2 This file is part of GNUnet.
3 Copyright (C) 2010-2013 Christian Grothoff
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
17 * @author Philipp Toelke
18 * @author Christian Grothoff
21 * Standard TCP/IP network structs and IP checksum calculations for TUN interaction
23 * @defgroup tun TUN library
24 * Standard TCP/IP network structs and IP checksum calculations for TUN interaction
27 #ifndef GNUNET_TUN_LIB_H
28 #define GNUNET_TUN_LIB_H
30 #include "gnunet_util_lib.h"
33 /* see http://www.iana.org/assignments/ethernet-numbers */
38 #define ETH_P_IPV4 0x0800
45 #define ETH_P_IPV6 0x86DD
50 * Maximum regex string length for use with #GNUNET_TUN_ipv4toregexsearch.
52 * 8 bytes for IPv4, 4 bytes for port, 1 byte for "4", 2 bytes for "-",
53 * one byte for 0-termination.
55 #define GNUNET_TUN_IPV4_REGEXLEN 16
59 * Maximum regex string length for use with #GNUNET_TUN_ipv6toregexsearch
61 * 32 bytes for IPv4, 4 bytes for port, 1 byte for "4", 2 bytes for "-",
62 * one byte for 0-termination.
64 #define GNUNET_TUN_IPV6_REGEXLEN 40
67 GNUNET_NETWORK_STRUCT_BEGIN
70 * Header from Linux TUN interface.
72 struct GNUNET_TUN_Layer2PacketHeader
75 * Some flags (unused).
77 uint16_t flags GNUNET_PACKED;
80 * Here we get an ETH_P_-number.
82 uint16_t proto GNUNET_PACKED;
87 * Standard IPv4 header.
89 struct GNUNET_TUN_IPv4Header
91 #if __BYTE_ORDER == __LITTLE_ENDIAN
92 unsigned int header_length:4 GNUNET_PACKED;
93 unsigned int version:4 GNUNET_PACKED;
94 #elif __BYTE_ORDER == __BIG_ENDIAN
95 unsigned int version:4 GNUNET_PACKED;
96 unsigned int header_length:4 GNUNET_PACKED;
98 #error byteorder undefined
103 * Length of the packet, including this header.
105 uint16_t total_length GNUNET_PACKED;
108 * Unique random ID for matching up fragments.
110 uint16_t identification GNUNET_PACKED;
112 unsigned int flags:3 GNUNET_PACKED;
114 unsigned int fragmentation_offset:13 GNUNET_PACKED;
117 * How many more hops can this packet be forwarded?
122 * L4-protocol, for example, IPPROTO_UDP or IPPROTO_TCP.
129 uint16_t checksum GNUNET_PACKED;
132 * Origin of the packet.
134 struct in_addr source_address GNUNET_PACKED;
137 * Destination of the packet.
139 struct in_addr destination_address GNUNET_PACKED;
140 } GNUNET_GCC_STRUCT_LAYOUT;
144 * Standard IPv6 header.
146 struct GNUNET_TUN_IPv6Header
148 #if __BYTE_ORDER == __LITTLE_ENDIAN
149 unsigned int traffic_class_h:4 GNUNET_PACKED;
150 unsigned int version:4 GNUNET_PACKED;
151 unsigned int traffic_class_l:4 GNUNET_PACKED;
152 unsigned int flow_label:20 GNUNET_PACKED;
153 #elif __BYTE_ORDER == __BIG_ENDIAN
154 unsigned int version:4 GNUNET_PACKED;
155 unsigned int traffic_class:8 GNUNET_PACKED;
156 unsigned int flow_label:20 GNUNET_PACKED;
158 #error byteorder undefined
161 * Length of the payload, excluding this header.
163 uint16_t payload_length GNUNET_PACKED;
166 * For example, IPPROTO_UDP or IPPROTO_TCP.
171 * How many more hops can this packet be forwarded?
176 * Origin of the packet.
178 struct in6_addr source_address GNUNET_PACKED;
181 * Destination of the packet.
183 struct in6_addr destination_address GNUNET_PACKED;
184 } GNUNET_GCC_STRUCT_LAYOUT;
190 #define GNUNET_TUN_TCP_FLAGS_FIN 1
191 #define GNUNET_TUN_TCP_FLAGS_SYN 2
192 #define GNUNET_TUN_TCP_FLAGS_RST 4
193 #define GNUNET_TUN_TCP_FLAGS_PSH 8
194 #define GNUNET_TUN_TCP_FLAGS_ACK 16
195 #define GNUNET_TUN_TCP_FLAGS_URG 32
196 #define GNUNET_TUN_TCP_FLAGS_ECE 64
197 #define GNUNET_TUN_TCP_FLAGS_CWR 128
202 struct GNUNET_TUN_TcpHeader
205 * Source port (in NBO).
