I2P_Developers/i2p.www
3
0
Fork 5
Code Issues 27 Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
1fe01d7d24e45efe6ea46636e761279f2c9c7698
i2p.www/i2p2www/pages/site/docs/api/samv3.html
zzz 1fe01d7d24 sam tweaks
2016-01-04 16:51:10 +00:00

1160 lines
39 KiB
HTML
Raw Blame History

{% extends "global/layout.html" %}
{% block title %}SAM V3{% endblock %}
{% block lastupdated %}January 2016{% endblock %}
{% block accuratefor %}0.9.24{% endblock %}
{% block content %}
<p>Specified below is a simple client protocol for interacting with I2P.
</p>
<p>SAM version 3
was introduced in I2P release 0.7.3.
Alternatives:
<a href="{{ site_url('docs/api/sam') }}">SAM V1</a>,
<a href="{{ site_url('docs/api/samv2') }}">SAM V2</a>,
<a href="{{ site_url('docs/api/bob') }}">BOB</a>.
</p>
<h2>Version 3 Language Libraries</h2>
<ul>
<li>C - <a href="http://{{ i2pconv('git.repo.i2p') }}/w/libsam3.git">libsam3</a></li>
<li>C++ - <a href="https://github.com/VirtualDestructor/bitcoin-qt-i2p/tree/master/i2psam">i2psam</a></li>
<li>Go - <a href="https://bitbucket.org/kallevedin/sam3">sam3</a>,
<a href="https://github.com/cryptix/goSam">goSam</a> (<a href="http://git.repo.i2p/w/goSam.git">in I2P</a>)</li>
<li>Haskell - <a href="https://hackage.haskell.org/package/network-anonymous-i2p">network-anonymous-i2p</a></li>
</ul>
<h2>Version 3 Changes</h2>
<h3>Version 3.0 Changes</h3>
<p>
Version 3.0 was introduced in I2P release 0.7.3.
SAM v2 provided a way to manage several sockets
on the same I2P destination <i>in parallel</i>, i.e. the client does not
have to wait for data being successfully sent on one socket before sending
data on another socket. But all data transited through the same
client&lt;--&gt;SAM socket, which was quite complicated to manage for the client.
<p />
SAM v3 manages sockets in a different way: each <i>I2P socket</i>
matches a unique client&lt;--&gt;SAM socket, which is much more simple to handle.
This is similar to <a href="{{ site_url('docs/api/bob') }}">BOB</a>.
<br />
SAM v3 also offers a UDP port for sending datagrams through I2P, and
can forward back I2P datagrams to the client's datagram server.
</p>
<h3>Version 3.1 Changes</h3>
<p>
Version 3.1 was introduced in I2P release 0.9.14.
<ul>
<li>DEST GENERATE and SESSION CREATE now support a SIGNATURE_TYPE parameter.
<li>The MIN and MAX parameters in HELLO VERSION are now optional.
<li>The MIN and MAX parameters in HELLO VERSION now support single-digit versions such as "3".
<li>RAW SEND is now supported on the bridge socket.
</ul>
</p>
<h3>Version 3.2 Changes</h3>
<p>
Version 3.2 was introduced in I2P release 0.9.24.
</p>
<h4>I2CP Port and Protocol Support</h4>
<ul>
<li>SESSION CREATE options FROM_PORT and TO_PORT
<li>SESSION CREATE STYLE=RAW option PROTOCOL
<li>STREAM CONNECT, DATAGRAM SEND, and RAW SEND options FROM_PORT and TO_PORT
<li>RAW SEND option PROTOCOL
<li>DATAGRAM RECEIVED, RAW RECEIVED, and forwarded or received streams and repliable datagrams,
includes FROM_PORT and TO_PORT
<li>RAW session option HEADER=true will cause
the forwarded raw datagrams to be prepended with a line containing PROTOCOL=nnn FROM_PORT=nnnn TO_PORT=nnnn
<li>The first line of datagrams sent through port 7655 may now start with any 3.x version
<li>The first line of datagrams sent through port 7655 may contain
any of the options FROM_PORT, TO_PORT, PROTOCOL
<li>RAW RECEIVED includes PROTOCOL=nnn
</ul>
<h4>SSL and Authentication</h4>
<ul>
<li>USER/PASSWORD in the HELLO parameters for authorization. See below.
<li>Optional authorization configuration with the AUTH command. See below.
<li>Optional SSL/TLS support on the control socket
<li>STREAM FORWARD option SSL=true
</ul>
<h4>Multithreading</h4>
<ul>
<li>Concurrent pending STREAM ACCEPTs are allowed on the same session ID.
</ul>
<h4>Command Line Parsing and Keepalive</h4>
<ul>
<li>Optional commands QUIT, STOP and EXIT to close the session and socket. See below.
<li>Command parsing will properly handle UTF-8
<li>Command parsing reliably handles whitespace inside quotes
<li>A backslash '\' may escape quotes on the command line
<li>Recommended that the server map commands to upper case, for ease in testing via telnet.
<li>Empty option values such as PROTOCOL or PROTOCOL= may be allowed, implementation dependent.
