2 This file is part of GNUnet.
3 Copyright (C) 2010-2013 Christian Grothoff
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 * @author Philipp Toelke
21 * @author Christian Grothoff
24 * Standard TCP/IP network structs and IP checksum calculations for TUN interaction
26 * @defgroup tun TUN library
27 * Standard TCP/IP network structs and IP checksum calculations for TUN interaction
30 #ifndef GNUNET_TUN_LIB_H
31 #define GNUNET_TUN_LIB_H
33 #include "gnunet_common.h"
34 #include "gnunet_crypto_lib.h"
37 /* see http://www.iana.org/assignments/ethernet-numbers */
42 #define ETH_P_IPV4 0x0800
49 #define ETH_P_IPV6 0x86DD
54 * Maximum regex string length for use with #GNUNET_TUN_ipv4toregexsearch.
56 * 8 bytes for IPv4, 4 bytes for port, 1 byte for "4", 2 bytes for "-",
57 * one byte for 0-termination.
59 #define GNUNET_TUN_IPV4_REGEXLEN 16
63 * Maximum regex string length for use with #GNUNET_TUN_ipv6toregexsearch
65 * 32 bytes for IPv4, 4 bytes for port, 1 byte for "4", 2 bytes for "-",
66 * one byte for 0-termination.
68 #define GNUNET_TUN_IPV6_REGEXLEN 40
71 GNUNET_NETWORK_STRUCT_BEGIN
74 * Header from Linux TUN interface.
76 struct GNUNET_TUN_Layer2PacketHeader
79 * Some flags (unused).
81 uint16_t flags GNUNET_PACKED;
84 * Here we get an ETH_P_-number.
86 uint16_t proto GNUNET_PACKED;
91 * Standard IPv4 header.
93 struct GNUNET_TUN_IPv4Header
95 #if __BYTE_ORDER == __LITTLE_ENDIAN
96 unsigned int header_length:4 GNUNET_PACKED;
97 unsigned int version:4 GNUNET_PACKED;
98 #elif __BYTE_ORDER == __BIG_ENDIAN
99 unsigned int version:4 GNUNET_PACKED;
100 unsigned int header_length:4 GNUNET_PACKED;
102 #error byteorder undefined
107 * Length of the packet, including this header.
109 uint16_t total_length GNUNET_PACKED;
112 * Unique random ID for matching up fragments.
114 uint16_t identification GNUNET_PACKED;
116 unsigned int flags:3 GNUNET_PACKED;
118 unsigned int fragmentation_offset:13 GNUNET_PACKED;
121 * How many more hops can this packet be forwarded?
126 * L4-protocol, for example, IPPROTO_UDP or IPPROTO_TCP.
133 uint16_t checksum GNUNET_PACKED;
136 * Origin of the packet.
138 struct in_addr source_address GNUNET_PACKED;
141 * Destination of the packet.
143 struct in_addr destination_address GNUNET_PACKED;
144 } GNUNET_GCC_STRUCT_LAYOUT;
148 * Standard IPv6 header.
150 struct GNUNET_TUN_IPv6Header
152 #if __BYTE_ORDER == __LITTLE_ENDIAN
153 unsigned int traffic_class_h:4 GNUNET_PACKED;
154 unsigned int version:4 GNUNET_PACKED;
155 unsigned int traffic_class_l:4 GNUNET_PACKED;
156 unsigned int flow_label:20 GNUNET_PACKED;
157 #elif __BYTE_ORDER == __BIG_ENDIAN
158 unsigned int version:4 GNUNET_PACKED;
159 unsigned int traffic_class:8 GNUNET_PACKED;
160 unsigned int flow_label:20 GNUNET_PACKED;
162 #error byteorder undefined
165 * Length of the payload, excluding this header.
167 uint16_t payload_length GNUNET_PACKED;
170 * For example, IPPROTO_UDP or IPPROTO_TCP.
175 * How many more hops can this packet be forwarded?
180 * Origin of the packet.
182 struct in6_addr source_address GNUNET_PACKED;
185 * Destination of the packet.
187 struct in6_addr destination_address GNUNET_PACKED;
188 } GNUNET_GCC_STRUCT_LAYOUT;
194 #define GNUNET_TUN_TCP_FLAGS_FIN 1
195 #define GNUNET_TUN_TCP_FLAGS_SYN 2
196 #define GNUNET_TUN_TCP_FLAGS_RST 4
197 #define GNUNET_TUN_TCP_FLAGS_PSH 8
198 #define GNUNET_TUN_TCP_FLAGS_ACK 16
199 #define GNUNET_TUN_TCP_FLAGS_URG 32
200 #define GNUNET_TUN_TCP_FLAGS_ECE 64
201 #define GNUNET_TUN_TCP_FLAGS_CWR 128
206 struct GNUNET_TUN_TcpHeader
209 * Source port (in NBO).
