Wireshark  4.3.0
The Wireshark network protocol analyzer
packet-dcc.h
1 /* packet-dcc.c
2  * Protocol defs for Distributed Checksum Clearinghouse protocol
3  * DCC Home: http://www.rhyolite.com/anti-spam/dcc/
4  *
5  * Copyright 1999, Nathan Neulinger <nneul@umr.edu>
6  *
7  * Wireshark - Network traffic analyzer
8  * By Gerald Combs <gerald@wireshark.org>
9  * Copyright 1998 Gerald Combs
10  *
11  * Copied from packet-tftp.c
12  *
13  * SPDX-License-Identifier: GPL-2.0-or-later
14  */
15 
16 
17 /* Inserted below is dcc_proto.h from the dcc source distribution, with the
18  following changes made:
19 
20 :%s/u_in*t16_t/guint16/g
21 :%s/u_in*t32_t/guint32/g
22 :%s/u_ch*ar/guchar/g
23 :%s/in*t32_t/gint32/g
24 
25 This includes more than is really necessary, but easier to just include whole
26 header.
27 
28 */
29 
30 
31 /* Distributed Checksum Clearinghouse protocol
32  *
33  * Copyright (c) 2002 by Rhyolite Software
34  *
35  * SPDX-License-Identifier: ISC
36  *
37  * Rhyolite Software DCC 1.0.53-1.45 $Revision: 1.3 $
38  */
39 
40 #ifndef DCC_PROTO_H
41 #define DCC_PROTO_H
42 
43 
44 #define DCC_PORT 6277 /* default UDP port #, MAPS in DTMF */
45 
46 
47 /* No client's retransmission can be delayed by more than this
48  * This matters for how long a DCC server must remember old requests
49  * to recognize retransmissions */
50 #define DCC_MAX_DELAY_SEC 30
51 
52 typedef guint16 DCC_MS;
53 
54 /* anonymous client delay */
55 #define DCC_MAX_QDELAY_MS (DCC_MAX_DELAY_SEC*1000)
56 #define DCC_DEF_QDELAY_MS 0
57 
58 
59 /* types of checksums */
60 typedef enum {
61  DCC_CK_INVALID =0, /* deleted from database when seen */
62  DCC_CK_IP =1, /* MD5 of binary source IPv6 address */
63  DCC_CK_ENV_FROM =2, /* " " envelope Mail From value */
64  DCC_CK_FROM =3, /* " " header From: line */
65  DCC_CK_SUB =4, /* " " substitute header line */
66  DCC_CK_MESSAGE_ID=5, /* " " header Message-ID: line */
67  DCC_CK_RECEIVED =6, /* " " last header Received: line */
68  DCC_CK_BODY =7, /* " " body */
69  DCC_CK_FUZ1 =8, /* " " filtered body */
70  DCC_CK_FUZ2 =9, /* " " " " */
71  DCC_CK_FUZ3 =10, /* " " " " */
72  DCC_CK_FUZ4 =11, /* " " " " */
73  DCC_CK_SRVR_ID =12, /* hostname for server-ID check */
74  DCC_CK_ENV_TO =13 /* MD5 of envelope Rcpt To value */
75 # define DCC_CK_FLOD_PATH DCC_CK_ENV_TO /* flooding path in server-IDs */
76 } DCC_CK_TYPES;
77 #define DCC_CK_TYPE_FIRST DCC_CK_IP
78 #define DCC_CK_TYPE_LAST DCC_CK_ENV_TO
79 #define DCC_NUM_CKS DCC_CK_TYPE_LAST /* # of valid types */
80 
81 /* DCC_DIM_CKS dimensions arrays of checksum types including DCC_CK_INVALID
82  * Beware that DCC_DIM_CKS is used in the database header. */
83 #define DCC_DIM_CKS (DCC_CK_TYPE_LAST+1)
84 
85 /* Ensure that arrays of DCC_CKs contain an even number so that structures
86  * containing them will have no extra structure packing */