<li>PING/PONG for keepalive. See below.
<li>Servers may implement timeouts for the HELLO or subsequent commands, implementation dependent.
</ul>
<h3>Version 3.3 Proposal</h3>
<p>
Version 3.3 is not yet implemented, and the changes listed below are preliminary.
Scheduled for I2P release 0.9.25.
<ul>
<li>The same session ID may be used for streams, datagrams, and raw simultaneously.
Incoming packets and streams will be routed based on I2P protocol and to-port.
<li>STREAM ACCEPT now supports option TO_PORT=nnnn to accept connections on that I2P port only
<li>DATAGRAM SEND and RAW SEND now supports options SEND_TAGS=nnn, TAG_THRESHOLD=nnn, EXPIRES=nnnnnnn, and SEND_LEASESET=true|false.
These will be passed to I2CP if supported. See <a href="..//i2cp#msg_SendMessageExpire">the I2CP specification</a> for details.
Support by the SAM server is optional, it will ignore these options if unsupported.
</ul>
</p>
<h2>Version 3 Protocol</h2>
<h3>Simple Anonymous Messaging (SAM version 3.0) Specification Overview</h3>
<p>
Client application talks to SAM bridge, which deals with
all of the I2P functionality (using the streaming
lib for virtual streams, or I2CP directly for async messages).
</p><p>
The client&lt;--&gt;SAM bridge communication may unencrypted or unauthenticated.
The SAM bridge may support SSL/TLS connections;
configuration and implementation details are outside the scope of this specification.
As of SAM 3.2, optional authentication in the handshake is specified
and may be required by the bridge..
</p><p>
I2P communications can take three distinct forms:
<ul><li>
<a href="{{ site_url('docs/api/streaming') }}">Virtual streams</a>
</lil><li>
<a href="{{ site_url('docs/spec/datagrams') }}#repliable">Repliable datagrams</a> (messages with a FROM field)
</lil><li>
<a href="{{ site_url('docs/spec/datagrams') }}#raw">Anonymous datagrams</a> (raw anonymous messages)
</lil></ul>
</p><p>
I2P communications are supported by I2P sessions, and each I2P
session is bound to an address (called destination). An I2P session
is associated with one of the three types above, and cannot carry
communications of another type.
</p>
<h3>Encoding and Escaping</h3>
<p>
All of these SAM messages are sent on a single line,
terminated by the newline character (\n).
Prior to SAM 3.2, only 7-bit ASCII was supported.
As of SAM 3.2, the encoding must be UTF-8.
Any UTF8-encoded keys or values should work.
</p><p>
The formatting shown in this specification
below is merely for readability, and while the first two words in
each message must stay in their specific order, the ordering of
the key=value pairs can change (e.g. "ONE TWO A=B C=D" or
"ONE TWO C=D A=B" are both perfectly valid constructions).
In addition, the protocol is case-sensitive.
In the following, message examples are preceded by "-&gt; " for
messages sent by the client to the SAM bridge, and by "&lt;- " for
messages sent by the SAM bridge to the client.
</p><p>
The basic command or response line takes one of the following forms:
<pre>
COMMAND SUBCOMMAND [key=value] [key=value] ...
COMMAND # As of SAM 3.2
PING[ arbitrary text] # As of SAM 3.2
PONG[ arbitrary text] # As of SAM 3.2
</pre>
COMMAND without a SUBCOMMAND is supported for some new commands in SAM 3.2 only.
</p><p>
Key=value pairs must be separated by
a single space. (As of SAM 3.2, multiple spaces are allowed)
Values may be enclosed in double quotes if they contain spaces,
e.g. key="long value text".
(Prior to SAM 3.2, this did not work reliably in some implementations)
</p><p>
Prior to SAM 3.2, there was no escaping mechanism.
As of SAM 3.2, double quotes may be escaped with a backslash '\'
and a backslash may be represented as two backslashes '\\'.
</p>
<h3>Empty values</h3>
<p>
As of SAM 3.2,
empty option values such as KEY, KEY=, or KEY="" may be allowed, implementation dependent.
</p>
<h3>Case Sensitivity</h3>
<p>
The protocol, as specified, is case-sensitive.
It is recommended but not required that the server map commands to upper case, for ease in testing via telnet.
This would allow, for example, "hello version" to work.
This is implementation-dependent.
Do not map keys or values to upper case, as this would corrupt I2CP options.
</p>
<h3>SAM Connection Handshake</h3>
<p>
No SAM communication can occur until after the client and bridge have
agreed on a protocol version, which is done by the client sending
a HELLO and the bridge sending a HELLO REPLY:
<pre>
-&gt; HELLO VERSION
[MIN=$min] # Optional as of SAM 3.1, required for 3.0 and earlier
[MAX=$max] # Optional as of SAM 3.1, required for 3.0 and earlier
[USER="xxx"] # As of SAM 3.2, required if authentication is enabled, see below
[PASSWORD="yyy"] # As of SAM 3.2, required if authentication is enabled, see below
</pre>
and
<pre>
&lt;- HELLO REPLY RESULT=OK VERSION=3.1
</pre>
</p><p>
As of version 3.1 (I2P 0.9.14), the MIN and MAX parameters are optional.
