BadVPN – Blame information for rev 1

Subversion Repositories:
Rev:
Rev Author Line No. Line
1 office 1 /**
2 * @file scproto.h
3 * @author Ambroz Bizjak <ambrop7@gmail.com>
4 *
5 * @section LICENSE
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. Neither the name of the author nor the
15 * names of its contributors may be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 *
29 * @section DESCRIPTION
30 *
31 * Definitions for SCProto, the protocol that the clients communicate in
32 * with the server.
33 *
34 * All multi-byte integers in structs are little-endian, unless stated otherwise.
35 *
36 * A SCProto packet consists of:
37 * - a header (struct {@link sc_header}) which contains the type of the
38 * packet
39 * - the payload
40 *
41 * It goes roughly like that:
42 *
43 * When the client connects to the server, it sends a "clienthello" packet
44 * to the server. The packet contains the protocol version the client is using.
45 * When the server receives the "clienthello" packet, it checks the version.
46 * If it doesn't match, it disconnects the client. Otherwise the server sends
47 * the client a "serverhello" packet to the client. That packet contains
48 * the ID of the client and possibly its IPv4 address as the server sees it
49 * (zero if not applicable).
50 *
51 * The server than proceeds to synchronize the peers' knowledge of each other.
52 * It does that by sending a "newclient" messages to a client to inform it of
53 * another peer, and "endclient" messages to inform it that a peer is gone.
54 * Each client, upon receiving a "newclient" message, MUST sent a corresponding
55 * "acceptpeer" message, before sending any messages to the new peer.
56 * The server forwards messages between synchronized peers to allow them to
57 * communicate. A peer sends a message to another peer by sending the "outmsg"
58 * packet to the server, and the server delivers a message to a peer by sending
59 * it the "inmsg" packet.
60 *
61 * The message service is reliable; messages from one client to another are
62 * expected to arrive unmodified and in the same order. There is, however,
63 * no flow control. This means that messages can not be used for bulk transfers
64 * between the clients (and they are not). If the server runs out of buffer for
65 * messages from one client to another, it will stop forwarding messages, and
66 * will reset knowledge of the two clients after some delay. Similarly, if one
67 * of the clients runs out of buffer locally, it will send the "resetpeer"
68 * packet to make the server reset knowledge.
69 *
70 * The messages transport either:
71 *
72 * - If the relevant "newclient" packets do not contain the
73 * SCID_NEWCLIENT_FLAG_SSL flag, then plaintext MsgProto messages.
74 *
75 * - If the relevant "newclient" packets do contain the SCID_NEWCLIENT_FLAG_SSL
76 * flag, then SSL, broken down into packets, PacketProto inside SSL, and finally
77 * MsgProto inside PacketProto. The master peer (one with higher ID) acts as an
78 * SSL server, and the other acts as an SSL client. The peers must identify with
79 * the same certificate they used when connecting to the server, and each peer
80 * must byte-compare the other's certificate agains the one provided to it by
81 * by the server in the relevent "newclient" message.
82 */
83  
84 #ifndef BADVPN_PROTOCOL_SCPROTO_H
85 #define BADVPN_PROTOCOL_SCPROTO_H
86  
87 #include <stdint.h>
88  
89 #include <misc/packed.h>
90  
91 #define SC_VERSION 29
92 #define SC_OLDVERSION_NOSSL 27
93 #define SC_OLDVERSION_BROKENCERT 26
94  
95 #define SC_KEEPALIVE_INTERVAL 10000
96  
97 /**
98 * SCProto packet header.
99 * Follows up to SC_MAX_PAYLOAD bytes of payload.
100 */
101 B_START_PACKED
102 struct sc_header {
103 /**
104 * Message type.
105 */
106 uint8_t type;
107 } B_PACKED;
108 B_END_PACKED
109  
110 #define SC_MAX_PAYLOAD 2000
111 #define SC_MAX_ENC (sizeof(struct sc_header) + SC_MAX_PAYLOAD)
112  
113 typedef uint16_t peerid_t;
114  
115 #define SCID_KEEPALIVE 0
116 #define SCID_CLIENTHELLO 1
117 #define SCID_SERVERHELLO 2
118 #define SCID_NEWCLIENT 3
119 #define SCID_ENDCLIENT 4
120 #define SCID_OUTMSG 5
121 #define SCID_INMSG 6
122 #define SCID_RESETPEER 7
123 #define SCID_ACCEPTPEER 8
124  
125 /**
126 * "clienthello" client packet payload.
