2 This file is part of GNUnet
3 Copyright (C) 2010-2014, 2018, 2019 GNUnet e.V.
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 SPDX-License-Identifier: AGPL3.0-or-later
22 * @file transport/gnunet-communicator-tcp.c
23 * @brief Transport plugin using TCP.
24 * @author Christian Grothoff
27 * - support DNS names in BINDTO option (#5528)
28 * - support NAT connection reversal method (#5529)
29 * - support other TCP-specific NAT traversal methods (#5531)
30 * - add replay protection support to the protocol by
31 * adding a nonce in the KX and requiring (!) a
32 * nounce ACK to be send within the first X bytes of
36 #include "gnunet_util_lib.h"
37 #include "gnunet_protocols.h"
38 #include "gnunet_signatures.h"
39 #include "gnunet_constants.h"
40 #include "gnunet_nt_lib.h"
41 #include "gnunet_nat_service.h"
42 #include "gnunet_statistics_service.h"
43 #include "gnunet_transport_communication_service.h"
46 * How long do we believe our addresses to remain up (before
47 * the other peer should revalidate).
49 #define ADDRESS_VALIDITY_PERIOD \
50 GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4)
53 * How many messages do we keep at most in the queue to the
54 * transport service before we start to drop (default,
55 * can be changed via the configuration file).
56 * Should be _below_ the level of the communicator API, as
57 * otherwise we may read messages just to have them dropped
58 * by the communicator API.
60 #define DEFAULT_MAX_QUEUE_LENGTH 8
63 * Size of our IO buffers for ciphertext data. Must be at
64 * least UINT_MAX + sizeof (struct TCPBox).
66 #define BUF_SIZE (2 * 64 * 1024 + sizeof(struct TCPBox))
69 * How often do we rekey based on time (at least)
71 #define REKEY_TIME_INTERVAL GNUNET_TIME_UNIT_DAYS
74 * How long do we wait until we must have received the initial KX?
76 #define PROTO_QUEUE_TIMEOUT GNUNET_TIME_UNIT_MINUTES
79 * How often do we rekey based on number of bytes transmitted?
80 * (additionally randomized).
82 #define REKEY_MAX_BYTES (1024LLU * 1024 * 1024 * 4LLU)
85 * Size of the initial key exchange message sent first in both
88 #define INITIAL_KX_SIZE \
89 (sizeof(struct GNUNET_CRYPTO_EcdhePublicKey) \
90 + sizeof(struct TCPConfirmation))
94 * Address prefix used by the communicator.
96 #define COMMUNICATOR_ADDRESS_PREFIX "tcp"
99 * Configuration section used by the communicator.
101 #define COMMUNICATOR_CONFIG_SECTION "communicator-tcp"
103 GNUNET_NETWORK_STRUCT_BEGIN
107 * Signature we use to verify that the ephemeral key was really chosen by
108 * the specified sender.
110 struct TcpHandshakeSignature
113 * Purpose must be #GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE
115 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
118 * Identity of the inititor of the TCP connection (TCP client).
120 struct GNUNET_PeerIdentity sender;
123 * Presumed identity of the target of the TCP connection (TCP server)
125 struct GNUNET_PeerIdentity receiver;
128 * Ephemeral key used by the @e sender.
130 struct GNUNET_CRYPTO_EcdhePublicKey ephemeral;
133 * Monotonic time of @e sender, to possibly help detect replay attacks
134 * (if receiver persists times by sender).
136 struct GNUNET_TIME_AbsoluteNBO monotonic_time;
141 * Encrypted continuation of TCP initial handshake.
143 struct TCPConfirmation
148 struct GNUNET_PeerIdentity sender;
151 * Sender's signature of type #GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE
153 struct GNUNET_CRYPTO_EddsaSignature sender_sig;
156 * Monotonic time of @e sender, to possibly help detect replay attacks
157 * (if receiver persists times by sender).
159 struct GNUNET_TIME_AbsoluteNBO monotonic_time;
164 * TCP message box. Always sent encrypted!