SAM will always return the highest version possible given the
MIN and MAX constraints, or the current server version if no constraints are given.
If the SAM bridge cannot find a suitable version, it replies with:
<pre>
&lt;- HELLO REPLY RESULT=NOVERSION
</pre>
If some error occurred, such as a bad request format, it replies with:
<pre>
&lt;- HELLO REPLY RESULT=I2P_ERROR MESSAGE=$message
</pre>
</p>
<h4>SSL</h4>
<p>
The server's control socket may optionally offer SSL/TLS support, as configured on the server and client.
Implementations may offer other transport layers as well; this is outside the scope of the protocol definition.
</p>
<h4>Authorization</h4>
<p>
For authorization, client adds USER="xxx" PASSWORD="yyy" to the HELLO parameters.
Double quotes for user and password are recommended but not required.
A double quote inside a user or password must be escaped with a backslash.
On failure the server will reply with an I2P_ERROR and a message.
It is recommended that SSL be enabled on any SAM servers where authorization is required.
</p>
<h4>Timeouts</h4>
<p>
Servers may implement timeouts for the HELLO or subsequent commands, implementation dependent.
Clients should promptly send the HELLO and the next command after connecting.
</p><p>
If a timeout occurs before the HELLO is received, the bridge replies with:
<pre>
&lt;- HELLO REPLY RESULT=I2P_ERROR MESSAGE=$message
</pre>
and then disconnects.
</p><p>
If a timeout occurs after the HELLO is received but before the next command, the bridge replies with:
<pre>
&lt;- SESSION STATUS RESULT=I2P_ERROR MESSAGE=$message
</pre>
and then disconnects.
</p>
<h3>I2CP Ports and Protocol</h3>
<p>
As of SAM 3.2, the I2CP ports and protocol may be specified by the
SAM client sender to be passed through to I2CP, and
the SAM bridge will pass the received I2CP port and protocol
information to the SAM client.
</p><p>
For FROM_PORT and TO_PORT, the valid range is 0-65535, and the default is 0.
</p><p>
For PROTOCOL, which may be specified only for RAW, the valid range is 0-255, and the default is 18.
</p><p>
For SESSION commands, the specified ports and protocol are the defaults for that session.
For individual streams or datagrams, the specified ports and protocol override the session defaults.
For received streams or datagrams, the indicated ports and protocol are as received from I2CP.
</p><p>
See the I2CP specification for more information.
</p><p>
<h3>SAM Sessions</h3>
<p>
A SAM session is created by a client opening a socket to the SAM
bridge, operating a handshake, and sending a SESSION CREATE message,
and the session terminates when the socket is disconnected.
</p><p>
Each registered I2P Destination is uniquely associated with a session ID
(or nickname).
</p><p>
Each session is uniquely associated with:
</p>
<ul><li>
the socket from which the client creates the session
</li><li>
its ID (or nickname)
</li></ul>
<h4>Session Creation Request</h4>
<p>
The session creation message can only use one of these forms (messages
received through other forms are answered with an error message) :
<pre>
-&gt; SESSION CREATE
STYLE={STREAM,DATAGRAM,RAW}
ID=$nickname
DESTINATION={$privkey,TRANSIENT}
[PORT=$port] # Required for DATAGRAM and RAW, invalid for STREAM
[HOST=$host] # Optional for DATAGRAM and RAW, invalid for STREAM
[FROM_PORT=nnn] # SAM 3.2 or higher only, default 0
[TO_PORT=nnn] # SAM 3.2 or higher only, default 0
[PROTOCOL=nnn] # SAM 3.2 or higher only, for STYLE=RAW only, default 18
[HEADER={true,false}] # SAM 3.2 or higher only, for STYLE=RAW only, default false
[option=value]*
</pre>
</p><p>
DESTINATION specifies what destination should be used for
sending and receiving messages/streams.
The $privkey is the base 64 of the concatenation of the <a href="{{ site_url('docs/spec/common-structures') }}#type_Destination">Destination</a>
followed by the <a href="{{ site_url('docs/spec/common-structures') }}#type_PrivateKey">Private Key</a>
followed by the <a href="{{ site_url('docs/spec/common-structures') }}#type_SigningPrivateKey">Signing Private Key</a>,
which is 663 or more bytes in binary and 884 or more bytes in base 64,
depending on signature type.
The binary format is specified in <a href="http://docs.i2p-projekt.de/javadoc/net/i2p/data/PrivateKeyFile.html">Private Key File</a>.
</p><p>
If the destination is specified as TRANSIENT, the SAM bridge creates a new destination.
As of version 3.1 (I2P 0.9.14), if the destination is TRANSIENT, an optional parameter
SIGNATURE_TYPE is supported. The SIGNATURE_TYPE value may be any name
(e.g. ECDSA_SHA256_P256, case insensitive) or number (e.g. 1)
supported by <a href="{{ site_url('docs/spec/common-structures') }}#type_Certificate">Key Certificates</a>.
