Version.h 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239
  1. /* vim: set expandtab ts=4 sw=4: */
  2. /*
  3. * You may redistribute this program and/or modify it under the terms of
  4. * the GNU General Public License as published by the Free Software Foundation,
  5. * either version 3 of the License, or (at your option) any later version.
  6. *
  7. * This program is distributed in the hope that it will be useful,
  8. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  9. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  10. * GNU General Public License for more details.
  11. *
  12. * You should have received a copy of the GNU General Public License
  13. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  14. */
  15. #ifndef Version_H
  16. #define Version_H
  17. #include "util/Linker.h"
  18. Linker_require("util/version/Version.c")
  19. #include <stdint.h>
  20. /*
  21. * Cjdns Protocol Versions
  22. *
  23. * The first argument to Version_COMPAT is the new version, the second argument is a list of
  24. * older versions with which it is compatible. All versions are obviously assumed to be compatible
  25. * with themselves and any version which is compatible with the most recent version to date is
  26. * assumed to be compatible with all future versions.
  27. */
  28. #ifndef Version_COMPAT
  29. // defined otherwise in Version.c
  30. #define Version_COMPAT(one, twoRange)
  31. #endif
  32. /*
  33. * Version 0:
  34. * January 2012
  35. *
  36. * First version.
  37. */
  38. Version_COMPAT(0, ([]))
  39. /*
  40. * Version 1:
  41. * October 2012
  42. *
  43. * When you send someone a message through cjdns, it's encrypted.
  44. * When you send the first message to a router, it has a nice header on it which tells them your key
  45. * and allows them to establish a cryptographic session with you. For every message after that, they
  46. * need to remember that session and use it to decrypt the message.
  47. *
  48. * The way they remember which session a message is associated with is to look at the switching
  49. * label from that message and compare that with the label which was used when the first message was
  50. * sent (with the header).
  51. *
  52. * What I didn't think about at the time is that labels change. Nodes find a better path to a
  53. * destination and expect the same session to work. It would work if the other end knew which
  54. * session to use but it can't know, the label is different.
  55. *
  56. * This is a protocol bug.
  57. *
  58. * In my opinion, the best way to fix it is to send an additional header before the crypto nonce
  59. * which tells the foreign node who it came from. When the handshake message is sent, the node will
  60. * send a 4 byte integer which the other end will store. Every time the other end sends a
  61. * non-handshake message to this end, it will prepend that same integer to the encrypted message and
  62. * on recieving a message, a node will use that number to do a lookup of the correct session to use.
  63. * The number can be a pointer or index offset so this can be quite fast.
  64. * Integer 0xFFFFFFFF shall be reserved and handshake messages which contain this value must be
  65. * ignored or treated as protocol 0 messages.
  66. *
  67. * But this is a protocol break.
  68. *
  69. * If a node gets handed a number and doesn't know what to do with it, it will think it's a
  70. * CryptoAuth header and it will fail. New nodes would be able to try a message as the old form if
  71. * the new form doesn't work but old nodes will just fail if they are ever sent a message in the new
  72. * form.
  73. *
  74. * Proposed Solution:
  75. * A key will be sent in all findNodes responses in the router, this key will be "np" for nodes'
  76. * protocol (version).
  77. * It will contain a string representation of a list of the protocol version numbers for the nodes
  78. * which it is introducing. The numbers will all be the same number of bytes and the first byte will
  79. * give that number. The length of the string will always be equal to one, plus the number of nodes
  80. * times the value of the first byte.
  81. *
  82. * This example shows the p which would accompany a findNodes response containing 1 node with
  83. * protocol version zero and one node with protocol version 1.
  84. *
  85. * "np": "\x01\x00\x01"
  86. *
  87. * 2:np3:\x01\x00\x01
  88. *
  89. * This example shows the p which would accompany a findNodes response containing 1 node with
  90. * protocol version 300 and two nodes with protocol version 5.
  91. *
  92. * "np": "\x02\x01\x2c\x00\x05\x00\x05"
  93. *
  94. * 2:np7:\x02\x01\x2c\x00\x05\x00\x05
  95. *
  96. * All multi-byte numbers shall be encoded in big endian encoding.
  97. *
  98. * Each node will have an internal compatibility matrix giving protocol version numbers which
  99. * can communicate, a node shall not respond to a findNodes message with a response containing any
  100. * nodes which are known to be incompatible with the protocol version of the requesting node.
  101. * Versions which are beyond the highest version number in the compatability matrix will be assumed
  102. * to have the same compatability as the highest number in the table.
  103. *
  104. * All messages shall contain shall contain an "p" key as well but these will have a benc integer
  105. * representing the protocol version of the sending node.
  106. *
  107. * Change to the Ping switch control message:
  108. * New switch ping messages will all be 8 or more bytes long, they will begin with a magic field
  109. * and then a version number which is the version of the sending node.
  110. * The magic will be set to 0x09f91102 for all ping messages and to 0x9d74e35b in the response
  111. * messages (these numbers shall be big endian encoded). Following this number will be a 4 byte
  112. * field containing the protocol version. Nodes which only speak protocol version 0 will be
  113. * identifyable because they echo back 0x09f91102 rather than replacing it and they will be unlikely
  114. * to send a ping request whose content begins with 0x09f91102.
