2 This file is part of GNUnet.
3 Copyright (C) 2010-2013 Christian Grothoff
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 * @author Philipp Toelke
21 * @author Christian Grothoff
24 * Standard TCP/IP network structs and IP checksum calculations for TUN interaction
26 * @defgroup tun TUN library
27 * Standard TCP/IP network structs and IP checksum calculations for TUN interaction
30 #ifndef GNUNET_TUN_LIB_H
31 #define GNUNET_TUN_LIB_H
33 #include "gnunet_util_lib.h"
36 /* see http://www.iana.org/assignments/ethernet-numbers */
41 #define ETH_P_IPV4 0x0800
48 #define ETH_P_IPV6 0x86DD
53 * Maximum regex string length for use with #GNUNET_TUN_ipv4toregexsearch.
55 * 8 bytes for IPv4, 4 bytes for port, 1 byte for "4", 2 bytes for "-",
56 * one byte for 0-termination.
58 #define GNUNET_TUN_IPV4_REGEXLEN 16
62 * Maximum regex string length for use with #GNUNET_TUN_ipv6toregexsearch
64 * 32 bytes for IPv4, 4 bytes for port, 1 byte for "4", 2 bytes for "-",
65 * one byte for 0-termination.
67 #define GNUNET_TUN_IPV6_REGEXLEN 40
70 GNUNET_NETWORK_STRUCT_BEGIN
73 * Header from Linux TUN interface.
75 struct GNUNET_TUN_Layer2PacketHeader
78 * Some flags (unused).
80 uint16_t flags GNUNET_PACKED;
83 * Here we get an ETH_P_-number.
85 uint16_t proto GNUNET_PACKED;
90 * Standard IPv4 header.
92 struct GNUNET_TUN_IPv4Header
94 #if __BYTE_ORDER == __LITTLE_ENDIAN
95 unsigned int header_length:4 GNUNET_PACKED;
96 unsigned int version:4 GNUNET_PACKED;
97 #elif __BYTE_ORDER == __BIG_ENDIAN
98 unsigned int version:4 GNUNET_PACKED;
99 unsigned int header_length:4 GNUNET_PACKED;
101 #error byteorder undefined
106 * Length of the packet, including this header.
108 uint16_t total_length GNUNET_PACKED;
111 * Unique random ID for matching up fragments.
113 uint16_t identification GNUNET_PACKED;
115 unsigned int flags:3 GNUNET_PACKED;
117 unsigned int fragmentation_offset:13 GNUNET_PACKED;
120 * How many more hops can this packet be forwarded?
125 * L4-protocol, for example, IPPROTO_UDP or IPPROTO_TCP.
132 uint16_t checksum GNUNET_PACKED;
135 * Origin of the packet.
137 struct in_addr source_address GNUNET_PACKED;
140 * Destination of the packet.
142 struct in_addr destination_address GNUNET_PACKED;
143 } GNUNET_GCC_STRUCT_LAYOUT;
147 * Standard IPv6 header.
149 struct GNUNET_TUN_IPv6Header
151 #if __BYTE_ORDER == __LITTLE_ENDIAN
152 unsigned int traffic_class_h:4 GNUNET_PACKED;
153 unsigned int version:4 GNUNET_PACKED;
154 unsigned int traffic_class_l:4 GNUNET_PACKED;
155 unsigned int flow_label:20 GNUNET_PACKED;
156 #elif __BYTE_ORDER == __BIG_ENDIAN
157 unsigned int version:4 GNUNET_PACKED;
158 unsigned int traffic_class:8 GNUNET_PACKED;
159 unsigned int flow_label:20 GNUNET_PACKED;
161 #error byteorder undefined
164 * Length of the payload, excluding this header.
166 uint16_t payload_length GNUNET_PACKED;
169 * For example, IPPROTO_UDP or IPPROTO_TCP.
174 * How many more hops can this packet be forwarded?
179 * Origin of the packet.
181 struct in6_addr source_address GNUNET_PACKED;
184 * Destination of the packet.
186 struct in6_addr destination_address GNUNET_PACKED;
187 } GNUNET_GCC_STRUCT_LAYOUT;
193 #define GNUNET_TUN_TCP_FLAGS_FIN 1
194 #define GNUNET_TUN_TCP_FLAGS_SYN 2
195 #define GNUNET_TUN_TCP_FLAGS_RST 4
196 #define GNUNET_TUN_TCP_FLAGS_PSH 8
197 #define GNUNET_TUN_TCP_FLAGS_ACK 16
198 #define GNUNET_TUN_TCP_FLAGS_URG 32
199 #define GNUNET_TUN_TCP_FLAGS_ECE 64
200 #define GNUNET_TUN_TCP_FLAGS_CWR 128
205 struct GNUNET_TUN_TcpHeader
208 * Source port (in NBO).