The default is DSA_SHA1.
</p><p>
$nickname is the choice of the client. No whitespace is allowed.
</p><p>
Additional options given are passed to the I2P session
configuration if not interpreted by the SAM bridge (e.g.
outbound.length=0). These options <a href="#options">are documented below</a>..
</p><p>
The SAM bridge itself should already be configured with what router
it should communicate over I2P through (though if need be there may
be a way to provide an override, e.g. i2cp.tcp.host=localhost and
i2cp.tcp.port=7654).
</p>
<h4>Session Creation Response</h4>
<p>
After receiving the session create message, the SAM bridge will reply
with a session status message, as follows:
</p><p>
If the creation was successful:
<pre>
&lt;- SESSION STATUS RESULT=OK DESTINATION=$privkey
</pre>
</p><p>
The $privkey is the base 64 of the concatenation of the <a href="{{ site_url('docs/spec/common-structures') }}#type_Destination">Destination</a>
followed by the <a href="{{ site_url('docs/spec/common-structures') }}#type_PrivateKey">Private Key</a>
followed by the <a href="{{ site_url('docs/spec/common-structures') }}#type_SigningPrivateKey">Signing Private Key</a>,
which is 663 or more bytes in binary and 884 or more bytes in base 64,
depending on signature type.
The binary format is specified in <a href="http://docs.i2p-projekt.de/javadoc/net/i2p/data/PrivateKeyFile.html">Private Key File</a>.
</p><p>
If the nickname is already associated with a session:
<pre>
&lt;- SESSION STATUS RESULT=DUPLICATED_ID
</pre>
</p><p>
If the destination is already in use:
<pre>
&lt;- SESSION STATUS RESULT=DUPLICATED_DEST
</pre>
</p><p>
If the destination is not a valid private destination key:
<pre>
&lt;- SESSION STATUS RESULT=INVALID_KEY
</pre>
</p><p>
If some other error has occurred:
<pre>
&lt;- SESSION STATUS RESULT=I2P_ERROR MESSAGE=$message
</pre>
</p><p>
If it's not OK, the MESSAGE should contain human-readable information
as to why the session could not be created.
</p><p>
SAM sessions live and die with the socket they are associated with.
When the socket is closed, the session dies, and all communications
using the session die at the same time. And the other way round, when
the session dies for any reason, the SAM bridge closes the socket.
</p>
<h3>SAM Virtual Streams</h3>
<p>
Virtual streams are guaranteed to be sent reliably and in order, with
failure and success notification as soon as it is available.
</p><p>
Streams are bidirectional communication sockets between two I2P
destinations, but their opening has to be requested by one of them.
Hereafter, CONNECT commands are used by the SAM client for such a
request. FORWARD / ACCEPT commands are used by the SAM client when
he wants to listen to requests coming from other I2P destinations.
</p>
<h3>SAM Virtual Streams : CONNECT</h3>
<p>
A client asks for a connection by:
</p>
<ul><li>
opening a new socket with the SAM bridge
</li><li>
passing the same HELLO handshake as above
</li><li>
sending the STREAM CONNECT command
</li></ul>
<h4>Connect Request</h4>
<p>
<pre>
-&gt; STREAM CONNECT
ID=$nickname
DESTINATION=$destination
[SILENT={true,false}] # default false
[FROM_PORT=nnn] # SAM 3.2 or higher only, default 0
[TO_PORT=nnn] # SAM 3.2 or higher only, default 0
</pre>
</p><p>
This establishes a new virtual connection from the local session
whose ID is $nickname to the specified peer.
</p><p>
The target is $destination, which is the base 64 of the <a href="{{ site_url('docs/spec/common-structures') }}#type_Destination">Destination</a>,
which is 516 or more base 64 characters (387 or more bytes in binary),
depending on signature type.
</p>
<h4>Connect Response</h4>
<p>
If SILENT=true is passed, the SAM bridge won't issue any other message
on the socket. If the connection fails, the socket will be closed.
If the connection succeeds, all remaining data passing through the
current socket is forwarded from and to the connected I2P destination
peer.
</p><p>
If SILENT=false, which is the default value, the SAM bridge sends a
last message to its client before forwarding or shutting down the
socket:
<pre>
&lt;- STREAM STATUS
RESULT=$result
[MESSAGE=...]
</pre>
</p><p>
The RESULT value may be one of:
<pre>
OK
CANT_REACH_PEER
I2P_ERROR
INVALID_KEY
INVALID_ID
TIMEOUT
</pre>
</p><p>
If the RESULT is OK, all remaining data passing through the
current socket is forwarded from and to the connected I2P destination
peer. If the connection was not possible (timeout, etc),
RESULT will contain the appropriate error value (accompanied by an
optional human-readable MESSAGE), and the SAM bridge closes the
socket.