211 uint16_t source_port GNUNET_PACKED;
214 * Destination port (in NBO).
216 uint16_t destination_port GNUNET_PACKED;
221 uint32_t seq GNUNET_PACKED;
224 * Acknowledgement number.
226 uint32_t ack GNUNET_PACKED;
227 #if __BYTE_ORDER == __LITTLE_ENDIAN
229 * Reserved. Must be zero.
231 unsigned int reserved : 4 GNUNET_PACKED;
233 * Number of 32-bit words in TCP header.
235 unsigned int off : 4 GNUNET_PACKED;
236 #elif __BYTE_ORDER == __BIG_ENDIAN
238 * Number of 32-bit words in TCP header.
240 unsigned int off : 4 GNUNET_PACKED;
242 * Reserved. Must be zero.
244 unsigned int reserved : 4 GNUNET_PACKED;
246 #error byteorder undefined
250 * Flags (SYN, FIN, ACK, etc.)
257 uint16_t window_size GNUNET_PACKED;
262 uint16_t crc GNUNET_PACKED;
267 uint16_t urgent_pointer GNUNET_PACKED;
268 } GNUNET_GCC_STRUCT_LAYOUT;
274 struct GNUNET_TUN_UdpHeader
277 * Source port (in NBO).
279 uint16_t source_port GNUNET_PACKED;
282 * Destination port (in NBO).
284 uint16_t destination_port GNUNET_PACKED;
287 * Number of bytes of payload.
289 uint16_t len GNUNET_PACKED;
294 uint16_t crc GNUNET_PACKED;
300 * A few common DNS classes (ok, only one is common, but I list a
301 * couple more to make it clear what we're talking about here).
303 #define GNUNET_TUN_DNS_CLASS_INTERNET 1
304 #define GNUNET_TUN_DNS_CLASS_CHAOS 3
305 #define GNUNET_TUN_DNS_CLASS_HESIOD 4
307 #define GNUNET_TUN_DNS_OPCODE_QUERY 0
308 #define GNUNET_TUN_DNS_OPCODE_INVERSE_QUERY 1
309 #define GNUNET_TUN_DNS_OPCODE_STATUS 2
315 #define GNUNET_TUN_DNS_RETURN_CODE_NO_ERROR 0
316 #define GNUNET_TUN_DNS_RETURN_CODE_FORMAT_ERROR 1
317 #define GNUNET_TUN_DNS_RETURN_CODE_SERVER_FAILURE 2
318 #define GNUNET_TUN_DNS_RETURN_CODE_NAME_ERROR 3
319 #define GNUNET_TUN_DNS_RETURN_CODE_NOT_IMPLEMENTED 4
320 #define GNUNET_TUN_DNS_RETURN_CODE_REFUSED 5
325 #define GNUNET_TUN_DNS_RETURN_CODE_YXDOMAIN 6
326 #define GNUNET_TUN_DNS_RETURN_CODE_YXRRSET 7
327 #define GNUNET_TUN_DNS_RETURN_CODE_NXRRSET 8
328 #define GNUNET_TUN_DNS_RETURN_CODE_NOT_AUTH 9
329 #define GNUNET_TUN_DNS_RETURN_CODE_NOT_ZONE 10
333 * DNS flags (largely RFC 1035 / RFC 2136).
335 struct GNUNET_TUN_DnsFlags
337 #if __BYTE_ORDER == __LITTLE_ENDIAN
339 * Set to 1 if recursion is desired (client -> server)
341 unsigned int recursion_desired : 1 GNUNET_PACKED;
344 * Set to 1 if message is truncated
346 unsigned int message_truncated : 1 GNUNET_PACKED;
349 * Set to 1 if this is an authoritative answer
351 unsigned int authoritative_answer : 1 GNUNET_PACKED;
354 * See GNUNET_TUN_DNS_OPCODE_ defines.
356 unsigned int opcode : 4 GNUNET_PACKED;
359 * query:0, response:1
361 unsigned int query_or_response : 1 GNUNET_PACKED;
364 * See GNUNET_TUN_DNS_RETURN_CODE_ defines.
