The Android Open Source Project | dd7bc33 | 2009-03-03 19:32:55 -0800 | [diff] [blame] | 1 | |
| 2 | --- a replacement for aproto ------------------------------------------- |
| 3 | |
| 4 | When it comes down to it, aproto's primary purpose is to forward |
| 5 | various streams between the host computer and client device (in either |
| 6 | direction). |
| 7 | |
| 8 | This replacement further simplifies the concept, reducing the protocol |
| 9 | to an extremely straightforward model optimized to accomplish the |
| 10 | forwarding of these streams and removing additional state or |
| 11 | complexity. |
| 12 | |
| 13 | The host side becomes a simple comms bridge with no "UI", which will |
| 14 | be used by either commandline or interactive tools to communicate with |
| 15 | a device or emulator that is connected to the bridge. |
| 16 | |
| 17 | The protocol is designed to be straightforward and well-defined enough |
| 18 | that if it needs to be reimplemented in another environment (Java |
| 19 | perhaps), there should not problems ensuring perfect interoperability. |
| 20 | |
| 21 | The protocol discards the layering aproto has and should allow the |
| 22 | implementation to be much more robust. |
| 23 | |
| 24 | |
| 25 | --- protocol overview and basics --------------------------------------- |
David 'Digit' Turner | f6330a2 | 2009-05-18 17:36:28 +0200 | [diff] [blame] | 26 | |
The Android Open Source Project | dd7bc33 | 2009-03-03 19:32:55 -0800 | [diff] [blame] | 27 | The transport layer deals in "messages", which consist of a 24 byte |
| 28 | header followed (optionally) by a payload. The header consists of 6 |
| 29 | 32 bit words which are sent across the wire in little endian format. |
| 30 | |
| 31 | struct message { |
| 32 | unsigned command; /* command identifier constant */ |
| 33 | unsigned arg0; /* first argument */ |
| 34 | unsigned arg1; /* second argument */ |
| 35 | unsigned data_length; /* length of payload (0 is allowed) */ |
| 36 | unsigned data_crc32; /* crc32 of data payload */ |
| 37 | unsigned magic; /* command ^ 0xffffffff */ |
| 38 | }; |
| 39 | |
| 40 | Receipt of an invalid message header, corrupt message payload, or an |
| 41 | unrecognized command MUST result in the closing of the remote |
| 42 | connection. The protocol depends on shared state and any break in the |
| 43 | message stream will result in state getting out of sync. |
| 44 | |
| 45 | The following sections describe the six defined message types in |
| 46 | detail. Their format is COMMAND(arg0, arg1, payload) where the payload |
| 47 | is represented by a quoted string or an empty string if none should be |
| 48 | sent. |
| 49 | |
| 50 | The identifiers "local-id" and "remote-id" are always relative to the |
| 51 | *sender* of the message, so for a receiver, the meanings are effectively |
| 52 | reversed. |
| 53 | |
| 54 | |
David 'Digit' Turner | f6330a2 | 2009-05-18 17:36:28 +0200 | [diff] [blame] | 55 | |
The Android Open Source Project | dd7bc33 | 2009-03-03 19:32:55 -0800 | [diff] [blame] | 56 | --- CONNECT(version, maxdata, "system-identity-string") ---------------- |
| 57 | |
| 58 | The CONNECT message establishes the presence of a remote system. |
| 59 | The version is used to ensure protocol compatibility and maxdata |
| 60 | declares the maximum message body size that the remote system |
| 61 | is willing to accept. |
| 62 | |
| 63 | Currently, version=0x01000000 and maxdata=4096 |
| 64 | |
| 65 | Both sides send a CONNECT message when the connection between them is |
| 66 | established. Until a CONNECT message is received no other messages may |
| 67 | be sent. Any messages received before a CONNECT message MUST be ignored. |
| 68 | |
| 69 | If a CONNECT message is received with an unknown version or insufficiently |
| 70 | large maxdata value, the connection with the other side must be closed. |
| 71 | |
| 72 | The system identity string should be "<systemtype>:<serialno>:<banner>" |
| 73 | where systemtype is "bootloader", "device", or "host", serialno is some |
| 74 | kind of unique ID (or empty), and banner is a human-readable version |
Scott Anderson | e82c2db | 2012-05-25 14:10:02 -0700 | [diff] [blame] | 75 | or identifier string. The banner is used to transmit useful properties. |
The Android Open Source Project | dd7bc33 | 2009-03-03 19:32:55 -0800 | [diff] [blame] | 76 | |
| 77 | |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 78 | --- AUTH(type, 0, "data") ---------------------------------------------- |
| 79 | |
| 80 | The AUTH message informs the recipient that authentication is required to |
| 81 | connect to the sender. If type is TOKEN(1), data is a random token that |
| 82 | the recipient can sign with a private key. The recipient replies with an |
| 83 | AUTH packet where type is SIGNATURE(2) and data is the signature. If the |
| 84 | signature verification succeeds, the sender replies with a CONNECT packet. |
| 85 | |
| 86 | If the signature verification fails, the sender replies with a new AUTH |
