#include "retroshare/rsconfig.h" #include "util/rsnet.h" #include "pqi/pqinetstatebox.h" #include "time.h" #include // External Interface. void pqiNetStateBox::setAddressStunDht(struct sockaddr_in *addr, bool stable) { if ((!mStunDhtSet) || (mStunDhtStable != stable) || (addr->sin_addr.s_addr != mStunDhtAddr.sin_addr.s_addr) || (addr->sin_port != mStunDhtAddr.sin_port)) { mStunDhtSet = true; mStunDhtStable = stable; mStunDhtAddr = *addr; mStatusOkay = false; } mStunDhtTS = time(NULL); } void pqiNetStateBox::setAddressStunProxy(struct sockaddr_in *addr, bool stable) { if ((!mStunProxySet) || (mStunProxyStable != stable) || (addr->sin_addr.s_addr != mStunProxyAddr.sin_addr.s_addr) || (addr->sin_port != mStunProxyAddr.sin_port)) { if (addr->sin_addr.s_addr == mStunProxyAddr.sin_addr.s_addr) { if (mStunProxyStable != stable) { mStunProxySemiStable = true; } } else { mStunProxySemiStable = false; // change of address - must trigger this again! } mStunProxySet = true; mStunProxyStable = stable; mStunProxyAddr = *addr; mStatusOkay = false; } mStunProxyTS = time(NULL); } void pqiNetStateBox::setAddressUPnP(bool active, struct sockaddr_in *addr) { if ((!mUPnPSet) || (mUPnPActive != active) || (addr->sin_addr.s_addr != mUPnPAddr.sin_addr.s_addr) || (addr->sin_port != mUPnPAddr.sin_port)) { mUPnPSet = true; mUPnPAddr = *addr; mUPnPActive = active; mStatusOkay = false; } mUPnPTS = time(NULL); } void pqiNetStateBox::setAddressNatPMP(bool active, struct sockaddr_in *addr) { if ((!mNatPMPSet) || (mNatPMPActive != active) || (addr->sin_addr.s_addr != mNatPMPAddr.sin_addr.s_addr) || (addr->sin_port != mNatPMPAddr.sin_port)) { mNatPMPSet = true; mNatPMPAddr = *addr; mNatPMPActive = active; mStatusOkay = false; } mNatPMPTS = time(NULL); } void pqiNetStateBox::setAddressWebIP(bool active, struct sockaddr_in *addr) { if ((!mWebIPSet) || (mWebIPActive != active) || (addr->sin_addr.s_addr != mWebIPAddr.sin_addr.s_addr) || (addr->sin_port != mWebIPAddr.sin_port)) { mWebIPSet = true; mWebIPAddr = *addr; mWebIPActive = active; mStatusOkay = false; } mWebIPTS = time(NULL); } void pqiNetStateBox::setDhtState(bool on, bool active) { if ((!mDhtSet) || (mDhtActive != active) || (mDhtOn != on)) { mDhtSet = true; mDhtActive = active; mDhtOn = on; mStatusOkay = false; } mDhtTS = time(NULL); } /* Extract Net State */ uint32_t pqiNetStateBox::getNetworkMode() { updateNetState(); return mNetworkMode; } uint32_t pqiNetStateBox::getNatTypeMode() { updateNetState(); return mNatTypeMode; } uint32_t pqiNetStateBox::getNatHoleMode() { updateNetState(); return mNatHoleMode; } uint32_t pqiNetStateBox::getConnectModes() { updateNetState(); return mConnectModes; } uint32_t pqiNetStateBox::getNetStateMode() { updateNetState(); return mNetStateMode; } /******************************** Internal Workings *******************************/ pqiNetStateBox::pqiNetStateBox() { reset(); } void pqiNetStateBox::reset() { mStatusOkay = false; //time_t mStatusTS; mNetworkMode = RSNET_NETWORK_UNKNOWN; mNatTypeMode = RSNET_NATTYPE_UNKNOWN; mNatHoleMode = RSNET_NATHOLE_UNKNOWN; mConnectModes = RSNET_CONNECT_NONE; mNetStateMode = RSNET_NETSTATE_BAD_UNKNOWN; /* Parameters set externally */ mStunDhtSet = false; time_t mStunDhtTS = 0; bool mStunDhtStable = false; //struct sockaddr_in mStunDhtAddr; mStunProxySet = false; mStunProxySemiStable = false; time_t mStunProxyTS = 0; bool mStunProxyStable = false; //struct sockaddr_in mStunProxyAddr; mUPnPSet = false; mUPnPActive = false; //struct sockaddr_in mUPnPAddr; mNatPMPSet = false; mNatPMPActive = false; //struct sockaddr_in mNatPMPAddr; mWebIPSet = false; mWebIPActive = false; //struct sockaddr_in mWebIPAddr; mPortForwardedSet = false; mPortForwarded = 0; mDhtSet = false; mDhtActive = false; mDhtOn = false; } #define NETSTATE_PARAM_TIMEOUT 600 #define NETSTATE_TIMEOUT 60 /* check/update Net State */ int pqiNetStateBox::statusOkay() { if (!mStatusOkay) { return 0; } time_t now = time(NULL); if (now - mStatusTS > NETSTATE_TIMEOUT) { return 0; } return 1; } int pqiNetStateBox::updateNetState() { if (!statusOkay()) { determineNetworkState(); } return 1; } void pqiNetStateBox::clearOldNetworkData() { /* check if any measurements are too old to consider */ time_t now = time(NULL); if (now - mStunProxyTS > NETSTATE_PARAM_TIMEOUT) { mStunProxySet = false; } if (now - mStunDhtTS > NETSTATE_PARAM_TIMEOUT) { mStunDhtSet = false; } } void pqiNetStateBox::determineNetworkState() { clearOldNetworkData(); time_t now = time(NULL); /* now we use the remaining valid input to determine network state */ /* Most important Factor is whether we have DHT(STUN) info to ID connection */ if (mDhtActive) { /* firstly lets try to identify OFFLINE / UNKNOWN */ if ((!mStunProxySet) || (!mStunDhtSet)) { mNetworkMode = RSNET_NETWORK_UNKNOWN; // Assume these. mNatTypeMode = RSNET_NATTYPE_UNKNOWN; mNatHoleMode = RSNET_NATHOLE_NONE; mNetStateMode = RSNET_NETSTATE_BAD_UNKNOWN; //mExtAddress = .... unknown; //mExtAddrStable = false; } else // Both Are Set! { if (!mStunDhtStable) { //mExtAddress = mStunDhtExtAddress; //mExtAddrStable = false; if (mStunProxySemiStable) { /* I'm guessing this will be a common mode for modern NAT/Firewalls. * a DETERMINISTIC SYMMETRIC NAT.... This is likely to be the * next iteration on the RESTRICTED CONE firewall described below. * If you Stun fast, it looks like a SYMMETRIC NAT, but if you let * the NAT timeout, you get back your original port so it looks like * a RESTRICTED CONE nat... * * This kind of NAT is passable, if you only attempt one connection at * a time, and are careful about it! * * NB: The StunDht port will never get this mode. * It has unsolicited traffic which triggers SYM mode * */ mNetworkMode = RSNET_NETWORK_BEHINDNAT; mNatTypeMode = RSNET_NATTYPE_DETERM_SYM; mNatHoleMode = RSNET_NATHOLE_NONE; mNetStateMode = RSNET_NETSTATE_WARNING_NATTED; } else if (!mStunProxyStable) { /* both unstable, Symmetric NAT, Firewalled, No UDP Hole */ mNetworkMode = RSNET_NETWORK_BEHINDNAT; mNatTypeMode = RSNET_NATTYPE_SYMMETRIC; mNatHoleMode = RSNET_NATHOLE_NONE; mNetStateMode = RSNET_NETSTATE_BAD_NATSYM; } else { /* if DhtStun Unstable, but ProxyStable, then we have * an interesting case. This