2 This file is part of GNUnet.
3 Copyright (C) 2010-2013 Christian Grothoff
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 SPDX-License-Identifier: AGPL3.0-or-later
22 * @author Philipp Toelke
23 * @author Christian Grothoff
26 * Standard TCP/IP network structs and IP checksum calculations for TUN interaction
28 * @defgroup tun TUN library
29 * Standard TCP/IP network structs and IP checksum calculations for TUN interaction
32 #ifndef GNUNET_TUN_LIB_H
33 #define GNUNET_TUN_LIB_H
35 #include "gnunet_common.h"
36 #include "gnunet_crypto_lib.h"
39 /* see http://www.iana.org/assignments/ethernet-numbers */
44 #define ETH_P_IPV4 0x0800
51 #define ETH_P_IPV6 0x86DD
56 * Maximum regex string length for use with #GNUNET_TUN_ipv4toregexsearch.
58 * 8 bytes for IPv4, 4 bytes for port, 1 byte for "4", 2 bytes for "-",
59 * one byte for 0-termination.
61 #define GNUNET_TUN_IPV4_REGEXLEN 16
65 * Maximum regex string length for use with #GNUNET_TUN_ipv6toregexsearch
67 * 32 bytes for IPv4, 4 bytes for port, 1 byte for "4", 2 bytes for "-",
68 * one byte for 0-termination.
70 #define GNUNET_TUN_IPV6_REGEXLEN 40
73 GNUNET_NETWORK_STRUCT_BEGIN
76 * Header from Linux TUN interface.
78 struct GNUNET_TUN_Layer2PacketHeader
81 * Some flags (unused).
83 uint16_t flags GNUNET_PACKED;
86 * Here we get an ETH_P_-number.
88 uint16_t proto GNUNET_PACKED;
93 * Standard IPv4 header.
95 struct GNUNET_TUN_IPv4Header
97 #if __BYTE_ORDER == __LITTLE_ENDIAN
98 unsigned int header_length:4 GNUNET_PACKED;
99 unsigned int version:4 GNUNET_PACKED;
100 #elif __BYTE_ORDER == __BIG_ENDIAN
101 unsigned int version:4 GNUNET_PACKED;
102 unsigned int header_length:4 GNUNET_PACKED;
104 #error byteorder undefined
109 * Length of the packet, including this header.
111 uint16_t total_length GNUNET_PACKED;
114 * Unique random ID for matching up fragments.
116 uint16_t identification GNUNET_PACKED;
118 unsigned int flags:3 GNUNET_PACKED;
120 unsigned int fragmentation_offset:13 GNUNET_PACKED;
123 * How many more hops can this packet be forwarded?
128 * L4-protocol, for example, IPPROTO_UDP or IPPROTO_TCP.
135 uint16_t checksum GNUNET_PACKED;
138 * Origin of the packet.
140 struct in_addr source_address GNUNET_PACKED;
143 * Destination of the packet.
145 struct in_addr destination_address GNUNET_PACKED;
146 } GNUNET_GCC_STRUCT_LAYOUT;
150 * Standard IPv6 header.
152 struct GNUNET_TUN_IPv6Header
154 #if __BYTE_ORDER == __LITTLE_ENDIAN
155 unsigned int traffic_class_h:4 GNUNET_PACKED;
156 unsigned int version:4 GNUNET_PACKED;
157 unsigned int traffic_class_l:4 GNUNET_PACKED;
158 unsigned int flow_label:20 GNUNET_PACKED;
159 #elif __BYTE_ORDER == __BIG_ENDIAN
160 unsigned int version:4 GNUNET_PACKED;
161 unsigned int traffic_class:8 GNUNET_PACKED;
162 unsigned int flow_label:20 GNUNET_PACKED;
164 #error byteorder undefined
167 * Length of the payload, excluding this header.
169 uint16_t payload_length GNUNET_PACKED;
172 * For example, IPPROTO_UDP or IPPROTO_TCP.
177 * How many more hops can this packet be forwarded?
182 * Origin of the packet.
184 struct in6_addr source_address GNUNET_PACKED;
187 * Destination of the packet.