127 * Packet type is SCID_CLIENTHELLO.
128 */
129 B_START_PACKED
130 struct sc_client_hello {
131 /**
132 * Protocol version the client is using.
133 */
134 uint16_t version;
135 } B_PACKED;
136 B_END_PACKED
137  
138 /**
139 * "serverhello" server packet payload.
140 * Packet type is SCID_SERVERHELLO.
141 */
142 B_START_PACKED
143 struct sc_server_hello {
144 /**
145 * Flags. Not used yet.
146 */
147 uint16_t flags;
148  
149 /**
150 * Peer ID of the client.
151 */
152 peerid_t id;
153  
154 /**
155 * IPv4 address of the client as seen by the server
156 * (network byte order). Zero if not applicable.
157 */
158 uint32_t clientAddr;
159 } B_PACKED;
160 B_END_PACKED
161  
162 /**
163 * "newclient" server packet payload.
164 * Packet type is SCID_NEWCLIENT.
165 * If the server is using TLS, follows up to SCID_NEWCLIENT_MAX_CERT_LEN
166 * bytes of the new client's certificate (encoded in DER).
167 */
168 B_START_PACKED
169 struct sc_server_newclient {
170 /**
171 * ID of the new peer.
172 */
173 peerid_t id;
174  
175 /**
176 * Flags. Possible flags:
177 * - SCID_NEWCLIENT_FLAG_RELAY_SERVER
178 * You can relay frames to other peers through this peer.
179 * - SCID_NEWCLIENT_FLAG_RELAY_CLIENT
180 * You must allow this peer to relay frames to other peers through you.
181 * - SCID_NEWCLIENT_FLAG_SSL
182 * SSL must be used to talk to this peer through messages.
183 */
184 uint16_t flags;
185 } B_PACKED;
186 B_END_PACKED
187  
188 #define SCID_NEWCLIENT_FLAG_RELAY_SERVER 1
189 #define SCID_NEWCLIENT_FLAG_RELAY_CLIENT 2
190 #define SCID_NEWCLIENT_FLAG_SSL 4
191  
192 #define SCID_NEWCLIENT_MAX_CERT_LEN (SC_MAX_PAYLOAD - sizeof(struct sc_server_newclient))
193  
194 /**
195 * "endclient" server packet payload.
196 * Packet type is SCID_ENDCLIENT.
197 */
198 B_START_PACKED
199 struct sc_server_endclient {
200 /**
201 * ID of the removed peer.
202 */
203 peerid_t id;
204 } B_PACKED;
205 B_END_PACKED
206  
207 /**
208 * "outmsg" client packet header.
209 * Packet type is SCID_OUTMSG.
210 * Follows up to SC_MAX_MSGLEN bytes of message payload.
211 */
212 B_START_PACKED
213 struct sc_client_outmsg {
214 /**
215 * ID of the destionation peer.
216 */
217 peerid_t clientid;
218 } B_PACKED;
219 B_END_PACKED
220  
221 /**
222 * "inmsg" server packet payload.
223 * Packet type is SCID_INMSG.
224 * Follows up to SC_MAX_MSGLEN bytes of message payload.
225 */
226 B_START_PACKED
227 struct sc_server_inmsg {
228 /**
229 * ID of the source peer.
230 */
231 peerid_t clientid;
232 } B_PACKED;
233 B_END_PACKED
234  
235 #define _SC_MAX_OUTMSGLEN (SC_MAX_PAYLOAD - sizeof(struct sc_client_outmsg))
236 #define _SC_MAX_INMSGLEN (SC_MAX_PAYLOAD - sizeof(struct sc_server_inmsg))
237  
238 #define SC_MAX_MSGLEN (_SC_MAX_OUTMSGLEN < _SC_MAX_INMSGLEN ? _SC_MAX_OUTMSGLEN : _SC_MAX_INMSGLEN)
239  
240 /**
241 * "resetpeer" client packet header.
242 * Packet type is SCID_RESETPEER.
243 */
244 B_START_PACKED
245 struct sc_client_resetpeer {
246 /**
247 * ID of the peer to reset.
248 */
249 peerid_t clientid;
250 } B_PACKED;
251 B_END_PACKED
252  
253 /**
254 * "acceptpeer" client packet payload.
255 * Packet type is SCID_ACCEPTPEER.
256 */
257 B_START_PACKED
258 struct sc_client_acceptpeer {
259 /**
260 * ID of the peer to accept.
261 */
262 peerid_t clientid;
263 } B_PACKED;
264 B_END_PACKED
265  
266 #endif