xtunnelsprotocol.h

xtunnel nat/fw traversal source code

	*/
	};

struct ClientReadyParam
	{
	// no additional data -- note that size of empty struct is 1
	};

struct ClientRequestSinglePortParam
	{
	uuid_t requestuuid;
	};

struct ClientRequestEvenBasedPortPairParam
	{
	uuid_t requestuuid;
	};

// NOTE: will only close the port base port, all other ports are part of the port base must close
struct ClientRequestClosePortParam
	{
	unsigned short closeport;
	};

struct ClientRequestSendPacketParam
	{
	u_port_t fromport;
	unsigned long destip;
	u_port_t destport;
	unsigned long packetblobsize;
	u_char packetblob[];
	};

// CXscMarshal_XTunnels_ClientToServer_RequestTestUDPRedirectPortCheck is allowed to be sent to the server redirect UDP port
// but only before CXscMarshal_XTunnels_ClientToServer_RequestBindRedirectPortUDPToIP has been received
//
// This server must reply to this command CXscMarshal_XTunnels_ServerToClient_ReplyTestUDPRedirectPortCheck
struct ClientRequestTestUDPRedirectPortCheckParam
	{
	uuid_t m_tTestGUID;
	};

// This message is received over the TCP channel. Once received, the server will reject any packets
// coming into the UDP redirect port that do not match m_dwOnlyAllowFromIPAddress and m_wOnlyAllowFromPort
struct ClientRequestBindRedirectPortUDPToIPParam
	{
	unsigned long m_dwOnlyAllowFromIPAddress;
	u_port_t m_wOnlyAllowFromPort;
	};

// This message is received over the TCP channel. The server sends
// CXscMarshal_XTunnels_ServerToClient_ReplyBindTestUDPRedirectPortReply over the UDP redirect port in responce
// to this message.
struct ClientRequestBindTestUDPRedirectPortReplyParam
	{
	uuid_t m_tTestGUID;
	};

// The server must now forward all CXscMarshal_XTunnels_ServerToClient_NotifyPacketArrived over the UDP redirect port
struct ClientRequestBindUDPRedirectPortPacketForwardParam
	{
	// no additional data -- note that size of empty struct is 1
	};

// This message is used to generate a secure conversation session key. Encryption must be enabled to
// send this command. Receiving party does not have to check for encryption first, as only a badly written
// client would ever send this unencrypted.
//
// Conversation key can be requested at any time, only if server protocol version is 1.0 or greater.
// protocol major: 1
// protocol minor: 0
struct TClientRequestXCipherSecureConversationKeyParam
	{
	unsigned short m_usRemoteUserAtHostSize;
	char m_szRemoteUserAtHost[EMaxMediumBufferSize]; // note: sent packed, not our above maximum acceptable size!
	uuid_t m_tConversationSessionGUID;
	};

struct ServerChallengeParam
	{
	unsigned long algorithm;
	unsigned long challengeblobsize;
	u_char challengeblob[EMaxMediumBufferSize];
	};

struct ServerReadyParam
	{
	unsigned long externalip;
	bool startnew;
	uuid_t sessionuuid;
	unsigned long m_dwServerSessionTimeoutInSeconds;
	u_port_t m_wServerAssignedUDPRedirectPort;
	};
	
struct ServerPortsAvailableParam
	{
	uuid_t requestuuid;
	u_port_t portBase;
	};
	
struct ServerPacketArrivedParam
	{
	u_port_t fromport;
	unsigned long sourceip;
	u_port_t sourceport;
	unsigned long packetblobsize;
	char packetblob[];
	};

// This message is sent over the TCP channel, and is in response to the CXscMarshal_XTunnels_ClientToServer_RequestTestUDPRedirectPortCheck
// packet. The server must fill in the m_dwSourceIPAddress and m_wSourcePort with the source IP
// address and source port to which the CXscMarshal_XTunnels_ClientToServer_RequestTestUDPRedirectPortCheck
// packet was received from.
struct ServerReplyTestUDPRedirectPortCheckParam
	{
	unsigned long m_dwSourceIPAddress;
	u_port_t m_wSourcePort;
	uuid_t m_tTestGUID;
	};

// This message is sent over the UDP channel in response to the CXscMarshal_XTunnels_ClientToServer_RequestBindTestUDPRedirectPortReply
// message.
struct ServerReplyBindTestUDPRedirectPortReplyParam
	{
	uuid_t m_tTestGUID;
	};

// This message is announced *before* the CXscMarshal_XTunnels_ServerToClient_Ready *if* the client protocol version is 1.0 or greater
// protocol major: 1
// protocol minor: 0
// dwSupportFlags
// X-Cipher supported - 0x00000001 - if set, x-cipher is supported
struct TServerNotifyServerSupportParam
	{
	unsigned long m_ulSupportFlags;
	};