</p>
<h3>SAM Virtual Streams : ACCEPT</h3>
<p>
A client waits for an incoming connection request by:
</p>
<ul><li>
opening a new socket with the SAM bridge
</li><li>
passing the same HELLO handshake as above
</li><li>
sending the STREAM ACCEPT command
</li></ul>
<h4>Accept Request</h4>
<p>
<pre>
-&gt; STREAM ACCEPT
ID=$nickname
[SILENT={true,false}] # default false
</pre>
</p><p>
This makes the session ${nickname} listen for one incoming
connection request from the I2P network.
ACCEPT is not allowed while there is an active FORWARD on the session.
</p><p>
As of SAM 3.2,
multiple concurrent pending STREAM ACCEPTs are allowed on the same session ID (even with the same port).
Prior to 3.2, concurrent accepts would fail with ALREADY_ACCEPTING.
</p>
<h4>Accept Response</h4>
<p>
If SILENT=true is passed, the SAM bridge won't issue any other message
on the socket. If the accept fails, the socket will be closed.
If the accept succeeds, all remaining data passing through the
current socket is forwarded from and to the connected I2P destination
peer.
For reliability, and to receive the destination for incoming connections,
SILENT=false is recommended.
</p><p>
If SILENT=false, which is the default value,
the SAM bridge answers with:
<pre>
&lt;- STREAM STATUS
RESULT=$result
[MESSAGE=...]
</pre>
</p><p>
The RESULT value may be one of:
<pre>
OK
I2P_ERROR
INVALID_ID
</pre>
</p><p>
If the result is not OK, the socket is closed immediately by the SAM
bridge. If the result is OK, the SAM bridge starts waiting for an
incoming connection request from another I2P peer. When a request
arrives, the SAM bridge accepts it and:
</p><p>
If SILENT=true was passed, the SAM bridge won't issue any other message
on the client socket. All remaining data passing through the
current socket is forwarded from and to the connected I2P destination
peer.
</p><p>
If SILENT=false was passed, which is the default value, the SAM bridge
sends the client a ASCII line containing the base64 public destination key
of the requesting peer, and additional information for SAM 3.2 only:
<pre>
$destination
FROM_PORT=nnn # SAM 3.2 or higher only
TO_PORT=nnn # SAM 3.2 or higher only
\n
</pre>
After this '\n' terminated line, all remaining data
passing through the current socket is forwarded from and to the connected
I2P destination peer, until one of the peer closes the socket.
</p>
<h3>SAM Virtual Streams : FORWARD</h3>
<p>
A client can use a regular socket server and wait for connection requests
coming from I2P. For that, the client must:
</p>
<ul><li>
open a new socket with the SAM bridge
</li><li>
pass the same HELLO handshake as above
</li><li>
send the forward command
</ul></li>
<h4>Forward Request</h4>
<p>
<pre>
-&gt; STREAM FORWARD
ID=$nickname
PORT=$port
[HOST=$host]
[SILENT={true,false}] # default false
[SSL={true,false}] # SAM 3.2 or higher only, default false
</pre>
</p><p>
This makes the session ${nickname} listen for incoming
connection requests from the I2P network.
FORWARD is not allowed while there is a pending ACCEPT on the session.
</p>
<h4>Forward Response</h4>
<p>
SILENT defaults to false.
Whether SILENT is true or false,
the SAM bridge always answers with a STREAM STATUS message.
Note that this is a different behavior from STREAM ACCEPT and STREAM CONNECT
when SILENT=true.
The STREAM STATUS message is:
<pre>
&lt;- STREAM STATUS
RESULT=$result
[MESSAGE=...]
</pre>
</p><p>
The RESULT value may be one of:
<pre>
OK
I2P_ERROR
INVALID_ID
</pre>
</p><p>
$host is the hostname or IP address of the socket server to which
SAM will forward connection requests. If not given, SAM takes the IP
of the socket that issued the forward command.
</p><p>
$port is the port number of the socket server to which SAM will
forward connection requests. It is mandatory.
</p><p>
When a connection request arrives from I2P, the SAM bridge requests a
socket connection from $host:$port. If it is accepted after no more
than 3 seconds, SAM will accept the connection from I2P, and then:
</p><p>
If SILENT=true was passed, all data passing through the obtained
current socket is forwarded from and to the connected I2P destination
peer.
</p><p>
If SILENT=false was passed, which is the default value, the SAM bridge
sends on the obtained socket an ASCII line containing the base64 public
destination key of the requesting peer, and additional information for SAM 3.2 only:
<pre>
$destination
FROM_PORT=nnn # SAM 3.2 or higher only
TO_PORT=nnn # SAM 3.2 or higher only
\n
</pre>
After this '\n' terminated line,
all remaining data passing through the socket is forwarded from and to
the connected I2P destination peer, until one of the sides closes the
socket.
</p><p>
As of SAM 3.2, if SSL=true is specified, the forwarding socket is over SSL/TLS.
</p><p>
The I2P router will stop listening to incoming connection requests as
soon as the "forwarding" socket is closed.
<h3>SAM Repliable Datagrams : Sending a Datagram</h3>
<p>
While I2P doesn't inherently contain a FROM address, for ease of use
an additional layer is provided as repliable datagrams - unordered
and unreliable messages of up to 31744 bytes that include a FROM
address (leaving up to 1KB for header material). This FROM address
is authenticated internally by SAM (making use of the destination's
signing key to verify the source) and includes replay prevention.