210 uint16_t source_port GNUNET_PACKED;
213 * Destination port (in NBO).
215 uint16_t destination_port GNUNET_PACKED;
220 uint32_t seq GNUNET_PACKED;
223 * Acknowledgement number.
225 uint32_t ack GNUNET_PACKED;
226 #if __BYTE_ORDER == __LITTLE_ENDIAN
228 * Reserved. Must be zero.
230 unsigned int reserved : 4 GNUNET_PACKED;
232 * Number of 32-bit words in TCP header.
234 unsigned int off : 4 GNUNET_PACKED;
235 #elif __BYTE_ORDER == __BIG_ENDIAN
237 * Number of 32-bit words in TCP header.
239 unsigned int off : 4 GNUNET_PACKED;
241 * Reserved. Must be zero.
243 unsigned int reserved : 4 GNUNET_PACKED;
245 #error byteorder undefined
249 * Flags (SYN, FIN, ACK, etc.)
256 uint16_t window_size GNUNET_PACKED;
261 uint16_t crc GNUNET_PACKED;
266 uint16_t urgent_pointer GNUNET_PACKED;
267 } GNUNET_GCC_STRUCT_LAYOUT;
273 struct GNUNET_TUN_UdpHeader
276 * Source port (in NBO).
278 uint16_t source_port GNUNET_PACKED;
281 * Destination port (in NBO).
283 uint16_t destination_port GNUNET_PACKED;
286 * Number of bytes of payload.
288 uint16_t len GNUNET_PACKED;
293 uint16_t crc GNUNET_PACKED;
299 * A few common DNS classes (ok, only one is common, but I list a
300 * couple more to make it clear what we're talking about here).
302 #define GNUNET_TUN_DNS_CLASS_INTERNET 1
303 #define GNUNET_TUN_DNS_CLASS_CHAOS 3
304 #define GNUNET_TUN_DNS_CLASS_HESIOD 4
306 #define GNUNET_TUN_DNS_OPCODE_QUERY 0
307 #define GNUNET_TUN_DNS_OPCODE_INVERSE_QUERY 1
308 #define GNUNET_TUN_DNS_OPCODE_STATUS 2
314 #define GNUNET_TUN_DNS_RETURN_CODE_NO_ERROR 0
315 #define GNUNET_TUN_DNS_RETURN_CODE_FORMAT_ERROR 1
316 #define GNUNET_TUN_DNS_RETURN_CODE_SERVER_FAILURE 2
317 #define GNUNET_TUN_DNS_RETURN_CODE_NAME_ERROR 3
318 #define GNUNET_TUN_DNS_RETURN_CODE_NOT_IMPLEMENTED 4
319 #define GNUNET_TUN_DNS_RETURN_CODE_REFUSED 5
324 #define GNUNET_TUN_DNS_RETURN_CODE_YXDOMAIN 6
325 #define GNUNET_TUN_DNS_RETURN_CODE_YXRRSET 7
326 #define GNUNET_TUN_DNS_RETURN_CODE_NXRRSET 8
327 #define GNUNET_TUN_DNS_RETURN_CODE_NOT_AUTH 9
328 #define GNUNET_TUN_DNS_RETURN_CODE_NOT_ZONE 10
332 * DNS flags (largely RFC 1035 / RFC 2136).
334 struct GNUNET_TUN_DnsFlags
336 #if __BYTE_ORDER == __LITTLE_ENDIAN
338 * Set to 1 if recursion is desired (client -> server)
340 unsigned int recursion_desired : 1 GNUNET_PACKED;
343 * Set to 1 if message is truncated
345 unsigned int message_truncated : 1 GNUNET_PACKED;
348 * Set to 1 if this is an authoritative answer
350 unsigned int authoritative_answer : 1 GNUNET_PACKED;
353 * See GNUNET_TUN_DNS_OPCODE_ defines.
355 unsigned int opcode : 4 GNUNET_PACKED;
358 * query:0, response:1
360 unsigned int query_or_response : 1 GNUNET_PACKED;
363 * See GNUNET_TUN_DNS_RETURN_CODE_ defines.