169 * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_BOX. Warning: the
170 * header size EXCLUDES the size of the `struct TCPBox`. We usually
171 * never do this, but here the payload may truly be 64k *after* the
172 * TCPBox (as we have no MTU)!!
174 struct GNUNET_MessageHeader header;
177 * HMAC for the following encrypted message. Yes, we MUST use
178 * mac-then-encrypt here, as we want to hide the message sizes on
179 * the wire (zero plaintext design!). Using CTR mode, padding oracle
180 * attacks do not apply. Besides, due to the use of ephemeral keys
181 * (hopefully with effective replay protection from monotonic time!)
182 * the attacker is limited in using the oracle.
184 struct GNUNET_ShortHashCode hmac;
186 /* followed by as may bytes of payload as indicated in @e header,
187 excluding the TCPBox itself! */
192 * TCP rekey message box. Always sent encrypted! Data after
193 * this message will use the new key.
198 * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY.
200 struct GNUNET_MessageHeader header;
203 * HMAC for the following encrypted message. Yes, we MUST use
204 * mac-then-encrypt here, as we want to hide the message sizes on
205 * the wire (zero plaintext design!). Using CTR mode padding oracle
206 * attacks do not apply. Besides, due to the use of ephemeral keys
207 * (hopefully with effective replay protection from monotonic time!)
208 * the attacker is limited in using the oracle.
210 struct GNUNET_ShortHashCode hmac;
215 struct GNUNET_CRYPTO_EcdhePublicKey ephemeral;
218 * Sender's signature of type #GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY
220 struct GNUNET_CRYPTO_EddsaSignature sender_sig;
223 * Monotonic time of @e sender, to possibly help detect replay attacks
224 * (if receiver persists times by sender).
226 struct GNUNET_TIME_AbsoluteNBO monotonic_time;
231 * TCP finish. Sender asks for the connection to be closed.
232 * Needed/useful in case we drop RST/FIN packets on the GNUnet
233 * port due to the possibility of malicious RST/FIN injection.
238 * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH.
240 struct GNUNET_MessageHeader header;
243 * HMAC for the following encrypted message. Yes, we MUST use
244 * mac-then-encrypt here, as we want to hide the message sizes on
245 * the wire (zero plaintext design!). Using CTR mode padding oracle
246 * attacks do not apply. Besides, due to the use of ephemeral keys
247 * (hopefully with effective replay protection from monotonic time!)
248 * the attacker is limited in using the oracle.
250 struct GNUNET_ShortHashCode hmac;
254 GNUNET_NETWORK_STRUCT_END
258 * Handle for a queue.
263 * To whom are we talking to.
265 struct GNUNET_PeerIdentity target;
268 * socket that we transmit all data with on this queue
270 struct GNUNET_NETWORK_Handle *sock;
273 * cipher for decryption of incoming data.
275 gcry_cipher_hd_t in_cipher;
278 * cipher for encryption of outgoing data.
280 gcry_cipher_hd_t out_cipher;
283 * Shared secret for HMAC verification on incoming data.
285 struct GNUNET_HashCode in_hmac;
288 * Shared secret for HMAC generation on outgoing data, ratcheted after
291 struct GNUNET_HashCode out_hmac;
294 * Our ephemeral key. Stored here temporarily during rekeying / key
297 struct GNUNET_CRYPTO_EcdhePrivateKey ephemeral;
300 * ID of read task for this connection.
302 struct GNUNET_SCHEDULER_Task *read_task;
305 * ID of write task for this connection.
307 struct GNUNET_SCHEDULER_Task *write_task;
310 * Address of the other peer.
312 struct sockaddr *address;
315 * How many more bytes may we sent with the current @e out_cipher
316 * before we should rekey?
318 uint64_t rekey_left_bytes;
321 * Until what time may we sent with the current @e out_cipher
322 * before we should rekey?
324 struct GNUNET_TIME_Absolute rekey_time;
327 * Length of the address.