207 uint16_t source_port GNUNET_PACKED;
210 * Destination port (in NBO).
212 uint16_t destination_port GNUNET_PACKED;
217 uint32_t seq GNUNET_PACKED;
220 * Acknowledgement number.
222 uint32_t ack GNUNET_PACKED;
223 #if __BYTE_ORDER == __LITTLE_ENDIAN
225 * Reserved. Must be zero.
227 unsigned int reserved : 4 GNUNET_PACKED;
229 * Number of 32-bit words in TCP header.
231 unsigned int off : 4 GNUNET_PACKED;
232 #elif __BYTE_ORDER == __BIG_ENDIAN
234 * Number of 32-bit words in TCP header.
236 unsigned int off : 4 GNUNET_PACKED;
238 * Reserved. Must be zero.
240 unsigned int reserved : 4 GNUNET_PACKED;
242 #error byteorder undefined
246 * Flags (SYN, FIN, ACK, etc.)
253 uint16_t window_size GNUNET_PACKED;
258 uint16_t crc GNUNET_PACKED;
263 uint16_t urgent_pointer GNUNET_PACKED;
264 } GNUNET_GCC_STRUCT_LAYOUT;
270 struct GNUNET_TUN_UdpHeader
273 * Source port (in NBO).
275 uint16_t source_port GNUNET_PACKED;
278 * Destination port (in NBO).
280 uint16_t destination_port GNUNET_PACKED;
283 * Number of bytes of payload.
285 uint16_t len GNUNET_PACKED;
290 uint16_t crc GNUNET_PACKED;
296 * A few common DNS classes (ok, only one is common, but I list a
297 * couple more to make it clear what we're talking about here).
299 #define GNUNET_TUN_DNS_CLASS_INTERNET 1
300 #define GNUNET_TUN_DNS_CLASS_CHAOS 3
301 #define GNUNET_TUN_DNS_CLASS_HESIOD 4
303 #define GNUNET_TUN_DNS_OPCODE_QUERY 0
304 #define GNUNET_TUN_DNS_OPCODE_INVERSE_QUERY 1
305 #define GNUNET_TUN_DNS_OPCODE_STATUS 2
311 #define GNUNET_TUN_DNS_RETURN_CODE_NO_ERROR 0
312 #define GNUNET_TUN_DNS_RETURN_CODE_FORMAT_ERROR 1
313 #define GNUNET_TUN_DNS_RETURN_CODE_SERVER_FAILURE 2
314 #define GNUNET_TUN_DNS_RETURN_CODE_NAME_ERROR 3
315 #define GNUNET_TUN_DNS_RETURN_CODE_NOT_IMPLEMENTED 4
316 #define GNUNET_TUN_DNS_RETURN_CODE_REFUSED 5
321 #define GNUNET_TUN_DNS_RETURN_CODE_YXDOMAIN 6
322 #define GNUNET_TUN_DNS_RETURN_CODE_YXRRSET 7
323 #define GNUNET_TUN_DNS_RETURN_CODE_NXRRSET 8
324 #define GNUNET_TUN_DNS_RETURN_CODE_NOT_AUTH 9
325 #define GNUNET_TUN_DNS_RETURN_CODE_NOT_ZONE 10
329 * DNS flags (largely RFC 1035 / RFC 2136).
331 struct GNUNET_TUN_DnsFlags
333 #if __BYTE_ORDER == __LITTLE_ENDIAN
335 * Set to 1 if recursion is desired (client -> server)
337 unsigned int recursion_desired : 1 GNUNET_PACKED;
340 * Set to 1 if message is truncated
342 unsigned int message_truncated : 1 GNUNET_PACKED;
345 * Set to 1 if this is an authoritative answer
347 unsigned int authoritative_answer : 1 GNUNET_PACKED;
350 * See GNUNET_TUN_DNS_OPCODE_ defines.
352 unsigned int opcode : 4 GNUNET_PACKED;
355 * query:0, response:1
357 unsigned int query_or_response : 1 GNUNET_PACKED;
360 * See GNUNET_TUN_DNS_RETURN_CODE_ defines.