189 struct in6_addr destination_address GNUNET_PACKED;
190 } GNUNET_GCC_STRUCT_LAYOUT;
196 #define GNUNET_TUN_TCP_FLAGS_FIN 1
197 #define GNUNET_TUN_TCP_FLAGS_SYN 2
198 #define GNUNET_TUN_TCP_FLAGS_RST 4
199 #define GNUNET_TUN_TCP_FLAGS_PSH 8
200 #define GNUNET_TUN_TCP_FLAGS_ACK 16
201 #define GNUNET_TUN_TCP_FLAGS_URG 32
202 #define GNUNET_TUN_TCP_FLAGS_ECE 64
203 #define GNUNET_TUN_TCP_FLAGS_CWR 128
208 struct GNUNET_TUN_TcpHeader
211 * Source port (in NBO).
213 uint16_t source_port GNUNET_PACKED;
216 * Destination port (in NBO).
218 uint16_t destination_port GNUNET_PACKED;
223 uint32_t seq GNUNET_PACKED;
226 * Acknowledgement number.
228 uint32_t ack GNUNET_PACKED;
229 #if __BYTE_ORDER == __LITTLE_ENDIAN
231 * Reserved. Must be zero.
233 unsigned int reserved : 4 GNUNET_PACKED;
235 * Number of 32-bit words in TCP header.
237 unsigned int off : 4 GNUNET_PACKED;
238 #elif __BYTE_ORDER == __BIG_ENDIAN
240 * Number of 32-bit words in TCP header.
242 unsigned int off : 4 GNUNET_PACKED;
244 * Reserved. Must be zero.
246 unsigned int reserved : 4 GNUNET_PACKED;
248 #error byteorder undefined
252 * Flags (SYN, FIN, ACK, etc.)
259 uint16_t window_size GNUNET_PACKED;
264 uint16_t crc GNUNET_PACKED;
269 uint16_t urgent_pointer GNUNET_PACKED;
270 } GNUNET_GCC_STRUCT_LAYOUT;
276 struct GNUNET_TUN_UdpHeader
279 * Source port (in NBO).
281 uint16_t source_port GNUNET_PACKED;
284 * Destination port (in NBO).
286 uint16_t destination_port GNUNET_PACKED;
289 * Number of bytes of payload.
291 uint16_t len GNUNET_PACKED;
296 uint16_t crc GNUNET_PACKED;
302 * A few common DNS classes (ok, only one is common, but I list a
303 * couple more to make it clear what we're talking about here).
305 #define GNUNET_TUN_DNS_CLASS_INTERNET 1
306 #define GNUNET_TUN_DNS_CLASS_CHAOS 3
307 #define GNUNET_TUN_DNS_CLASS_HESIOD 4
309 #define GNUNET_TUN_DNS_OPCODE_QUERY 0
310 #define GNUNET_TUN_DNS_OPCODE_INVERSE_QUERY 1
311 #define GNUNET_TUN_DNS_OPCODE_STATUS 2
317 #define GNUNET_TUN_DNS_RETURN_CODE_NO_ERROR 0
318 #define GNUNET_TUN_DNS_RETURN_CODE_FORMAT_ERROR 1
319 #define GNUNET_TUN_DNS_RETURN_CODE_SERVER_FAILURE 2
320 #define GNUNET_TUN_DNS_RETURN_CODE_NAME_ERROR 3
321 #define GNUNET_TUN_DNS_RETURN_CODE_NOT_IMPLEMENTED 4
322 #define GNUNET_TUN_DNS_RETURN_CODE_REFUSED 5
327 #define GNUNET_TUN_DNS_RETURN_CODE_YXDOMAIN 6
328 #define GNUNET_TUN_DNS_RETURN_CODE_YXRRSET 7
329 #define GNUNET_TUN_DNS_RETURN_CODE_NXRRSET 8
330 #define GNUNET_TUN_DNS_RETURN_CODE_NOT_AUTH 9
331 #define GNUNET_TUN_DNS_RETURN_CODE_NOT_ZONE 10
335 * DNS flags (largely RFC 1035 / RFC 2136).
337 struct GNUNET_TUN_DnsFlags
339 #if __BYTE_ORDER == __LITTLE_ENDIAN
341 * Set to 1 if recursion is desired (client -> server)
343 unsigned int recursion_desired : 1 GNUNET_PACKED;
346 * Set to 1 if message is truncated
348 unsigned int message_truncated : 1 GNUNET_PACKED;
351 * Set to 1 if this is an authoritative answer
353 unsigned int authoritative_answer : 1 GNUNET_PACKED;
356 * See GNUNET_TUN_DNS_OPCODE_ defines.
358 unsigned int opcode : 4 GNUNET_PACKED;
361 * query:0, response:1
363 unsigned int query_or_response : 1 GNUNET_PACKED;
366 * See GNUNET_TUN_DNS_RETURN_CODE_ defines.
