A gateway preprocesses I2NP messages by fragmenting and combining them into tunnel messages.
While I2NP messages are variable size from 0 to almost 64 KB, tunnel messages are fixed-size, approximately 1 KB. Fixed message size restricts several types of attacks that are possible from observing message size.
After the tunnel messages are created, they are encrypted as described in the tunnel documentation.
Tunnel_ID ::
4 bytes
the ID of the next hop
IV ::
16 bytes
the initialization vector
Checksum ::
4 bytes
the first 4 bytes of the SHA256 hash of the remaining contents of the message concatenated with the IV
Nonzero_padding ::
0 or more bytes
random nonzero data for padding
Zero ::
1 byte
the value 0x00
Delivery_Instructions ::
length varies but is typically 7, 39, 43, or 47 bytes
Indicates the fragment and the routing for the fragment
See below for specification
Message_Fragment ::
1 to 996 bytes, actual maximum depends on delivery instruction size
A partial or full I2NP Message
total size: 1028 Bytes
Note that the padding, if any, must be before the instruction/message pairs. there is no provision for padding at the end.
The instructions are encoded with a single control byte, followed by any necessary additional information. The first bit (MSB) in that control byte determines how the remainder of the header is interpreted - if it is not set, the message is either not fragmented or this is the first fragment in the message. If it is set, this is a follow on fragment.
Note that Delivery Instructions are also used inside Garlic Cloves, where the format is slightly different. In a Garlic Clove, messages are not fragmented, and the fragment bit in the flag byte is redefined. See the Garlic Clove documentation for more details.
If the MSB of the first byte is 0, this is an initial I2NP message fragment, or a complete I2NP message, and the instructions are:
{% highlight lang='dataspec' %} +----+----+----+----+----+----+----+----+ |flag| Tunnel ID (opt) | | +----+----+----+----+----+ + | | + + | To Hash (optional) | + + | | + +--------------+ | |dly | Msg... | +----+----+----+----+----+----+----+----+ |..ID(opt)| ext opts... (opt) | size | +----+----+----+----+----+----+----+----+ {% endhighlight %}
flag:
1 byte
Bit order: 76543210
bit 7: 0 to specify an initial fragment
bits 6-5: delivery type
For tunnel messages:
0x0 = LOCAL, 0x01 = TUNNEL, 0x02 = ROUTER, 0x03 = unused
For garlic cloves:
0x0 = LOCAL, 0x01 = DESTINATION, 0x02 = ROUTER, 0x03 = TUNNEL
bit 4: delay included? Unimplemented, always 0
If 1, a delay byte is included
bit 3: fragmented? If 0, the message is not fragmented, what follows is the entire message
If 1, the message is fragmented, and the instructions contain a Message ID
bit 2: extended options? Unimplemented, always 0
If 1, extended options are included
bits 1-0: reserved
Tunnel ID:
4 bytes
Optional, present if delivery type is TUNNEL
The destination tunnel ID
To Hash:
32 bytes
Optional, present if delivery type is DESTINATION, ROUTER, or TUNNEL
If DESTINATION, the SHA256 Hash of the destination
If ROUTER, the SHA256 Hash of the router
If TUNNEL, the SHA256 Hash of the gateway router
Delay:
1 byte (tunnel message) or 4 bytes (garlic clove)
Optional, present if delay included flag is set
In tunnel messages: Unimplemented, never present; original specification:
bit 7: type (0 = strict, 1 = randomized)
bits 6-0: delay exponent (2^value minutes)
In garlic cloves: Not fully implemented. A 4 byte integer specifying the delay in seconds.
Message ID:
4 bytes
Optional, present if this message is the first of 2 or more fragments
An ID that uniquely identifies all fragments as belonging to a single message
(the current implementation uses the I2NP Message ID)
Extended Options:
2 or more bytes
Optional, present if extend options flag is set
Unimplemented, never present; original specification:
One byte length and then that many bytes
size:
2 bytes
The length of the fragment that follows
Valid values: 1 to approx. 960 in a tunnel message; 1 to 64K - 1 in a garlic clove
Total length: Typical length is:
3 bytes for LOCAL delivery (garlic clove);
35 bytes for ROUTER / DESTINATION delivery or 39 bytes for TUNNEL delivery (unfragmented or garlic clove);
39 bytes for ROUTER delivery or 43 bytes for TUNNEL delivery (first fragment)
If the MSB of the first byte is 1, this is a follow-on fragment, and the instructions are:
{% highlight lang='dataspec' %} +----+----+----+----+----+----+----+ |frag| Message_ID | size | +----+----+----+----+----+----+----+ {% endhighlight %}While the maximum I2NP message size is nominally 64 KB, the size is further constrained by the method of fragmenting I2NP messages into multiple 1 KB tunnel messages. The maximum number of fragments is 64, and the initial fragment may not be perfectly aligned at the start of a tunnel message. So the message must nominally fit in 63 fragments.
The maximum size of an initial fragment is 956 bytes (assuming TUNNEL delivery mode); the maximum size of a follow-on fragment is 996 bytes. Therefore the maximum size is approximately 956 + (62 * 996) = 62708 bytes, or 61.2 KB.