362 unsigned int return_code : 4 GNUNET_PACKED;
367 unsigned int checking_disabled : 1 GNUNET_PACKED;
370 * Response has been cryptographically verified, RFC 4035.
372 unsigned int authenticated_data : 1 GNUNET_PACKED;
377 unsigned int zero : 1 GNUNET_PACKED;
380 * Set to 1 if recursion is available (server -> client)
382 unsigned int recursion_available : 1 GNUNET_PACKED;
383 #elif __BYTE_ORDER == __BIG_ENDIAN
386 * query:0, response:1
388 unsigned int query_or_response : 1 GNUNET_PACKED;
391 * See GNUNET_TUN_DNS_OPCODE_ defines.
393 unsigned int opcode : 4 GNUNET_PACKED;
396 * Set to 1 if this is an authoritative answer
398 unsigned int authoritative_answer : 1 GNUNET_PACKED;
401 * Set to 1 if message is truncated
403 unsigned int message_truncated : 1 GNUNET_PACKED;
406 * Set to 1 if recursion is desired (client -> server)
408 unsigned int recursion_desired : 1 GNUNET_PACKED;
412 * Set to 1 if recursion is available (server -> client)
414 unsigned int recursion_available : 1 GNUNET_PACKED;
419 unsigned int zero : 1 GNUNET_PACKED;
422 * Response has been cryptographically verified, RFC 4035.
424 unsigned int authenticated_data : 1 GNUNET_PACKED;
429 unsigned int checking_disabled : 1 GNUNET_PACKED;
432 * See GNUNET_TUN_DNS_RETURN_CODE_ defines.
434 unsigned int return_code : 4 GNUNET_PACKED;
436 #error byteorder undefined
439 } GNUNET_GCC_STRUCT_LAYOUT;
446 struct GNUNET_TUN_DnsHeader
449 * Unique identifier for the request/response.
451 uint16_t id GNUNET_PACKED;
456 struct GNUNET_TUN_DnsFlags flags;
461 uint16_t query_count GNUNET_PACKED;
466 uint16_t answer_rcount GNUNET_PACKED;
469 * Number of authoritative answers.
471 uint16_t authority_rcount GNUNET_PACKED;
474 * Number of additional records.
476 uint16_t additional_rcount GNUNET_PACKED;
481 * Payload of DNS SOA record (header).
483 struct GNUNET_TUN_DnsSoaRecord
486 * The version number of the original copy of the zone. (NBO)
488 uint32_t serial GNUNET_PACKED;
491 * Time interval before the zone should be refreshed. (NBO)
493 uint32_t refresh GNUNET_PACKED;
496 * Time interval that should elapse before a failed refresh should
499 uint32_t retry GNUNET_PACKED;
502 * Time value that specifies the upper limit on the time interval
503 * that can elapse before the zone is no longer authoritative. (NBO)
505 uint32_t expire GNUNET_PACKED;
508 * The bit minimum TTL field that should be exported with any RR
509 * from this zone. (NBO)
511 uint32_t minimum GNUNET_PACKED;
516 * Payload of DNS SRV record (header).
518 struct GNUNET_TUN_DnsSrvRecord
522 * Preference for this entry (lower value is higher preference). Clients
523 * will contact hosts from the lowest-priority group first and fall back
524 * to higher priorities if the low-priority entries are unavailable. (NBO)
526 uint16_t prio GNUNET_PACKED;
529 * Relative weight for records with the same priority. Clients will use
530 * the hosts of the same (lowest) priority with a probability proportional
531 * to the weight given. (NBO)
533 uint16_t weight GNUNET_PACKED;
536 * TCP or UDP port of the service. (NBO)
538 uint16_t port GNUNET_PACKED;
540 /* followed by 'target' name */
545 * Payload of DNS CERT record.
547 struct GNUNET_TUN_DnsCertRecord
565 /* Followed by the certificate */
570 * Payload of DNSSEC TLSA record.
571 * http://datatracker.ietf.org/doc/draft-ietf-dane-protocol/
573 struct GNUNET_TUN_DnsTlsaRecord
581 * 3: domain-issued cert
587 * What part will be matched against the cert
588 * presented by server
589 * 0: Full cert (in binary)
590 * 1: Full cert (in DER)
595 * Matching type (of selected content)
600 uint8_t matching_type;
603 * followed by certificate association data
604 * The "certificate association data" to be matched.