87 #define DCC_COMP_DIM_CKS ((((DCC_NUM_CKS+1)+1)/2)*2) /* == DCC_DIM_CKS */
88 
89 /* keep in the database longer than others */
90 #define DCC_CK_LONG_TERM(t) ((t) >= DCC_CK_FUZ1 && (t) <= DCC_CK_FUZ4)
91 
92 #define DCC_CK_IS_BODY(t) ((t) >= DCC_CK_BODY && (t) <= DCC_CK_FUZ4)
93 
94 /* ok for users to talk about */
95 #define DCC_CK_OK_USER(t) ((t) > DCC_CK_INVALID && (t) <= DCC_CK_FUZ4)
96 /* ok in the database */
97 #define DCC_CK_OK_DB(t) ((t) > DCC_CK_INVALID && (t) <= DCC_CK_TYPE_LAST)
98 #define DCC_CK_OK_PROTO(t) DCC_CK_OK_USER(t) /* ok from clients */
99 #define DCC_CK_OK_FLOD(t) DCC_CK_OK_DB(t) /* ok in floods */
100 
101 typedef guchar DCC_CK_TYPE;
102 
103 
104 typedef enum {
105  DCC_OP_INVALID=0,
106  DCC_OP_NOP, /* see if the server is alive */
107  DCC_OP_REPORT, /* client reporting and querying */
108  DCC_OP_QUERY, /* client querying */
109  DCC_OP_QUERY_RESP, /* server responding */
110  DCC_OP_ADMN, /* local control of the server */
111  DCC_OP_OK, /* administrative operation ok */
112  DCC_OP_ERROR, /* server failing or complaining */
113  DCC_OP_DELETE /* delete some checksums */
114 } DCC_OPS;
115 
116 typedef guint32 DCC_CLNT_ID;
117 #define DCC_ID_INVALID 0
118 #define DCC_ID_ANON 1 /* anonymous (non-paying) client */
119 #define DCC_ID_WHITE 2 /* white-listed */
120 #define DCC_ID_COMP 3 /* compressed */
121 #define DCC_SRVR_ID_MIN 100 /* below reserved for special uses */
122 #define DCC_SRVR_ID_MAX 32767 /* below are servers--must be 2**n-1 */
123 #define DCC_CLNT_ID_MIN (DCC_SRVR_ID_MAX+1)
124 #define DCC_CLNT_ID_MAX 16777215
125 typedef guint16 DCC_SRVR_ID;
126 #define DCC_SRVR_ID_AUTH (DCC_SRVR_ID_MAX+1) /* client was authenticated */
127 
128 /* client's identification of its transaction */
129 typedef struct {
130  guint32 h; /* client host ID, e.g. IP address */
131  guint32 p; /* process ID, serial #, timestamp */
132  guint32 r; /* report ID */
133  guint32 t; /* client (re)transmission # */
134 } DCC_OP_NUMS;
135 
136 /* The inter-DCC server flooding algorithm depends on unique-per-server
137  * timestamps to detect duplicates. That imposes a requirement on
138  * timestamps that they have resolution enough to separate reports
139  * from clients arriving at any single server.
140  * The timestamps are 48 bits consisting of 17 bits of 8's of microseconds
141  * and 31 bits of seconds. That's sufficient for the UNIX epoch.
142  * If the DCC is still around in the 2030's (and in the unlikely case that
143  * 8 microseconds are still fine enough), we can make the 31 bits be
144  * an offset in a bigger window.
145  */
146 #define DCC_TS_USEC_RSHIFT 3
147 #define DCC_TS_USEC_MULT (1<<DCC_TS_USEC_RSHIFT)
148 #define DCC_TS_SEC_LSHIFT 17
149 #define DCC_TS_USEC_MASK ((1<<DCC_TS_SEC_LSHIFT) - 1)
150 typedef guchar DCC_TS[6];
151 
152 /* The start of any DCC packet.
