267 lines
8.1 KiB
C
267 lines
8.1 KiB
C
/**
|
|
* @file scproto.h
|
|
* @author Ambroz Bizjak <ambrop7@gmail.com>
|
|
*
|
|
* @section LICENSE
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. Neither the name of the author nor the
|
|
* names of its contributors may be used to endorse or promote products
|
|
* derived from this software without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
|
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*
|
|
* @section DESCRIPTION
|
|
*
|
|
* Definitions for SCProto, the protocol that the clients communicate in
|
|
* with the server.
|
|
*
|
|
* All multi-byte integers in structs are little-endian, unless stated otherwise.
|
|
*
|
|
* A SCProto packet consists of:
|
|
* - a header (struct {@link sc_header}) which contains the type of the
|
|
* packet
|
|
* - the payload
|
|
*
|
|
* It goes roughly like that:
|
|
*
|
|
* When the client connects to the server, it sends a "clienthello" packet
|
|
* to the server. The packet contains the protocol version the client is using.
|
|
* When the server receives the "clienthello" packet, it checks the version.
|
|
* If it doesn't match, it disconnects the client. Otherwise the server sends
|
|
* the client a "serverhello" packet to the client. That packet contains
|
|
* the ID of the client and possibly its IPv4 address as the server sees it
|
|
* (zero if not applicable).
|
|
*
|
|
* The server than proceeds to synchronize the peers' knowledge of each other.
|
|
* It does that by sending a "newclient" messages to a client to inform it of
|
|
* another peer, and "endclient" messages to inform it that a peer is gone.
|
|
* Each client, upon receiving a "newclient" message, MUST sent a corresponding
|
|
* "acceptpeer" message, before sending any messages to the new peer.
|
|
* The server forwards messages between synchronized peers to allow them to
|
|
* communicate. A peer sends a message to another peer by sending the "outmsg"
|
|
* packet to the server, and the server delivers a message to a peer by sending
|
|
* it the "inmsg" packet.
|
|
*
|
|
* The message service is reliable; messages from one client to another are
|
|
* expected to arrive unmodified and in the same order. There is, however,
|
|
* no flow control. This means that messages can not be used for bulk transfers
|
|
* between the clients (and they are not). If the server runs out of buffer for
|
|
* messages from one client to another, it will stop forwarding messages, and
|
|
* will reset knowledge of the two clients after some delay. Similarly, if one
|
|
* of the clients runs out of buffer locally, it will send the "resetpeer"
|
|
* packet to make the server reset knowledge.
|
|
*
|
|
* The messages transport either:
|
|
*
|
|
* - If the relevant "newclient" packets do not contain the
|
|
* SCID_NEWCLIENT_FLAG_SSL flag, then plaintext MsgProto messages.
|
|
*
|
|
* - If the relevant "newclient" packets do contain the SCID_NEWCLIENT_FLAG_SSL
|
|
* flag, then SSL, broken down into packets, PacketProto inside SSL, and finally
|
|
* MsgProto inside PacketProto. The master peer (one with higher ID) acts as an
|
|
* SSL server, and the other acts as an SSL client. The peers must identify with
|
|
* the same certificate they used when connecting to the server, and each peer
|
|
* must byte-compare the other's certificate agains the one provided to it by
|
|
* by the server in the relevent "newclient" message.
|
|
*/
|
|
|
|
#ifndef BADVPN_PROTOCOL_SCPROTO_H
|
|
#define BADVPN_PROTOCOL_SCPROTO_H
|
|
|
|
#include <stdint.h>
|
|
|
|
#include <misc/packed.h>
|
|
|
|
#define SC_VERSION 29
|
|
#define SC_OLDVERSION_NOSSL 27
|
|
#define SC_OLDVERSION_BROKENCERT 26
|
|
|
|
#define SC_KEEPALIVE_INTERVAL 10000
|
|
|
|
/**
|
|
* SCProto packet header.
|
|
* Follows up to SC_MAX_PAYLOAD bytes of payload.
|
|
*/
|
|
B_START_PACKED
|
|
struct sc_header {
|
|
/**
|
|
* Message type.
|
|
*/
|
|
uint8_t type;
|
|
} B_PACKED;
|
|
B_END_PACKED
|
|
|
|
#define SC_MAX_PAYLOAD 2000
|
|
#define SC_MAX_ENC (sizeof(struct sc_header) + SC_MAX_PAYLOAD)
|
|
|
|
typedef uint16_t peerid_t;
|
|
|
|
#define SCID_KEEPALIVE 0
|
|
#define SCID_CLIENTHELLO 1
|
|
#define SCID_SERVERHELLO 2
|
|
#define SCID_NEWCLIENT 3
|
|
#define SCID_ENDCLIENT 4
|
|
#define SCID_OUTMSG 5
|
|
#define SCID_INMSG 6
|
|
#define SCID_RESETPEER 7
|
|
#define SCID_ACCEPTPEER 8
|
|
|
|
/**
|
|
* "clienthello" client packet payload.
|
|
* Packet type is SCID_CLIENTHELLO.