  115. *
  116. * Protocol1.1
  117. * In protocol0 there was a single pool of sessions shared between the outer and inner layer.
  118. * In protocol1 it was split because one pool needed to have handles and the other pool didn't.
  119. * The problem with this is communications do not necessarily travel back and forth along the
  120. * same path and protocol1 exhibited a pathology wherein one node was direct sending packets to
  121. * another while the other was routing the responses via an intermediary.
  122. * There were 2 CryptoAuth sessions between the two nodes and neither session was entering run
  123. * state. So protocol1 was broken and the new protocol1 (protocol1.1) sends session handles on top
  124. * of the CryptoAuth handshake headers even if the handshake is in the inner layer (under the Ipv6
  125. * header). It does not however send handles in the inner layer when the inner layer CryptoAuth
  126. * session is in HANDSHAKE3 state or above.
  127. * Protocol1.1 still identifies itself as Protocol1, it will not be able to communicate with
  128. * protocol0 in some circumstances. If it knows nothing about the other node and it forwards a
  129. * message via an intermediary, the message will be unreadable at the other end.
  130. *
  131. * Protocol1.2
  132. * Changes in protocol1.1 are reverted as a solution was found in the implementation.
  133. */
  134. Version_COMPAT(1, ([0]))
  135. /*
  136. * Version 2:
  137. * February 21, 2013
  138. *
  139. * Remove compatibility layer for communicating with version 0 nodes.
  140. */
  141. Version_COMPAT(2, ([1]))
  142. /*
  143. * Version 3:
  144. * August 16, 2013
  145. *
  146. * In version 1, handles were introduced so that a session could be looked when a packet came in.
  147. * During the initiation of a session, the node's handle was placed before the CryptoAuth block
  148. * unless the message was a layer-3 (forwarded) message in which case it was at the beginning
  149. * inside of the innermost CryptoAuth block. This handle was transferred to the peer so they could
  150. * tell how *this* node identifies the session.
  151. *
  152. * When a layer-2 (non-forwarded) message was received which was *not* a session initiation packet,
  153. * the peer's handle was placed before the CryptoAuth block in order for the peer to be able to
  154. * lookup the session in their table.
  155. *
  156. * Unfortunately the handle outside of the CryptoAuth initiation block was not authenticated in any
  157. * way and a switch could alter it accidently or maliciously causing the wrong session identifier
  158. * to be stored leading to the session failing until it eventually times out.
  159. *
  160. * To fix this bug the handle attached to the initiation message has been moved into the CryptoAuth
  161. * block where it should have been in the first place. Obviously the peer's handle is still placed
  162. * outside of the CryptoAuth block so it can serve it's function.
  163. *
  164. * As of version 3, implementations must not send handles which are less than 4 so that when they
  165. * receive them back, they will not be confused with the initial 4 bytes of a CryptoAuth setup
  166. * packet which is not preceeded by a handle.
  167. */
  168. Version_COMPAT(3, ([1,2]))
  169. /*
  170. * Version 4:
  171. * August 27, 2013
  172. *
  173. * This version makes no protocol changes but fixes a nasty bug with forwarding which caused
  174. * messages to be forwarded to random nodes, updated to encourage nodes to forward via others
  175. * who do not have the bug.
  176. */
  177. Version_COMPAT(4, ([1,2,3]))
  178. /*
  179. * Version 5:
  180. * September 4, 2013
  181. *
  182. * This version introduces a new RPC call for getting directly connected peers from a node.
  183. * The new RPC call is called "gp" and it takes a target label called "tar" which must be an
  184. * 8 byte long benc string. It returns a list of peers exactly the same as a search but they
  185. * must all be direct peers and they are the peers whose labels have smallest XOR distance
  186. * from "tar".
  187. */
  188. Version_COMPAT(5, ([1,2,3,4]))
  189. /*
  190. * Version 6:
  191. * December 14, 2013
  192. *
  193. * Drop support for versions older than 5
  194. */
  195. Version_COMPAT(6, ([5]))
  196. /*
  197. * Version 7:
  198. * March 16, 2014
  199. *
  200. * A ceremonial version which has the pathfinder2 implemented.
  201. * this is still compatible with the same versions and doesn't expressly change the protocol
  202. * although it is nolonger able to communicate with *older* version 5 nodes which do not advertize
  203. * their encoding scheme.
  204. */
  205. Version_COMPAT(7, ([5,6]))
  206. /**
  207. * The current protocol version.
  208. */
  209. #define Version_CURRENT_PROTOCOL 7
  210. #define Version_5_COMPAT
  211. #define Version_6_COMPAT
  212. #define Version_MINIMUM_COMPATIBLE 5
  213. #define Version_DEFAULT_ASSUMPTION 5
  214. /**
  215. * Check the compatibility matrix and return whether two versions are compatible.
  216. * If a version is not listed on the table, the highest version on the table is
  217. * substituted for it but if the return value is yes, it is changed to maybe.
  218. *
  219. * @param version1 the first version
  220. * @param version2 the second version
  221. * @return 1 meaning compatible or 0 meaning incompatible.
  222. */
  223. int Version_isCompatible(uint32_t one, uint32_t two);
  224. #endif