2 This file is part of GNUnet
3 Copyright (C) 2008--2013 GNUnet e.V.
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
23 * @file testbed/gnunet-daemon-testbed-blacklist.c
24 * @brief daemon to restrict incoming connections from other peers at the
25 * transport layer of a peer
26 * @author Sree Harsha Totakura <sreeharsha@totakura.in>
30 #include "gnunet_util_lib.h"
31 #include "gnunet_transport_service.h"
37 #define LOG(type,...) \
38 GNUNET_log (type, __VA_ARGS__)
41 * Debug logging shorthand
44 LOG (GNUNET_ERROR_TYPE_DEBUG, __VA_ARGS__)
47 * Allow access from the peers read from the whitelist
49 #define ACCESS_ALLOW 1
52 * Deny access from the peers read from the blacklist
57 * The map to store the peer identities to allow/deny
59 static struct GNUNET_CONTAINER_MultiPeerMap *map;
62 * The array of peer identities we read from whitelist/blacklist
64 static struct GNUNET_PeerIdentity *ilist;
67 * The blacklist handle we obtain from transport when we register ourselves for
70 struct GNUNET_TRANSPORT_Blacklist *bh;
75 static struct GNUNET_SCHEDULER_Task * shutdown_task;
78 * Are we allowing or denying access from peers
85 * Iterator over hash map entries.
88 * @param key current key code
89 * @param value value in the hash map
90 * @return #GNUNET_YES if we should continue to
95 iterator (void *cls, const struct GNUNET_PeerIdentity *key, void *value)
97 GNUNET_assert (GNUNET_YES == GNUNET_CONTAINER_multipeermap_remove (map, key,
104 * Cleaup and destroy the map
111 GNUNET_assert (GNUNET_SYSERR != GNUNET_CONTAINER_multipeermap_iterate (map,
114 GNUNET_CONTAINER_multipeermap_destroy (map);
121 * Shutdown task to cleanup our resources and exit.
126 do_shutdown (void *cls)
130 GNUNET_TRANSPORT_blacklist_cancel (bh);
135 * Function that decides if a connection is acceptable or not.
138 * @param pid peer to approve or disapproave
139 * @return GNUNET_OK if the connection is allowed, GNUNET_SYSERR if not
142 check_access (void *cls, const struct GNUNET_PeerIdentity * pid)
147 contains = GNUNET_CONTAINER_multipeermap_contains (map, pid);
149 contains = GNUNET_NO;
150 if (ACCESS_DENY == mode)
151 return (contains) ? GNUNET_SYSERR : GNUNET_OK;
152 return (contains) ? GNUNET_OK : GNUNET_SYSERR;
157 * Setup the access control by reading the given file containing peer identities
158 * and then establishing blacklist handler with the peer's transport service
160 * @param fname the filename to read the list of peer identities
161 * @param cfg the configuration for connecting to the peer's transport service
164 setup_ac (const char *fname, const struct GNUNET_CONFIGURATION_Handle *cfg)
170 GNUNET_assert (GNUNET_OK != GNUNET_DISK_file_size (fname, &fsize, GNUNET_NO,
172 if (0 != (fsize % sizeof (struct GNUNET_PeerIdentity)))
177 npeers = fsize / sizeof (struct GNUNET_PeerIdentity);
180 map = GNUNET_CONTAINER_multipeermap_create (npeers, GNUNET_YES);
181 ilist = GNUNET_malloc_large (fsize);
182 GNUNET_assert (fsize == GNUNET_DISK_fn_read (fname, ilist, fsize));
184 for (cnt = 0; cnt < npeers; cnt++)
186 if (GNUNET_SYSERR == GNUNET_CONTAINER_multipeermap_put (map, &ilist[cnt],
188 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
195 shutdown_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL,
197 bh = GNUNET_TRANSPORT_blacklist (cfg, &check_access, NULL);
202 * Main function that will be run.
205 * @param args remaining command-line arguments
206 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
207 * @param c configuration
210 run (void *cls, char *const *args, const char *cfgfile,
211 const struct GNUNET_CONFIGURATION_Handle *c)
216 if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (c, "PATHS",
223 GNUNET_asprintf (&fname,
226 if (GNUNET_YES == GNUNET_DISK_file_test (fname))
234 GNUNET_asprintf (&fname,
238 if (GNUNET_YES == GNUNET_DISK_file_test (fname))
251 * @param argc number of arguments from the command line
252 * @param argv command line arguments
253 * @return 0 ok, 1 on error
256 main (int argc, char *const *argv)
258 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
259 GNUNET_GETOPT_OPTION_END
263 if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv))
267 GNUNET_PROGRAM_run (argc, argv, "gnunet-daemon-testbed-blacklist",
269 ("Daemon to restrict incoming transport layer connections during testbed deployments"),
270 options, &run, NULL)) ? 0 : 1;
271 GNUNET_free ((void*) argv);