BadVPN – Blame information for rev 1
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
1 | office | 1 | /** |
2 | * @file scproto.h |
||
3 | * @author Ambroz Bizjak <ambrop7@gmail.com> |
||
4 | * |
||
5 | * @section LICENSE |
||
6 | * |
||
7 | * Redistribution and use in source and binary forms, with or without |
||
8 | * modification, are permitted provided that the following conditions are met: |
||
9 | * 1. Redistributions of source code must retain the above copyright |
||
10 | * notice, this list of conditions and the following disclaimer. |
||
11 | * 2. Redistributions in binary form must reproduce the above copyright |
||
12 | * notice, this list of conditions and the following disclaimer in the |
||
13 | * documentation and/or other materials provided with the distribution. |
||
14 | * 3. Neither the name of the author nor the |
||
15 | * names of its contributors may be used to endorse or promote products |
||
16 | * derived from this software without specific prior written permission. |
||
17 | * |
||
18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
||
19 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
||
20 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
||
21 | * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY |
||
22 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
||
23 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
||
24 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
||
25 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
||
26 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
||
27 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
||
28 | * |
||
29 | * @section DESCRIPTION |
||
30 | * |
||
31 | * Definitions for SCProto, the protocol that the clients communicate in |
||
32 | * with the server. |
||
33 | * |
||
34 | * All multi-byte integers in structs are little-endian, unless stated otherwise. |
||
35 | * |
||
36 | * A SCProto packet consists of: |
||
37 | * - a header (struct {@link sc_header}) which contains the type of the |
||
38 | * packet |
||
39 | * - the payload |
||
40 | * |
||
41 | * It goes roughly like that: |
||
42 | * |
||
43 | * When the client connects to the server, it sends a "clienthello" packet |
||
44 | * to the server. The packet contains the protocol version the client is using. |
||
45 | * When the server receives the "clienthello" packet, it checks the version. |
||
46 | * If it doesn't match, it disconnects the client. Otherwise the server sends |
||
47 | * the client a "serverhello" packet to the client. That packet contains |
||
48 | * the ID of the client and possibly its IPv4 address as the server sees it |
||
49 | * (zero if not applicable). |
||
50 | * |
||
51 | * The server than proceeds to synchronize the peers' knowledge of each other. |
||
52 | * It does that by sending a "newclient" messages to a client to inform it of |
||
53 | * another peer, and "endclient" messages to inform it that a peer is gone. |
||
54 | * Each client, upon receiving a "newclient" message, MUST sent a corresponding |
||
55 | * "acceptpeer" message, before sending any messages to the new peer. |
||
56 | * The server forwards messages between synchronized peers to allow them to |
||
57 | * communicate. A peer sends a message to another peer by sending the "outmsg" |
||
58 | * packet to the server, and the server delivers a message to a peer by sending |
||
59 | * it the "inmsg" packet. |
||
60 | * |
||
