moonlight-stream/Internet-Hosting-Tool
1
0
Fork 0
mirror of https://github.com/moonlight-stream/Internet-Hosting-Tool.git synced 2025-07-04 00:35:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use a per-server PCP nonce to fix unmapping

Browse Source
This commit is contained in:
Cameron Gutman 2018-11-08 18:09:27 -08:00
parent 3906de1a3a
commit e7e37b8dfb
1 changed files with 28 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
miss/pcp.cpp
View File

@ -8,6 +8,9 @@
#include <WinSock2.h> #include <WinSock2.h>
#include <WS2tcpip.h> #include <WS2tcpip.h>
#pragma comment(lib, "Shlwapi.lib")
#include <shlwapi.h>
#include <assert.h> #include <assert.h>
#include <stdio.h> #include <stdio.h>
@ -48,7 +51,7 @@ typedef struct _PCP_OPTION_HEADER {
typedef struct _PCP_MAP_REQUEST { typedef struct _PCP_MAP_REQUEST {
PCP_REQUEST_HEADER hdr; PCP_REQUEST_HEADER hdr;
int mappingNonce[3]; unsigned char mappingNonce[12];
unsigned char protocol; unsigned char protocol;
unsigned char reserved[3]; unsigned char reserved[3];
unsigned short internalPort; unsigned short internalPort;
@ -62,7 +65,7 @@ typedef struct _PCP_MAP_REQUEST {
typedef struct _PCP_MAP_RESPONSE { typedef struct _PCP_MAP_RESPONSE {
PCP_RESPONSE_HEADER hdr; PCP_RESPONSE_HEADER hdr;
int mappingNonce[3]; unsigned char mappingNonce[12];
unsigned char protocol; unsigned char protocol;
unsigned char reserved[3]; unsigned char reserved[3];
unsigned short internalPort; unsigned short internalPort;
@ -72,6 +75,23 @@ typedef struct _PCP_MAP_RESPONSE {
#pragma pack(pop) #pragma pack(pop)
static void populateMappingNonce(PPCP_MAP_REQUEST request, PSOCKADDR_STORAGE pcpAddr, int pcpAddrLen)
{
struct {
unsigned short port;
unsigned char localAddress[16];
SOCKADDR_STORAGE targetAddress;
} dataToHash;
assert(request->internalPort != 0);
dataToHash.port = request->internalPort;
memcpy(dataToHash.localAddress, request->hdr.localAddress, sizeof(dataToHash.localAddress));
memcpy(&dataToHash.targetAddress, pcpAddr, pcpAddrLen);
HashData((BYTE*)&dataToHash, 18 + pcpAddrLen, request->mappingNonce, sizeof(request->mappingNonce));
}
static void populateAddressFromSockAddr(PSOCKADDR_STORAGE sockAddr, unsigned char* address) static void populateAddressFromSockAddr(PSOCKADDR_STORAGE sockAddr, unsigned char* address)
{ {
if (sockAddr->ss_family == AF_INET) { if (sockAddr->ss_family == AF_INET) {
@ -132,9 +152,6 @@ bool PCPMapPort(PSOCKADDR_STORAGE localAddr, int localAddrLen, PSOCKADDR_STORAGE
reqMsg.hdr.lifetime = htonl(enable ? 3600 : 0); reqMsg.hdr.lifetime = htonl(enable ? 3600 : 0);
populateAddressFromSockAddr(localAddr, reqMsg.hdr.localAddress); populateAddressFromSockAddr(localAddr, reqMsg.hdr.localAddress);
for (int i = 0; i < ARRAYSIZE(reqMsg.mappingNonce); i++) {
reqMsg.mappingNonce[i] = rand();
}
reqMsg.protocol = proto; reqMsg.protocol = proto;
reqMsg.internalPort = htons(port); reqMsg.internalPort = htons(port);
reqMsg.externalPort = htons(port); reqMsg.externalPort = htons(port);
@ -154,6 +171,9 @@ bool PCPMapPort(PSOCKADDR_STORAGE localAddr, int localAddrLen, PSOCKADDR_STORAGE
reqMsgLen = sizeof(reqMsg) - sizeof(reqMsg.preferFailureOption); reqMsgLen = sizeof(reqMsg) - sizeof(reqMsg.preferFailureOption);
} }
// This must be done after the rest of the message is populated
populateMappingNonce(&reqMsg, pcpAddr, pcpAddrLen);
bytesRead = SOCKET_ERROR; bytesRead = SOCKET_ERROR;
for (i = 0; i < RECV_TIMEOUT_SEC; i++) { for (i = 0; i < RECV_TIMEOUT_SEC; i++) {
// Retransmit the request every second until the timeout elapses // Retransmit the request every second until the timeout elapses
@ -212,7 +232,7 @@ bool PCPMapPort(PSOCKADDR_STORAGE localAddr, int localAddrLen, PSOCKADDR_STORAGE
printf("CONFLICT\n"); printf("CONFLICT\n");
break; break;
default: default:
printf("PCP request failed: %d\n", resp.hdr.hdr.result); printf("ERROR: %d\n", resp.hdr.hdr.result);
break; break;
} }
goto fail; goto fail;
@ -232,12 +252,9 @@ bool PCPMapPort(PSOCKADDR_STORAGE localAddr, int localAddrLen, PSOCKADDR_STORAGE
else if (reqMsg.externalPort != resp.hdr.externalPort) { else if (reqMsg.externalPort != resp.hdr.externalPort) {
printf("PCP returned different external port: %d wanted %d\n", htons(resp.hdr.externalPort), htons(reqMsg.externalPort)); printf("PCP returned different external port: %d wanted %d\n", htons(resp.hdr.externalPort), htons(reqMsg.externalPort));
if (enable) { if (enable) {
// Clear the port mapping by modifying and resending the old request // Clear the port mapping by modifying and resending the old request (with the same nonce)
reqMsg.hdr.lifetime = 0; reqMsg.hdr.lifetime = 0;
reqMsg.externalPort = resp.hdr.externalPort; reqMsg.externalPort = resp.hdr.externalPort;
for (int i = 0; i < ARRAYSIZE(reqMsg.mappingNonce); i++) {
reqMsg.mappingNonce[i] = rand();
}
reqMsgLen = sizeof(reqMsg) - sizeof(reqMsg.preferFailureOption); reqMsgLen = sizeof(reqMsg) - sizeof(reqMsg.preferFailureOption);
if (send(sock, (char*)&reqMsg, reqMsgLen, 0) == SOCKET_ERROR) { if (send(sock, (char*)&reqMsg, reqMsgLen, 0) == SOCKET_ERROR) {
printf("Failed to unmap unexpected external port: %d\n", WSAGetLastError()); printf("Failed to unmap unexpected external port: %d\n", WSAGetLastError());
@ -247,7 +264,7 @@ bool PCPMapPort(PSOCKADDR_STORAGE localAddr, int localAddrLen, PSOCKADDR_STORAGE
} }
if (enable) { if (enable) {
printf("OK\n"); printf("OK (%d seconds remaining)\n", ntohl(resp.hdr.hdr.lifetime));
} }
else { else {
printf("DELETED\n"); printf("DELETED\n");