// This message is used to reply to the request to generate a secure conversation session key. Encryption must be enabled to
// send this command. Server does not have to check for encryption first, as only a badly written
// client would have ever requested a secure conversation key when encryption was not enabled.
//
// Only available if client protocol version is 1.0 or greater.
// protocol major: 1
// protocol minor: 0
//
// m_dwErrorCode - must be zero if successful, non-zero results mean m_pSecurityKeyBlob is NULL and m_dwSecurityKeyBlobSize is zero
// m_cErrorReason - a human readable reason for the failure
struct TServerToClientReplyXCipherSecureConversationKeyParam
	{
	unsigned short m_usRemoteUserAtHostSize;
	char m_szRemoteUserAtHost[EMaxSmallBufferSize]; // note: sent packed, not our above maximum acceptable size!
	uuid_t m_tConversationSessionGUID;
	unsigned long m_dwErrorCode;
	unsigned short m_usErrorReasonSize;
	char m_szErrorReason[EMaxSmallBufferSize]; // note: sent packed, not our above maximum acceptable size!
	unsigned short m_usCipherKeySize;
	char m_szCipherKey[EMaxSmallBufferSize]; // note: sent packed, not our above maximum acceptable size!
	};

typedef struct TXCipherConversationInfoParam
   {
   char m_szLocalHost[EMaxDBHostLength];
   char m_szRemoteHost[EMaxDBHostLength];
   char m_szRemoteUsername[EMaxDBUsernameLength];
   char m_pCipherkeyBytes[32];
   time_t m_tExpires;
   } TConversationInfoParam;


// optionally followed by an encryption header before magic number
typedef struct TXTunnelsPacketHeader
	{
	unsigned long commandid; // high bit set for encryption
	unsigned long payloadsize; // not including basic header size (or encrypt header?)
	} TXTunnelsPacketHeader;

typedef struct TXTunnelsPacketHeaderEncrypt
	{
	unsigned long m_ulAlgorithm;
	unsigned long decryptsize;
	} TXTunnelsPacketHeaderEncrypt;
	
// for a simple construction guaranteed no encryption
typedef struct TXTunnelsPacketHeaderUnencrypted
	{
	unsigned long commandid; // high bit set for encryption
	unsigned long payloadsize; // not including basic header size (or encrypt header?)
   unsigned long m_ulPacketMagicNumber; // EPacketMagicNumber
   unsigned long m_ulPacketIndex;
	} TXTunnelsPacketHeaderUnencrypted;


// to accomodate with/without encryption in one structure
// since we don't know in advance which kind we're receiving in a UDP packet for instance
typedef struct TXTunnelsPacket
	{
	TXTunnelsPacketHeader m_tHeaderBasic;
	union
	   {
	   struct // if not encrypted
	      {
	      unsigned long m_ulPacketMagicNumber; // EPacketMagicNumber
	      unsigned long m_ulPacketIndex;
         union
            {
            char m_pPayload[EMaxPacketDataSize]; // anything larger than that should be rejected immediately
            PingParam ping;
            TVersionParam m_tVersion;
            ChallengeReplyParam challengereply;
            DisconnectParam disconnect;
            TClientToServerHelloParam clienthello;
            ClientReadyParam clientready;
            ClientRequestSinglePortParam clientrequestsingleport;
            ClientRequestEvenBasedPortPairParam clientrequestevenbasedportpair;
            ClientRequestClosePortParam clientrequestcloseport;
            ClientRequestSendPacketParam clientrequestsendpacket;
            ClientRequestTestUDPRedirectPortCheckParam clientrequesttestudpredirectPortCheck;
            ClientRequestBindRedirectPortUDPToIPParam clientrequestbindredirectportudptoip;
            ClientRequestBindTestUDPRedirectPortReplyParam clientrequestbindtestudpredirectportreply;
            ClientRequestBindUDPRedirectPortPacketForwardParam clientrequestbindudpredirectportpacketforward;
            TClientRequestXCipherSecureConversationKeyParam m_tRequestKey;
            ServerChallengeParam serverchallenge;
            ServerReadyParam serverready;
            ServerPortsAvailableParam serverportsavailable;
            ServerPacketArrivedParam serverpacketarrived;
            ServerReplyTestUDPRedirectPortCheckParam serverreplytestudpredirectportcheckparam;
            ServerReplyBindTestUDPRedirectPortReplyParam serverreplybindtestudpredirectportreplyparam;
            TServerNotifyServerSupportParam m_tNotifyServerSupport;
            TServerToClientReplyXCipherSecureConversationKeyParam m_tXCipherKey;
            TXCipherConversationInfoParam m_tXCipherConversation;
            };
	      } m_tData;
	   struct // if encrypted
	      {
      	TXTunnelsPacketHeaderEncrypt m_tSpecs;
	      char m_pEncryptedData[EMaxPacketDataSize];
	      } m_tEncrypt;
	   };
	} TXTunnelsPacket;

