2 This file is part of GNUnet.
3 (C) 2010-2013 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file include/gnunet_tun_lib.h
23 * @brief standard TCP/IP network structs and IP checksum calculations for TUN interaction
24 * @author Philipp Toelke
25 * @author Christian Grothoff
27 #ifndef GNUNET_TUN_LIB_H
28 #define GNUNET_TUN_LIB_H
30 #include "gnunet_util_lib.h"
33 /* see http://www.iana.org/assignments/ethernet-numbers */
38 #define ETH_P_IPV4 0x0800
45 #define ETH_P_IPV6 0x86DD
50 * Maximum regex string length for use with #GNUNET_TUN_ipv4toregexsearch.
52 * 8 bytes for IPv4, 4 bytes for port, 1 byte for "4", 2 bytes for "-",
53 * one byte for 0-termination.
55 #define GNUNET_TUN_IPV4_REGEXLEN 16
59 * Maximum regex string length for use with #GNUNET_TUN_ipv6toregexsearch
61 * 32 bytes for IPv4, 4 bytes for port, 1 byte for "4", 2 bytes for "-",
62 * one byte for 0-termination.
64 #define GNUNET_TUN_IPV6_REGEXLEN 40
67 GNUNET_NETWORK_STRUCT_BEGIN
70 * Header from Linux TUN interface.
72 struct GNUNET_TUN_Layer2PacketHeader
75 * Some flags (unused).
77 uint16_t flags GNUNET_PACKED;
80 * Here we get an ETH_P_-number.
82 uint16_t proto GNUNET_PACKED;
87 * Standard IPv4 header.
89 struct GNUNET_TUN_IPv4Header
91 #if __BYTE_ORDER == __LITTLE_ENDIAN
92 unsigned int header_length:4 GNUNET_PACKED;
93 unsigned int version:4 GNUNET_PACKED;
94 #elif __BYTE_ORDER == __BIG_ENDIAN
95 unsigned int version:4 GNUNET_PACKED;
96 unsigned int header_length:4 GNUNET_PACKED;
98 #error byteorder undefined
103 * Length of the packet, including this header.
105 uint16_t total_length GNUNET_PACKED;
108 * Unique random ID for matching up fragments.
110 uint16_t identification GNUNET_PACKED;
112 unsigned int flags:3 GNUNET_PACKED;
114 unsigned int fragmentation_offset:13 GNUNET_PACKED;
117 * How many more hops can this packet be forwarded?
122 * L4-protocol, for example, IPPROTO_UDP or IPPROTO_TCP.
129 uint16_t checksum GNUNET_PACKED;
132 * Origin of the packet.
134 struct in_addr source_address GNUNET_PACKED;
137 * Destination of the packet.
139 struct in_addr destination_address GNUNET_PACKED;
140 } GNUNET_GCC_STRUCT_LAYOUT;
144 * Standard IPv6 header.
146 struct GNUNET_TUN_IPv6Header
148 #if __BYTE_ORDER == __LITTLE_ENDIAN
149 unsigned int traffic_class_h:4 GNUNET_PACKED;
150 unsigned int version:4 GNUNET_PACKED;
151 unsigned int traffic_class_l:4 GNUNET_PACKED;
152 unsigned int flow_label:20 GNUNET_PACKED;
153 #elif __BYTE_ORDER == __BIG_ENDIAN
154 unsigned int version:4 GNUNET_PACKED;
155 unsigned int traffic_class:8 GNUNET_PACKED;
156 unsigned int flow_label:20 GNUNET_PACKED;
158 #error byteorder undefined
161 * Length of the payload, excluding this header.
163 uint16_t payload_length GNUNET_PACKED;
166 * For example, IPPROTO_UDP or IPPROTO_TCP.
171 * How many more hops can this packet be forwarded?
176 * Origin of the packet.
178 struct in6_addr source_address GNUNET_PACKED;
181 * Destination of the packet.
183 struct in6_addr destination_address GNUNET_PACKED;
184 } GNUNET_GCC_STRUCT_LAYOUT;
190 struct GNUNET_TUN_TcpHeader
193 * Source port (in NBO).