365 unsigned int return_code : 4 GNUNET_PACKED;
370 unsigned int checking_disabled : 1 GNUNET_PACKED;
373 * Response has been cryptographically verified, RFC 4035.
375 unsigned int authenticated_data : 1 GNUNET_PACKED;
380 unsigned int zero : 1 GNUNET_PACKED;
383 * Set to 1 if recursion is available (server -> client)
385 unsigned int recursion_available : 1 GNUNET_PACKED;
386 #elif __BYTE_ORDER == __BIG_ENDIAN
389 * query:0, response:1
391 unsigned int query_or_response : 1 GNUNET_PACKED;
394 * See GNUNET_TUN_DNS_OPCODE_ defines.
396 unsigned int opcode : 4 GNUNET_PACKED;
399 * Set to 1 if this is an authoritative answer
401 unsigned int authoritative_answer : 1 GNUNET_PACKED;
404 * Set to 1 if message is truncated
406 unsigned int message_truncated : 1 GNUNET_PACKED;
409 * Set to 1 if recursion is desired (client -> server)
411 unsigned int recursion_desired : 1 GNUNET_PACKED;
415 * Set to 1 if recursion is available (server -> client)
417 unsigned int recursion_available : 1 GNUNET_PACKED;
422 unsigned int zero : 1 GNUNET_PACKED;
425 * Response has been cryptographically verified, RFC 4035.
427 unsigned int authenticated_data : 1 GNUNET_PACKED;
432 unsigned int checking_disabled : 1 GNUNET_PACKED;
435 * See GNUNET_TUN_DNS_RETURN_CODE_ defines.
437 unsigned int return_code : 4 GNUNET_PACKED;
439 #error byteorder undefined
442 } GNUNET_GCC_STRUCT_LAYOUT;
449 struct GNUNET_TUN_DnsHeader
452 * Unique identifier for the request/response.
454 uint16_t id GNUNET_PACKED;
459 struct GNUNET_TUN_DnsFlags flags;
464 uint16_t query_count GNUNET_PACKED;
469 uint16_t answer_rcount GNUNET_PACKED;
472 * Number of authoritative answers.
474 uint16_t authority_rcount GNUNET_PACKED;
477 * Number of additional records.
479 uint16_t additional_rcount GNUNET_PACKED;
484 * Payload of DNS SOA record (header).
486 struct GNUNET_TUN_DnsSoaRecord
489 * The version number of the original copy of the zone. (NBO)
491 uint32_t serial GNUNET_PACKED;
494 * Time interval before the zone should be refreshed. (NBO)
496 uint32_t refresh GNUNET_PACKED;
499 * Time interval that should elapse before a failed refresh should
502 uint32_t retry GNUNET_PACKED;
505 * Time value that specifies the upper limit on the time interval
506 * that can elapse before the zone is no longer authoritative. (NBO)
508 uint32_t expire GNUNET_PACKED;
511 * The bit minimum TTL field that should be exported with any RR
512 * from this zone. (NBO)
514 uint32_t minimum GNUNET_PACKED;
519 * Payload of DNS SRV record (header).
521 struct GNUNET_TUN_DnsSrvRecord
525 * Preference for this entry (lower value is higher preference). Clients
526 * will contact hosts from the lowest-priority group first and fall back
527 * to higher priorities if the low-priority entries are unavailable. (NBO)
529 uint16_t prio GNUNET_PACKED;
532 * Relative weight for records with the same priority. Clients will use
533 * the hosts of the same (lowest) priority with a probability proportional
534 * to the weight given. (NBO)
536 uint16_t weight GNUNET_PACKED;
539 * TCP or UDP port of the service. (NBO)
541 uint16_t port GNUNET_PACKED;
543 /* followed by 'target' name */
548 * Payload of DNS CERT record.
550 struct GNUNET_TUN_DnsCertRecord
568 /* Followed by the certificate */
573 * Payload of DNSSEC TLSA record.
574 * http://datatracker.ietf.org/doc/draft-ietf-dane-protocol/
576 struct GNUNET_TUN_DnsTlsaRecord
584 * 3: domain-issued cert
590 * What part will be matched against the cert
591 * presented by server
592 * 0: Full cert (in binary)
593 * 1: Full cert (in DER)
598 * Matching type (of selected content)
603 uint8_t matching_type;
606 * followed by certificate association data
607 * The "certificate association data" to be matched.