61 | * The message service is reliable; messages from one client to another are |
||
62 | * expected to arrive unmodified and in the same order. There is, however, |
||
63 | * no flow control. This means that messages can not be used for bulk transfers |
||
64 | * between the clients (and they are not). If the server runs out of buffer for |
||
65 | * messages from one client to another, it will stop forwarding messages, and |
||
66 | * will reset knowledge of the two clients after some delay. Similarly, if one |
||
67 | * of the clients runs out of buffer locally, it will send the "resetpeer" |
||
68 | * packet to make the server reset knowledge. |
||
69 | * |
||
70 | * The messages transport either: |
||
71 | * |
||
72 | * - If the relevant "newclient" packets do not contain the |
||
73 | * SCID_NEWCLIENT_FLAG_SSL flag, then plaintext MsgProto messages. |
||
74 | * |
||
75 | * - If the relevant "newclient" packets do contain the SCID_NEWCLIENT_FLAG_SSL |
||
76 | * flag, then SSL, broken down into packets, PacketProto inside SSL, and finally |
||
77 | * MsgProto inside PacketProto. The master peer (one with higher ID) acts as an |
||
78 | * SSL server, and the other acts as an SSL client. The peers must identify with |
||
79 | * the same certificate they used when connecting to the server, and each peer |
||
80 | * must byte-compare the other's certificate agains the one provided to it by |
||
81 | * by the server in the relevent "newclient" message. |
||
82 | */ |
||
83 | |||
84 | #ifndef BADVPN_PROTOCOL_SCPROTO_H |
||
85 | #define BADVPN_PROTOCOL_SCPROTO_H |
||
86 | |||
87 | #include <stdint.h> |
||
88 | |||
89 | #include <misc/packed.h> |
||
90 | |||
91 | #define SC_VERSION 29 |
||
92 | #define SC_OLDVERSION_NOSSL 27 |
||
93 | #define SC_OLDVERSION_BROKENCERT 26 |
||
94 | |||
95 | #define SC_KEEPALIVE_INTERVAL 10000 |
||
96 | |||
97 | /** |
||
98 | * SCProto packet header. |
||
99 | * Follows up to SC_MAX_PAYLOAD bytes of payload. |
||
100 | */ |
||
101 | B_START_PACKED |
||
102 | struct sc_header { |
||
103 | /** |
||
104 | * Message type. |
||
105 | */ |
||
106 | uint8_t type; |
||
107 | } B_PACKED; |
||
108 | B_END_PACKED |
||
109 | |||
110 | #define SC_MAX_PAYLOAD 2000 |
||
111 | #define SC_MAX_ENC (sizeof(struct sc_header) + SC_MAX_PAYLOAD) |
||
112 | |||
113 | typedef uint16_t peerid_t; |
||
114 | |||
115 | #define SCID_KEEPALIVE 0 |
||
116 | #define SCID_CLIENTHELLO 1 |
||
117 | #define SCID_SERVERHELLO 2 |
||
118 | #define SCID_NEWCLIENT 3 |
||
119 | #define SCID_ENDCLIENT 4 |
||
120 | #define SCID_OUTMSG 5 |
||
121 | #define SCID_INMSG 6 |
||
122 | #define SCID_RESETPEER 7 |
||
123 | #define SCID_ACCEPTPEER 8 |
||
124 | |||
125 | /** |
||
126 | * "clienthello" client packet payload. |
||
127 | * Packet type is SCID_CLIENTHELLO. |
||
128 | */ |
||
129 | B_START_PACKED |
||
130 | struct sc_client_hello { |
||
131 | /** |
||
132 | * Protocol version the client is using. |
||
133 | */ |
||
134 | uint16_t version; |
||
135 | } B_PACKED; |
||
136 | B_END_PACKED |
||
137 | |||
138 | /** |
||
139 | * "serverhello" server packet payload. |
||
140 | * Packet type is SCID_SERVERHELLO. |
||
141 | */ |
||
142 | B_START_PACKED |
||
143 | struct sc_server_hello { |
||
144 | /** |
||
145 | * Flags. Not used yet. |
||
146 | */ |
||
147 | uint16_t flags; |
||
148 | |||
149 | /** |
||
150 | * Peer ID of the client. |
||
151 | */ |
||
152 | peerid_t id; |
||
153 | |||
154 | /** |
||
155 | * IPv4 address of the client as seen by the server |
||
