portmapper 0.16.0

Portmapping utilities
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305

//! A NAT-PMP response encoding and decoding.

use std::net::Ipv4Addr;

use n0_error::{e, stack_error};
use num_enum::{IntoPrimitive, TryFromPrimitive};

use super::{MapProtocol, Opcode, Version};

/// A NAT-PMP successful Response/Notification.
#[derive(Debug, PartialEq, Eq)]
pub enum Response {
    /// Response to a [`Opcode::DetermineExternalAddress`] request.
    PublicAddress {
        epoch_time: u32,
        public_ip: Ipv4Addr,
    },
    /// Response to a [`Opcode::MapUdp`] request.
    PortMap {
        /// Protocol for which the mapping was requested.
        proto: MapProtocol,
        /// Epoch time of the server.
        epoch_time: u32,
        /// Local port for which the mapping was created.
        private_port: u16,
        /// External port registered for this mapping.
        external_port: u16,
        /// Lifetime in seconds that can be assumed by this mapping.
        lifetime_seconds: u32,
    },
}

/// Result code obtained in a NAT-PMP response.
///
/// See [RFC 6886 Result Codes](https://datatracker.ietf.org/doc/html/rfc6886#section-3.5)
#[derive(Debug, Clone, Copy, PartialEq, Eq, TryFromPrimitive, IntoPrimitive)]
#[repr(u16)]
pub enum ResultCode {
    /// A successful response.
    Success = 0,
    /// The sent version is not supported by the NAT-PMP server.
    UnsupportedVersion = 1,
    /// Functionality is supported but not allowerd: e.g. box supports mapping, but user has turned
    /// feature off.
    NotAuthorizedOrRefused = 2,
    /// Netfork failures, e.g. NAT device itself has not obtained a DHCP lease.
    NetworkFailure = 3,
    /// NAT-PMP server cannot create any more mappings at this time.
    OutOfResources = 4,
    /// Opcode is not supported by the server.
    UnsupportedOpcode = 5,
}

/// Errors that can occur when decoding a [`Response`] from a server.
#[allow(missing_docs)]
#[stack_error(derive, add_meta)]
#[non_exhaustive]
pub enum Error {
    /// Request is too short or is otherwise malformed.
    #[error("Response is malformed")]
    Malformed {},
    /// The [`Response::RESPONSE_INDICATOR`] is not present.
    #[error("Packet does not appear to be a response")]
    NotAResponse {},
    /// The received opcode is not recognized.
    #[error("Invalid Opcode received")]
    InvalidOpcode {},
    /// The received version is not recognized.
    #[error("Invalid version received")]
    InvalidVersion {},
    /// The received result code is not recognized.
    #[error("Invalid result code received")]
    InvalidResultCode {},
    /// Received an error code indicating the server does not support the sent version.
    #[error("Server does not support the version")]
    UnsupportedVersion {},
    /// Received an error code indicating the operation is supported but not authorized.
    #[error("Operation is supported but not authorized")]
    NotAuthorizedOrRefused {},
    /// Received an error code indicating the server experienced a network failure
    #[error("Server experienced a network failure")]
    NetworkFailure {},
    /// Received an error code indicating the server cannot create more mappings at this time.
    #[error("Server is out of resources")]
    OutOfResources {},
    /// Received an error code indicating the Opcode is not supported by the server.
    #[error("Server does not support this opcode")]
    UnsupportedOpcode {},
}

impl Response {
    /// Minimum size of an encoded [`Response`] sent by a server to this client.
    pub const MIN_SIZE: usize = // parts of a public ip response
        1 + // version
        1 + // opcode
        2 + // result code
        4 + // epoch time
        4; // lifetime

    /// Minimum size of an encoded [`Response`] sent by a server to this client.
    pub const MAX_SIZE: usize = // parts of mapping response
        1 + // version
        1 + // opcode
        2 + // result code
        4 + // epoch time
        2 + // private port
        2 + // public port
        4; // lifetime

    /// Indicator ORd into the [`Opcode`] to indicate a response packet.
    pub const RESPONSE_INDICATOR: u8 = 1u8 << 7;

    /// Decode a map response.
    fn decode_map(buf: &[u8], proto: MapProtocol) -> Result<Self, Error> {
        if buf.len() != Self::MAX_SIZE {
            return Err(e!(Error::Malformed));
        }

        let epoch_bytes = buf[4..8].try_into().expect("slice has the right len");
        let epoch_time = u32::from_be_bytes(epoch_bytes);

        let private_port_bytes = buf[8..10].try_into().expect("slice has the right len");
        let private_port = u16::from_be_bytes(private_port_bytes);

        let external_port_bytes = buf[10..12].try_into().expect("slice has the right len");
        let external_port = u16::from_be_bytes(external_port_bytes);

        let lifetime_bytes = buf[12..16].try_into().expect("slice has the right len");
        let lifetime_seconds = u32::from_be_bytes(lifetime_bytes);

        Ok(Response::PortMap {
            proto,
            epoch_time,
            private_port,
            external_port,
            lifetime_seconds,
        })
    }

