217 lines
5.4 KiB
Protocol Buffer
217 lines
5.4 KiB
Protocol Buffer
syntax = "proto3";
|
||
|
||
//package message;
|
||
|
||
// 基础公共类型定义
|
||
|
||
message SDLV4Info {
|
||
uint32 port = 1;
|
||
bytes v4 = 2;
|
||
uint32 nat_type = 3;
|
||
}
|
||
|
||
message SDLV6Info {
|
||
uint32 port = 1;
|
||
bytes v6 = 2;
|
||
}
|
||
|
||
// 和super之间采用了quic协议通讯
|
||
// 传输层采用: <<Len:16, PacketType:8, Payload/binary>>
|
||
|
||
message SDLWelcome {
|
||
uint32 version = 1;
|
||
// 服务器允许的最大双向流
|
||
uint32 max_bidi_streams = 2;
|
||
// 服务器允许的最大包
|
||
uint32 max_packet_size = 3;
|
||
// 心跳包的间隔
|
||
uint32 heartbeat_sec = 4;
|
||
}
|
||
|
||
// 这里修改成了扁平的结构, 否则有些字段不好找放的位置
|
||
message SDLRegisterSuper {
|
||
string client_id = 1;
|
||
// 网络地址信息已经有https请求分配了
|
||
// 注册的时候需要带上(network_id, mac, ip, mask_len, hostname)
|
||
uint32 network_id = 2;
|
||
bytes mac = 3;
|
||
uint32 ip = 4;
|
||
uint32 mask_len = 5;
|
||
string hostname = 6;
|
||
|
||
string pub_key = 7;
|
||
// 客户端使用http协议请求后端,通过token或者账号密码登录时, 统一返回一个access_token;
|
||
// RegisterSuper的时候,验证凭证是否合法 (access_token)
|
||
string access_token = 8;
|
||
}
|
||
|
||
// 客户端的升级逻辑,在https的接口里面去完成
|
||
// 部分逻辑会脱离quic去通讯,增加session_token校验
|
||
message SDLRegisterSuperAck {
|
||
// 目前支持aes, chacha20
|
||
string algorithm = 1;
|
||
bytes key = 2;
|
||
// 逻辑分段,chacha20加密算法需要使用该字段
|
||
uint32 region_id = 3;
|
||
bytes session_token = 4;
|
||
}
|
||
|
||
message SDLRegisterSuperNak {
|
||
uint32 error_code = 1;
|
||
string error_message = 2;
|
||
}
|
||
|
||
// 网络地址查询
|
||
message SDLQueryInfo {
|
||
bytes dst_mac = 1;
|
||
}
|
||
|
||
message SDLPeerInfo {
|
||
bytes dst_mac = 1;
|
||
optional SDLV4Info v4_info = 2;
|
||
optional SDLV6Info v6_info = 3;
|
||
}
|
||
|
||
// ARP查询相关
|
||
// 真实的arp请求是通过广播的形式获取到的,但是针对于macos这种tun的实现;是能够分析出arp请求包的;
|
||
// 对于当前网络来说,服务端是知道mac对应的ip地址的,因此没有必要广播;直接通过服务器端返回
|
||
message SDLArpRequest {
|
||
uint32 target_ip = 1;
|
||
uint32 origin_ip = 2;
|
||
bytes context = 3;
|
||
}
|
||
|
||
message SDLArpResponse {
|
||
uint32 target_ip = 1;
|
||
bytes target_mac = 2;
|
||
uint32 origin_ip = 3;
|
||
bytes context = 4;
|
||
}
|
||
|
||
// 权限请求查询相关
|
||
message SDLPolicyRequest {
|
||
uint32 src_identity_id = 1;
|
||
uint32 dst_identity_id = 2;
|
||
uint32 version = 3;
|
||
}
|
||
|
||
// 基于quic通讯,rules部分已经没有了长度限制
|
||
message SDLPolicyResponse {
|
||
uint32 src_identity_id = 1;
|
||
uint32 dst_identity_id = 2;
|
||