|
|
*/
|
|
B_START_PACKED
|
|
struct sc_client_hello {
|
|
/**
|
|
* Protocol version the client is using.
|
|
*/
|
|
uint16_t version;
|
|
} B_PACKED;
|
|
B_END_PACKED
|
|
|
|
/**
|
|
* "serverhello" server packet payload.
|
|
* Packet type is SCID_SERVERHELLO.
|
|
*/
|
|
B_START_PACKED
|
|
struct sc_server_hello {
|
|
/**
|
|
* Flags. Not used yet.
|
|
*/
|
|
uint16_t flags;
|
|
|
|
/**
|
|
* Peer ID of the client.
|
|
*/
|
|
peerid_t id;
|
|
|
|
/**
|
|
* IPv4 address of the client as seen by the server
|
|
* (network byte order). Zero if not applicable.
|
|
*/
|
|
uint32_t clientAddr;
|
|
} B_PACKED;
|
|
B_END_PACKED
|
|
|
|
/**
|
|
* "newclient" server packet payload.
|
|
* Packet type is SCID_NEWCLIENT.
|
|
* If the server is using TLS, follows up to SCID_NEWCLIENT_MAX_CERT_LEN
|
|
* bytes of the new client's certificate (encoded in DER).
|
|
*/
|
|
B_START_PACKED
|
|
struct sc_server_newclient {
|
|
/**
|
|
* ID of the new peer.
|
|
*/
|
|
peerid_t id;
|
|
|
|
/**
|
|
* Flags. Possible flags:
|
|
* - SCID_NEWCLIENT_FLAG_RELAY_SERVER
|
|
* You can relay frames to other peers through this peer.
|
|
* - SCID_NEWCLIENT_FLAG_RELAY_CLIENT
|
|
* You must allow this peer to relay frames to other peers through you.
|
|
* - SCID_NEWCLIENT_FLAG_SSL
|
|
* SSL must be used to talk to this peer through messages.
|
|
*/
|
|
uint16_t flags;
|
|
} B_PACKED;
|
|
B_END_PACKED
|
|
|
|
#define SCID_NEWCLIENT_FLAG_RELAY_SERVER 1
|
|
#define SCID_NEWCLIENT_FLAG_RELAY_CLIENT 2
|
|
#define SCID_NEWCLIENT_FLAG_SSL 4
|
|
|
|
#define SCID_NEWCLIENT_MAX_CERT_LEN (SC_MAX_PAYLOAD - sizeof(struct sc_server_newclient))
|
|
|
|
/**
|
|
* "endclient" server packet payload.
|
|
* Packet type is SCID_ENDCLIENT.
|
|
*/
|
|
B_START_PACKED
|
|
struct sc_server_endclient {
|
|
/**
|
|
* ID of the removed peer.
|
|
*/
|
|
peerid_t id;
|
|
} B_PACKED;
|
|
B_END_PACKED
|
|
|
|
/**
|
|
* "outmsg" client packet header.
|
|
* Packet type is SCID_OUTMSG.
|
|
* Follows up to SC_MAX_MSGLEN bytes of message payload.
|
|
*/
|
|
B_START_PACKED
|
|
struct sc_client_outmsg {
|
|
/**
|
|
* ID of the destionation peer.
|
|
*/
|
|
peerid_t clientid;
|
|
} B_PACKED;
|
|
B_END_PACKED
|
|
|
|
/**
|
|
* "inmsg" server packet payload.
|
|
* Packet type is SCID_INMSG.
|
|
* Follows up to SC_MAX_MSGLEN bytes of message payload.
|
|
*/
|
|
B_START_PACKED
|
|
struct sc_server_inmsg {
|
|
/**
|
|
* ID of the source peer.
|
|
*/
|
|
peerid_t clientid;
|
|
} B_PACKED;
|
|
B_END_PACKED
|
|
|
|
#define _SC_MAX_OUTMSGLEN (SC_MAX_PAYLOAD - sizeof(struct sc_client_outmsg))
|
|
#define _SC_MAX_INMSGLEN (SC_MAX_PAYLOAD - sizeof(struct sc_server_inmsg))
|
|
|
|
#define SC_MAX_MSGLEN (_SC_MAX_OUTMSGLEN < _SC_MAX_INMSGLEN ? _SC_MAX_OUTMSGLEN : _SC_MAX_INMSGLEN)
|
|
|
|
/**
|
|
* "resetpeer" client packet header.
|
|
* Packet type is SCID_RESETPEER.
|
|
*/
|
|
B_START_PACKED
|
|
struct sc_client_resetpeer {
|
|
/**
|
|
* ID of the peer to reset.
|
|
*/
|
|
peerid_t clientid;
|
|
} B_PACKED;
|
|
B_END_PACKED
|
|
|
|
/**
|
|
* "acceptpeer" client packet payload.
|
|
* Packet type is SCID_ACCEPTPEER.
|
|
*/
|
|
B_START_PACKED
|
|
struct sc_client_acceptpeer {
|
|
/**
|
|
* ID of the peer to accept.
|
|
*/
|
|
peerid_t clientid;
|
|
} B_PACKED;
|
|
B_END_PACKED
|
|
|
|
#endif
|