</p><p>
Minimum size is 1. For best delivery reliability, recommended maximum
size is approximately 11 KB.
Reliability is inversely proportional to message size, perhaps even exponentially.
</p><p>
After establishing a SAM session with STYLE=DATAGRAM, the client can
send datagrams through SAM's UDP port (7655).
</p><p>
The first line of a datagram sent through this port must be in the
following format.
This is all on one line (space separated), shown on multiple lines for clarity:
<pre>
3.0 # As of SAM 3.2, any 3.x is allowed
$nickname
$destination
[FROM_PORT=nnn] # SAM 3.2 or higher only, default 0
[TO_PORT=nnn] # SAM 3.2 or higher only, default 0
\n
</pre>
<ul><li>
3.0 is the version of SAM. As of SAM 3.2, any 3.x is allowed.
</li><li>
$nickname is the id of the DATAGRAM session that will be used
</li><li>
The target is $destination, which is the base 64 of the <a href="{{ site_url('docs/spec/common-structures') }}#type_Destination">Destination</a>,
which is 516 or more base 64 characters (387 or more bytes in binary),
depending on signature type.
</li><li>
this line is '\n' terminated.
</li></ul>
</p><p>
The first line will be discarded by SAM before sending the remaining
data of the message to the specified destination.
</p><p>
For an alternate method of sending repliable datagrams, see <a href="#dgsend">DATAGRAM SEND</a>.
</p>
<h3>SAM Repliable Datagrams : Receiving a Datagram</h3>
<p>
Received datagrams are written by SAM on the socket from which the
datagram session was opened, if a forwarding PORT is not specified in the SESSION CREATE
command. This is the v1/v2-compatible way of receiving datagrams.
</p><p>
When a datagram arrives, the bridge delivers it to the client via the
message:
<pre>
&lt;- DATAGRAM RECEIVED
DESTINATION=$destination
SIZE=$numBytes
FROM_PORT=nnn # SAM 3.2 or higher only
TO_PORT=nnn # SAM 3.2 or higher only
\n
[$numBytes of data]
</pre>
</p><p>
The source is $destination, which is the base 64 of the <a href="{{ site_url('docs/spec/common-structures') }}#type_Destination">Destination</a>,
which is 516 or more base 64 characters (387 or more bytes in binary),
depending on signature type.
</p><p>
The SAM bridge never exposes to the client the authentication headers
or other fields, merely the data that the sender provided. This
continues until the session is closed (by the client dropping the
connection).
<h3>SAM Datagrams : Forwarding Raw or Repliable Datagrams</h3>
<p>
When creating a datagram session, the client can ask SAM to forward
incoming messages to a specified ip:port. It does so by issuing the
CREATE command with PORT and HOST options:
<pre>
-&gt; SESSION CREATE
STYLE={DATAGRAM,RAW}
ID=$nickname
DESTINATION={$privkey,TRANSIENT}
PORT=$port
[HOST=$host]
[FROM_PORT=nnn] # SAM 3.2 or higher only, default 0
[TO_PORT=nnn] # SAM 3.2 or higher only, default 0
[PROTOCOL=nnn] # SAM 3.2 or higher only, for STYLE=RAW only, default 18
[option=value]*
</pre>
</p><p>
The $privkey is the base 64 of the concatenation of the <a href="{{ site_url('docs/spec/common-structures') }}#type_Destination">Destination</a>
followed by the <a href="{{ site_url('docs/spec/common-structures') }}#type_PrivateKey">Private Key</a>
followed by the <a href="{{ site_url('docs/spec/common-structures') }}#type_SigningPrivateKey">Signing Private Key</a>,
which is 884 or more base 64 characters (663 or more bytes in binary),
depending on signature type.
The binary format is specified in <a href="http://docs.i2p-projekt.de/javadoc/net/i2p/data/PrivateKeyFile.html">Private Key File</a>.
</p><p>
$host is the hostname or IP address of the datagram server to
which SAM will forward datagrams. If not given, SAM takes the
IP of the socket that issued the forward command.
</p><p>
$port is the port number of the datagram server to which SAM
will forward datagrams.
If $port is not set, datagrams will NOT be forwarded, they will be received on the control socket,
in the v1/v2-compatible way.
</p><p>
Additional options given are passed to the I2P session
configuration if not interpreted by the SAM bridge (e.g.
outbound.length=0). These options <a href="#options">are documented below</a>..
</p><p>
Forwarded repliable datagrams are always prefixed with the destination.
When a repliable datagram arrives, the bridge sends to the specified host:port
a UDP packet containing the following data:
<pre>
$destination
FROM_PORT=nnn # SAM 3.2 or higher only
TO_PORT=nnn # SAM 3.2 or higher only
\n
$datagram_payload
</pre>
</p><p>
Forwarded raw datagrams are forwarded as-is
to the specified host:port without a prefix.
