GitHub - hajoon22/icmp-p2p: A peer discovery, peer exchange, and signed message propagation protocol over ICMP. · GitHub
/" data-turbo-transient="true" />
Skip to content
Search or jump to...
Search code, repositories, users, issues, pull requests...
-->
Search
Clear
Search syntax tips
Provide feedback
--><br>We read every piece of feedback, and take your input very seriously.
Include my email address so I can be contacted
Cancel
Submit feedback
Saved searches
Use saved searches to filter your results more quickly
-->
Name
Query
To see all available qualifiers, see our documentation.
Cancel
Create saved search
Sign in
/;ref_cta:Sign up;ref_loc:header logged out"}"<br>Sign up
Appearance settings
Resetting focus
You signed in with another tab or window. Reload to refresh your session.<br>You signed out in another tab or window. Reload to refresh your session.<br>You switched accounts on another tab or window. Reload to refresh your session.
Dismiss alert
{{ message }}
hajoon22
icmp-p2p
Public
Notifications<br>You must be signed in to change notification settings
Fork
Star
main
BranchesTags
Go to file
CodeOpen more actions menu
Folders and files<br>NameNameLast commit message<br>Last commit date<br>Latest commit
History<br>152 Commits<br>152 Commits
src
src
LICENSE
LICENSE
Makefile
Makefile
README.md
README.md
config.h
config.h
main.c
main.c
View all files
Repository files navigation
ICMP P2P
A peer discovery, peer exchange, and signed message propagation protocol over ICMP.
Features
Discovers public UDP mappings using STUN.
Discovers peers through bootstrap nodes.
Exchanges peer information between peers.
Verifies discovered peers using Ed25519 signatures.
Maintains a peer table with periodic refresh and timeout handling.
Broadcasts signed messages through the network.
Maintains trust scores for peer selection.
Keeps the UDP NAT mapping alive periodically.
NAT Traversal
This project uses ICMP NAT traversal from:<br>https://github.com/hajoon22/icmp-nat-traversal
Create and maintain a UDP mapping using STUN.
Send ICMP Destination Unreachable packets referencing the mapped UDP flow.
Carry protocol payloads after the quoted IPv4 header and UDP header.
Receive protocol payloads through the NAT mapping.
Verified Environments
Linux netfilter NAT (Ubuntu, Kernel 7.0.0-15-generic)
TELUS Mobility LTE/5G
TELUS Wi-Fi Hub (Firmware v3.26.01 build11)
Vancouver International Airport Authority Public Wi-Fi
U+ GAPD-7500R (Software Version 1.03.10)
LGTELECOM Mobility LTE/5G
Protocol
Protocol payloads are carried inside ICMP packets.
[ICMP Header][IPv4 header][UDP header][protocol payload]
Lookup Request
[type (1 byte)][nonce (2 bytes)][mapped_port (2 bytes)][want (1 byte)][free_slots (1 byte)][public_key (32 bytes)][signature (64 bytes)]
type (1 byte): Protocol identifier.
nonce (2 bytes): Request nonce used to match a Lookup Response.
mapped_port (2 bytes): Sender public UDP mapped port.
want (1 byte): Number of peer entries requested.
free_slots (1 byte): Number of available peer slots on the sender.
public_key (32 bytes): Sender public key.
signature (64 bytes): Ed25519 signature over [type][nonce][mapped_port][want][free_slots][public_key].
Lookup Response
[type (1 byte)][nonce (2 bytes)][free_slots (1 byte)][peers (6*n bytes)][public_key (32 bytes)][signature (64 bytes)]
type (1 byte): Protocol identifier.
nonce (2 bytes): Nonce copied from the corresponding Lookup Request.
free_slots (1 byte): Number of available peer slots on the sender.
peers (6*n bytes): List of IPv4 peer entries.
peer entry: [ipv4_address (4 bytes)][mapped_port (2 bytes)].
public_key (32 bytes): Sender public key.
signature (64 bytes): Ed25519 signature over [type][nonce][free_slots][peers][public_key].
Message
[type (1 byte)][message (n bytes)][fanout (1 byte)][expiry (8 bytes)][signature (64 bytes)]
type (1 byte): Protocol identifier.
message (n bytes): Message payload.
fanout (1 byte): Maximum rebroadcast targets.
expiry (8 bytes): Big endian Unix timestamp.
signature (64 bytes): Ed25519 signature over [type][message][fanout][expiry].
The first 8 bytes of the verified signature are used internally as a message identifier for duplicate suppression.
Message Processing
Receive a Message packet.
Verify the message signature using the configured administrator public key.
Discard expired messages.
Derive a message identifier from the first 8 bytes of the verified signature.
Discard messages that have already been processed.
Print the message payload.
Rebroadcast the message according to the fanout value.
Peer Management
Peer discovery begins by sending Lookup Requests to one or more bootstrap nodes.
Peers can be in one of three states:
unchecked: Discovered but not verified.
checking: Lookup Request sent and waiting for a response.
checked: Verified peer.
Newly discovered peers are added as unchecked.<br>Unchecked peers are verified using Lookup Requests.<br>Lookup...