329 socklen_t address_len;
332 * Message queue we are providing for the #ch.
334 struct GNUNET_MQ_Handle *mq;
337 * handle for this queue with the #ch.
339 struct GNUNET_TRANSPORT_QueueHandle *qh;
342 * Number of bytes we currently have in our write queue.
344 unsigned long long bytes_in_queue;
347 * Buffer for reading ciphertext from network into.
349 char cread_buf[BUF_SIZE];
352 * buffer for writing ciphertext to network.
354 char cwrite_buf[BUF_SIZE];
357 * Plaintext buffer for decrypted plaintext.
359 char pread_buf[UINT16_MAX + 1 + sizeof(struct TCPBox)];
362 * Plaintext buffer for messages to be encrypted.
364 char pwrite_buf[UINT16_MAX + 1 + sizeof(struct TCPBox)];
367 * At which offset in the ciphertext read buffer should we
368 * append more ciphertext for transmission next?
373 * At which offset in the ciphertext write buffer should we
374 * append more ciphertext from reading next?
379 * At which offset in the plaintext input buffer should we
380 * append more plaintext from decryption next?
385 * At which offset in the plaintext output buffer should we
386 * append more plaintext for encryption next?
391 * Timeout for this queue.
393 struct GNUNET_TIME_Absolute timeout;
396 * How may messages did we pass from this queue to CORE for which we
397 * have yet to receive an acknoweldgement that CORE is done with
398 * them? If "large" (or even just non-zero), we should throttle
399 * reading to provide flow control. See also #DEFAULT_MAX_QUEUE_LENGTH
400 * and #max_queue_length.
402 unsigned int backpressure;
405 * Which network type does this queue use?
407 enum GNUNET_NetworkType nt;
410 * Is MQ awaiting a #GNUNET_MQ_impl_send_continue() call?
412 int mq_awaits_continue;
415 * Did we enqueue a finish message and are closing down the queue?
420 * Did we technically destroy this queue, but kept the allocation
421 * around because of @e backpressure not being zero yet? Used
422 * simply to delay the final #GNUNET_free() operation until
423 * #core_read_finished_cb() has been called.
428 * #GNUNET_YES if we just rekeyed and must thus possibly
429 * re-decrypt ciphertext.
436 * Handle for an incoming connection where we do not yet have enough
437 * information to setup a full queue.
444 struct ProtoQueue *next;
449 struct ProtoQueue *prev;
452 * socket that we transmit all data with on this queue
454 struct GNUNET_NETWORK_Handle *sock;
457 * ID of read task for this connection.
459 struct GNUNET_SCHEDULER_Task *read_task;
462 * Address of the other peer.
464 struct sockaddr *address;
467 * Length of the address.
469 socklen_t address_len;
472 * Timeout for this protoqueue.
474 struct GNUNET_TIME_Absolute timeout;
477 * Buffer for reading all the information we need to upgrade from
478 * protoqueue to queue.
480 char ibuf[INITIAL_KX_SIZE];
483 * Current offset for reading into @e ibuf.
492 static struct GNUNET_SCHEDULER_Task *listen_task;
495 * Maximum queue length before we stop reading towards the transport service.
497 static unsigned long long max_queue_length;
500 * For logging statistics.
502 static struct GNUNET_STATISTICS_Handle *stats;
507 static struct GNUNET_TRANSPORT_CommunicatorHandle *ch;
510 * Queues (map from peer identity to `struct Queue`)
512 static struct GNUNET_CONTAINER_MultiPeerMap *queue_map;
517 static struct GNUNET_NETWORK_Handle *listen_sock;
522 static struct GNUNET_PeerIdentity my_identity;
527 static struct GNUNET_CRYPTO_EddsaPrivateKey *my_private_key;
532 static const struct GNUNET_CONFIGURATION_Handle *cfg;
535 * Network scanner to determine network types.
537 static struct GNUNET_NT_InterfaceScanner *is;
540 * Connection to NAT service.
