2 This file is part of GNUnet
3 (C) 2008--2013 Christian Grothoff (and other contributing authors)
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
23 * @file testbed/gnunet-daemon-testbed-blacklist.c
24 * @brief daemon to restrict incoming connections from other peers at the
25 * transport layer of a peer
26 * @author Sree Harsha Totakura <sreeharsha@totakura.in>
30 #include "gnunet_util_lib.h"
31 #include "gnunet_transport_service.h"
32 #include "gnunet_ats_service.h"
33 #include "gnunet_testing_lib.h"
39 #define LOG(type,...) \
40 GNUNET_log (type, __VA_ARGS__)
43 * Debug logging shorthand
46 LOG (GNUNET_ERROR_TYPE_DEBUG, __VA_ARGS__)
49 * Log an error message at log-level 'level' that indicates
50 * a failure of the command 'cmd' on file 'filename'
51 * with the message given by strerror(errno).
53 #define LOG_SQLITE(db, msg, level, cmd) \
55 GNUNET_log_from (level, "sqlite", _("`%s' failed at %s:%d with error: %s\n"), \
56 cmd, __FILE__,__LINE__, sqlite3_errmsg(db)); \
58 GNUNET_asprintf(msg, _("`%s' failed at %s:%u with error: %s"), cmd, \
59 __FILE__, __LINE__, sqlite3_errmsg(db)); \
64 * Allow access from the peers read from the whitelist
66 #define ACCESS_ALLOW 1
69 * Deny access from the peers read from the blacklist
74 * The map to store the peer identities to allow/deny
76 static struct GNUNET_CONTAINER_MultiPeerMap *map;
80 * The map to store the peer identities to allow/deny
82 static struct GNUNET_CONTAINER_MultiPeerMap *blacklist_map;
85 * The database connection
87 static struct sqlite3 *db;
90 * The blacklist handle we obtain from transport when we register ourselves for
93 struct GNUNET_TRANSPORT_Blacklist *bh;
98 static struct GNUNET_DISK_MapHandle *idmap;
103 static char *hostkeys_data;
106 * Handle to the transport service. This is used for setting link metrics
108 static struct GNUNET_TRANSPORT_Handle *transport;
111 * The number of hostkeys in the hostkeys array
113 static unsigned int num_hostkeys;
118 static GNUNET_SCHEDULER_TaskIdentifier shutdown_task;
121 * Are we allowing or denying access from peers
128 * Iterator over hash map entries.
131 * @param key current key code
132 * @param value value in the hash map
133 * @return #GNUNET_YES if we should continue to
138 iterator (void *cls, const struct GNUNET_PeerIdentity *key, void *value)
140 GNUNET_assert (GNUNET_YES == GNUNET_CONTAINER_multipeermap_remove (map, key,
147 * Cleaup and destroy the map
154 GNUNET_assert (GNUNET_SYSERR != GNUNET_CONTAINER_multipeermap_iterate (map,
157 GNUNET_CONTAINER_multipeermap_destroy (map);
164 * Shutdown task to cleanup our resources and exit.
167 * @param tc scheduler task context
170 do_shutdown (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
174 GNUNET_TRANSPORT_blacklist_cancel (bh);
179 * Function that decides if a connection is acceptable or not.