The UDP packet contains the following data:
<pre>
$datagram_payload
</pre>
</p><p>
As of SAM 3.2, when HEADER=true is specified in SESSION CREATE,
the forwarded raw datagram will be prepended with a header line as follows:
<pre>
FROM_PORT=nnn
TO_PORT=nnn
PROTOCOL=nnn
\n
$datagram_payload
</pre>
</p><p>
The $destination is the base 64 of the <a href="{{ site_url('docs/spec/common-structures') }}#type_Destination">Destination</a>,
which is 516 or more base 64 characters (387 or more bytes in binary),
depending on signature type.
</p>
<h3>SAM Anonymous Datagrams</h3>
<p>
Squeezing the most out of I2P's bandwidth, SAM allows clients to send
and receive anonymous datagrams, leaving authentication and reply
information up to the client themselves. These datagrams are
unreliable and unordered, and may be up to 32768 bytes.
</p><p>
Minimum size is 1. For best delivery reliability, recommended maximum
size is approximately 11 KB.
</p><p>
After establishing a SAM session with STYLE=RAW, the client can
send anonymous datagrams through the SAM bridge exactly the same way
he sends non anonymous datagrams.
</p><p>
Both ways of receiving datagrams are also available for anonymous
datagrams.
</p><p>
Received datagrams are written by SAM on the socket from which the
datagram session was opened, if a forwarding PORT is not specified in the SESSION CREATE
command. This is the v1/v2-compatible way of receiving datagrams.
<pre>
&lt;- RAW RECEIVED
SIZE=$numBytes
FROM_PORT=nnn # SAM 3.2 or higher only
TO_PORT=nnn # SAM 3.2 or higher only
PROTOCOL=nnn # SAM 3.2 or higher only
\n
[$numBytes of data]
</pre>
</p><p>
When anonymous datagrams are to be forwarded to some host:port,
the bridge sends to the specified host:port a message containing
the following data:
<pre>
$datagram_payload
</pre>
As of SAM 3.2, when HEADER=true is specified in SESSION CREATE,
the forwarded raw datagram will be prepended with a header line as follows:
<pre>
FROM_PORT=nnn
TO_PORT=nnn
PROTOCOL=nnn
\n
$datagram_payload
</pre>
</p><p>
For an alternate method of sending anonymous datagrams, see <a href="#dgsend">RAW SEND</a>.
</p>
<h3 id="dgsend">DATAGRAM SEND, RAW SEND (V1/V2 Compatible Datagram Handling)</h3>
<p>
In SAM V3, the preferred way to send datagrams is via the datagram socket
at port 7655 as documented above. However, repliable datagrams may be sent
directly via the SAM bridge socket using the DATAGRAM SEND command,
as documented in <a href="sam">SAM V1</a> and <a href="samv2">SAM V2</a>.
</p><p>
As of release 0.9.14 (version 3.1), anonymous datagrams may be sent
directly via the SAM bridge socket using the RAW SEND command,
as documented in <a href="sam">SAM V1</a> and <a href="samv2">SAM V2</a>.
</p><p>
As of release 0.9.24 (version 3.2), DATAGRAM SEND and RAW SEND may include
the parameters FROM_PORT=nnnn and/or TO_PORT=nnnn to override the default ports.
As of release 0.9.24 (version 3.2), RAW SEND may include
the parameter PROTOCOL=nnn to override the default protocol.
</p><p>
These commands do <i>not</i> support the ID parameter. The datagrams are
sent to the most recently created DATAGRAM- or RAW-style session,
as appropriate. Support for the ID parameter may be added in a future release.
<h3>SAM Utility Commands</h3>
<h4>Host Name Lookup</h4>
<p>
The following message can be used by the client to query the SAM
bridge for name resolution:
<pre>
NAMING LOOKUP
NAME=$name
</pre>
</p><p>
which is answered by
<pre>
NAMING REPLY
RESULT=$result
NAME=$name
[VALUE=$destination]
[MESSAGE=$message]
</pre>
</p><p>
The RESULT value may be one of:
<pre>
OK
INVALID_KEY
KEY_NOT_FOUND
</pre>
</p><p>
If NAME=ME, then the reply will contain the destination used by the
current session (useful if you're using a TRANSIENT one). If $result
is not OK, MESSAGE may convey a descriptive message, such as "bad
format", etc.
</p><p>
The $destination is the base 64 of the <a href="{{ site_url('docs/spec/common-structures') }}#type_Destination">Destination</a>,
which is 516 or more base 64 characters (387 or more bytes in binary),
depending on signature type.
<h4>Destination Key Generation</h4>
</p><p>
Public and private base64 keys can be generated using the following
message:
<pre>
DEST GENERATE
</pre>
</p><p>
which is answered by
<pre>
DEST REPLY
PUB=$destination
PRIV=$privkey
</pre>
</p><p>
As of I2P 0.9.14, an optional parameter SIGNATURE_TYPE is supported.
The SIGNATURE_TYPE value may be any name (e.g. ECDSA_SHA256_P256, case insensitive) or number (e.g. 1)
that is supported by <a href="{{ site_url('docs/spec/common-structures') }}#type_Certificate">Key Certificates</a>.
The default is DSA_SHA1.