542 static struct GNUNET_NAT_Handle *nat;
545 * Protoqueues DLL head.
547 static struct ProtoQueue *proto_head;
550 * Protoqueues DLL tail.
552 static struct ProtoQueue *proto_tail;
556 * We have been notified that our listen socket has something to
557 * read. Do the read and reschedule this function to be called again
558 * once more is available.
563 listen_cb (void *cls);
567 * Functions with this signature are called whenever we need
568 * to close a queue due to a disconnect or failure to
569 * establish a connection.
571 * @param queue queue to close down
574 queue_destroy (struct Queue *queue)
576 struct GNUNET_MQ_Handle *mq;
578 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
579 "Disconnecting queue for peer `%s'\n",
580 GNUNET_i2s (&queue->target));
581 if (NULL != (mq = queue->mq))
584 GNUNET_MQ_destroy (mq);
586 if (NULL != queue->qh)
588 GNUNET_TRANSPORT_communicator_mq_del (queue->qh);
593 GNUNET_CONTAINER_multipeermap_remove (queue_map, &queue->target, queue));
594 GNUNET_STATISTICS_set (stats,
596 GNUNET_CONTAINER_multipeermap_size (queue_map),
598 if (NULL != queue->read_task)
600 GNUNET_SCHEDULER_cancel (queue->read_task);
601 queue->read_task = NULL;
603 if (NULL != queue->write_task)
605 GNUNET_SCHEDULER_cancel (queue->write_task);
606 queue->write_task = NULL;
608 GNUNET_NETWORK_socket_close (queue->sock);
609 gcry_cipher_close (queue->in_cipher);
610 gcry_cipher_close (queue->out_cipher);
611 GNUNET_free (queue->address);
612 if (0 != queue->backpressure)
613 queue->destroyed = GNUNET_YES;
616 if (NULL == listen_task)
617 listen_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
625 * Compute @a mac over @a buf, and ratched the @a hmac_secret.
627 * @param[in,out] hmac_secret secret for HMAC calculation
628 * @param buf buffer to MAC
629 * @param buf_size number of bytes in @a buf
630 * @param smac[out] where to write the HMAC
633 calculate_hmac (struct GNUNET_HashCode *hmac_secret,
636 struct GNUNET_ShortHashCode *smac)
638 struct GNUNET_HashCode mac;
640 GNUNET_CRYPTO_hmac_raw (hmac_secret,
641 sizeof(struct GNUNET_HashCode),
645 /* truncate to `struct GNUNET_ShortHashCode` */
646 memcpy (smac, &mac, sizeof(struct GNUNET_ShortHashCode));
647 /* ratchet hmac key */
648 GNUNET_CRYPTO_hash (hmac_secret,
649 sizeof(struct GNUNET_HashCode),
655 * Append a 'finish' message to the outgoing transmission. Once the
656 * finish has been transmitted, destroy the queue.
658 * @param queue queue to shut down nicely
661 queue_finish (struct Queue *queue)
663 struct TCPFinish fin;
665 memset (&fin, 0, sizeof(fin));
666 fin.header.size = htons (sizeof(fin));
667 fin.header.type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH);
668 calculate_hmac (&queue->out_hmac, &fin, sizeof(fin), &fin.hmac);
669 /* if there is any message left in pwrite_buf, we
670 overwrite it (possibly dropping the last message
671 from CORE hard here) */
672 memcpy (queue->pwrite_buf, &fin, sizeof(fin));
673 queue->pwrite_off = sizeof(fin);
674 /* This flag will ensure that #queue_write() no longer
675 notifies CORE about the possibility of sending
676 more data, and that #queue_write() will call
677 #queue_destroy() once the @c fin was fully written. */
678 queue->finishing = GNUNET_YES;
683 * Increment queue timeout due to activity. We do not immediately
684 * notify the monitor here as that might generate excessive
687 * @param queue queue for which the timeout should be rescheduled
690 reschedule_queue_timeout (struct Queue *queue)
693 GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
698 * Queue read task. If we hit the timeout, disconnect it
700 * @param cls the `struct Queue *` to disconnect
703 queue_read (void *cls);
707 * Core tells us it is done processing a message that transport
708 * received on a queue with status @a success.