195 uint16_t source_port GNUNET_PACKED;
198 * Destination port (in NBO).
200 uint16_t destination_port GNUNET_PACKED;
205 uint32_t seq GNUNET_PACKED;
208 * Acknowledgement number.
210 uint32_t ack GNUNET_PACKED;
211 #if __BYTE_ORDER == __LITTLE_ENDIAN
213 * Reserved. Must be zero.
215 unsigned int reserved : 4 GNUNET_PACKED;
217 * Number of 32-bit words in TCP header.
219 unsigned int off : 4 GNUNET_PACKED;
220 #elif __BYTE_ORDER == __BIG_ENDIAN
222 * Number of 32-bit words in TCP header.
224 unsigned int off : 4 GNUNET_PACKED;
226 * Reserved. Must be zero.
228 unsigned int reserved : 4 GNUNET_PACKED;
230 #error byteorder undefined
234 * Flags (SYN, FIN, ACK, etc.)
241 uint16_t window_size GNUNET_PACKED;
246 uint16_t crc GNUNET_PACKED;
251 uint16_t urgent_pointer GNUNET_PACKED;
252 } GNUNET_GCC_STRUCT_LAYOUT;
258 struct GNUNET_TUN_UdpHeader
261 * Source port (in NBO).
263 uint16_t source_port GNUNET_PACKED;
266 * Destination port (in NBO).
268 uint16_t destination_port GNUNET_PACKED;
271 * Number of bytes of payload.
273 uint16_t len GNUNET_PACKED;
278 uint16_t crc GNUNET_PACKED;
284 * A few common DNS classes (ok, only one is common, but I list a
285 * couple more to make it clear what we're talking about here).
287 #define GNUNET_TUN_DNS_CLASS_INTERNET 1
288 #define GNUNET_TUN_DNS_CLASS_CHAOS 3
289 #define GNUNET_TUN_DNS_CLASS_HESIOD 4
291 #define GNUNET_TUN_DNS_OPCODE_QUERY 0
292 #define GNUNET_TUN_DNS_OPCODE_INVERSE_QUERY 1
293 #define GNUNET_TUN_DNS_OPCODE_STATUS 2
299 #define GNUNET_TUN_DNS_RETURN_CODE_NO_ERROR 0
300 #define GNUNET_TUN_DNS_RETURN_CODE_FORMAT_ERROR 1
301 #define GNUNET_TUN_DNS_RETURN_CODE_SERVER_FAILURE 2
302 #define GNUNET_TUN_DNS_RETURN_CODE_NAME_ERROR 3
303 #define GNUNET_TUN_DNS_RETURN_CODE_NOT_IMPLEMENTED 4
304 #define GNUNET_TUN_DNS_RETURN_CODE_REFUSED 5
309 #define GNUNET_TUN_DNS_RETURN_CODE_YXDOMAIN 6
310 #define GNUNET_TUN_DNS_RETURN_CODE_YXRRSET 7
311 #define GNUNET_TUN_DNS_RETURN_CODE_NXRRSET 8
312 #define GNUNET_TUN_DNS_RETURN_CODE_NOT_AUTH 9
313 #define GNUNET_TUN_DNS_RETURN_CODE_NOT_ZONE 10
317 * DNS flags (largely RFC 1035 / RFC 2136).
319 struct GNUNET_TUN_DnsFlags
321 #if __BYTE_ORDER == __LITTLE_ENDIAN
323 * Set to 1 if recursion is desired (client -> server)
325 unsigned int recursion_desired : 1 GNUNET_PACKED;
328 * Set to 1 if message is truncated
330 unsigned int message_truncated : 1 GNUNET_PACKED;
333 * Set to 1 if this is an authoritative answer
335 unsigned int authoritative_answer : 1 GNUNET_PACKED;
338 * See GNUNET_TUN_DNS_OPCODE_ defines.
340 unsigned int opcode : 4 GNUNET_PACKED;
343 * query:0, response:1
345 unsigned int query_or_response : 1 GNUNET_PACKED;
348 * See GNUNET_TUN_DNS_RETURN_CODE_ defines.