366 unsigned int return_code : 4 GNUNET_PACKED;
371 unsigned int checking_disabled : 1 GNUNET_PACKED;
374 * Response has been cryptographically verified, RFC 4035.
376 unsigned int authenticated_data : 1 GNUNET_PACKED;
381 unsigned int zero : 1 GNUNET_PACKED;
384 * Set to 1 if recursion is available (server -> client)
386 unsigned int recursion_available : 1 GNUNET_PACKED;
387 #elif __BYTE_ORDER == __BIG_ENDIAN
390 * query:0, response:1
392 unsigned int query_or_response : 1 GNUNET_PACKED;
395 * See GNUNET_TUN_DNS_OPCODE_ defines.
397 unsigned int opcode : 4 GNUNET_PACKED;
400 * Set to 1 if this is an authoritative answer
402 unsigned int authoritative_answer : 1 GNUNET_PACKED;
405 * Set to 1 if message is truncated
407 unsigned int message_truncated : 1 GNUNET_PACKED;
410 * Set to 1 if recursion is desired (client -> server)
412 unsigned int recursion_desired : 1 GNUNET_PACKED;
416 * Set to 1 if recursion is available (server -> client)
418 unsigned int recursion_available : 1 GNUNET_PACKED;
423 unsigned int zero : 1 GNUNET_PACKED;
426 * Response has been cryptographically verified, RFC 4035.
428 unsigned int authenticated_data : 1 GNUNET_PACKED;
433 unsigned int checking_disabled : 1 GNUNET_PACKED;
436 * See GNUNET_TUN_DNS_RETURN_CODE_ defines.
438 unsigned int return_code : 4 GNUNET_PACKED;
440 #error byteorder undefined
443 } GNUNET_GCC_STRUCT_LAYOUT;
450 struct GNUNET_TUN_DnsHeader
453 * Unique identifier for the request/response.
455 uint16_t id GNUNET_PACKED;
460 struct GNUNET_TUN_DnsFlags flags;
465 uint16_t query_count GNUNET_PACKED;
470 uint16_t answer_rcount GNUNET_PACKED;
473 * Number of authoritative answers.
475 uint16_t authority_rcount GNUNET_PACKED;
478 * Number of additional records.
480 uint16_t additional_rcount GNUNET_PACKED;
485 * Payload of DNS SOA record (header).
487 struct GNUNET_TUN_DnsSoaRecord
490 * The version number of the original copy of the zone. (NBO)
492 uint32_t serial GNUNET_PACKED;
495 * Time interval before the zone should be refreshed. (NBO)
497 uint32_t refresh GNUNET_PACKED;
500 * Time interval that should elapse before a failed refresh should
503 uint32_t retry GNUNET_PACKED;
506 * Time value that specifies the upper limit on the time interval
507 * that can elapse before the zone is no longer authoritative. (NBO)
509 uint32_t expire GNUNET_PACKED;
512 * The bit minimum TTL field that should be exported with any RR
513 * from this zone. (NBO)
515 uint32_t minimum GNUNET_PACKED;
520 * Payload of DNS SRV record (header).
522 struct GNUNET_TUN_DnsSrvRecord
526 * Preference for this entry (lower value is higher preference). Clients
527 * will contact hosts from the lowest-priority group first and fall back
528 * to higher priorities if the low-priority entries are unavailable. (NBO)
530 uint16_t prio GNUNET_PACKED;
533 * Relative weight for records with the same priority. Clients will use
534 * the hosts of the same (lowest) priority with a probability proportional
535 * to the weight given. (NBO)
537 uint16_t weight GNUNET_PACKED;
540 * TCP or UDP port of the service. (NBO)
542 uint16_t port GNUNET_PACKED;
544 /* followed by 'target' name */
549 * Payload of DNS CERT record.
551 struct GNUNET_TUN_DnsCertRecord
569 /* Followed by the certificate */
574 * Payload of DNSSEC TLSA record.
575 * http://datatracker.ietf.org/doc/draft-ietf-dane-protocol/
577 struct GNUNET_TUN_DnsTlsaRecord
585 * 3: domain-issued cert
591 * What part will be matched against the cert
592 * presented by server
593 * 0: Full cert (in binary)
594 * 1: Full cert (in DER)
599 * Matching type (of selected content)
604 uint8_t matching_type;
607 * followed by certificate association data
608 * The "certificate association data" to be matched.