710 * @param cls a `struct Queue *` where the message originally came from
711 * @param success #GNUNET_OK on success
714 core_read_finished_cb (void *cls, int success)
716 struct Queue *queue = cls;
717 if (GNUNET_OK != success)
718 GNUNET_STATISTICS_update (stats,
719 "# messages lost in communicator API towards CORE",
722 queue->backpressure--;
723 /* handle deferred queue destruction */
724 if ((queue->destroyed) && (0 == queue->backpressure))
729 reschedule_queue_timeout (queue);
730 /* possibly unchoke reading, now that CORE made progress */
731 if (NULL == queue->read_task)
733 GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_absolute_get_remaining (
742 * We received @a plaintext_len bytes of @a plaintext on @a queue.
743 * Pass it on to CORE. If transmission is actually happening,
744 * increase backpressure counter.
746 * @param queue the queue that received the plaintext
747 * @param plaintext the plaintext that was received
748 * @param plaintext_len number of bytes of plaintext received
751 pass_plaintext_to_core (struct Queue *queue,
752 const void *plaintext,
753 size_t plaintext_len)
755 const struct GNUNET_MessageHeader *hdr = plaintext;
758 if (ntohs (hdr->size) != plaintext_len)
760 /* NOTE: If we ever allow multiple CORE messages in one
761 BOX, this will have to change! */
765 ret = GNUNET_TRANSPORT_communicator_receive (ch,
768 ADDRESS_VALIDITY_PERIOD,
769 &core_read_finished_cb,
771 if (GNUNET_OK == ret)
772 queue->backpressure++;
773 GNUNET_break (GNUNET_NO != ret); /* backpressure not working!? */
774 if (GNUNET_SYSERR == ret)
775 GNUNET_STATISTICS_update (stats,
776 "# bytes lost due to CORE not running",
783 * Setup @a cipher based on shared secret @a dh and decrypting
786 * @param dh shared secret
787 * @param pid decrypting peer's identity
788 * @param cipher[out] cipher to initialize
789 * @param hmac_key[out] HMAC key to initialize
792 setup_cipher (const struct GNUNET_HashCode *dh,
793 const struct GNUNET_PeerIdentity *pid,
794 gcry_cipher_hd_t *cipher,
795 struct GNUNET_HashCode *hmac_key)
800 gcry_cipher_open (cipher,
801 GCRY_CIPHER_AES256 /* low level: go for speed */,
802 GCRY_CIPHER_MODE_CTR,
804 GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_kdf (key,
814 gcry_cipher_setkey (*cipher, key, sizeof(key));
815 GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_kdf (ctr,
825 gcry_cipher_setctr (*cipher, ctr, sizeof(ctr));
826 GNUNET_assert (GNUNET_YES ==
827 GNUNET_CRYPTO_kdf (hmac_key,
828 sizeof(struct GNUNET_HashCode),
841 * Setup cipher of @a queue for decryption.
843 * @param ephemeral ephemeral key we received from the other peer
844 * @param queue[in,out] queue to initialize decryption cipher for
847 setup_in_cipher (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
850 struct GNUNET_HashCode dh;
852 GNUNET_CRYPTO_eddsa_ecdh (my_private_key, ephemeral, &dh);
853 setup_cipher (&dh, &my_identity, &queue->in_cipher, &queue->in_hmac);
858 * Handle @a rekey message on @a queue. The message was already
859 * HMAC'ed, but we should additionally still check the signature.
860 * Then we need to stop the old cipher and start afresh.