350 unsigned int return_code : 4 GNUNET_PACKED;
355 unsigned int checking_disabled : 1 GNUNET_PACKED;
358 * Response has been cryptographically verified, RFC 4035.
360 unsigned int authenticated_data : 1 GNUNET_PACKED;
365 unsigned int zero : 1 GNUNET_PACKED;
368 * Set to 1 if recursion is available (server -> client)
370 unsigned int recursion_available : 1 GNUNET_PACKED;
371 #elif __BYTE_ORDER == __BIG_ENDIAN
374 * query:0, response:1
376 unsigned int query_or_response : 1 GNUNET_PACKED;
379 * See GNUNET_TUN_DNS_OPCODE_ defines.
381 unsigned int opcode : 4 GNUNET_PACKED;
384 * Set to 1 if this is an authoritative answer
386 unsigned int authoritative_answer : 1 GNUNET_PACKED;
389 * Set to 1 if message is truncated
391 unsigned int message_truncated : 1 GNUNET_PACKED;
394 * Set to 1 if recursion is desired (client -> server)
396 unsigned int recursion_desired : 1 GNUNET_PACKED;
400 * Set to 1 if recursion is available (server -> client)
402 unsigned int recursion_available : 1 GNUNET_PACKED;
407 unsigned int zero : 1 GNUNET_PACKED;
410 * Response has been cryptographically verified, RFC 4035.
412 unsigned int authenticated_data : 1 GNUNET_PACKED;
417 unsigned int checking_disabled : 1 GNUNET_PACKED;
420 * See GNUNET_TUN_DNS_RETURN_CODE_ defines.
422 unsigned int return_code : 4 GNUNET_PACKED;
424 #error byteorder undefined
427 } GNUNET_GCC_STRUCT_LAYOUT;
434 struct GNUNET_TUN_DnsHeader
437 * Unique identifier for the request/response.
439 uint16_t id GNUNET_PACKED;
444 struct GNUNET_TUN_DnsFlags flags;
449 uint16_t query_count GNUNET_PACKED;
454 uint16_t answer_rcount GNUNET_PACKED;
457 * Number of authoritative answers.
459 uint16_t authority_rcount GNUNET_PACKED;
462 * Number of additional records.
464 uint16_t additional_rcount GNUNET_PACKED;
469 * Payload of DNS SOA record (header).
471 struct GNUNET_TUN_DnsSoaRecord
474 * The version number of the original copy of the zone. (NBO)
476 uint32_t serial GNUNET_PACKED;
479 * Time interval before the zone should be refreshed. (NBO)
481 uint32_t refresh GNUNET_PACKED;
484 * Time interval that should elapse before a failed refresh should
487 uint32_t retry GNUNET_PACKED;
490 * Time value that specifies the upper limit on the time interval
491 * that can elapse before the zone is no longer authoritative. (NBO)
493 uint32_t expire GNUNET_PACKED;
496 * The bit minimum TTL field that should be exported with any RR
497 * from this zone. (NBO)
499 uint32_t minimum GNUNET_PACKED;
504 * Payload of DNS SRV record (header).
506 struct GNUNET_TUN_DnsSrvRecord
510 * Preference for this entry (lower value is higher preference). Clients
511 * will contact hosts from the lowest-priority group first and fall back
512 * to higher priorities if the low-priority entries are unavailable. (NBO)
514 uint16_t prio GNUNET_PACKED;
517 * Relative weight for records with the same priority. Clients will use
518 * the hosts of the same (lowest) priority with a probability proportional
519 * to the weight given. (NBO)
521 uint16_t weight GNUNET_PACKED;
524 * TCP or UDP port of the service. (NBO)
526 uint16_t port GNUNET_PACKED;
528 /* followed by 'target' name */
533 * Payload of DNS CERT record.
535 struct GNUNET_TUN_DnsCertRecord
553 /* Followed by the certificate */
558 * Payload of DNSSEC TLSA record.
559 * http://datatracker.ietf.org/doc/draft-ietf-dane-protocol/
561 struct GNUNET_TUN_DnsTlsaRecord
569 * 3: domain-issued cert
575 * What part will be matched against the cert
576 * presented by server
577 * 0: Full cert (in binary)
578 * 1: Full cert (in DER)
583 * Matching type (of selected content)
588 uint8_t matching_type;
591 * followed by certificate association data
592 * The "certificate association data" to be matched.