153  * The length and version are early, since they are they only fields
154  * that are constrained in future versions. */
155 typedef struct {
156  guint16 len; /* total DCC packet length (for TCP) */
157  guchar pkt_vers; /* packet protocol version */
158 # define DCC_PKT_VERSION 4
159 # define DCC_PKT_VERSION_MIN DCC_PKT_VERSION
160 # define DCC_PKT_VERSION_MAX DCC_PKT_VERSION
161  guchar op; /* one of DCC_OPS */
162  /* Identify the transaction.
163  * Each client can have many hosts, each host can be multi-homed,
164  * and each host can be running many processes talking to the
165  * server. Each packet needs to be uniquely numbered, so that the
166  * server can recognize as interchangeable all of the (re)transmissions
167  * of a single report (rid) from a client process (pid) on a single
168  * host (hid), and the client can know which transmission (tid)
169  * produced a given server response to maintain the client's RTT
170  * value for the server. */
171  DCC_CLNT_ID sender; /* official DCC client-ID */
172  DCC_OP_NUMS op_nums; /* op_num.t must be last */
173 } DCC_HDR;
174 
175 typedef guchar DCC_SIGNATURE[16];
176 
177 typedef struct {
178  DCC_HDR hdr;
179  DCC_SIGNATURE signature;
180 } DCC_NOP;
181 
182 
183 /* administrative requests from localhost
184  * These can be freely changed, because the administrative tools
185  * should match the daemon. */
186 typedef enum {
187  DCC_AOP_OK=-1, /* never really sent */
188  DCC_AOP_STOP=1, /* stop gracefully */
189  DCC_AOP_NEW_IDS, /* load keys and client-IDs */
190  DCC_AOP_FLOD, /* start or stop flooding */
191  DCC_AOP_DB_UNLOCK, /* start switch to new database */
192  DCC_AOP_DB_NEW, /* finish switch to new database */
193  DCC_AOP_STATS, /* return counters--val=buffer size */
194  DCC_AOP_STATS_CLEAR, /* return and zero counters */
195  DCC_AOP_TRACE_ON,
196  DCC_AOP_TRACE_OFF,
197  DCC_AOP_CUR_CLIENTS /* some client IP addresses */
198 } DCC_AOPS;
199 
200 /* for DCC_AOP_FLOD */
201 typedef enum {
202  DCC_AOP_FLOD_CHECK=0,
203  DCC_AOP_FLOD_SHUTDOWN,
204  DCC_AOP_FLOD_HALT,
205  DCC_AOP_FLOD_RESUME,
206  DCC_AOP_FLOD_REWIND,
207  DCC_AOP_FLOD_LIST,
208  DCC_AOP_FLOD_STATS,
209  DCC_AOP_FLOD_STATS_CLEAR
210 } DCC_AOP_FLODS;
211 
212 typedef struct { /* with operation DCC_OP_ADMN */
213  DCC_HDR hdr;
214  gint32 date; /* seconds since epoch on caller */
215  guint32 val; /* request type, buffer size, etc. */
216  guchar aop; /* one of DCC_AOPS */
217  guchar pad[3];
218  DCC_SIGNATURE signature;
219 } DCC_ADMN_REQ;
220 
221 /* noisy response to some DCC_AOPS with operation DCC_OP_ADMN */
222 typedef struct {
223  guchar addr[16];
224  DCC_CLNT_ID id;
225  guint32 last_used;
226  guint32 requests;
228 typedef union {
229  char string[80*22];
230  DCC_ADMN_RESP_CLIENTS clients[1];
232 typedef struct {
233  DCC_HDR hdr;