862 * @param queue the queue @a rekey was received on
863 * @param rekey the rekey message
866 do_rekey (struct Queue *queue, const struct TCPRekey *rekey)
868 struct TcpHandshakeSignature thp;
870 thp.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY);
871 thp.purpose.size = htonl (sizeof(thp));
872 thp.sender = queue->target;
873 thp.receiver = my_identity;
874 thp.ephemeral = rekey->ephemeral;
875 thp.monotonic_time = rekey->monotonic_time;
876 /* FIXME: check monotonic time is monotonic... */
878 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY,
881 &queue->target.public_key))
884 queue_finish (queue);
887 gcry_cipher_close (queue->in_cipher);
888 queue->rekeyed = GNUNET_YES;
889 setup_in_cipher (&rekey->ephemeral, queue);
894 * Test if we have received a full message in plaintext.
897 * @param queue queue to process inbound plaintext for
898 * @return number of bytes of plaintext handled, 0 for none
901 try_handle_plaintext (struct Queue *queue)
903 const struct GNUNET_MessageHeader *hdr =
904 (const struct GNUNET_MessageHeader *) queue->pread_buf;
905 const struct TCPBox *box = (const struct TCPBox *) queue->pread_buf;
906 const struct TCPRekey *rekey = (const struct TCPRekey *) queue->pread_buf;
907 const struct TCPFinish *fin = (const struct TCPFinish *) queue->pread_buf;
908 struct TCPRekey rekeyz;
909 struct TCPFinish finz;
910 struct GNUNET_ShortHashCode tmac;
912 size_t size = 0; /* make compiler happy */
914 if (sizeof(*hdr) > queue->pread_off)
915 return 0; /* not even a header */
916 type = ntohs (hdr->type);
919 case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_BOX:
920 /* Special case: header size excludes box itself! */
921 if (ntohs (hdr->size) + sizeof(struct TCPBox) > queue->pread_off)
923 calculate_hmac (&queue->in_hmac, &box[1], ntohs (hdr->size), &tmac);
924 if (0 != memcmp (&tmac, &box->hmac, sizeof(tmac)))
927 queue_finish (queue);
930 pass_plaintext_to_core (queue, (const void *) &box[1], ntohs (hdr->size));
931 size = ntohs (hdr->size) + sizeof(*box);
934 case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY:
935 if (sizeof(*rekey) > queue->pread_off)
937 if (ntohs (hdr->size) != sizeof(*rekey))
940 queue_finish (queue);
944 memset (&rekeyz.hmac, 0, sizeof(rekeyz.hmac));
945 calculate_hmac (&queue->in_hmac, &rekeyz, sizeof(rekeyz), &tmac);
946 if (0 != memcmp (&tmac, &box->hmac, sizeof(tmac)))
949 queue_finish (queue);
952 do_rekey (queue, rekey);
953 size = ntohs (hdr->size);
956 case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH:
957 if (sizeof(*fin) > queue->pread_off)
959 if (ntohs (hdr->size) != sizeof(*fin))
962 queue_finish (queue);
966 memset (&finz.hmac, 0, sizeof(finz.hmac));
967 calculate_hmac (&queue->in_hmac, &rekeyz, sizeof(rekeyz), &tmac);
968 if (0 != memcmp (&tmac, &fin->hmac, sizeof(tmac)))
971 queue_finish (queue);
974 /* handle FINISH by destroying queue */
975 queue_destroy (queue);
980 queue_finish (queue);
983 GNUNET_assert (0 != size);
989 * Queue read task. If we hit the timeout, disconnect it
991 * @param cls the `struct Queue *` to disconnect
994 queue_read (void *cls)
996 struct Queue *queue = cls;
997 struct GNUNET_TIME_Relative left;
1000 queue->read_task = NULL;
1001 rcvd = GNUNET_NETWORK_socket_recv (queue->sock,
1002 &queue->cread_buf[queue->cread_off],
1003 BUF_SIZE - queue->cread_off);
1004 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1005 "Received %lu bytes from TCP queue\n", rcvd);