182 * @param pid peer to approve or disapproave
183 * @return GNUNET_OK if the connection is allowed, GNUNET_SYSERR if not
186 check_access (void *cls, const struct GNUNET_PeerIdentity * pid)
191 contains = GNUNET_CONTAINER_multipeermap_contains (map, pid);
193 contains = GNUNET_NO;
194 if (ACCESS_DENY == mode)
195 return (contains) ? GNUNET_SYSERR : GNUNET_OK;
196 return (contains) ? GNUNET_OK : GNUNET_SYSERR;
201 get_identity (unsigned int offset, struct GNUNET_PeerIdentity *id)
203 struct GNUNET_CRYPTO_EddsaPrivateKey private_key;
205 if (offset >= num_hostkeys)
206 return GNUNET_SYSERR;
207 (void) memcpy (&private_key,
208 hostkeys_data + (offset * GNUNET_TESTING_HOSTKEYFILESIZE),
209 GNUNET_TESTING_HOSTKEYFILESIZE);
210 GNUNET_CRYPTO_eddsa_key_get_public (&private_key, &id->public_key);
216 * Function to blacklist a peer
218 * @param offset the offset where to find the peer's hostkey in the array of hostkeys
221 blacklist_peer (unsigned int offset)
223 struct GNUNET_PeerIdentity id;
225 GNUNET_assert (offset < num_hostkeys);
226 GNUNET_assert (GNUNET_OK == get_identity (offset, &id));
227 GNUNET_break (GNUNET_OK ==
228 GNUNET_CONTAINER_multipeermap_put (map, &id, &id,
229 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
241 struct BlackListRow *next;
244 * The offset where to find the hostkey for the peer
258 struct WhiteListRow *next;
261 * The offset where to find the hostkey for the peer
266 * Bandwidth to be assigned to the link
271 * Latency to be assigned to the link
276 * Loss to be assigned to the link
283 * Function to load keys
286 load_keys (const struct GNUNET_CONFIGURATION_Handle *c)
290 struct GNUNET_DISK_FileHandle *fd;
297 data_dir = GNUNET_OS_installation_get_path (GNUNET_OS_IPK_DATADIR);
298 GNUNET_asprintf (&idfile, "%s/testing_hostkeys.ecc", data_dir);
299 GNUNET_free (data_dir);
302 GNUNET_DISK_file_size (idfile, &fsize, GNUNET_YES, GNUNET_YES))
304 GNUNET_free (idfile);
305 return GNUNET_SYSERR;
307 if (0 != (fsize % GNUNET_TESTING_HOSTKEYFILESIZE))
309 LOG (GNUNET_ERROR_TYPE_ERROR,
310 _("Incorrect hostkey file format: %s\n"), idfile);
311 GNUNET_free (idfile);
312 return GNUNET_SYSERR;
314 fd = GNUNET_DISK_file_open (idfile, GNUNET_DISK_OPEN_READ,
315 GNUNET_DISK_PERM_NONE);
318 GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "open", idfile);
319 GNUNET_free (idfile);
320 return GNUNET_SYSERR;
322 GNUNET_free (idfile);
324 hostkeys_data = GNUNET_DISK_file_map (fd,
326 GNUNET_DISK_MAP_TYPE_READ,
328 if (NULL != hostkeys_data)
329 num_hostkeys = fsize / GNUNET_TESTING_HOSTKEYFILESIZE;
335 * Function to read blacklist rows from the database
337 * @param db the database connection
338 * @param pid the identity of this peer
339 * @param bl_rows where to store the retrieved blacklist rows
340 * @return GNUNET_SYSERR upon error OR the number of rows retrieved
343 db_read_blacklist (struct sqlite3 *db, unsigned int pid, struct BlackListRow **bl_rows)
345 static const char *query_bl = "SELECT (oid) FROM blacklist WHERE (id == ?);";
346 struct sqlite3_stmt *stmt_bl;
347 struct BlackListRow *lr;
352 if (SQLITE_OK != (ret = sqlite3_prepare_v2 (db, query_bl, -1, &stmt_bl, NULL)))
354 LOG_SQLITE (db, NULL, GNUNET_ERROR_TYPE_ERROR, "sqlite3_prepare_v2");
355 return GNUNET_SYSERR;
357 if (SQLITE_OK != (ret = sqlite3_bind_int (stmt_bl, 1, pid)))
359 LOG_SQLITE (db, NULL, GNUNET_ERROR_TYPE_ERROR, "sqlite3_bind_int");
360 sqlite3_finalize (stmt_bl);
361 return GNUNET_SYSERR;
366 ret = sqlite3_step (stmt_bl);
367 if (SQLITE_ROW != ret)
369 peer_id = sqlite3_column_int (stmt_bl, 1);
370 lr = GNUNET_new (struct BlackListRow);
376 sqlite3_finalize (stmt_bl);
383 * Function to read whitelist rows from the database
385 * @param db the database connection
386 * @param pid the identity of this peer
387 * @param wl_rows where to store the retrieved whitelist rows
388 * @return GNUNET_SYSERR upon error OR the number of rows retrieved
391 db_read_whitelist (struct sqlite3 *db, unsigned int pid, struct WhiteListRow **wl_rows)
393 static const char *query_wl = "SELECT (oid, bandwidth, latency, loss) FROM whitelist WHERE (id == ?);";
394 struct sqlite3_stmt *stmt_wl;
395 struct WhiteListRow *lr;
399 if (SQLITE_OK != (ret = sqlite3_prepare_v2 (db, query_wl, -1, &stmt_wl, NULL)))
401 LOG_SQLITE (db, NULL, GNUNET_ERROR_TYPE_ERROR, "sqlite3_prepare_v2");
402 return GNUNET_SYSERR;
404 if (SQLITE_OK != (ret = sqlite3_bind_int (stmt_wl, 1, pid)))
406 LOG_SQLITE (db, NULL, GNUNET_ERROR_TYPE_ERROR, "sqlite3_bind_int");
407 sqlite3_finalize (stmt_wl);
408 return GNUNET_SYSERR;
413 ret = sqlite3_step (stmt_wl);
414 if (SQLITE_ROW != ret)
417 lr = GNUNET_new (struct WhiteListRow);
418 lr->id = sqlite3_column_int (stmt_wl, 1);
419 lr->bandwidth = sqlite3_column_int (stmt_wl, 2);
420 lr->latency = sqlite3_column_int (stmt_wl, 3);
421 lr->loss = sqlite3_column_int (stmt_wl, 4);
425 sqlite3_finalize (stmt_wl);
431 * Main function that will be run.
