Giters

thejefflarson / udp-tunnel-sketch

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

udp-tunnel-sketch
=================


General goals:
 * posix-like api
 * strong cryptography, following the ideas of curvecp -- skipping client auth
 * resistance to replay attacks
 * resistance to DDOS attacks, no allocations on server-side connections
 * unencrypted data is just four bytes for protocol \0r#{version}#{proto}
 * fast-enough to handle hundreds of connections
 * trust on first use

Design:
 there should be a worker thread that polls an underlying unix socket, and feeds messages into a queue only accessible by that thread, those messages are doled out to the calling thread by calls to accept, select, send, connect, send and recv.

 the worker thread polls the parent fd, and fills in buffers independent of calls to recv, and writes to the socket pair: https://www.gnu.org/software/libc/manual/html_node/Socket-Pairs.html

 sockets should only be changed from the main thread

 inspiration: https://github.com/nanomsg/nanomsg/blob/master/src/core/global.c

 there should be useful global statistics reporting

 connections are identified by connection public key to facilitate server and client roaming. These keys are generated on a connection on connection basis.

requirements:
 nacl or sodium or tweetnacl (included)
 basic posix
 pthreads

Protocol:
 client                           server
 ----------------------------------------
 HELLO
 byte version
 32 bytes connection public key
 random padding
 ----------------------------------------
                                  COOKIE
                                  byte version
                                  32 bytes long term public key
                                  (Connection Public key
                                  Secret Key encrypted with server's minute key)
                                  encrypted with server public key and
                                  client's public key
                                  random padding
 -----------------------------------------
 INIT
 byte version
 32 bytes connection public key
 nonce
 encrypted cookie
 encrypted message
 -----------------------------------------
                                  DATA
                                  byte version
                                  32 bytes connection public key
                                  nonce
                                  encrypted message
 -----------------------------------------
 DATA
 byte version
 32 bytes connection public key
 nonce
 message


message format encrypted
 crypto_box_BOXZEROBYTES
 uint32_t seq
 uint32_t ack
 time_t timestamp
 time_t delay
 size_t size < max_packet_size (1088 bytes)
 data

the resending algorithm follows tcp vegas

About

Languages

Language:C 100.0%