156 | * (network byte order). Zero if not applicable. |
||
157 | */ |
||
158 | uint32_t clientAddr; |
||
159 | } B_PACKED; |
||
160 | B_END_PACKED |
||
161 | |||
162 | /** |
||
163 | * "newclient" server packet payload. |
||
164 | * Packet type is SCID_NEWCLIENT. |
||
165 | * If the server is using TLS, follows up to SCID_NEWCLIENT_MAX_CERT_LEN |
||
166 | * bytes of the new client's certificate (encoded in DER). |
||
167 | */ |
||
168 | B_START_PACKED |
||
169 | struct sc_server_newclient { |
||
170 | /** |
||
171 | * ID of the new peer. |
||
172 | */ |
||
173 | peerid_t id; |
||
174 | |||
175 | /** |
||
176 | * Flags. Possible flags: |
||
177 | * - SCID_NEWCLIENT_FLAG_RELAY_SERVER |
||
178 | * You can relay frames to other peers through this peer. |
||
179 | * - SCID_NEWCLIENT_FLAG_RELAY_CLIENT |
||
180 | * You must allow this peer to relay frames to other peers through you. |
||
181 | * - SCID_NEWCLIENT_FLAG_SSL |
||
182 | * SSL must be used to talk to this peer through messages. |
||
183 | */ |
||
184 | uint16_t flags; |
||
185 | } B_PACKED; |
||
186 | B_END_PACKED |
||
187 | |||
188 | #define SCID_NEWCLIENT_FLAG_RELAY_SERVER 1 |
||
189 | #define SCID_NEWCLIENT_FLAG_RELAY_CLIENT 2 |
||
190 | #define SCID_NEWCLIENT_FLAG_SSL 4 |
||
191 | |||
192 | #define SCID_NEWCLIENT_MAX_CERT_LEN (SC_MAX_PAYLOAD - sizeof(struct sc_server_newclient)) |
||
193 | |||
194 | /** |
||
195 | * "endclient" server packet payload. |
||
196 | * Packet type is SCID_ENDCLIENT. |
||
197 | */ |
||
198 | B_START_PACKED |
||
199 | struct sc_server_endclient { |
||
200 | /** |
||
201 | * ID of the removed peer. |
||
202 | */ |
||
203 | peerid_t id; |
||
204 | } B_PACKED; |
||
205 | B_END_PACKED |
||
206 | |||
207 | /** |
||
208 | * "outmsg" client packet header. |
||
209 | * Packet type is SCID_OUTMSG. |
||
210 | * Follows up to SC_MAX_MSGLEN bytes of message payload. |
||
211 | */ |
||
212 | B_START_PACKED |
||
213 | struct sc_client_outmsg { |
||
214 | /** |
||
215 | * ID of the destionation peer. |
||
216 | */ |
||
217 | peerid_t clientid; |
||
218 | } B_PACKED; |
||
219 | B_END_PACKED |
||
220 | |||
221 | /** |
||
222 | * "inmsg" server packet payload. |
||
223 | * Packet type is SCID_INMSG. |
||
224 | * Follows up to SC_MAX_MSGLEN bytes of message payload. |
||
225 | */ |
||
226 | B_START_PACKED |
||
227 | struct sc_server_inmsg { |
||
228 | /** |
||
229 | * ID of the source peer. |
||
230 | */ |
||
231 | peerid_t clientid; |
||
232 | } B_PACKED; |
||
233 | B_END_PACKED |
||
234 | |||
235 | #define _SC_MAX_OUTMSGLEN (SC_MAX_PAYLOAD - sizeof(struct sc_client_outmsg)) |
||
236 | #define _SC_MAX_INMSGLEN (SC_MAX_PAYLOAD - sizeof(struct sc_server_inmsg)) |
||
237 | |||
238 | #define SC_MAX_MSGLEN (_SC_MAX_OUTMSGLEN < _SC_MAX_INMSGLEN ? _SC_MAX_OUTMSGLEN : _SC_MAX_INMSGLEN) |
||
239 | |||
240 | /** |
||
241 | * "resetpeer" client packet header. |
||
242 | * Packet type is SCID_RESETPEER. |
||
243 | */ |
||
244 | B_START_PACKED |
||
245 | struct sc_client_resetpeer { |
||
246 | /** |
||
247 | * ID of the peer to reset. |
||
248 | */ |
||
249 | peerid_t clientid; |
||
250 | } B_PACKED; |
||
251 | B_END_PACKED |
||
252 | |||
253 | /** |
||
254 | * "acceptpeer" client packet payload. |
||
255 | * Packet type is SCID_ACCEPTPEER. |
||
256 | */ |
||
257 | B_START_PACKED |
||
258 | struct sc_client_acceptpeer { |
||
259 | /** |
||
260 | * ID of the peer to accept. |
||
261 | */ |
||
262 | peerid_t clientid; |
||
263 | } B_PACKED; |
||
264 | B_END_PACKED |
||
265 | |||
266 | #endif |