368 unsigned int return_code : 4 GNUNET_PACKED;
373 unsigned int checking_disabled : 1 GNUNET_PACKED;
376 * Response has been cryptographically verified, RFC 4035.
378 unsigned int authenticated_data : 1 GNUNET_PACKED;
383 unsigned int zero : 1 GNUNET_PACKED;
386 * Set to 1 if recursion is available (server -> client)
388 unsigned int recursion_available : 1 GNUNET_PACKED;
389 #elif __BYTE_ORDER == __BIG_ENDIAN
392 * query:0, response:1
394 unsigned int query_or_response : 1 GNUNET_PACKED;
397 * See GNUNET_TUN_DNS_OPCODE_ defines.
399 unsigned int opcode : 4 GNUNET_PACKED;
402 * Set to 1 if this is an authoritative answer
404 unsigned int authoritative_answer : 1 GNUNET_PACKED;
407 * Set to 1 if message is truncated
409 unsigned int message_truncated : 1 GNUNET_PACKED;
412 * Set to 1 if recursion is desired (client -> server)
414 unsigned int recursion_desired : 1 GNUNET_PACKED;
418 * Set to 1 if recursion is available (server -> client)
420 unsigned int recursion_available : 1 GNUNET_PACKED;
425 unsigned int zero : 1 GNUNET_PACKED;
428 * Response has been cryptographically verified, RFC 4035.
430 unsigned int authenticated_data : 1 GNUNET_PACKED;
435 unsigned int checking_disabled : 1 GNUNET_PACKED;
438 * See GNUNET_TUN_DNS_RETURN_CODE_ defines.
440 unsigned int return_code : 4 GNUNET_PACKED;
442 #error byteorder undefined
445 } GNUNET_GCC_STRUCT_LAYOUT;
452 struct GNUNET_TUN_DnsHeader
455 * Unique identifier for the request/response.
457 uint16_t id GNUNET_PACKED;
462 struct GNUNET_TUN_DnsFlags flags;
467 uint16_t query_count GNUNET_PACKED;
472 uint16_t answer_rcount GNUNET_PACKED;
475 * Number of authoritative answers.
477 uint16_t authority_rcount GNUNET_PACKED;
480 * Number of additional records.
482 uint16_t additional_rcount GNUNET_PACKED;
487 * Payload of DNS SOA record (header).
489 struct GNUNET_TUN_DnsSoaRecord
492 * The version number of the original copy of the zone. (NBO)
494 uint32_t serial GNUNET_PACKED;
497 * Time interval before the zone should be refreshed. (NBO)
499 uint32_t refresh GNUNET_PACKED;
502 * Time interval that should elapse before a failed refresh should
505 uint32_t retry GNUNET_PACKED;
508 * Time value that specifies the upper limit on the time interval
509 * that can elapse before the zone is no longer authoritative. (NBO)
511 uint32_t expire GNUNET_PACKED;
514 * The bit minimum TTL field that should be exported with any RR
515 * from this zone. (NBO)
517 uint32_t minimum GNUNET_PACKED;
522 * Payload of DNS SRV record (header).
524 struct GNUNET_TUN_DnsSrvRecord
528 * Preference for this entry (lower value is higher preference). Clients
529 * will contact hosts from the lowest-priority group first and fall back
530 * to higher priorities if the low-priority entries are unavailable. (NBO)
532 uint16_t prio GNUNET_PACKED;
535 * Relative weight for records with the same priority. Clients will use
536 * the hosts of the same (lowest) priority with a probability proportional
537 * to the weight given. (NBO)
539 uint16_t weight GNUNET_PACKED;
542 * TCP or UDP port of the service. (NBO)
544 uint16_t port GNUNET_PACKED;
546 /* followed by 'target' name */
551 * Payload of DNS CERT record.
553 struct GNUNET_TUN_DnsCertRecord
571 /* Followed by the certificate */
576 * Payload of DNSSEC TLSA record.
577 * http://datatracker.ietf.org/doc/draft-ietf-dane-protocol/
579 struct GNUNET_TUN_DnsTlsaRecord
587 * 3: domain-issued cert
593 * What part will be matched against the cert
594 * presented by server
595 * 0: Full cert (in binary)
596 * 1: Full cert (in DER)
601 * Matching type (of selected content)
606 uint8_t matching_type;
609 * followed by certificate association data
610 * The "certificate association data" to be matched.
611 * These bytes are either raw data (that is, the full certificate or
612 * its SubjectPublicKeyInfo, depending on the selector) for matching
613 * type 0, or the hash of the raw data for matching types 1 and 2.
614 * The data refers to the certificate in the association, not to the
615 * TLS ASN.1 Certificate object.
617 * The data is represented as a string of hex chars
623 * Payload of GNS VPN record
625 struct GNUNET_TUN_GnsVpnRecord
628 * The peer to contact
630 struct GNUNET_PeerIdentity peer;
633 * The protocol to use
637 /* followed by the servicename */
644 struct GNUNET_TUN_DnsQueryLine
647 * Desired type (GNUNET_DNSPARSER_TYPE_XXX). (NBO)
649 uint16_t type GNUNET_PACKED;
652 * Desired class (usually GNUNET_TUN_DNS_CLASS_INTERNET). (NBO)
654 uint16_t dns_traffic_class GNUNET_PACKED;
659 * General DNS record prefix.
661 struct GNUNET_TUN_DnsRecordLine
664 * Record type (GNUNET_DNSPARSER_TYPE_XXX). (NBO)
666 uint16_t type GNUNET_PACKED;
669 * Record class (usually GNUNET_TUN_DNS_CLASS_INTERNET). (NBO)
671 uint16_t dns_traffic_class GNUNET_PACKED;
674 * Expiration for the record (in seconds). (NBO)
676 uint32_t ttl GNUNET_PACKED;
679 * Number of bytes of data that follow. (NBO)
681 uint16_t data_len GNUNET_PACKED;
685 #define GNUNET_TUN_ICMPTYPE_ECHO_REPLY 0
686 #define GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE 3
687 #define GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH 4
688 #define GNUNET_TUN_ICMPTYPE_REDIRECT_MESSAGE 5
689 #define GNUNET_TUN_ICMPTYPE_ECHO_REQUEST 8
690 #define GNUNET_TUN_ICMPTYPE_ROUTER_ADVERTISEMENT 9
691 #define GNUNET_TUN_ICMPTYPE_ROUTER_SOLICITATION 10
692 #define GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED 11
694 #define GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE 1
695 #define GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG 2
696 #define GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED 3
697 #define GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM 4
698 #define GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST 128
699 #define GNUNET_TUN_ICMPTYPE6_ECHO_REPLY 129
705 struct GNUNET_TUN_IcmpHeader
709 uint16_t crc GNUNET_PACKED;
714 * ICMP Echo (request/reply)
718 uint16_t identifier GNUNET_PACKED;
719 uint16_t sequence_number GNUNET_PACKED;
723 * ICMP Destination Unreachable (RFC 1191)
727 uint16_t empty GNUNET_PACKED;
728 uint16_t next_hop_mtu GNUNET_PACKED;
729 /* followed by original IP header + first 8 bytes of original IP datagram */
730 } destination_unreachable;
735 struct in_addr redirect_gateway_address GNUNET_PACKED;
738 * MTU for packets that are too big (IPv6).
740 uint32_t packet_too_big_mtu GNUNET_PACKED;
747 GNUNET_NETWORK_STRUCT_END
751 * Initialize an IPv4 header.
753 * @param ip header to initialize
754 * @param protocol protocol to use (i.e. IPPROTO_UDP)
755 * @param payload_length number of bytes of payload that follow (excluding IPv4 header)
756 * @param src source IP address to use
757 * @param dst destination IP address to use
760 GNUNET_TUN_initialize_ipv4_header (struct GNUNET_TUN_IPv4Header *ip,
762 uint16_t payload_length,
763 const struct in_addr *src,
764 const struct in_addr *dst);
768 * Initialize an IPv6 header.
770 * @param ip header to initialize
771 * @param protocol protocol to use (i.e. IPPROTO_UDP)
772 * @param payload_length number of bytes of payload that follow (excluding IPv4 header)
773 * @param src source IP address to use
774 * @param dst destination IP address to use
777 GNUNET_TUN_initialize_ipv6_header (struct GNUNET_TUN_IPv6Header *ip,
779 uint16_t payload_length,
780 const struct in6_addr *src,
781 const struct in6_addr *dst);
784 * Calculate IPv4 TCP checksum.
786 * @param ip ipv4 header fully initialized
787 * @param tcp TCP header (initialized except for CRC)
788 * @param payload the TCP payload
789 * @param payload_length number of bytes of TCP @a payload
792 GNUNET_TUN_calculate_tcp4_checksum (const struct GNUNET_TUN_IPv4Header *ip,
793 struct GNUNET_TUN_TcpHeader *tcp,
795 uint16_t payload_length);
798 * Calculate IPv6 TCP checksum.
