2 This file is part of GNUnet
3 Copyright (C) 2008--2013 GNUnet e.V.
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 SPDX-License-Identifier: AGPL3.0-or-later
23 * @file testbed/gnunet-daemon-testbed-blacklist.c
24 * @brief daemon to restrict incoming connections from other peers at the
25 * transport layer of a peer
26 * @author Sree Harsha Totakura <sreeharsha@totakura.in>
30 #include "gnunet_util_lib.h"
31 #include "gnunet_transport_service.h"
37 #define LOG(type, ...) \
38 GNUNET_log (type, __VA_ARGS__)
41 * Debug logging shorthand
44 LOG (GNUNET_ERROR_TYPE_DEBUG, __VA_ARGS__)
47 * Allow access from the peers read from the whitelist
49 #define ACCESS_ALLOW 1
52 * Deny access from the peers read from the blacklist
57 * The map to store the peer identities to allow/deny
59 static struct GNUNET_CONTAINER_MultiPeerMap *map;
62 * The array of peer identities we read from whitelist/blacklist
64 static struct GNUNET_PeerIdentity *ilist;
67 * The blacklist handle we obtain from transport when we register ourselves for
70 static struct GNUNET_TRANSPORT_Blacklist *bh;
73 * Are we allowing or denying access from peers
79 * Cleaup and destroy the map
86 GNUNET_CONTAINER_multipeermap_destroy (map);
93 * Shutdown task to cleanup our resources and exit.
98 do_shutdown (void *cls)
102 GNUNET_TRANSPORT_blacklist_cancel (bh);
107 * Function that decides if a connection is acceptable or not.
110 * @param pid peer to approve or disapproave
111 * @return GNUNET_OK if the connection is allowed, GNUNET_SYSERR if not
114 check_access (void *cls, const struct GNUNET_PeerIdentity *pid)
119 contains = GNUNET_CONTAINER_multipeermap_contains (map, pid);
121 contains = GNUNET_NO;
122 if (ACCESS_DENY == mode)
123 return (contains) ? GNUNET_SYSERR : GNUNET_OK;
124 return (contains) ? GNUNET_OK : GNUNET_SYSERR;
129 * Setup the access control by reading the given file containing peer identities
130 * and then establishing blacklist handler with the peer's transport service
132 * @param fname the filename to read the list of peer identities
133 * @param cfg the configuration for connecting to the peer's transport service
136 setup_ac (const char *fname,
137 const struct GNUNET_CONFIGURATION_Handle *cfg)
143 GNUNET_assert (GNUNET_OK !=
144 GNUNET_DISK_file_size (fname, &fsize, GNUNET_NO,
146 if (0 != (fsize % sizeof(struct GNUNET_PeerIdentity)))
151 npeers = fsize / sizeof(struct GNUNET_PeerIdentity);
154 map = GNUNET_CONTAINER_multipeermap_create (npeers, GNUNET_YES);
155 ilist = GNUNET_malloc_large (fsize);
156 GNUNET_assert (fsize == GNUNET_DISK_fn_read (fname, ilist, fsize));
158 for (cnt = 0; cnt < npeers; cnt++)
161 GNUNET_CONTAINER_multipeermap_put (map, &ilist[cnt],
163 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
170 GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL);
171 bh = GNUNET_TRANSPORT_blacklist (cfg, &check_access, NULL);
176 * Main function that will be run.
179 * @param args remaining command-line arguments
180 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
181 * @param c configuration
187 const struct GNUNET_CONFIGURATION_Handle *c)
193 GNUNET_CONFIGURATION_get_value_filename (c,
201 GNUNET_asprintf (&fname,
204 if (GNUNET_YES == GNUNET_DISK_file_test (fname))
213 GNUNET_asprintf (&fname,
216 if (GNUNET_YES == GNUNET_DISK_file_test (fname))
229 * @param argc number of arguments from the command line
230 * @param argv command line arguments
231 * @return 0 ok, 1 on error
234 main (int argc, char *const *argv)
236 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
237 GNUNET_GETOPT_OPTION_END
242 GNUNET_STRINGS_get_utf8_args (argc, argv,
247 GNUNET_PROGRAM_run (argc, argv,
248 "gnunet-daemon-testbed-blacklist",
250 "Daemon to restrict incoming transport layer connections during testbed deployments"),
251 options, &run, NULL)) ? 0 : 1;
252 GNUNET_free ((void*) argv);