1 2--- a replacement for aproto ------------------------------------------- 3 4When it comes down to it, aproto's primary purpose is to forward 5various streams between the host computer and client device (in either 6direction). 7 8This replacement further simplifies the concept, reducing the protocol 9to an extremely straightforward model optimized to accomplish the 10forwarding of these streams and removing additional state or 11complexity. 12 13The host side becomes a simple comms bridge with no "UI", which will 14be used by either commandline or interactive tools to communicate with 15a device or emulator that is connected to the bridge. 16 17The protocol is designed to be straightforward and well-defined enough 18that if it needs to be reimplemented in another environment (Java 19perhaps), there should not problems ensuring perfect interoperability. 20 21The protocol discards the layering aproto has and should allow the 22implementation to be much more robust. 23 24 25--- protocol overview and basics --------------------------------------- 26 27The transport layer deals in "messages", which consist of a 24 byte 28header followed (optionally) by a payload. The header consists of 6 2932 bit words which are sent across the wire in little endian format. 30 31struct message { 32 unsigned command; /* command identifier constant (A_CNXN, ...) */ 33 unsigned arg0; /* first argument */ 34 unsigned arg1; /* second argument */ 35 unsigned data_length; /* length of payload (0 is allowed) */ 36 unsigned data_crc32; /* crc32 of data payload */ 37 unsigned magic; /* command ^ 0xffffffff */ 38}; 39 40Receipt of an invalid message header, corrupt message payload, or an 41unrecognized command MUST result in the closing of the remote 42connection. The protocol depends on shared state and any break in the 43message stream will result in state getting out of sync. 44 45The following sections describe the six defined message types in 46detail. Their format is COMMAND(arg0, arg1, payload) where the payload 47is represented by a quoted string or an empty string if none should be 48sent. 49 50The identifiers "local-id" and "remote-id" are always relative to the 51*sender* of the message, so for a receiver, the meanings are effectively 52reversed. 53 54 55 56--- CONNECT(version, maxdata, "system-identity-string") ---------------- 57 58Command constant: A_CNXN 59 60The CONNECT message establishes the presence of a remote system. 61The version is used to ensure protocol compatibility and maxdata 62declares the maximum message body size that the remote system 63is willing to accept. 64 65Currently, version=0x01000000 and maxdata=256*1024. Older versions of adb 66hard-coded maxdata=4096, so CONNECT and AUTH packets sent to a device must not 67be larger than that because they're sent before the CONNECT from the device 68that tells the adb server what maxdata the device can support. 69 70Both sides send a CONNECT message when the connection between them is 71established. Until a CONNECT message is received no other messages may 72be sent. Any messages received before a CONNECT message MUST be ignored. 73 74If a CONNECT message is received with an unknown version or insufficiently 75large maxdata value, the connection with the other side must be closed. 76 77The system identity string should be "<systemtype>:<serialno>:<banner>" 78where systemtype is "bootloader", "device", or "host", serialno is some 79kind of unique ID (or empty), and banner is a human-readable version 80or identifier string. The banner is used to transmit useful properties. 81 82--- STLS(type, version, "") -------------------------------------------- 83 84Command constant: A_STLS 85 86The TLS message informs the recipient that the connection will be encrypted 87and will need to perform a TLS handshake. version is the current version of 88the protocol. 89 90 91--- AUTH(type, 0, "data") ---------------------------------------------- 92 93Command constant: A_AUTH 94 95The AUTH message informs the recipient that authentication is required to 96connect to the sender. If type is TOKEN(1), data is a random token that 97the recipient can sign with a private key. The recipient replies with an 98AUTH packet where type is SIGNATURE(2) and data is the signature. If the 99signature verification succeeds, the sender replies with a CONNECT packet. 100 101If the signature verification fails, the sender replies with a new AUTH 102packet and a new random token, so that the recipient can retry signing 103with a different private key. 104 105Once the recipient has tried all its private keys, it can reply with an 106AUTH packet where type is RSAPUBLICKEY(3) and data is the public key. If 107possible, an on-screen confirmation may be displayed for the user to 108confirm they want to install the public key on the device. 109 110 111--- OPEN(local-id, 0, "destination") ----------------------------------- 112 113Command constant: A_OPEN 114 115The OPEN message informs the recipient that the sender has a stream 116identified by local-id that it wishes to connect to the named 117destination in the message payload. The local-id may not be zero. 118 119The OPEN message MUST result in either a READY message indicating that 120the connection has been established (and identifying the other end) or 121a CLOSE message, indicating failure. An OPEN message also implies 122a READY message sent at the same time. 123 124Common destination naming conventions include: 125 126* "tcp:<host>:<port>" - host may be omitted to indicate localhost 127* "udp:<host>:<port>" - host may be omitted to indicate localhost 128* "local-dgram:<identifier>" 129* "local-stream:<identifier>" 130* "shell" - local shell service 131* "upload" - service for pushing files across (like aproto's /sync) 132* "fs-bridge" - FUSE protocol filesystem bridge 133 134 135--- READY(local-id, remote-id, "") ------------------------------------- 136 137Command constant: A_OKAY 138 139The READY message informs the recipient that the sender's stream 140identified by local-id is ready for write messages and that it is 141connected to the recipient's stream identified by remote-id. 142 143Neither the local-id nor the remote-id may be zero. 144 145A READY message containing a remote-id which does not map to an open 146stream on the recipient's side is ignored. The stream may have been 147closed while this message was in-flight. 