609 * These bytes are either raw data (that is, the full certificate or
610 * its SubjectPublicKeyInfo, depending on the selector) for matching
611 * type 0, or the hash of the raw data for matching types 1 and 2.
612 * The data refers to the certificate in the association, not to the
613 * TLS ASN.1 Certificate object.
615 * The data is represented as a string of hex chars
621 * Payload of GNS VPN record
623 struct GNUNET_TUN_GnsVpnRecord
626 * The peer to contact
628 struct GNUNET_PeerIdentity peer;
631 * The protocol to use
635 /* followed by the servicename */
642 struct GNUNET_TUN_DnsQueryLine
645 * Desired type (GNUNET_DNSPARSER_TYPE_XXX). (NBO)
647 uint16_t type GNUNET_PACKED;
650 * Desired class (usually GNUNET_TUN_DNS_CLASS_INTERNET). (NBO)
652 uint16_t dns_traffic_class GNUNET_PACKED;
657 * General DNS record prefix.
659 struct GNUNET_TUN_DnsRecordLine
662 * Record type (GNUNET_DNSPARSER_TYPE_XXX). (NBO)
664 uint16_t type GNUNET_PACKED;
667 * Record class (usually GNUNET_TUN_DNS_CLASS_INTERNET). (NBO)
669 uint16_t dns_traffic_class GNUNET_PACKED;
672 * Expiration for the record (in seconds). (NBO)
674 uint32_t ttl GNUNET_PACKED;
677 * Number of bytes of data that follow. (NBO)
679 uint16_t data_len GNUNET_PACKED;
683 #define GNUNET_TUN_ICMPTYPE_ECHO_REPLY 0
684 #define GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE 3
685 #define GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH 4
686 #define GNUNET_TUN_ICMPTYPE_REDIRECT_MESSAGE 5
687 #define GNUNET_TUN_ICMPTYPE_ECHO_REQUEST 8
688 #define GNUNET_TUN_ICMPTYPE_ROUTER_ADVERTISEMENT 9
689 #define GNUNET_TUN_ICMPTYPE_ROUTER_SOLICITATION 10
690 #define GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED 11
692 #define GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE 1
693 #define GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG 2
694 #define GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED 3
695 #define GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM 4
696 #define GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST 128
697 #define GNUNET_TUN_ICMPTYPE6_ECHO_REPLY 129
703 struct GNUNET_TUN_IcmpHeader
707 uint16_t crc GNUNET_PACKED;
712 * ICMP Echo (request/reply)
716 uint16_t identifier GNUNET_PACKED;
717 uint16_t sequence_number GNUNET_PACKED;
721 * ICMP Destination Unreachable (RFC 1191)
725 uint16_t empty GNUNET_PACKED;
726 uint16_t next_hop_mtu GNUNET_PACKED;
727 /* followed by original IP header + first 8 bytes of original IP datagram */
728 } destination_unreachable;
733 struct in_addr redirect_gateway_address GNUNET_PACKED;
736 * MTU for packets that are too big (IPv6).
738 uint32_t packet_too_big_mtu GNUNET_PACKED;
745 GNUNET_NETWORK_STRUCT_END
749 * Initialize an IPv4 header.
751 * @param ip header to initialize
752 * @param protocol protocol to use (i.e. IPPROTO_UDP)
753 * @param payload_length number of bytes of payload that follow (excluding IPv4 header)
754 * @param src source IP address to use
755 * @param dst destination IP address to use
758 GNUNET_TUN_initialize_ipv4_header (struct GNUNET_TUN_IPv4Header *ip,
760 uint16_t payload_length,
761 const struct in_addr *src,
762 const struct in_addr *dst);
766 * Initialize an IPv6 header.
768 * @param ip header to initialize
769 * @param protocol protocol to use (i.e. IPPROTO_UDP)
770 * @param payload_length number of bytes of payload that follow (excluding IPv4 header)
771 * @param src source IP address to use
772 * @param dst destination IP address to use
775 GNUNET_TUN_initialize_ipv6_header (struct GNUNET_TUN_IPv6Header *ip,
777 uint16_t payload_length,
778 const struct in6_addr *src,
779 const struct in6_addr *dst);
782 * Calculate IPv4 TCP checksum.
784 * @param ip ipv4 header fully initialized
785 * @param tcp TCP header (initialized except for CRC)
786 * @param payload the TCP payload
787 * @param payload_length number of bytes of TCP @a payload
790 GNUNET_TUN_calculate_tcp4_checksum (const struct GNUNET_TUN_IPv4Header *ip,
791 struct GNUNET_TUN_TcpHeader *tcp,
793 uint16_t payload_length);
796 * Calculate IPv6 TCP checksum.
