Show HN: ICMP P2P Using ICMP Destination Unreachable for Nat Traversal

hajoon221 pts0 comments

GitHub - hajoon22/icmp-p2p: A peer discovery, peer exchange, and signed message propagation protocol over ICMP. · GitHub

/" data-turbo-transient="true" />

Skip to content

Search or jump to...

Search code, repositories, users, issues, pull requests...

-->

Search

Clear

Search syntax tips

Provide feedback

--><br>We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Cancel

Submit feedback

Saved searches

Use saved searches to filter your results more quickly

-->

Name

Query

To see all available qualifiers, see our documentation.

Cancel

Create saved search

Sign in

/;ref_cta:Sign up;ref_loc:header logged out"}"<br>Sign up

Appearance settings

Resetting focus

You signed in with another tab or window. Reload to refresh your session.<br>You signed out in another tab or window. Reload to refresh your session.<br>You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

{{ message }}

hajoon22

icmp-p2p

Public

Notifications<br>You must be signed in to change notification settings

Fork

Star

main

BranchesTags

Go to file

CodeOpen more actions menu

Folders and files<br>NameNameLast commit message<br>Last commit date<br>Latest commit

History<br>152 Commits<br>152 Commits

src

src

LICENSE

LICENSE

Makefile

Makefile

README.md

README.md

config.h

config.h

main.c

main.c

View all files

Repository files navigation

ICMP P2P

A peer discovery, peer exchange, and signed message propagation protocol over ICMP.

Features

Discovers public UDP mappings using STUN.

Discovers peers through bootstrap nodes.

Exchanges peer information between peers.

Verifies discovered peers using Ed25519 signatures.

Maintains a peer table with periodic refresh and timeout handling.

Broadcasts signed messages through the network.

Maintains trust scores for peer selection.

Keeps the UDP NAT mapping alive periodically.

NAT Traversal

This project uses ICMP NAT traversal from:<br>https://github.com/hajoon22/icmp-nat-traversal

Create and maintain a UDP mapping using STUN.

Send ICMP Destination Unreachable packets referencing the mapped UDP flow.

Carry protocol payloads after the quoted IPv4 header and UDP header.

Receive protocol payloads through the NAT mapping.

Verified Environments

Linux netfilter NAT (Ubuntu, Kernel 7.0.0-15-generic)

TELUS Mobility LTE/5G

TELUS Wi-Fi Hub (Firmware v3.26.01 build11)

Vancouver International Airport Authority Public Wi-Fi

U+ GAPD-7500R (Software Version 1.03.10)

LGTELECOM Mobility LTE/5G

Protocol

Protocol payloads are carried inside ICMP packets.

[ICMP Header][IPv4 header][UDP header][protocol payload]

Lookup Request

[type (1 byte)][nonce (2 bytes)][mapped_port (2 bytes)][want (1 byte)][free_slots (1 byte)][public_key (32 bytes)][signature (64 bytes)]

type (1 byte): Protocol identifier.

nonce (2 bytes): Request nonce used to match a Lookup Response.

mapped_port (2 bytes): Sender public UDP mapped port.

want (1 byte): Number of peer entries requested.

free_slots (1 byte): Number of available peer slots on the sender.

public_key (32 bytes): Sender public key.

signature (64 bytes): Ed25519 signature over [type][nonce][mapped_port][want][free_slots][public_key].

Lookup Response

[type (1 byte)][nonce (2 bytes)][free_slots (1 byte)][peers (6*n bytes)][public_key (32 bytes)][signature (64 bytes)]

type (1 byte): Protocol identifier.

nonce (2 bytes): Nonce copied from the corresponding Lookup Request.

free_slots (1 byte): Number of available peer slots on the sender.

peers (6*n bytes): List of IPv4 peer entries.

peer entry: [ipv4_address (4 bytes)][mapped_port (2 bytes)].

public_key (32 bytes): Sender public key.

signature (64 bytes): Ed25519 signature over [type][nonce][free_slots][peers][public_key].

Message

[type (1 byte)][message (n bytes)][fanout (1 byte)][expiry (8 bytes)][signature (64 bytes)]

type (1 byte): Protocol identifier.

message (n bytes): Message payload.

fanout (1 byte): Maximum rebroadcast targets.

expiry (8 bytes): Big endian Unix timestamp.

signature (64 bytes): Ed25519 signature over [type][message][fanout][expiry].

The first 8 bytes of the verified signature are used internally as a message identifier for duplicate suppression.

Message Processing

Receive a Message packet.

Verify the message signature using the configured administrator public key.

Discard expired messages.

Derive a message identifier from the first 8 bytes of the verified signature.

Discard messages that have already been processed.

Print the message payload.

Rebroadcast the message according to the fanout value.

Peer Management

Peer discovery begins by sending Lookup Requests to one or more bootstrap nodes.

Peers can be in one of three states:

unchecked: Discovered but not verified.

checking: Lookup Request sent and waiting for a response.

checked: Verified peer.

Newly discovered peers are added as unchecked.<br>Unchecked peers are verified using Lookup Requests.<br>Lookup...

bytes message peer byte icmp signature

Related Articles