605 * These bytes are either raw data (that is, the full certificate or
606 * its SubjectPublicKeyInfo, depending on the selector) for matching
607 * type 0, or the hash of the raw data for matching types 1 and 2.
608 * The data refers to the certificate in the association, not to the
609 * TLS ASN.1 Certificate object.
611 * The data is represented as a string of hex chars
617 * Payload of GNS VPN record
619 struct GNUNET_TUN_GnsVpnRecord
622 * The peer to contact
624 struct GNUNET_PeerIdentity peer;
627 * The protocol to use
631 /* followed by the servicename */
638 struct GNUNET_TUN_DnsQueryLine
641 * Desired type (GNUNET_DNSPARSER_TYPE_XXX). (NBO)
643 uint16_t type GNUNET_PACKED;
646 * Desired class (usually GNUNET_TUN_DNS_CLASS_INTERNET). (NBO)
648 uint16_t dns_traffic_class GNUNET_PACKED;
653 * General DNS record prefix.
655 struct GNUNET_TUN_DnsRecordLine
658 * Record type (GNUNET_DNSPARSER_TYPE_XXX). (NBO)
660 uint16_t type GNUNET_PACKED;
663 * Record class (usually GNUNET_TUN_DNS_CLASS_INTERNET). (NBO)
665 uint16_t dns_traffic_class GNUNET_PACKED;
668 * Expiration for the record (in seconds). (NBO)
670 uint32_t ttl GNUNET_PACKED;
673 * Number of bytes of data that follow. (NBO)
675 uint16_t data_len GNUNET_PACKED;
679 #define GNUNET_TUN_ICMPTYPE_ECHO_REPLY 0
680 #define GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE 3
681 #define GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH 4
682 #define GNUNET_TUN_ICMPTYPE_REDIRECT_MESSAGE 5
683 #define GNUNET_TUN_ICMPTYPE_ECHO_REQUEST 8
684 #define GNUNET_TUN_ICMPTYPE_ROUTER_ADVERTISEMENT 9
685 #define GNUNET_TUN_ICMPTYPE_ROUTER_SOLICITATION 10
686 #define GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED 11
688 #define GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE 1
689 #define GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG 2
690 #define GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED 3
691 #define GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM 4
692 #define GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST 128
693 #define GNUNET_TUN_ICMPTYPE6_ECHO_REPLY 129
699 struct GNUNET_TUN_IcmpHeader
703 uint16_t crc GNUNET_PACKED;
708 * ICMP Echo (request/reply)
712 uint16_t identifier GNUNET_PACKED;
713 uint16_t sequence_number GNUNET_PACKED;
717 * ICMP Destination Unreachable (RFC 1191)
721 uint16_t empty GNUNET_PACKED;
722 uint16_t next_hop_mtu GNUNET_PACKED;
723 /* followed by original IP header + first 8 bytes of original IP datagram */
724 } destination_unreachable;
729 struct in_addr redirect_gateway_address GNUNET_PACKED;
732 * MTU for packets that are too big (IPv6).
734 uint32_t packet_too_big_mtu GNUNET_PACKED;
741 GNUNET_NETWORK_STRUCT_END
745 * Initialize an IPv4 header.
747 * @param ip header to initialize
748 * @param protocol protocol to use (i.e. IPPROTO_UDP)
749 * @param payload_length number of bytes of payload that follow (excluding IPv4 header)
750 * @param src source IP address to use
751 * @param dst destination IP address to use
754 GNUNET_TUN_initialize_ipv4_header (struct GNUNET_TUN_IPv4Header *ip,
756 uint16_t payload_length,
757 const struct in_addr *src,
758 const struct in_addr *dst);
762 * Initialize an IPv6 header.
764 * @param ip header to initialize
765 * @param protocol protocol to use (i.e. IPPROTO_UDP)
766 * @param payload_length number of bytes of payload that follow (excluding IPv4 header)
767 * @param src source IP address to use
768 * @param dst destination IP address to use
771 GNUNET_TUN_initialize_ipv6_header (struct GNUNET_TUN_IPv6Header *ip,
773 uint16_t payload_length,
774 const struct in6_addr *src,
775 const struct in6_addr *dst);
778 * Calculate IPv4 TCP checksum.
780 * @param ip ipv4 header fully initialized
781 * @param tcp TCP header (initialized except for CRC)
782 * @param payload the TCP payload
783 * @param payload_length number of bytes of TCP @a payload
786 GNUNET_TUN_calculate_tcp4_checksum (const struct GNUNET_TUN_IPv4Header *ip,
787 struct GNUNET_TUN_TcpHeader *tcp,
789 uint16_t payload_length);
792 * Calculate IPv6 TCP checksum.