is close to a Debian Firewall * I tested in the past.... * * The big difference between DhtStun and ProxyStun is * that Dht Port receives unsolicated packets, * while Proxy Port always sends an outgoing one first. * * In the case of the debian firewall, the unsolicated pkts * caused the outgoing port to change. * * We will label this difference RESTRICTED vs FULL CONE, * but that label is really fully accurate. (gray area). */ mNetworkMode = RSNET_NETWORK_BEHINDNAT; mNatTypeMode = RSNET_NATTYPE_RESTRICTED_CONE; mNatHoleMode = RSNET_NATHOLE_NONE; mNetStateMode = RSNET_NETSTATE_WARNING_NATTED; } } else // Dht Stable. { /* DHT Stable port can be caused by: * 1) Forwarded Port (UPNP, NATPMP, FORWARDED) * 2) FULL CONE NAT. * 3) EXT Port. * Must look at Proxy Stability. * - if Proxy Unstable, then must be forwarded port. * - if Proxy Stable, then we cannot tell. * -> Must use User Info (Upnp, PMP, Forwarded Flag). * -> Also possible to be EXT Port (Check against iface) */ //mExtAddress = mStunDhtExtAddress; //mExtAddrStable = true; // Initial Fallback Guess at firewall state. if (mStunProxySemiStable) { /* must be a forwarded port/ext or something similar */ mNetworkMode = RSNET_NETWORK_BEHINDNAT; mNatTypeMode = RSNET_NATTYPE_DETERM_SYM; mNatHoleMode = RSNET_NATHOLE_FORWARDED; mNetStateMode = RSNET_NETSTATE_GOOD; } else if (!mStunProxyStable) { /* must be a forwarded port/ext or something similar */ mNetworkMode = RSNET_NETWORK_BEHINDNAT; mNatTypeMode = RSNET_NATTYPE_SYMMETRIC; mNatHoleMode = RSNET_NATHOLE_FORWARDED; mNetStateMode = RSNET_NETSTATE_GOOD; } else { /* fallback is FULL CONE NAT */ mNetworkMode = RSNET_NETWORK_BEHINDNAT; mNatTypeMode = RSNET_NATTYPE_FULL_CONE; mNatHoleMode = RSNET_NATHOLE_NONE; mNetStateMode = RSNET_NETSTATE_WARNING_NATTED; } if (mUPnPActive) { // This Mode is OKAY. mNetworkMode = RSNET_NETWORK_BEHINDNAT; // Use Fallback Guess. //mNatTypeMode = RSNET_NATTYPE_UNKNOWN; mNatHoleMode = RSNET_NATHOLE_UPNP; mNetStateMode = RSNET_NETSTATE_GOOD; //mExtAddress = ... from UPnP, should match StunDht. //mExtAddrStable = true; } else if (mNatPMPActive) { // This Mode is OKAY. mNetworkMode = RSNET_NETWORK_BEHINDNAT; // Use Fallback Guess. //mNatTypeMode = RSNET_NATTYPE_UNKNOWN; mNatHoleMode = RSNET_NATHOLE_NATPMP; mNetStateMode = RSNET_NETSTATE_GOOD; //mExtAddress = ... from NatPMP, should match NatPMP //mExtAddrStable = true; } else { bool isExtAddress = false; if (isExtAddress) { mNetworkMode = RSNET_NETWORK_EXTERNALIP; mNatTypeMode = RSNET_NATTYPE_NONE; mNatHoleMode = RSNET_NATHOLE_NONE; mNetStateMode = RSNET_NETSTATE_GOOD; //mExtAddrStable = true; } else if (mPortForwardedSet) { mNetworkMode = RSNET_NETWORK_BEHINDNAT; // Use Fallback Guess. //mNatTypeMode = RSNET_NATTYPE_UNKNOWN; mNatHoleMode = RSNET_NATHOLE_FORWARDED; mNetStateMode = RSNET_NETSTATE_ADV_FORWARD; //mExtAddrStable = true; // Probably, makin assumption. } else { /* At this point, we go with the fallback guesses */ } } } } } else // DHT Inactive, must use other means... { /* If we get here we are dealing with a silly peer in "DarkMode". * We have to primarily rely