    /// Decode a response.
    pub fn decode(buf: &[u8]) -> Result<Self, Error> {
        if buf.len() < Self::MIN_SIZE || buf.len() > Self::MAX_SIZE {
            return Err(e!(Error::Malformed));
        }
        let _: Version = buf[0].try_into().map_err(|_| e!(Error::InvalidVersion))?;
        let opcode = buf[1];
        if opcode & Self::RESPONSE_INDICATOR != Self::RESPONSE_INDICATOR {
            return Err(e!(Error::NotAResponse));
        }
        let opcode: Opcode = (opcode & !Self::RESPONSE_INDICATOR)
            .try_into()
            .map_err(|_| e!(Error::InvalidOpcode))?;

        let result_bytes =
            u16::from_be_bytes(buf[2..4].try_into().expect("slice has the right len"));
        let result_code = result_bytes
            .try_into()
            .map_err(|_| e!(Error::InvalidResultCode))?;

        match result_code {
            ResultCode::Success => Ok(()),
            ResultCode::UnsupportedVersion => Err(e!(Error::UnsupportedVersion)),
            ResultCode::NotAuthorizedOrRefused => Err(e!(Error::NotAuthorizedOrRefused)),
            ResultCode::NetworkFailure => Err(e!(Error::NetworkFailure)),
            ResultCode::OutOfResources => Err(e!(Error::OutOfResources)),
            ResultCode::UnsupportedOpcode => Err(e!(Error::UnsupportedOpcode)),
        }?;

        let response = match opcode {
            Opcode::DetermineExternalAddress => {
                let epoch_bytes = buf[4..8].try_into().expect("slice has the right len");
                let epoch_time = u32::from_be_bytes(epoch_bytes);
                let ip_bytes: [u8; 4] = buf[8..12].try_into().expect("slice has the right len");
                Response::PublicAddress {
                    epoch_time,
                    public_ip: ip_bytes.into(),
                }
            }
            Opcode::MapUdp => Self::decode_map(buf, MapProtocol::Udp)?,
            Opcode::MapTcp => Self::decode_map(buf, MapProtocol::Tcp)?,
        };

        Ok(response)
    }

    #[cfg(test)]
    fn random<R: rand::Rng>(opcode: Opcode, rng: &mut R) -> Self {
        use rand::RngExt;

        match opcode {
            Opcode::DetermineExternalAddress => {
                let octets: [u8; 4] = rng.random();
                Response::PublicAddress {
                    epoch_time: rng.random(),
                    public_ip: octets.into(),
                }
            }
            Opcode::MapUdp => Response::PortMap {
                proto: MapProtocol::Udp,
                epoch_time: rng.random(),
                private_port: rng.random(),
                external_port: rng.random(),
                lifetime_seconds: rng.random(),
            },
            Opcode::MapTcp => Response::PortMap {
                proto: MapProtocol::Tcp,
                epoch_time: rng.random(),
                private_port: rng.random(),
                external_port: rng.random(),
                lifetime_seconds: rng.random(),
            },
        }
    }

    #[cfg(test)]
    fn encode(&self) -> Vec<u8> {
        match self {
            Response::PublicAddress {
                epoch_time,
                public_ip,
            } => {
                let mut buf = Vec::with_capacity(Self::MIN_SIZE);
                // version
                buf.push(Version::NatPmp.into());
                // response indicator and opcode
                let opcode: u8 = Opcode::DetermineExternalAddress.into();
                buf.push(Response::RESPONSE_INDICATOR | opcode);
                // result code
                let result_code: u16 = ResultCode::Success.into();
                for b in result_code.to_be_bytes() {
                    buf.push(b);
                }
                // epoch
                for b in epoch_time.to_be_bytes() {
                    buf.push(b);
                }
                // public ip
                for b in public_ip.octets() {
                    buf.push(b)
                }
                buf
            }
            Response::PortMap {
                proto: _,
                epoch_time,
                private_port,
                external_port,
                lifetime_seconds,
            } => {
                let mut buf = Vec::with_capacity(Self::MAX_SIZE);
                // version
                buf.push(Version::NatPmp.into());
                // response indicator and opcode
                let opcode: u8 = Opcode::MapUdp.into();
                buf.push(Response::RESPONSE_INDICATOR | opcode);
                // result code
                let result_code: u16 = ResultCode::Success.into();
                for b in result_code.to_be_bytes() {
                    buf.push(b);
                }
                // epoch
                for b in epoch_time.to_be_bytes() {
                    buf.push(b);
                }
                // internal port
                for b in private_port.to_be_bytes() {
                    buf.push(b)
                }
                // external port
                for b in external_port.to_be_bytes() {
                    buf.push(b)
                }
                for b in lifetime_seconds.to_be_bytes() {
                    buf.push(b)
                }
                buf
            }
        }
    }
}

#[cfg(test)]
mod tests {
    use rand::SeedableRng;

    use super::*;

    #[test]
    fn test_decode_external_addr_response() {
        let mut rng = rand_chacha::ChaCha8Rng::seed_from_u64(42);

        let response = Response::random(Opcode::DetermineExternalAddress, &mut rng);
        let encoded = response.encode();
        assert_eq!(response, Response::decode(&encoded).unwrap());
    }

    #[test]
    fn test_encode_decode_map_response() {
        let mut rng = rand_chacha::ChaCha8Rng::seed_from_u64(42);

        let response = Response::random(Opcode::MapUdp, &mut rng);
        let encoded = response.encode();
        assert_eq!(response, Response::decode(&encoded).unwrap());
    }
}