| 87 | packet and a new random token, so that the recipient can retry signing |
| 88 | with a different private key. |
| 89 | |
| 90 | Once the recipient has tried all its private keys, it can reply with an |
| 91 | AUTH packet where type is RSAPUBLICKEY(3) and data is the public key. If |
| 92 | possible, an on-screen confirmation may be displayed for the user to |
| 93 | confirm they want to install the public key on the device. |
| 94 | |
| 95 | |
The Android Open Source Project | dd7bc33 | 2009-03-03 19:32:55 -0800 | [diff] [blame] | 96 | --- OPEN(local-id, 0, "destination") ----------------------------------- |
| 97 | |
| 98 | The OPEN message informs the recipient that the sender has a stream |
| 99 | identified by local-id that it wishes to connect to the named |
| 100 | destination in the message payload. The local-id may not be zero. |
| 101 | |
| 102 | The OPEN message MUST result in either a READY message indicating that |
| 103 | the connection has been established (and identifying the other end) or |
| 104 | a CLOSE message, indicating failure. An OPEN message also implies |
| 105 | a READY message sent at the same time. |
| 106 | |
| 107 | Common destination naming conventions include: |
| 108 | |
| 109 | * "tcp:<host>:<port>" - host may be omitted to indicate localhost |
| 110 | * "udp:<host>:<port>" - host may be omitted to indicate localhost |
| 111 | * "local-dgram:<identifier>" |
| 112 | * "local-stream:<identifier>" |
| 113 | * "shell" - local shell service |
| 114 | * "upload" - service for pushing files across (like aproto's /sync) |
| 115 | * "fs-bridge" - FUSE protocol filesystem bridge |
| 116 | |
| 117 | |
| 118 | --- READY(local-id, remote-id, "") ------------------------------------- |
| 119 | |
| 120 | The READY message informs the recipient that the sender's stream |
| 121 | identified by local-id is ready for write messages and that it is |
| 122 | connected to the recipient's stream identified by remote-id. |
| 123 | |
| 124 | Neither the local-id nor the remote-id may be zero. |
| 125 | |
| 126 | A READY message containing a remote-id which does not map to an open |
| 127 | stream on the recipient's side is ignored. The stream may have been |
| 128 | closed while this message was in-flight. |
| 129 | |
| 130 | The local-id is ignored on all but the first READY message (where it |
| 131 | is used to establish the connection). Nonetheless, the local-id MUST |
| 132 | not change on later READY messages sent to the same stream. |
| 133 | |
| 134 | |
David 'Digit' Turner | f6330a2 | 2009-05-18 17:36:28 +0200 | [diff] [blame] | 135 | |
The Android Open Source Project | dd7bc33 | 2009-03-03 19:32:55 -0800 | [diff] [blame] | 136 | --- WRITE(0, remote-id, "data") ---------------------------------------- |
| 137 | |
| 138 | The WRITE message sends data to the recipient's stream identified by |
| 139 | remote-id. The payload MUST be <= maxdata in length. |
| 140 | |
| 141 | A WRITE message containing a remote-id which does not map to an open |
| 142 | stream on the recipient's side is ignored. The stream may have been |
| 143 | closed while this message was in-flight. |
| 144 | |
| 145 | A WRITE message may not be sent until a READY message is received. |
| 146 | Once a WRITE message is sent, an additional WRITE message may not be |
| 147 | sent until another READY message has been received. Recipients of |
| 148 | a WRITE message that is in violation of this requirement will CLOSE |
| 149 | the connection. |
| 150 | |
| 151 | |
| 152 | --- CLOSE(local-id, remote-id, "") ------------------------------------- |
| 153 | |
| 154 | The CLOSE message informs recipient that the connection between the |
| 155 | sender's stream (local-id) and the recipient's stream (remote-id) is |
| 156 | broken. The remote-id MUST not be zero, but the local-id MAY be zero |
| 157 | if this CLOSE indicates a failed OPEN. |
| 158 | |
| 159 | A CLOSE message containing a remote-id which does not map to an open |
| 160 | stream on the recipient's side is ignored. The stream may have |
| 161 | already been closed by the recipient while this message was in-flight. |
| 162 | |
| 163 | The recipient should not respond to a CLOSE message in any way. The |
| 164 | recipient should cancel pending WRITEs or CLOSEs, but this is not a |
| 165 | requirement, since they will be ignored. |
| 166 | |
| 167 | |
| 168 | --- SYNC(online, sequence, "") ----------------------------------------- |
| 169 | |
| 170 | The SYNC message is used by the io pump to make sure that stale |
| 171 | outbound messages are discarded when the connection to the remote side |
| 172 | is broken. It is only used internally to the bridge and never valid |
| 173 | to send across the wire. |
| 174 | |
| 175 | * when the connection to the remote side goes offline, the io pump |
| 176 | sends a SYNC(0, 0) and starts discarding all messages |
| 177 | * when the connection to the remote side is established, the io pump |