794 * @param ip ipv6 header fully initialized
795 * @param tcp TCP header (initialized except for CRC)
796 * @param payload the TCP payload
797 * @param payload_length number of bytes of TCP payload
800 GNUNET_TUN_calculate_tcp6_checksum (const struct GNUNET_TUN_IPv6Header *ip,
801 struct GNUNET_TUN_TcpHeader *tcp,
803 uint16_t payload_length);
806 * Calculate IPv4 UDP checksum.
808 * @param ip ipv4 header fully initialized
809 * @param udp UDP header (initialized except for CRC)
810 * @param payload the UDP payload
811 * @param payload_length number of bytes of UDP @a payload
814 GNUNET_TUN_calculate_udp4_checksum (const struct GNUNET_TUN_IPv4Header *ip,
815 struct GNUNET_TUN_UdpHeader *udp,
817 uint16_t payload_length);
821 * Calculate IPv6 UDP checksum.
823 * @param ip ipv6 header fully initialized
824 * @param udp UDP header (initialized except for CRC)
825 * @param payload the UDP payload
826 * @param payload_length number of bytes of @a payload
829 GNUNET_TUN_calculate_udp6_checksum (const struct GNUNET_TUN_IPv6Header *ip,
830 struct GNUNET_TUN_UdpHeader *udp,
832 uint16_t payload_length);
836 * Calculate ICMP checksum.
838 * @param icmp IMCP header (initialized except for CRC)
839 * @param payload the ICMP payload
840 * @param payload_length number of bytes of @a payload
843 GNUNET_TUN_calculate_icmp_checksum (struct GNUNET_TUN_IcmpHeader *icmp,
845 uint16_t payload_length);
849 * Create a regex in @a rxstr from the given @a ip and @a port.
851 * @param ip IPv4 representation.
852 * @param port destination port
853 * @param rxstr generated regex, must be at least #GNUNET_TUN_IPV4_REGEXLEN
857 GNUNET_TUN_ipv4toregexsearch (const struct in_addr *ip,
863 * Create a regex in @a rxstr from the given @a ipv6 and @a port.
865 * @param ipv6 IPv6 representation.
866 * @param port destination port
867 * @param rxstr generated regex, must be at least #GNUNET_TUN_IPV6_REGEXLEN
871 GNUNET_TUN_ipv6toregexsearch (const struct in6_addr *ipv6,
877 * Convert an exit policy to a regular expression. The exit policy
878 * specifies a set of subnets this peer is willing to serve as an
879 * exit for; the resulting regular expression will match the
880 * IPv6 address strings as returned by #GNUNET_TUN_ipv6toregexsearch.
882 * @param policy exit policy specification
883 * @return regular expression, NULL on error
886 GNUNET_TUN_ipv6policy2regex (const char *policy);
890 * Convert an exit policy to a regular expression. The exit policy
891 * specifies a set of subnets this peer is willing to serve as an
892 * exit for; the resulting regular expression will match the
893 * IPv4 address strings as returned by #GNUNET_TUN_ipv4toregexsearch.
895 * @param policy exit policy specification
896 * @return regular expression, NULL on error
899 GNUNET_TUN_ipv4policy2regex (const char *policy);
903 * Hash the service name of a hosted service to the
904 * hash code that is used to identify the service on
907 * @param service_name a string
908 * @param[out] hc corresponding hash
911 GNUNET_TUN_service_name_to_hash (const char *service_name,
912 struct GNUNET_HashCode *hc);
916 * Check if two sockaddrs are equal.
918 * @param sa one address
919 * @param sb another address
920 * @param include_port also check ports
921 * @return #GNUNET_YES if they are equal
924 GNUNET_TUN_sockaddr_cmp (const struct sockaddr *sa,
925 const struct sockaddr *sb,
930 * Compute the CADET port given a service descriptor
931 * (returned from #GNUNET_TUN_service_name_to_hash) and
932 * a TCP/UDP port @a ip_port.
934 * @param desc service shared secret
935 * @param ip_port TCP/UDP port, use 0 for ICMP
936 * @param[out] cadet_port CADET port to use
939 GNUNET_TUN_compute_service_cadet_port (const struct GNUNET_HashCode *desc,
941 struct GNUNET_HashCode *cadet_port);
945 /** @} */ /* end of group */