593 * These bytes are either raw data (that is, the full certificate or
594 * its SubjectPublicKeyInfo, depending on the selector) for matching
595 * type 0, or the hash of the raw data for matching types 1 and 2.
596 * The data refers to the certificate in the association, not to the
597 * TLS ASN.1 Certificate object.
599 * The data is represented as a string of hex chars
605 * Payload of GNS VPN record
607 struct GNUNET_TUN_GnsVpnRecord
610 * The peer to contact
612 struct GNUNET_PeerIdentity peer;
615 * The protocol to use
619 /* followed by the servicename */
626 struct GNUNET_TUN_DnsQueryLine
629 * Desired type (GNUNET_DNSPARSER_TYPE_XXX). (NBO)
631 uint16_t type GNUNET_PACKED;
634 * Desired class (usually GNUNET_TUN_DNS_CLASS_INTERNET). (NBO)
636 uint16_t dns_traffic_class GNUNET_PACKED;
641 * General DNS record prefix.
643 struct GNUNET_TUN_DnsRecordLine
646 * Record type (GNUNET_DNSPARSER_TYPE_XXX). (NBO)
648 uint16_t type GNUNET_PACKED;
651 * Record class (usually GNUNET_TUN_DNS_CLASS_INTERNET). (NBO)
653 uint16_t dns_traffic_class GNUNET_PACKED;
656 * Expiration for the record (in seconds). (NBO)
658 uint32_t ttl GNUNET_PACKED;
661 * Number of bytes of data that follow. (NBO)
663 uint16_t data_len GNUNET_PACKED;
667 #define GNUNET_TUN_ICMPTYPE_ECHO_REPLY 0
668 #define GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE 3
669 #define GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH 4
670 #define GNUNET_TUN_ICMPTYPE_REDIRECT_MESSAGE 5
671 #define GNUNET_TUN_ICMPTYPE_ECHO_REQUEST 8
672 #define GNUNET_TUN_ICMPTYPE_ROUTER_ADVERTISEMENT 9
673 #define GNUNET_TUN_ICMPTYPE_ROUTER_SOLICITATION 10
674 #define GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED 11
676 #define GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE 1
677 #define GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG 2
678 #define GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED 3
679 #define GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM 4
680 #define GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST 128
681 #define GNUNET_TUN_ICMPTYPE6_ECHO_REPLY 129
687 struct GNUNET_TUN_IcmpHeader
691 uint16_t crc GNUNET_PACKED;
696 * ICMP Echo (request/reply)
700 uint16_t identifier GNUNET_PACKED;
701 uint16_t sequence_number GNUNET_PACKED;
705 * ICMP Destination Unreachable (RFC 1191)
709 uint16_t empty GNUNET_PACKED;
710 uint16_t next_hop_mtu GNUNET_PACKED;
711 /* followed by original IP header + first 8 bytes of original IP datagram */
712 } destination_unreachable;
717 struct in_addr redirect_gateway_address GNUNET_PACKED;
720 * MTU for packets that are too big (IPv6).
722 uint32_t packet_too_big_mtu GNUNET_PACKED;
729 GNUNET_NETWORK_STRUCT_END
733 * Initialize an IPv4 header.
735 * @param ip header to initialize
736 * @param protocol protocol to use (i.e. IPPROTO_UDP)
737 * @param payload_length number of bytes of payload that follow (excluding IPv4 header)
738 * @param src source IP address to use
739 * @param dst destination IP address to use
742 GNUNET_TUN_initialize_ipv4_header (struct GNUNET_TUN_IPv4Header *ip,
744 uint16_t payload_length,
745 const struct in_addr *src,
746 const struct in_addr *dst);
750 * Initialize an IPv6 header.
752 * @param ip header to initialize
753 * @param protocol protocol to use (i.e. IPPROTO_UDP)
754 * @param payload_length number of bytes of payload that follow (excluding IPv4 header)
755 * @param src source IP address to use
756 * @param dst destination IP address to use
759 GNUNET_TUN_initialize_ipv6_header (struct GNUNET_TUN_IPv6Header *ip,
761 uint16_t payload_length,
762 const struct in6_addr *src,
763 const struct in6_addr *dst);
766 * Calculate IPv4 TCP checksum.