434 * @param args remaining command-line arguments
435 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
436 * @param c configuration
439 run (void *cls, char *const *args, const char *cfgfile,
440 const struct GNUNET_CONFIGURATION_Handle *c)
443 struct BlackListRow *bl_head;
444 struct BlackListRow *bl_entry;
445 struct WhiteListRow *wl_head;
446 struct WhiteListRow *wl_entry;
447 struct GNUNET_PeerIdentity identity;
448 struct GNUNET_ATS_Information triplet[3];
449 unsigned long long pid;
453 if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_number (c, "TESTBED",
459 transport = GNUNET_TRANSPORT_connect (c, NULL, NULL, NULL, NULL, NULL);
460 if (NULL == transport)
465 if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (c, "TESTBED",
472 if (SQLITE_OK != (ret = sqlite3_open_v2 (dbfile, &db, SQLITE_OPEN_READONLY, NULL)))
476 LOG_SQLITE (db, NULL, GNUNET_ERROR_TYPE_ERROR, "sqlite_open_v2");
480 LOG (GNUNET_ERROR_TYPE_ERROR, "Cannot open sqlite file %s\n", dbfile);
481 GNUNET_free (dbfile);
484 DEBUG ("Opened database %s\n", dbfile);
485 GNUNET_free (dbfile);
489 nrows = db_read_blacklist (db, pid, &bl_head);
490 if (GNUNET_SYSERR == nrows)
494 blacklist_map = GNUNET_CONTAINER_multipeermap_create (nrows, GNUNET_YES);
495 if (GNUNET_OK != load_keys (c))
498 while (NULL != (bl_entry = bl_head))
500 bl_head = bl_entry->next;
501 blacklist_peer (bl_entry->id);
502 GNUNET_free (bl_entry);
504 if (NULL != blacklist_map)
506 bh = GNUNET_TRANSPORT_blacklist (c, &check_access, NULL);
507 shutdown_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL,
510 /* read and process whitelist */
513 nrows = db_read_whitelist (db, pid, &wl_head);
514 if ((GNUNET_SYSERR == nrows) || (0 == nrows))
516 triplet[0].type = 0; //FIXME: not implemented: GNUNET_ATS_QUALITY_NET_THROUGHPUT
517 triplet[1].type = GNUNET_ATS_QUALITY_NET_DELAY;
518 triplet[2].type = 0; //FIXME: not implemented: GNUNET_ATS_QUALITY_NET_LOSSRATE;
519 while (NULL != (wl_entry = wl_head))
521 wl_head = wl_entry->next;
522 triplet[0].value = wl_entry->bandwidth; //FIXME: bandwidth != throughput !!
523 triplet[1].value = wl_entry->latency;
524 triplet[2].value = wl_entry->loss;
525 GNUNET_assert (GNUNET_OK == get_identity (wl_entry->id, &identity));
526 GNUNET_TRANSPORT_set_traffic_metric (transport,
529 GNUNET_YES, /* FIXME: Separate inbound, outboud metrics */
531 GNUNET_free (wl_entry);
535 while (NULL != (bl_entry = bl_head))
537 bl_head = bl_entry->next;
538 GNUNET_free (bl_entry);
540 GNUNET_break (GNUNET_OK == sqlite3_close (db));
548 * @param argc number of arguments from the command line
549 * @param argv command line arguments
550 * @return 0 ok, 1 on error
553 main (int argc, char *const *argv)
555 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
556 GNUNET_GETOPT_OPTION_END
560 if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv))
562 #ifdef SQLITE_CONFIG_MMAP_SIZE
563 (void) sqlite3_config (SQLITE_CONFIG_MMAP_SIZE, 512000, 256000000);
567 GNUNET_PROGRAM_run (argc, argv, "gnunet-daemon-testbed-underlay",
569 ("Daemon to restrict underlay network in testbed deployments"),
570 options, &run, NULL)) ? 0 : 1;
571 GNUNET_free ((void*) argv);