148 149The local-id is ignored on all but the first READY message (where it 150is used to establish the connection). Nonetheless, the local-id MUST 151not change on later READY messages sent to the same stream. 152 153 154--- WRITE(local-id, remote-id, "data") --------------------------------- 155 156Command constant: A_WRTE 157 158The WRITE message sends data to the recipient's stream identified by 159remote-id. The payload MUST be <= maxdata in length. 160 161A WRITE message containing a remote-id which does not map to an open 162stream on the recipient's side is ignored. The stream may have been 163closed while this message was in-flight. 164 165A WRITE message may not be sent until a READY message is received. 166Once a WRITE message is sent, an additional WRITE message may not be 167sent until another READY message has been received. Recipients of 168a WRITE message that is in violation of this requirement will CLOSE 169the connection. 170 171 172--- CLOSE(local-id, remote-id, "") ------------------------------------- 173 174Command constant: A_CLSE 175 176The CLOSE message informs recipient that the connection between the 177sender's stream (local-id) and the recipient's stream (remote-id) is 178broken. The remote-id MUST not be zero, but the local-id MAY be zero 179if this CLOSE indicates a failed OPEN. 180 181A CLOSE message containing a remote-id which does not map to an open 182stream on the recipient's side is ignored. The stream may have 183already been closed by the recipient while this message was in-flight. 184 185The recipient should not respond to a CLOSE message in any way. The 186recipient should cancel pending WRITEs or CLOSEs, but this is not a 187requirement, since they will be ignored. 188 189 190--- SYNC(online, sequence, "") ----------------------------------------- 191 192Command constant: A_SYNC 193 194*** obsolete, no longer used *** 195 196The SYNC message was used by the io pump to make sure that stale 197outbound messages are discarded when the connection to the remote side 198is broken. It was only used internally to the bridge and never valid 199to send across the wire. 200 201* when the connection to the remote side goes offline, the io pump 202 sends a SYNC(0, 0) and starts discarding all messages 203* when the connection to the remote side is established, the io pump 204 sends a SYNC(1, token) and continues to discard messages 205* when the io pump receives a matching SYNC(1, token), it once again 206 starts accepting messages to forward to the remote side 207 208 209--- message command constants ------------------------------------------ 210 211#define A_SYNC 0x434e5953 212#define A_CNXN 0x4e584e43 213#define A_AUTH 0x48545541 214#define A_OPEN 0x4e45504f 215#define A_OKAY 0x59414b4f 216#define A_CLSE 0x45534c43 217#define A_WRTE 0x45545257 218#define A_STLS 0x534C5453 219 220 221 222--- implementation details --------------------------------------------- 223 224The core of the bridge program will use three threads. One thread 225will be a select/epoll loop to handle io between various inbound and 226outbound connections and the connection to the remote side. 227 228The remote side connection will be implemented as two threads (one for 229reading, one for writing) and a datagram socketpair to provide the 230channel between the main select/epoll thread and the remote connection 231threadpair. The reason for this is that for usb connections, the 232kernel interface on linux and osx does not allow you to do meaningful 233nonblocking IO. 234 235The endian swapping for the message headers will happen (as needed) in 236the remote connection threadpair and that the rest of the program will 237always treat message header values as native-endian. 238 239The bridge program will be able to have a number of mini-servers 240compiled in. They will be published under known names (examples 241"shell", "fs-bridge", etc) and upon receiving an OPEN() to such a 242service, the bridge program will create a stream socketpair and spawn 243a thread or subprocess to handle the io. 244 245 246--- simplified / embedded implementation ------------------------------- 247 248For limited environments, like the bootloader, it is allowable to 249support a smaller, fixed number of channels using pre-assigned channel 250ID numbers such that only one stream may be connected to a bootloader 251endpoint at any given time. The protocol remains unchanged, but the 252"embedded" version of it is less dynamic. 253 254The bootloader will support two streams. A "bootloader:debug" stream, 255which may be opened to get debug messages from the bootloader and a 256"bootloader:control", stream which will support the set of basic 257bootloader commands. 258 259Example command stream dialogues: 260 "flash_kernel,2515049,........\n" "okay\n" 261 "flash_ramdisk,5038,........\n" "fail,flash write error\n" 262 "bogus_command......" <CLOSE> 263 264 265--- future expansion --------------------------------------------------- 266 267I plan on providing either a message or a special control stream so that 268the client device could ask the host computer to setup inbound socket 269translations on the fly on behalf of the client device. 270 271 272The initial design does handshaking to provide flow control, with a 273message flow that looks like: 274 275 >OPEN <READY >WRITE <READY >WRITE <READY >WRITE <CLOSE 276 277The far side may choose to issue the READY message as soon as it receives 278a WRITE or it may defer the READY until the write to the local stream 279succeeds. A future version may want to do some level of windowing where 280multiple WRITEs may be sent without requiring individual READY acks. 281 282------------------------------------------------------------------------ 283 284--- smartsockets ------------------------------------------------------- 285 286Port 5037 is used for smart sockets which allow a client on the host 287side to request access to a service in the host adb daemon or in the 288remote (device) daemon. The service is requested by ascii name, 289preceeded by a 4 digit hex length. Upon successful connection an 290"OKAY" response is sent, otherwise a "FAIL" message is returned. Once 291connected the client is talking to that (remote or local) service. 292 293client: <hex4> <service-name> 294server: "OKAY" 295 296client: <hex4> <service-name> 297server: "FAIL" <hex4> <reason> 298 299