768 * @param ip ipv4 header fully initialized
769 * @param tcp TCP header (initialized except for CRC)
770 * @param payload the TCP payload
771 * @param payload_length number of bytes of TCP @a payload
774 GNUNET_TUN_calculate_tcp4_checksum (const struct GNUNET_TUN_IPv4Header *ip,
775 struct GNUNET_TUN_TcpHeader *tcp,
777 uint16_t payload_length);
780 * Calculate IPv6 TCP checksum.
782 * @param ip ipv6 header fully initialized
783 * @param tcp TCP header (initialized except for CRC)
784 * @param payload the TCP payload
785 * @param payload_length number of bytes of TCP payload
788 GNUNET_TUN_calculate_tcp6_checksum (const struct GNUNET_TUN_IPv6Header *ip,
789 struct GNUNET_TUN_TcpHeader *tcp,
791 uint16_t payload_length);
794 * Calculate IPv4 UDP checksum.
796 * @param ip ipv4 header fully initialized
797 * @param udp UDP header (initialized except for CRC)
798 * @param payload the UDP payload
799 * @param payload_length number of bytes of UDP @a payload
802 GNUNET_TUN_calculate_udp4_checksum (const struct GNUNET_TUN_IPv4Header *ip,
803 struct GNUNET_TUN_UdpHeader *udp,
805 uint16_t payload_length);
809 * Calculate IPv6 UDP checksum.
811 * @param ip ipv6 header fully initialized
812 * @param udp UDP header (initialized except for CRC)
813 * @param payload the UDP payload
814 * @param payload_length number of bytes of @a payload
817 GNUNET_TUN_calculate_udp6_checksum (const struct GNUNET_TUN_IPv6Header *ip,
818 struct GNUNET_TUN_UdpHeader *udp,
820 uint16_t payload_length);
824 * Calculate ICMP checksum.
826 * @param icmp IMCP header (initialized except for CRC)
827 * @param payload the ICMP payload
828 * @param payload_length number of bytes of @a payload
831 GNUNET_TUN_calculate_icmp_checksum (struct GNUNET_TUN_IcmpHeader *icmp,
833 uint16_t payload_length);
837 * Create a regex in @a rxstr from the given @a ip and @a port.
839 * @param ip IPv4 representation.
840 * @param port destination port
841 * @param rxstr generated regex, must be at least #GNUNET_TUN_IPV4_REGEXLEN
845 GNUNET_TUN_ipv4toregexsearch (const struct in_addr *ip,
851 * Create a regex in @a rxstr from the given @a ipv6 and @a port.
853 * @param ipv6 IPv6 representation.
854 * @param port destination port
855 * @param rxstr generated regex, must be at least #GNUNET_TUN_IPV6_REGEXLEN
859 GNUNET_TUN_ipv6toregexsearch (const struct in6_addr *ipv6,
865 * Convert an exit policy to a regular expression. The exit policy
866 * specifies a set of subnets this peer is willing to serve as an
867 * exit for; the resulting regular expression will match the
868 * IPv6 address strings as returned by #GNUNET_TUN_ipv6toregexsearch.
870 * @param policy exit policy specification
871 * @return regular expression, NULL on error
874 GNUNET_TUN_ipv6policy2regex (const char *policy);
878 * Convert an exit policy to a regular expression. The exit policy
879 * specifies a set of subnets this peer is willing to serve as an
880 * exit for; the resulting regular expression will match the
881 * IPv4 address strings as returned by #GNUNET_TUN_ipv4toregexsearch.
883 * @param policy exit policy specification
884 * @return regular expression, NULL on error
887 GNUNET_TUN_ipv4policy2regex (const char *policy);
891 * Hash the service name of a hosted service to the
892 * hash code that is used to identify the service on
895 * @param service_name a string
896 * @param hc corresponding hash
899 GNUNET_TUN_service_name_to_hash (const char *service_name,
900 struct GNUNET_HashCode *hc);