| 178 | sends a SYNC(1, token) and continues to discard messages |
| 179 | * when the io pump receives a matching SYNC(1, token), it once again |
| 180 | starts accepting messages to forward to the remote side |
| 181 | |
| 182 | |
| 183 | --- message command constants ------------------------------------------ |
| 184 | |
| 185 | #define A_SYNC 0x434e5953 |
| 186 | #define A_CNXN 0x4e584e43 |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 187 | #define A_AUTH 0x48545541 |
The Android Open Source Project | dd7bc33 | 2009-03-03 19:32:55 -0800 | [diff] [blame] | 188 | #define A_OPEN 0x4e45504f |
| 189 | #define A_OKAY 0x59414b4f |
| 190 | #define A_CLSE 0x45534c43 |
| 191 | #define A_WRTE 0x45545257 |
| 192 | |
| 193 | |
David 'Digit' Turner | f6330a2 | 2009-05-18 17:36:28 +0200 | [diff] [blame] | 194 | |
The Android Open Source Project | dd7bc33 | 2009-03-03 19:32:55 -0800 | [diff] [blame] | 195 | --- implementation details --------------------------------------------- |
| 196 | |
| 197 | The core of the bridge program will use three threads. One thread |
| 198 | will be a select/epoll loop to handle io between various inbound and |
| 199 | outbound connections and the connection to the remote side. |
| 200 | |
| 201 | The remote side connection will be implemented as two threads (one for |
| 202 | reading, one for writing) and a datagram socketpair to provide the |
| 203 | channel between the main select/epoll thread and the remote connection |
| 204 | threadpair. The reason for this is that for usb connections, the |
| 205 | kernel interface on linux and osx does not allow you to do meaningful |
| 206 | nonblocking IO. |
| 207 | |
| 208 | The endian swapping for the message headers will happen (as needed) in |
| 209 | the remote connection threadpair and that the rest of the program will |
| 210 | always treat message header values as native-endian. |
| 211 | |
| 212 | The bridge program will be able to have a number of mini-servers |
| 213 | compiled in. They will be published under known names (examples |
| 214 | "shell", "fs-bridge", etc) and upon receiving an OPEN() to such a |
| 215 | service, the bridge program will create a stream socketpair and spawn |
| 216 | a thread or subprocess to handle the io. |
| 217 | |
| 218 | |
| 219 | --- simplified / embedded implementation ------------------------------- |
| 220 | |
| 221 | For limited environments, like the bootloader, it is allowable to |
| 222 | support a smaller, fixed number of channels using pre-assigned channel |
| 223 | ID numbers such that only one stream may be connected to a bootloader |
| 224 | endpoint at any given time. The protocol remains unchanged, but the |
| 225 | "embedded" version of it is less dynamic. |
| 226 | |
| 227 | The bootloader will support two streams. A "bootloader:debug" stream, |
| 228 | which may be opened to get debug messages from the bootloader and a |
| 229 | "bootloader:control", stream which will support the set of basic |
| 230 | bootloader commands. |
| 231 | |
| 232 | Example command stream dialogues: |
| 233 | "flash_kernel,2515049,........\n" "okay\n" |
| 234 | "flash_ramdisk,5038,........\n" "fail,flash write error\n" |
| 235 | "bogus_command......" <CLOSE> |
| 236 | |
| 237 | |
| 238 | --- future expansion --------------------------------------------------- |
| 239 | |
| 240 | I plan on providing either a message or a special control stream so that |
| 241 | the client device could ask the host computer to setup inbound socket |
| 242 | translations on the fly on behalf of the client device. |
| 243 | |
| 244 | |
| 245 | The initial design does handshaking to provide flow control, with a |
| 246 | message flow that looks like: |
| 247 | |
| 248 | >OPEN <READY >WRITE <READY >WRITE <READY >WRITE <CLOSE |
| 249 | |
| 250 | The far side may choose to issue the READY message as soon as it receives |
| 251 | a WRITE or it may defer the READY until the write to the local stream |
| 252 | succeeds. A future version may want to do some level of windowing where |
| 253 | multiple WRITEs may be sent without requiring individual READY acks. |
| 254 | |
| 255 | ------------------------------------------------------------------------ |
| 256 | |
| 257 | --- smartsockets ------------------------------------------------------- |
| 258 | |
| 259 | Port 5037 is used for smart sockets which allow a client on the host |
| 260 | side to request access to a service in the host adb daemon or in the |
| 261 | remote (device) daemon. The service is requested by ascii name, |
| 262 | preceeded by a 4 digit hex length. Upon successful connection an |
| 263 | "OKAY" response is sent, otherwise a "FAIL" message is returned. Once |
| 264 | connected the client is talking to that (remote or local) service. |
| 265 | |
| 266 | client: <hex4> <service-name> |
| 267 | server: "OKAY" |
| 268 | |
| 269 | client: <hex4> <service-name> |
| 270 | server: "FAIL" <hex4> <reason> |
| 271 | |