798 * @param ip ipv6 header fully initialized
799 * @param tcp TCP header (initialized except for CRC)
800 * @param payload the TCP payload
801 * @param payload_length number of bytes of TCP payload
804 GNUNET_TUN_calculate_tcp6_checksum (const struct GNUNET_TUN_IPv6Header *ip,
805 struct GNUNET_TUN_TcpHeader *tcp,
807 uint16_t payload_length);
810 * Calculate IPv4 UDP checksum.
812 * @param ip ipv4 header fully initialized
813 * @param udp UDP header (initialized except for CRC)
814 * @param payload the UDP payload
815 * @param payload_length number of bytes of UDP @a payload
818 GNUNET_TUN_calculate_udp4_checksum (const struct GNUNET_TUN_IPv4Header *ip,
819 struct GNUNET_TUN_UdpHeader *udp,
821 uint16_t payload_length);
825 * Calculate IPv6 UDP checksum.
827 * @param ip ipv6 header fully initialized
828 * @param udp UDP header (initialized except for CRC)
829 * @param payload the UDP payload
830 * @param payload_length number of bytes of @a payload
833 GNUNET_TUN_calculate_udp6_checksum (const struct GNUNET_TUN_IPv6Header *ip,
834 struct GNUNET_TUN_UdpHeader *udp,
836 uint16_t payload_length);
840 * Calculate ICMP checksum.
842 * @param icmp IMCP header (initialized except for CRC)
843 * @param payload the ICMP payload
844 * @param payload_length number of bytes of @a payload
847 GNUNET_TUN_calculate_icmp_checksum (struct GNUNET_TUN_IcmpHeader *icmp,
849 uint16_t payload_length);
853 * Create a regex in @a rxstr from the given @a ip and @a port.
855 * @param ip IPv4 representation.
856 * @param port destination port
857 * @param rxstr generated regex, must be at least #GNUNET_TUN_IPV4_REGEXLEN
861 GNUNET_TUN_ipv4toregexsearch (const struct in_addr *ip,
867 * Create a regex in @a rxstr from the given @a ipv6 and @a port.
869 * @param ipv6 IPv6 representation.
870 * @param port destination port
871 * @param rxstr generated regex, must be at least #GNUNET_TUN_IPV6_REGEXLEN
875 GNUNET_TUN_ipv6toregexsearch (const struct in6_addr *ipv6,
881 * Convert an exit policy to a regular expression. The exit policy
882 * specifies a set of subnets this peer is willing to serve as an
883 * exit for; the resulting regular expression will match the
884 * IPv6 address strings as returned by #GNUNET_TUN_ipv6toregexsearch.
886 * @param policy exit policy specification
887 * @return regular expression, NULL on error
890 GNUNET_TUN_ipv6policy2regex (const char *policy);
894 * Convert an exit policy to a regular expression. The exit policy
895 * specifies a set of subnets this peer is willing to serve as an
896 * exit for; the resulting regular expression will match the
897 * IPv4 address strings as returned by #GNUNET_TUN_ipv4toregexsearch.
899 * @param policy exit policy specification
900 * @return regular expression, NULL on error
903 GNUNET_TUN_ipv4policy2regex (const char *policy);
907 * Hash the service name of a hosted service to the
908 * hash code that is used to identify the service on
911 * @param service_name a string
912 * @param[out] hc corresponding hash
915 GNUNET_TUN_service_name_to_hash (const char *service_name,
916 struct GNUNET_HashCode *hc);
920 * Check if two sockaddrs are equal.
922 * @param sa one address
923 * @param sb another address
924 * @param include_port also check ports
925 * @return #GNUNET_YES if they are equal
928 GNUNET_TUN_sockaddr_cmp (const struct sockaddr *sa,
929 const struct sockaddr *sb,
934 * Compute the CADET port given a service descriptor
935 * (returned from #GNUNET_TUN_service_name_to_hash) and
936 * a TCP/UDP port @a ip_port.
938 * @param desc service shared secret
939 * @param ip_port TCP/UDP port, use 0 for ICMP
940 * @param[out] cadet_port CADET port to use
943 GNUNET_TUN_compute_service_cadet_port (const struct GNUNET_HashCode *desc,
945 struct GNUNET_HashCode *cadet_port);
949 /** @} */ /* end of group */