608 * These bytes are either raw data (that is, the full certificate or
609 * its SubjectPublicKeyInfo, depending on the selector) for matching
610 * type 0, or the hash of the raw data for matching types 1 and 2.
611 * The data refers to the certificate in the association, not to the
612 * TLS ASN.1 Certificate object.
614 * The data is represented as a string of hex chars
620 * Payload of GNS VPN record
622 struct GNUNET_TUN_GnsVpnRecord
625 * The peer to contact
627 struct GNUNET_PeerIdentity peer;
630 * The protocol to use
634 /* followed by the servicename */
641 struct GNUNET_TUN_DnsQueryLine
644 * Desired type (GNUNET_DNSPARSER_TYPE_XXX). (NBO)
646 uint16_t type GNUNET_PACKED;
649 * Desired class (usually GNUNET_TUN_DNS_CLASS_INTERNET). (NBO)
651 uint16_t dns_traffic_class GNUNET_PACKED;
656 * General DNS record prefix.
658 struct GNUNET_TUN_DnsRecordLine
661 * Record type (GNUNET_DNSPARSER_TYPE_XXX). (NBO)
663 uint16_t type GNUNET_PACKED;
666 * Record class (usually GNUNET_TUN_DNS_CLASS_INTERNET). (NBO)
668 uint16_t dns_traffic_class GNUNET_PACKED;
671 * Expiration for the record (in seconds). (NBO)
673 uint32_t ttl GNUNET_PACKED;
676 * Number of bytes of data that follow. (NBO)
678 uint16_t data_len GNUNET_PACKED;
682 #define GNUNET_TUN_ICMPTYPE_ECHO_REPLY 0
683 #define GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE 3
684 #define GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH 4
685 #define GNUNET_TUN_ICMPTYPE_REDIRECT_MESSAGE 5
686 #define GNUNET_TUN_ICMPTYPE_ECHO_REQUEST 8
687 #define GNUNET_TUN_ICMPTYPE_ROUTER_ADVERTISEMENT 9
688 #define GNUNET_TUN_ICMPTYPE_ROUTER_SOLICITATION 10
689 #define GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED 11
691 #define GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE 1
692 #define GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG 2
693 #define GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED 3
694 #define GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM 4
695 #define GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST 128
696 #define GNUNET_TUN_ICMPTYPE6_ECHO_REPLY 129
702 struct GNUNET_TUN_IcmpHeader
706 uint16_t crc GNUNET_PACKED;
711 * ICMP Echo (request/reply)
715 uint16_t identifier GNUNET_PACKED;
716 uint16_t sequence_number GNUNET_PACKED;
720 * ICMP Destination Unreachable (RFC 1191)
724 uint16_t empty GNUNET_PACKED;
725 uint16_t next_hop_mtu GNUNET_PACKED;
726 /* followed by original IP header + first 8 bytes of original IP datagram */
727 } destination_unreachable;
732 struct in_addr redirect_gateway_address GNUNET_PACKED;
735 * MTU for packets that are too big (IPv6).
737 uint32_t packet_too_big_mtu GNUNET_PACKED;
744 GNUNET_NETWORK_STRUCT_END
748 * Initialize an IPv4 header.
750 * @param ip header to initialize
751 * @param protocol protocol to use (i.e. IPPROTO_UDP)
752 * @param payload_length number of bytes of payload that follow (excluding IPv4 header)
753 * @param src source IP address to use
754 * @param dst destination IP address to use
757 GNUNET_TUN_initialize_ipv4_header (struct GNUNET_TUN_IPv4Header *ip,
759 uint16_t payload_length,
760 const struct in_addr *src,
761 const struct in_addr *dst);
765 * Initialize an IPv6 header.
767 * @param ip header to initialize
768 * @param protocol protocol to use (i.e. IPPROTO_UDP)
769 * @param payload_length number of bytes of payload that follow (excluding IPv4 header)
770 * @param src source IP address to use
771 * @param dst destination IP address to use
774 GNUNET_TUN_initialize_ipv6_header (struct GNUNET_TUN_IPv6Header *ip,
776 uint16_t payload_length,
777 const struct in6_addr *src,
778 const struct in6_addr *dst);
781 * Calculate IPv4 TCP checksum.
783 * @param ip ipv4 header fully initialized
784 * @param tcp TCP header (initialized except for CRC)
785 * @param payload the TCP payload
786 * @param payload_length number of bytes of TCP @a payload
789 GNUNET_TUN_calculate_tcp4_checksum (const struct GNUNET_TUN_IPv4Header *ip,
790 struct GNUNET_TUN_TcpHeader *tcp,
792 uint16_t payload_length);
795 * Calculate IPv6 TCP checksum.