// 版本号,客户端需要比较版本号确定是否覆盖; 请求端自己去管理版本号,服务端只是原样回写
|
||
uint32 version = 3;
|
||
// 1 + 2稀疏序列化规则, 按照: <<Proto:8, Port:16>> 这个格式序列号所有的规则信息; 下发的数据默认都是allow,deny规则的服务器端已经屏蔽
|
||
bytes rules = 4;
|
||
}
|
||
|
||
// 事件定义
|
||
|
||
message SDLEvent {
|
||
// nat映射变化
|
||
message NatChanged {
|
||
bytes mac = 1;
|
||
uint32 ip = 2;
|
||
}
|
||
|
||
// 发送register消息
|
||
message SendRegister {
|
||
bytes dst_mac = 1;
|
||
uint32 nat_ip = 2;
|
||
uint32 nat_port = 3;
|
||
uint32 nat_type = 4;
|
||
optional SDLV6Info v6_info = 5;
|
||
}
|
||
|
||
// 网络关闭
|
||
message NetworkShutdown {
|
||
string message = 1;
|
||
}
|
||
|
||
oneof event {
|
||
NatChanged nat_changed = 1;
|
||
SendRegister send_register = 2;
|
||
NetworkShutdown shutdown = 3;
|
||
}
|
||
}
|
||
|
||
// Command指令
|
||
message SDLCommand {
|
||
uint32 pkt_id = 1;
|
||
// 出口节点控制
|
||
message ExitNodeControl {
|
||
int32 action = 1; // 必选:操作类型
|
||
string remark = 2; // 可选:备注(方便日志/调试)
|
||
}
|
||
|
||
oneof command {
|
||
ExitNodeControl exit_node = 2;
|
||
}
|
||
}
|
||
|
||
message SDLCommandAck {
|
||
uint32 pkt_id = 1;
|
||
int32 code = 2;
|
||
string message = 3;
|
||
bytes data = 4;
|
||
}
|
||
|
||
// UDP通讯消息
|
||
|
||
// client和stun之间的心跳包,客户端需要和super的udp之间的存活逻辑
|
||
message SDLStunRequest {
|
||
string client_id = 1;
|
||
uint32 network_id = 2;
|
||
bytes mac = 3;
|
||
uint32 ip = 4;
|
||
uint32 nat_type = 5;
|
||
optional SDLV6Info v6_info = 6;
|
||
bytes session_token = 7;
|
||
}
|
||
|
||
message SDLStunReply {
|
||
}
|
||
|
||
message SDLData {
|
||
uint32 network_id = 1;
|
||
bytes src_mac = 2;
|
||
bytes dst_mac = 3;
|
||
bool is_p2p = 4;
|
||
uint32 ttl = 5;
|
||
bytes data = 6;
|
||
bytes session_token = 7;
|
||
// 端通过https登录的时候,服务端会分配该端对应的权限标识
|
||
// 后续的请求过程中需要带上这个值,对端通过这个值要判断对数据包是否放行
|
||
uint32 identity_id = 8;
|
||
}
|
||
|
||
// 网络类型探测
|
||
|
||
message SDLStunProbe {
|
||
uint32 cookie = 1;
|
||
uint32 attr = 2;
|
||
// 增加step是为了方便端上判断,收到的请求和响应之间的映射关系;服务器端原样返回
|
||
uint32 step = 3;
|
||
}
|
||
|
||
message SDLStunProbeReply {
|
||
uint32 cookie = 1;
|
||
// 增加step是为了方便端上判断,收到的请求和响应之间的映射关系;服务器端原样返回
|
||
uint32 step = 2;
|
||
uint32 port = 3;
|
||
uint32 ip = 4;
|
||
}
|
||
|
||
// Node-Node之间的握手逻辑, 是基于udp传输的
|
||
|
||
message SDLRegister {
|
||
uint32 network_id = 1;
|
||
bytes src_mac = 2;
|
||
bytes dst_mac = 3;
|
||
}
|
||
|
||
message SDLRegisterAck {
|
||
uint32 network_id = 1;
|
||
bytes src_mac = 2;
|
||
bytes dst_mac = 3;
|
||
} |