234  DCC_ADMN_RESP_VAL val;
235  DCC_SIGNATURE signature;
236 } DCC_ADMN_RESP;
237 
238 
239 #define DCC_TRACE_ADMN_BIT 0x0001 /* administrative requests */
240 #define DCC_TRACE_ANON_BIT 0x0002 /* anonymous client errors */
241 #define DCC_TRACE_CLNT_BIT 0x0004 /* authenticated client errors */
242 #define DCC_TRACE_RLIM_BIT 0x0008 /* rate limited messages */
243 #define DCC_TRACE_QUERY_BIT 0x0010 /* all queries and reports */
244 #define DCC_TRACE_RIDC_BIT 0x0020 /* RID cache messages */
245 #define DCC_TRACE_FLOD_BIT 0x0040 /* input and output flooding */
246 /* INFO must always be on */
247 #define DCC_TRACE_ALL_BITS (DCC_TRACE_ADMN_BIT | DCC_TRACE_ANON_BIT \
248  | DCC_TRACE_CLNT_BIT | DCC_TRACE_RLIM_BIT \
249  | DCC_TRACE_QUERY_BIT | DCC_TRACE_RIDC_BIT \
250  | DCC_TRACE_FLOD_BIT)
251 
252 
253 typedef char DCC_BRAND[64];
254 
255 /* administrative or NOP ok */
256 typedef struct {
257  DCC_HDR hdr;
258  guchar max_pkt_vers; /* can handle this version */
259  guchar unused;
260  DCC_MS qdelay_ms;
261  DCC_BRAND brand; /* identity or brandname of sender */
262  DCC_SIGNATURE signature;
263 } DCC_OK;
264 
265 
266 /* a reported checksum from a client */
267 typedef guchar DCC_SUM[16]; /* for now all have 16 bytes */
268 typedef struct {
269  DCC_CK_TYPE type;
270  guchar len; /* total length of this checksum */
271  DCC_SUM sum;
272 } DCC_CK;
273 
274 typedef guint32 DCC_TGTS; /* database is limited to 24 bits */
275 #define DCC_TGTS_TOO_MANY 0x00fffff0 /* >= 16777200 targets */
276 #define DCC_TGTS_OK 0x00fffff1 /* certified not spam */
277 #define DCC_TGTS_OK2 0x00fffff2 /* half certified not spam */
278 #define DCC_TGTS_DEL 0x00fffff3 /* a deleted checksum */
279 #define DCC_TGTS_INVALID 0x01000000
280 
281 /* query or query/report packet from client to server */
282 typedef struct {
283  DCC_HDR hdr;
284  DCC_TGTS tgts; /* # of addressees */
285 # define DCC_QUERY_MAX DCC_DIM_CKS
286  DCC_CK cks[DCC_QUERY_MAX]; /* even to prevent structure padding */
287  DCC_SIGNATURE signature;
289 
290 
291 typedef struct {
292  DCC_TGTS tgts[DCC_QUERY_MAX]; /* individual answers */
294 
295 /* response to a query or query/report */
296 typedef struct {
297  DCC_HDR hdr;
298  DCC_QUERY_RESP_BODY body;
299  DCC_SIGNATURE signature;
301 
302 
303 /* DCC_OP_DELETE request to delete checksums */
304 typedef struct {
305  DCC_HDR hdr;
306  gint32 date; /* seconds since epoch on caller */
307  DCC_CK ck;
308  guchar pad[2]; /* structure padding */
309  DCC_SIGNATURE signature;
310 } DCC_DELETE;
311 
312 
313 /* error response from server to client */
314 typedef struct {
315  DCC_HDR hdr;
316 # define DCC_ERROR_MSG_LEN 128
317  char msg[DCC_ERROR_MSG_LEN];
318  DCC_SIGNATURE signature;
319 } DCC_ERROR;
320 
321 
322 /* sender's position or serial number
323  * Only the sender understands sender positions except for these