797 * @param ip ipv6 header fully initialized
798 * @param tcp TCP header (initialized except for CRC)
799 * @param payload the TCP payload
800 * @param payload_length number of bytes of TCP payload
803 GNUNET_TUN_calculate_tcp6_checksum (const struct GNUNET_TUN_IPv6Header *ip,
804 struct GNUNET_TUN_TcpHeader *tcp,
806 uint16_t payload_length);
809 * Calculate IPv4 UDP checksum.
811 * @param ip ipv4 header fully initialized
812 * @param udp UDP header (initialized except for CRC)
813 * @param payload the UDP payload
814 * @param payload_length number of bytes of UDP @a payload
817 GNUNET_TUN_calculate_udp4_checksum (const struct GNUNET_TUN_IPv4Header *ip,
818 struct GNUNET_TUN_UdpHeader *udp,
820 uint16_t payload_length);
824 * Calculate IPv6 UDP checksum.
826 * @param ip ipv6 header fully initialized
827 * @param udp UDP header (initialized except for CRC)
828 * @param payload the UDP payload
829 * @param payload_length number of bytes of @a payload
832 GNUNET_TUN_calculate_udp6_checksum (const struct GNUNET_TUN_IPv6Header *ip,
833 struct GNUNET_TUN_UdpHeader *udp,
835 uint16_t payload_length);
839 * Calculate ICMP checksum.
841 * @param icmp IMCP header (initialized except for CRC)
842 * @param payload the ICMP payload
843 * @param payload_length number of bytes of @a payload
846 GNUNET_TUN_calculate_icmp_checksum (struct GNUNET_TUN_IcmpHeader *icmp,
848 uint16_t payload_length);
852 * Create a regex in @a rxstr from the given @a ip and @a port.
854 * @param ip IPv4 representation.
855 * @param port destination port
856 * @param rxstr generated regex, must be at least #GNUNET_TUN_IPV4_REGEXLEN
860 GNUNET_TUN_ipv4toregexsearch (const struct in_addr *ip,
866 * Create a regex in @a rxstr from the given @a ipv6 and @a port.
868 * @param ipv6 IPv6 representation.
869 * @param port destination port
870 * @param rxstr generated regex, must be at least #GNUNET_TUN_IPV6_REGEXLEN
874 GNUNET_TUN_ipv6toregexsearch (const struct in6_addr *ipv6,
880 * Convert an exit policy to a regular expression. The exit policy
881 * specifies a set of subnets this peer is willing to serve as an
882 * exit for; the resulting regular expression will match the
883 * IPv6 address strings as returned by #GNUNET_TUN_ipv6toregexsearch.
885 * @param policy exit policy specification
886 * @return regular expression, NULL on error
889 GNUNET_TUN_ipv6policy2regex (const char *policy);
893 * Convert an exit policy to a regular expression. The exit policy
894 * specifies a set of subnets this peer is willing to serve as an
895 * exit for; the resulting regular expression will match the
896 * IPv4 address strings as returned by #GNUNET_TUN_ipv4toregexsearch.
898 * @param policy exit policy specification
899 * @return regular expression, NULL on error
902 GNUNET_TUN_ipv4policy2regex (const char *policy);
906 * Hash the service name of a hosted service to the
907 * hash code that is used to identify the service on
910 * @param service_name a string
911 * @param[out] hc corresponding hash
914 GNUNET_TUN_service_name_to_hash (const char *service_name,
915 struct GNUNET_HashCode *hc);
919 * Check if two sockaddrs are equal.
921 * @param sa one address
922 * @param sb another address
923 * @param include_port also check ports
924 * @return #GNUNET_YES if they are equal
927 GNUNET_TUN_sockaddr_cmp (const struct sockaddr *sa,
928 const struct sockaddr *sb,
933 * Compute the CADET port given a service descriptor
934 * (returned from #GNUNET_TUN_service_name_to_hash) and
935 * a TCP/UDP port @a ip_port.
937 * @param desc service shared secret
938 * @param ip_port TCP/UDP port, use 0 for ICMP
939 * @param[out] cadet_port CADET port to use
942 GNUNET_TUN_compute_service_cadet_port (const struct GNUNET_HashCode *desc,
944 struct GNUNET_HashCode *cadet_port);
948 /** @} */ /* end of group */