on the feedback from UPnP, PMP or WebSite "WhatsMyIp". * This is in the "Advanced" Settings and liable to be set wrong. * but thats the users fault! */ if (mUPnPActive) { // This Mode is OKAY. mNetworkMode = RSNET_NETWORK_BEHINDNAT; mNatTypeMode = RSNET_NATTYPE_UNKNOWN; mNatHoleMode = RSNET_NATHOLE_UPNP; //mExtAddress = ... from UPnP. //mExtAddrStable = true; mNetStateMode = RSNET_NETSTATE_WARNING_NODHT; } else if (mNatPMPActive) { // This Mode is OKAY. mNetworkMode = RSNET_NETWORK_BEHINDNAT; mNatTypeMode = RSNET_NATTYPE_UNKNOWN; mNatHoleMode = RSNET_NATHOLE_NATPMP; //mExtAddress = ... from NatPMP. //mExtAddrStable = true; mNetStateMode = RSNET_NETSTATE_WARNING_NODHT; } else { /* if we reach this point, we really need a Web "WhatsMyIp" Check of our Ext Ip Address. */ /* Check for the possibility of an EXT address ... */ bool isExtAddress = false; //mExtAddress = ... from WhatsMyIp. if (isExtAddress) { mNetworkMode = RSNET_NETWORK_EXTERNALIP; mNatTypeMode = RSNET_NATTYPE_NONE; mNatHoleMode = RSNET_NATHOLE_NONE; //mExtAddrStable = true; mNetStateMode = RSNET_NETSTATE_WARNING_NODHT; } else if (mPortForwardedSet) { mNetworkMode = RSNET_NETWORK_BEHINDNAT; mNatTypeMode = RSNET_NATTYPE_UNKNOWN; mNatHoleMode = RSNET_NATHOLE_FORWARDED; //mExtAddrStable = true; // Probably, makin assumption. mNetStateMode = RSNET_NETSTATE_WARNING_NODHT; } else { /* At this point we must assume firewalled. * These people have destroyed the possibility of making connections ;( * Should WARN about this. */ mNetworkMode = RSNET_NETWORK_BEHINDNAT; mNatTypeMode = RSNET_NATTYPE_UNKNOWN; mNatHoleMode = RSNET_NATHOLE_NONE; mNetStateMode = RSNET_NETSTATE_BAD_NODHT_NAT; //mExtAddrStable = false; // Unlikely to be stable. } } } workoutNetworkMode(); /* say that things are okay */ mStatusOkay = true; mStatusTS = now; } /* based on calculated settings, what is the network mode */ void pqiNetStateBox::workoutNetworkMode() { /* connectModes are dependent on the other modes */ mConnectModes = RSNET_CONNECT_NONE; switch(mNetworkMode) { case RSNET_NETWORK_UNKNOWN: case RSNET_NETWORK_OFFLINE: case RSNET_NETWORK_LOCALNET: /* nothing here */ break; case RSNET_NETWORK_EXTERNALIP: mConnectModes = RSNET_CONNECT_OUTGOING_TCP; mConnectModes |= RSNET_CONNECT_ACCEPT_TCP; if (mDhtActive) { mConnectModes |= RSNET_CONNECT_DIRECT_UDP; /* if open port. don't want PROXY or RELAY connect * because we should be able to do direct with EVERYONE. * Ability to do Proxy is dependent on FIREWALL status. * Technically could do RELAY, but disable both. */ //mConnectModes |= RSNET_CONNECT_PROXY_UDP; //mConnectModes |= RSNET_CONNECT_RELAY_UDP; } break; case RSNET_NETWORK_BEHINDNAT: mConnectModes = RSNET_CONNECT_OUTGOING_TCP; /* we're okay if there's a NAT HOLE */ if ((mNatHoleMode == RSNET_NATHOLE_UPNP) || (mNatHoleMode == RSNET_NATHOLE_NATPMP) || (mNatHoleMode == RSNET_NATHOLE_FORWARDED)) { mConnectModes |= RSNET_CONNECT_ACCEPT_TCP; if (mDhtActive) { mConnectModes |= RSNET_CONNECT_DIRECT_UDP; /* dont want PROXY | RELAY with open ports */ } } else { /* If behind NAT without NATHOLE, this is where RELAY | PROXY * are useful. We Flag DIRECT connections, cos we can do these * with peers with Open Ports. (but not with other NATted peers). */ if (mDhtActive) { mConnectModes |= RSNET_CONNECT_DIRECT_UDP; mConnectModes |= RSNET_CONNECT_RELAY_UDP; if ((mNatTypeMode == RSNET_NATTYPE_RESTRICTED_CONE) || (mNatTypeMode == RSNET_NATTYPE_FULL_CONE) || (mNatTypeMode == RSNET_NATTYPE_DETERM_SYM)) { mConnectModes |= RSNET_CONNECT_PROXY_UDP; } } } break; } } std::string NetStateNetworkModeString(uint32_t netMode) { std::string str; switch(netMode) { default: case RSNET_NETWORK_UNKNOWN: str = "Unknown NetState"; break; case RSNET_NETWORK_OFFLINE: str = "Offline"; break; case RSNET_NETWORK_LOCALNET: str = "Local Net"; break; case RSNET_NETWORK_BEHINDNAT: str = "Behind NAT"; break; case RSNET_NETWORK_EXTERNALIP: str = "External IP"; break; } return str; } std::string NetStateNatTypeString(uint32_t natType) { std::string str; switch(natType) { default: case RSNET_NATTYPE_UNKNOWN: str = "UNKNOWN NAT STATE"; break; case RSNET_NATTYPE_SYMMETRIC: str = "SYMMETRIC NAT"; break; case RSNET_NATTYPE_DETERM_SYM: str = "DETERMINISTIC SYM NAT"; break; case RSNET_NATTYPE_RESTRICTED_CONE: str = "RESTRICTED CONE NAT"; break; case RSNET_NATTYPE_FULL_CONE: str = "FULL CONE NAT"; break; case RSNET_NATTYPE_OTHER: str = "OTHER NAT"; break; case RSNET_NATTYPE_NONE: str = "NO NAT"; break; } return str; } std::string NetStateNatHoleString(uint32_t natHole) { std::string str; switch(natHole) { default: case RSNET_NATHOLE_UNKNOWN: str = "UNKNOWN NAT HOLE STATUS"; break; case RSNET_NATHOLE_NONE: str = "NO NAT HOLE"; break; case RSNET_NATHOLE_UPNP: str = "UPNP FORWARD"; break; case RSNET_NATHOLE_NATPMP: str = "NATPMP FORWARD"; break; case RSNET_NATHOLE_FORWARDED: str = "MANUAL FORWARD"; break; } return str; } std::string NetStateConnectModesString(uint32_t connect) { std::ostringstream connOut; if (connect & RSNET_CONNECT_OUTGOING_TCP) { connOut << "TCP_OUT "; } if (connect & RSNET_CONNECT_ACCEPT_TCP) { connOut << "TCP_IN "; } if (connect & RSNET_CONNECT_DIRECT_UDP) { connOut << "DIRECT_UDP "; } if (connect & RSNET_CONNECT_PROXY_UDP) { connOut << "PROXY_UDP "; } if (connect & RSNET_CONNECT_RELAY_UDP) { connOut << "RELAY_UDP "; } return connOut.str(); } std::string NetStateNetStateString(uint32_t netstate) { std::string str; switch(netstate) { case RSNET_NETSTATE_BAD_UNKNOWN: str = "NET BAD: Unknown State"; break; case RSNET_NETSTATE_BAD_OFFLINE: str = "NET BAD: Offline"; break; case RSNET_NETSTATE_BAD_NATSYM: str = "NET BAD: Behind Symmetric NAT"; break; case RSNET_NETSTATE_BAD_NODHT_NAT: str = "NET BAD: Behind NAT & No DHT"; break; case RSNET_NETSTATE_WARNING_RESTART: str = "NET WARNING: NET Restart"; break; case RSNET_NETSTATE_WARNING_NATTED: str = "NET WARNING: Behind NAT"; break; case RSNET_NETSTATE_WARNING_NODHT: str = "NET WARNING: No DHT"; break; case RSNET_NETSTATE_GOOD: str = "NET STATE GOOD!"; break; case RSNET_NETSTATE_ADV_FORWARD: str = "CAUTION: UNVERIFABLE FORWARD!"; break; case RSNET_NETSTATE_ADV_DARK_FORWARD: str = "CAUTION: UNVERIFABLE FORWARD & NO DHT"; break; } return str; }