800 * @param ip ipv6 header fully initialized
801 * @param tcp TCP header (initialized except for CRC)
802 * @param payload the TCP payload
803 * @param payload_length number of bytes of TCP payload
806 GNUNET_TUN_calculate_tcp6_checksum (const struct GNUNET_TUN_IPv6Header *ip,
807 struct GNUNET_TUN_TcpHeader *tcp,
809 uint16_t payload_length);
812 * Calculate IPv4 UDP checksum.
814 * @param ip ipv4 header fully initialized
815 * @param udp UDP header (initialized except for CRC)
816 * @param payload the UDP payload
817 * @param payload_length number of bytes of UDP @a payload
820 GNUNET_TUN_calculate_udp4_checksum (const struct GNUNET_TUN_IPv4Header *ip,
821 struct GNUNET_TUN_UdpHeader *udp,
823 uint16_t payload_length);
827 * Calculate IPv6 UDP checksum.
829 * @param ip ipv6 header fully initialized
830 * @param udp UDP header (initialized except for CRC)
831 * @param payload the UDP payload
832 * @param payload_length number of bytes of @a payload
835 GNUNET_TUN_calculate_udp6_checksum (const struct GNUNET_TUN_IPv6Header *ip,
836 struct GNUNET_TUN_UdpHeader *udp,
838 uint16_t payload_length);
842 * Calculate ICMP checksum.
844 * @param icmp IMCP header (initialized except for CRC)
845 * @param payload the ICMP payload
846 * @param payload_length number of bytes of @a payload
849 GNUNET_TUN_calculate_icmp_checksum (struct GNUNET_TUN_IcmpHeader *icmp,
851 uint16_t payload_length);
855 * Create a regex in @a rxstr from the given @a ip and @a port.
857 * @param ip IPv4 representation.
858 * @param port destination port
859 * @param rxstr generated regex, must be at least #GNUNET_TUN_IPV4_REGEXLEN
863 GNUNET_TUN_ipv4toregexsearch (const struct in_addr *ip,
869 * Create a regex in @a rxstr from the given @a ipv6 and @a port.
871 * @param ipv6 IPv6 representation.
872 * @param port destination port
873 * @param rxstr generated regex, must be at least #GNUNET_TUN_IPV6_REGEXLEN
877 GNUNET_TUN_ipv6toregexsearch (const struct in6_addr *ipv6,
883 * Convert an exit policy to a regular expression. The exit policy
884 * specifies a set of subnets this peer is willing to serve as an
885 * exit for; the resulting regular expression will match the
886 * IPv6 address strings as returned by #GNUNET_TUN_ipv6toregexsearch.
888 * @param policy exit policy specification
889 * @return regular expression, NULL on error
892 GNUNET_TUN_ipv6policy2regex (const char *policy);
896 * Convert an exit policy to a regular expression. The exit policy
897 * specifies a set of subnets this peer is willing to serve as an
898 * exit for; the resulting regular expression will match the
899 * IPv4 address strings as returned by #GNUNET_TUN_ipv4toregexsearch.
901 * @param policy exit policy specification
902 * @return regular expression, NULL on error
905 GNUNET_TUN_ipv4policy2regex (const char *policy);
909 * Hash the service name of a hosted service to the
910 * hash code that is used to identify the service on
913 * @param service_name a string
914 * @param[out] hc corresponding hash
917 GNUNET_TUN_service_name_to_hash (const char *service_name,
918 struct GNUNET_HashCode *hc);
922 * Check if two sockaddrs are equal.
924 * @param sa one address
925 * @param sb another address
926 * @param include_port also check ports
927 * @return #GNUNET_YES if they are equal
930 GNUNET_TUN_sockaddr_cmp (const struct sockaddr *sa,
931 const struct sockaddr *sb,
936 * Compute the CADET port given a service descriptor
937 * (returned from #GNUNET_TUN_service_name_to_hash) and
938 * a TCP/UDP port @a ip_port.
940 * @param desc service shared secret
941 * @param ip_port TCP/UDP port, use 0 for ICMP
942 * @param[out] cadet_port CADET port to use
945 GNUNET_TUN_compute_service_cadet_port (const struct GNUNET_HashCode *desc,
947 struct GNUNET_HashCode *cadet_port);
951 /** @} */ /* end of group */