!inet_ntop(AF_INET, &ext_addr, str, INET_ADDRSTRLEN))
str[0] = 0;
printf("External IP address: %s\n", str);
printf("Restrictive NAT: %s\n", restrictive_nat ? "active (port forwarding impossible)" : "not used (ready for port forwarding)");
return 0;
}
#endif