Commit bcc82f9a authored by Joanne Hugé's avatar Joanne Hugé

Define the Re6st protocol in docs

parent 43972615
Re6st Protocol
--------------
Table of Contents
-----------------
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2. Handshake . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3. Re6st packet format . . . . . . . . . . . . . . . . . . . . . . . . . . .
4. Network Version Message . . . . . . . . . . . . . . . . . . . . . . . . .
5. Address Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6. Tunnel Destruction . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1. Introduction
---------------
The re6st protocol is defined for communication between nodes of a re6st
network relative to the network itself. Nodes communicate to cooperate
together on the creation and destruction of tunnels.
2. Handshake
-----------------
The first step for two nodes to communicate is to establish
a connection, which requires a handshake. The purpose of the handshake
is to authenticate the nodes between each other by exchanging their public
certificate, and initialize a secret.
Three types of exchanges are defined for the handshake protocol:
| Seqno | Content |
| ----- | ----------------------------------------------------------------- |
| 0 | pub(sender) |
| 1 | sender protocol, fingerprint(receiver), pub(sender) |
| 2 | sender protocol, X = encrypt(receiver, secret), sign(sender, X) |
During a handshake, two or more exchanges may happen, depending on lost
packets, the cache's content, etc...
The handshake proceeds as follows:
Beginning of handshake:
If the node already has a certificate corresponding to the peer node's
IP, he sends seqno 1, else he sends seqno 0.
Reception of seqno 0:
The node adds the certificate to its list of known certificates, and sends
seqno 1.
Reception of seqno 1:
The received certificate is added
If the fingerprint is correct:
- a new secret strictly greater than the previous one is generated
- seqno 2 is sent.
Else, the node goes back to the beginning
Reception of seqno 2:
If the signature verification or if the secret is less or equal to the secret
node previously had, the handshake fails.
Else, the node sends its network version.
3. Re6st packet format
----------------
| Field | Length |
| --------------- | --------- |
| Sequence number | 4 octets |
| Code | 1 octet |
| Message | Variable |
| HMAC | 20 octets |
The sequence number is increased at each message, starting from 2 after
the handshake.
The code defines the type of message:
000 : Network Version
001 : Address
010 : Tunnel Destruction Request
011 : Tunnel Destruction Response
... : Reserved
The message contents depends on the code, and can vary in size. It must
be small enough for the packet to not exceed the default minimum MTU
of IPv6 (1280) bytes.
The HMAC field contains HMAC(secret, data), where HMAC is a HMAC function
using sha1 and the secret created during the handshake, and data is the
packet contents from the sequence number to the message.
4. Network Version Message
--------------------------
The Network Version Message contains the signed network version. It is
encoded such that each new version message is strictly greater than the
previous.
5. Address Message
------------------
Each node has a list (potentially empty) of addresses to advertise to other
nodes. An address is a tuple of three values: IP, port and protocol.
For instance: (10.0.0.2, 1194, TCP), (2001:db8:42:4::1, 1195, UDPv6)
In order for nodes to make tunnels between each other, they need to know
each other's advertised list of address. There are two ways for nodes
to learn about this:
- Asking the registry with the Remote Procedure Call getBootstrapPeer:
this is done only if a node doesn't know any node's addresses yet
- Sending a re6st packet with code 001 to a node
The address list is sent as a string, each address is separated by a
semicolon, and each address contains an ip, port and protocol separated
by a comma.
"ip1,port1,proto1;ip2,port2,proto2;ip3,port3,proto3"
6. Tunnel Destruction
---------------------
The destruction of a tunnel requires multiple stages:
- soft locking: the node orders babel to raise the cost of its route to
the peer
- hard locking: the route is marked as unusable
- locking request: a request to close the tunnel is sent to the peer,
corresponding to an empty code 2 message
- locking response: the peer answers with an empty code 3 message
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment