%!TEX root = ../thesis.tex
% ********************** Thesis Appendix B - Layered Security *************************

\chapter{Layered Security Packet Diagrams}
\label{appendix:layered-security}

\begin{figure}
    \begin{leftfullpage}
        \centering
        \begin{bytefield}[bitwidth=0.6em]{32}
            \bitheader{0-31} \\
            \wordbox[tlr]{1}{IPv4 Header} \\
            \wordbox[blr]{1}{$\cdots$} \\
            \begin{rightwordgroup}{UDP\\Header}
                \bitbox{16}{Source port} & \bitbox{16}{Destination port} \\
                \bitbox{16}{Length} & \bitbox{16}{Checksum}
            \end{rightwordgroup} \\
            \begin{rightwordgroup}{CC\\Header}
                \bitbox{32}{Acknowledgement number} \\
                \bitbox{32}{Negative acknowledgement number} \\
                \bitbox{32}{Sequence number}
            \end{rightwordgroup} \\
            \begin{rightwordgroup}{Proxied\\Wireguard\\Packet}
                \wordbox[tlr]{1}{IPv4 Header} \\
                \wordbox[blr]{1}{$\cdots$} \\
                \begin{leftwordgroup}{UDP Header}
                    \bitbox{16}{Source port} & \bitbox{16}{Destination port} \\
                    \bitbox{16}{Length} & \bitbox{16}{Checksum}
                \end{leftwordgroup} \\
                \begin{leftwordgroup}{Wireguard\\Header}
                    \bitbox{8}{type} & \bitbox{24}{reserved} \\
                    \wordbox{1}{receiver} \\
                    \wordbox{2}{counter}
                \end{leftwordgroup} \\
                \wordbox[tlr]{1}{Proxied IP packet} \\
                \skippedwords\\
                \wordbox[blr]{1}{}
            \end{rightwordgroup} \\
            \begin{rightwordgroup}{Security\\Footer}
                \bitbox{32}{Data sequence number} \\
                \wordbox[tlr]{1}{Message authentication code} \\
                \wordbox[blr]{1}{$\cdots$}
            \end{rightwordgroup}
        \end{bytefield}
        
        \caption{Packet structure for a configuration with a Wireguard client behind my multipath proxy.}
        \label{fig:whole-network-vpn-behind}
    \end{leftfullpage}
\end{figure}

\begin{figure}
    \begin{fullpage}
        \centering
        \begin{bytefield}[bitwidth=0.6em]{32}
            \bitheader{0-31} \\
            \wordbox[tlr]{1}{IPv4 Header} \\
            \wordbox[blr]{1}{$\cdots$}\\
            \begin{rightwordgroup}{UDP\\Header}
                \bitbox{16}{Source port} & \bitbox{16}{Destination port} \\
                \bitbox{16}{Length} & \bitbox{16}{Checksum}
            \end{rightwordgroup} \\
            \begin{rightwordgroup}{Wireguard\\Header}
                \bitbox{8}{type} & \bitbox{24}{reserved} \\
                \wordbox{1}{receiver} \\
                \wordbox{2}{counter}
            \end{rightwordgroup} \\
            \begin{rightwordgroup}{Tunnelled\\Proxy\\Packet}
                \wordbox[tlr]{1}{IPv4 Header} \\
                \wordbox[blr]{1}{$\cdots$}\\
                \begin{leftwordgroup}{UDP Header}
                    \bitbox{16}{Source port} & \bitbox{16}{Destination port} \\
                    \bitbox{16}{Length} & \bitbox{16}{Checksum}
                \end{leftwordgroup} \\
                \begin{leftwordgroup}{CC\\Header}
                    \bitbox{32}{Acknowledgement number} \\
                    \bitbox{32}{Negative acknowledgement number} \\
                    \bitbox{32}{Sequence number}
                \end{leftwordgroup} \\
                \wordbox[tlr]{1}{Proxied IP packet} \\
                \skippedwords\\
                \wordbox[blr]{1}{}
            \end{rightwordgroup}
        \end{bytefield}
        
        \caption{Packet structure for a configuration with a Wireguard client in front of my multipath proxy.}
        \label{fig:whole-network-vpn-infront}
    \end{fullpage}
\end{figure}