// simplification of above for use of server rejecting connect attempt or SIGALRM going on deathwatch
typedef struct TGoodbyePacket 
	{
	TXTunnelsPacketHeaderUnencrypted m_tHeader;
	//DisconnectParam disconnect;
	unsigned long reason;
	unsigned short messagesize;
	char message[EMaxSmallBufferSize]; // note no trailing NUL
	} TGoodbyePacket;

// child management -- we'll have a fixed kMaximumClients array of these

typedef struct SChild
	{
	// internal process management variables and communication channels
	typedef enum 
		{
		eAvailable = 0, // currently not used, all other fields invalid
		eStarting,		// pipe fds are valid
		eStarted,		// and pid is valid
		eActive,		// pipe fds are released and session id is valid
		eDeathwatch		// disconnected and waiting for final timeout or reconnection
		} EStatus;
	int status;
	pid_t pid;
	//int pipefd[2]; 
	// these are created just before fork and are valid until session ID created or child quits
	int m_pChild2ServerPipe[2];
   int m_pServer2ChildPipe[2];
	
	// stuff related to session bookkeeping and piped to parent on real time status request
	uuid_t sessionID;
	char m_szHost[EMaxDBHostLength];
	unsigned long m_ulClientIP; 
	
	// to be sent to database on quit for accounting and piped to parent on real time status request
	time_t connectiontime;
	unsigned long incomingbytes; 
	unsigned long outgoingbytes; 
	
	// these are piped to parent in SIGALRM in case a reconnection wants to pick them up
	unsigned long portcount;
	unsigned long portarray[EMaxActivePortCount]; // a valid client isn't expected to allocate more than 21, this allows for 50 active lines 
	} SChild;

// data child pipes for real time status request
typedef struct TDestinationInfo
   {
   unsigned long m_ulIPAddress;
   unsigned long m_ulIncomingTraffic;
   unsigned long m_ulOutgoingTraffic;
   } TDestinationInfo;
   
typedef struct TChildStatus
	{
	unsigned long ulPortsSingle; 
	unsigned long ulPortsDual; 
	unsigned long ulTrafficIncoming; 
	unsigned long ulTrafficOutgoing; 
	unsigned long incomingtrafficlastsecondbytes; 
	unsigned long outgoingtrafficlastsecondbytes; 
	unsigned long m_ulClientIP;
	unsigned long m_ulUniqueDestinations;
	time_t connectiontime;
	int usernamelength;
	int iHostNameLength;
	int m_iNumDestinationsTraffic;
	// followed by usernamelength characters including trailing NULL
	// then iHostNameLength characters including trailing NULL
	// then m_iNumDestinationsTraffic of TDestinationInfo; right now 50 could be up to m_ulUniqueDestinations
	} TChildStatus;
	
#if VS_TARGET_OS_MAC
#pragma options align=reset
#elif VS_TARGET_OS_LINUX
#pragma pack (0)
#elif VS_TARGET_OS_OPENBSD
#pragma pack ()
#else
#error undefined target OS!
#endif // VS_TARGET_OS_MAC


// procedures to abstract configuration, authentication, database verification

int LoadConfigurationFile(const char* inAppName);

bool VerifyConnectingIPAllowed(const char* szHost);
bool VerifyConnectingIPRejected(const char* szHost);
bool VerifyConnectingIPAllowedAnonymously(const char* szHost);
bool VerifyConnectingIPIsLocalhost(int inAttemptingSocket);
bool VerifyDestinationIPAllowedAndLogOutgoingTraffic(
   unsigned long ulDestinationIP,
   const char* szHost,
   unsigned long ulPacketSize
   );
bool LogDestinationIPIncomingTraffic(unsigned long ulDestinationIP, unsigned long ulPacketSize);
// returns number of total slots for inHost, -1 if host/account nonexistent
int VerifyAccountExistsAndConnectionAvailable(const char* inName, const char* inHost);

// to get at logged by destination traffic
unsigned long GetUniqueDestinations(); 
void GetDestinationsTraffic(unsigned long ulCount, TDestinationInfo* pInfo);

// database maintenance
int OpenDatabaseConnection();
int CloseDatabaseConnection();
//int GetRulesFromDB(const char* szHost);
//bool LoadRulesIfNeeded(const char* szHost);
int GetAllRulesFromDB();
void SaveClientSessionTraffic(SChild& theChild, bool bForceSave);

} // end extern "C"

} // end namespace XTunnels

#endif // XTUNNELSPROTOCOL_H__9730C05E_67C3_441A_9D8B_AE1B24E80407_