</p><p>
The $destination is the base 64 of the <a href="{{ site_url('docs/spec/common-structures') }}#type_Destination">Destination</a>,
which is 516 or more base 64 characters (387 or more bytes in binary),
depending on signature type.
</p><p>
The $privkey is the base 64 of the concatenation of the <a href="{{ site_url('docs/spec/common-structures') }}#type_Destination">Destination</a>
followed by the <a href="{{ site_url('docs/spec/common-structures') }}#type_PrivateKey">Private Key</a>
followed by the <a href="{{ site_url('docs/spec/common-structures') }}#type_SigningPrivateKey">Signing Private Key</a>,
which is 884 or more base 64 characters (663 or more bytes in binary),
depending on signature type.
The binary format is specified in <a href="http://docs.i2p-projekt.de/javadoc/net/i2p/data/PrivateKeyFile.html">Private Key File</a>.
<h4>PING/PONG (SAM 3.2 or higher)</h4>
<p>
Either the client or server may send:
<pre>
PING[ arbitrary text]
</pre>
on the control port,
with the response:
<pre>
PONG[ arbitrary text from the ping]
</pre>
to be used for control socket keepalive.
Either side may close the session and socket if no response is received in a reasonable time, implementation dependent.
</p><p>
If a timeout occurs waiting for a PONG from the client, the bridge may send:
<pre>
&lt;- SESSION STATUS RESULT=I2P_ERROR MESSAGE=$message
</pre>
and then disconnect.
</p><p>
If a timeout occurs waiting for a PONG from the bridge, the client may simply disconnect.
</p>
<h4>QUIT/STOP/EXIT (SAM 3.2 or higher, optional features)</h4>
<p>
Commands QUIT, STOP and EXIT will close the session and socket.
Implementation is optional, for ease in testing via telnet.
Whether there is any response before the socket is closed
(for example, a SESSION STATUS message) is
implementation-specific and outside the scope of this specification.
</p>
<h4>HELP (optional feature)</h4>
<p>
Servers may implement a HELP command.
Implementation is optional, for ease in testing via telnet.
Output format and detection of the end of the output is
implementation-specific and outside the scope of this specification.
</p>
<h4>Authorization Configuration (SAM 3.2 or higher, optional feature)</h4>
<p>
Authorization configuration using the AUTH command.
A SAM server may implement these commands to facilite persistent storage of credentials.
Configuration of authentication other than with these commands is
implementation-specific and outside the scope of this specification.
</p>
<ul>
<li>AUTH ENABLE enables authorization on subsequent connections
<li>AUTH DISABLE disables authorization on subsequent connections
<li>AUTH ADD USER="foo" PASSWORD="bar" adds a user/password
<li>AUTH REMOVE USER="foo" removes this user
</ul>
<p>
Double quotes for user and password are recommended but not required.
A double quote inside a user or password must be escaped with a backslash.
On failure the server will reply with an I2P_ERROR and a message.
</p>
<h3>RESULT Values</h3>
<p>
These are the values that can be carried by the RESULT field, with
their meaning:
<pre>
OK Operation completed successfully
CANT_REACH_PEER The peer exists, but cannot be reached
DUPLICATED_DEST The specified Destination is already in use
I2P_ERROR A generic I2P error (e.g. I2CP disconnection, etc.)
INVALID_KEY The specified key is not valid (bad format, etc.)
KEY_NOT_FOUND The naming system can't resolve the given name
PEER_NOT_FOUND The peer cannot be found on the network
TIMEOUT Timeout while waiting for an event (e.g. peer answer)
</pre>
<h3 id="options">Tunnel, I2CP, and Streaming Options</h3>
<p>
These options may be passed in as name=value pairs at the end of a
SAM SESSION CREATE line.
</p><p>
All sessions may include <a href="{{ site_url('docs/protocol/i2cp') }}#options">I2CP options such as tunnel lengths</a>.
STREAM sessions may include <a href="{{ site_url('docs/api/streaming') }}#options">Streaming lib options</a>.
See those references for option names and defaults.
<h3>BASE 64 Notes</h3>
<p>
Base 64 encoding must use the I2P standard Base 64 alphabet "A-Z, a-z, 0-9, -, ~".
</p>
<h3>Client Library Implementations</h3>
<p>
Client libraries are available for C, C++, C#, Perl, and Python.
These are in the apps/sam/ directory in the <a href="{{ get_url('downloads_list') }}">I2P Source Package</a>.
Some may be older and have not been updated for SAMv3 support.
</p>
<h3>Default SAM Setup</h3>
<p>
The default SAM port is 7656. SAM is not enabled by default in the Java I2P Router;
it must be started manually, or configured to start automatically,
on the configure clients page in the router console, or in the clients.config file.
The default SAM UDP port is 7655, listening on 127.0.0.1.
These may be changed by adding the arguments sam.udp.port=nnnnn and/or
sam.udp.host=w.x.y.z to the invocation.
</p><p>
Configuration in other routers is implementation-specific.
</p>
{% endblock %}
Reference in New Issue View Git Blame Copy Permalink