2 This file is part of GNUnet
3 (C) 2008--2013 Christian Grothoff (and other contributing authors)
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
23 * @file testbed/gnunet-daemon-testbed-blacklist.c
24 * @brief daemon to restrict incoming connections from other peers at the
25 * transport layer of a peer
26 * @author Sree Harsha Totakura <sreeharsha@totakura.in>
30 #include "gnunet_util_lib.h"
31 #include "gnunet_transport_service.h"
37 #define LOG(type,...) \
38 GNUNET_log (type, __VA_ARGS__)
41 * Debug logging shorthand
44 LOG (GNUNET_ERROR_TYPE_DEBUG, __VA_ARGS__)
47 * Allow access from the peers read from the whitelist
49 #define ACCESS_ALLOW 1
52 * Deny access from the peers read from the blacklist
57 * The map to store the peer identities to allow/deny
59 static struct GNUNET_CONTAINER_MultiPeerMap *map;
62 * The array of peer identities we read from whitelist/blacklist
64 static struct GNUNET_PeerIdentity *ilist;
67 * The blacklist handle we obtain from transport when we register ourselves for
70 struct GNUNET_TRANSPORT_Blacklist *bh;
75 static struct GNUNET_SCHEDULER_Task * shutdown_task;
78 * Are we allowing or denying access from peers
85 * Iterator over hash map entries.
88 * @param key current key code
89 * @param value value in the hash map
90 * @return #GNUNET_YES if we should continue to
95 iterator (void *cls, const struct GNUNET_PeerIdentity *key, void *value)
97 GNUNET_assert (GNUNET_YES == GNUNET_CONTAINER_multipeermap_remove (map, key,
104 * Cleaup and destroy the map
111 GNUNET_assert (GNUNET_SYSERR != GNUNET_CONTAINER_multipeermap_iterate (map,
114 GNUNET_CONTAINER_multipeermap_destroy (map);
121 * Shutdown task to cleanup our resources and exit.
124 * @param tc scheduler task context
127 do_shutdown (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
131 GNUNET_TRANSPORT_blacklist_cancel (bh);
136 * Function that decides if a connection is acceptable or not.
139 * @param pid peer to approve or disapproave
140 * @return GNUNET_OK if the connection is allowed, GNUNET_SYSERR if not
143 check_access (void *cls, const struct GNUNET_PeerIdentity * pid)
148 contains = GNUNET_CONTAINER_multipeermap_contains (map, pid);
150 contains = GNUNET_NO;
151 if (ACCESS_DENY == mode)
152 return (contains) ? GNUNET_SYSERR : GNUNET_OK;
153 return (contains) ? GNUNET_OK : GNUNET_SYSERR;
158 * Setup the access control by reading the given file containing peer identities
159 * and then establishing blacklist handler with the peer's transport service
161 * @param fname the filename to read the list of peer identities
162 * @param cfg the configuration for connecting to the peer's transport service
165 setup_ac (const char *fname, const struct GNUNET_CONFIGURATION_Handle *cfg)
171 GNUNET_assert (GNUNET_OK != GNUNET_DISK_file_size (fname, &fsize, GNUNET_NO,
173 if (0 != (fsize % sizeof (struct GNUNET_PeerIdentity)))
178 npeers = fsize / sizeof (struct GNUNET_PeerIdentity);
181 map = GNUNET_CONTAINER_multipeermap_create (npeers, GNUNET_YES);
182 ilist = GNUNET_malloc_large (fsize);
183 GNUNET_assert (fsize == GNUNET_DISK_fn_read (fname, ilist, fsize));
185 for (cnt = 0; cnt < npeers; cnt++)
187 if (GNUNET_SYSERR == GNUNET_CONTAINER_multipeermap_put (map, &ilist[cnt],
189 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
196 shutdown_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL,
198 bh = GNUNET_TRANSPORT_blacklist (cfg, &check_access, NULL);
203 * Main function that will be run.
206 * @param args remaining command-line arguments
207 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
208 * @param c configuration
211 run (void *cls, char *const *args, const char *cfgfile,
212 const struct GNUNET_CONFIGURATION_Handle *c)
215 char fname[PATH_MAX];
217 if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (c, "PATHS",
224 GNUNET_assert (0 < GNUNET_snprintf (fname, PATH_MAX, "%s/whitelist", shome));
225 if (GNUNET_YES == GNUNET_DISK_file_test (fname))
232 GNUNET_assert (0 < GNUNET_snprintf (fname, PATH_MAX, "%s/blacklist", shome));
233 if (GNUNET_YES == GNUNET_DISK_file_test (fname))
246 * @param argc number of arguments from the command line
247 * @param argv command line arguments
248 * @return 0 ok, 1 on error
251 main (int argc, char *const *argv)
253 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
254 GNUNET_GETOPT_OPTION_END
258 if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv))
262 GNUNET_PROGRAM_run (argc, argv, "gnunet-daemon-testbed-blacklist",
264 ("Daemon to restrict incoming transport layer connections during testbed deployments"),
265 options, &run, NULL)) ? 0 : 1;
266 GNUNET_free ((void*) argv);