324  * special values. However, the special values imply that the position
325  * must be big endian. */
326 typedef guchar DCC_FLOD_POS[8];
327 /* special cases sent by the receiver back to the sender */
328 #define DCC_FLOD_POS_END 0 /* receiver closing with message */
329 #define DCC_FLOD_POS_END_REQ 1 /* receiver wants to stop */
330 #define DCC_FLOD_POS_NOTE 2 /* receiver has a tracing message */
331 #define DCC_FLOD_POS_COMPLAINT 3 /* receiver has a problem message */
332 #define DCC_FLOD_POS_REWIND 4 /* receiver's database emptied */
333 #define DCC_FLOD_POS_MIN 10
334 
335 #define DCC_FLOD_OK_STR "DCC flod ok: "
336 #define DCC_FLOD_MAX_RESP 200
337 
338 /* report forwarded among servers */
339 typedef struct {
340  DCC_FLOD_POS pos;
341  guchar tgts[sizeof(DCC_TGTS)];
342  guchar srvr_id_auth[sizeof(DCC_SRVR_ID)]; /* receiving server */
343  DCC_TS ts; /* date reported */
344  guchar num_cks;
345  DCC_CK cks[DCC_QUERY_MAX];
346 } DCC_FLOD;
347 
348 /* record of path taken by a report */
349 #define DCC_NUM_FLOD_PATH ((int)(sizeof(DCC_SUM)/sizeof(DCC_SRVR_ID)))
350 typedef struct {
351  guchar hi, lo;
353 
354 typedef struct {
355  DCC_FLOD_POS z;
356  char msg[DCC_FLOD_MAX_RESP];
357  char null;
358 } FLOD_END;
359 typedef struct {
360  DCC_FLOD_POS op;
361  guchar len;
362  char str[DCC_FLOD_MAX_RESP];
363 } FLOD_NOTE;
364 #define FLOD_NOTE_OVHD ((int)sizeof(FLOD_NOTE)-DCC_FLOD_MAX_RESP)
365 
366 #define DCC_FLOD_VERSION_STR_BASE "DCC flod version "
367 #define DCC_FLOD_VERSION5_STR DCC_FLOD_VERSION_STR_BASE"5"
368 #define DCC_FLOD_VERSION5 5
369 #define DCC_FLOD_VERSION6_STR DCC_FLOD_VERSION_STR_BASE"6"
370 #define DCC_FLOD_VERSION6 6
371 #define DCC_FLOD_VERSION7_STR DCC_FLOD_VERSION_STR_BASE"7"
372 #define DCC_FLOD_VERSION7 7
373 #define DCC_FLOD_VERSION_DEF 0
374 #define DCC_FLOD_VERSION_CUR_STR DCC_FLOD_VERSION7_STR
375 #define DCC_FLOD_VERSION_CUR DCC_FLOD_VERSION7
376 typedef struct {
377 # define DCC_FLOD_VERSION_STR_LEN 64
378  char str[DCC_FLOD_VERSION_STR_LEN];
379  DCC_SRVR_ID sender_srvr_id;
380  guchar turn;
381  guchar unused[3];
383 typedef struct {
385  char pad[256-sizeof(DCC_FLOD_VERSION_BODY)-sizeof(DCC_SIGNATURE)];
386  DCC_SIGNATURE signature;
388 
389 
390 #endif /* DCC_PROTO_H */
Definition: packet-dcc.h:212
Definition: packet-dcc.h:222
Definition: packet-dcc.h:232
Definition: packet-dcc.h:268
Definition: packet-dcc.h:304
Definition: packet-dcc.h:314
Definition: packet-dcc.h:350
Definition: packet-dcc.h:376
Definition: packet-dcc.h:383
Definition: packet-dcc.h:339
Definition: packet-dcc.h:155
Definition: packet-dcc.h:177
Definition: packet-dcc.h:256
Definition: packet-dcc.h:129
Definition: packet-dcc.h:282
Definition: packet-dcc.h:291
Definition: packet-dcc.h:296
Definition: packet-dcc.h:354
Definition: packet-dcc.h:359
Definition: packet-dcc.h:228