1008 if ((EAGAIN != errno) && (EINTR != errno))
1010 GNUNET_log_strerror (GNUNET_ERROR_TYPE_DEBUG, "recv");
1011 queue_finish (queue);
1015 left = GNUNET_TIME_absolute_get_remaining (queue->timeout);
1017 GNUNET_SCHEDULER_add_read_net (left, queue->sock, &queue_read, queue);
1021 reschedule_queue_timeout (queue);
1022 queue->cread_off += rcvd;
1023 while ((queue->pread_off < sizeof(queue->pread_buf)) &&
1024 (queue->cread_off > 0))
1026 size_t max = GNUNET_MIN (sizeof(queue->pread_buf) - queue->pread_off,
1032 gcry_cipher_decrypt (queue->in_cipher,
1033 &queue->pread_buf[queue->pread_off],
1037 queue->pread_off += max;
1039 while ((GNUNET_NO == queue->rekeyed) &&
1040 (0 != (done = try_handle_plaintext (queue))))
1042 /* 'done' bytes of plaintext were used, shift buffer */
1043 GNUNET_assert (done <= queue->pread_off);
1044 /* NOTE: this memmove() could possibly sometimes be
1045 avoided if we pass 'total' into try_handle_plaintext()
1046 and use it at an offset into the buffer there! */
1047 memmove (queue->pread_buf,
1048 &queue->pread_buf[done],
1049 queue->pread_off - done);
1050 queue->pread_off -= done;
1053 /* when we encounter a rekey message, the decryption above uses the
1054 wrong key for everything after the rekey; in that case, we have
1055 to re-do the decryption at 'total' instead of at 'max'. If there
1056 is no rekey and the last message is incomplete (max > total),
1057 it is safe to keep the decryption so we shift by 'max' */
1058 if (GNUNET_YES == queue->rekeyed)
1061 queue->rekeyed = GNUNET_NO;
1063 memmove (queue->cread_buf, &queue->cread_buf[max], queue->cread_off - max);
1064 queue->cread_off -= max;
1066 if (BUF_SIZE == queue->cread_off)
1067 return; /* buffer full, suspend reading */
1068 left = GNUNET_TIME_absolute_get_remaining (queue->timeout);
1069 if (0 != left.rel_value_us)
1071 if (max_queue_length > queue->backpressure)
1073 /* continue reading */
1074 left = GNUNET_TIME_absolute_get_remaining (queue->timeout);
1076 GNUNET_SCHEDULER_add_read_net (left, queue->sock, &queue_read, queue);
1080 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1081 "Queue %p was idle for %s, disconnecting\n",
1083 GNUNET_STRINGS_relative_time_to_string (
1084 GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT,
1086 queue_finish (queue);
1091 * Convert TCP bind specification to a `struct sockaddr *`
1093 * @param bindto bind specification to convert
1094 * @param[out] sock_len set to the length of the address
1095 * @return converted bindto specification
1097 static struct sockaddr *
1098 tcp_address_to_sockaddr (const char *bindto, socklen_t *sock_len)
1100 struct sockaddr *in;
1106 if (1 == sscanf (bindto, "%u%1s", &port, dummy))
1108 /* interpreting value as just a PORT number */
1109 if (port > UINT16_MAX)
1111 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1112 "BINDTO specification `%s' invalid: value too large for port\n",
1116 if ((GNUNET_NO == GNUNET_NETWORK_test_pf (PF_INET6)) ||
1118 GNUNET_CONFIGURATION_get_value_yesno (cfg,
1119 COMMUNICATOR_CONFIG_SECTION,
1122 struct sockaddr_in *i4;
1124 i4 = GNUNET_malloc (sizeof(struct sockaddr_in));
1125 i4->sin_family = AF_INET;
1126 i4->sin_port = htons ((uint16_t) port);
1127 #if HAVE_SOCKADDR_IN_SIN_LEN
1128 i4->sin_len = sizeof(sizeof(struct sockaddr_in));
1130 *sock_len = sizeof(struct sockaddr_in);
1131 in = (struct sockaddr *) i4;
1135 struct sockaddr_in6 *i6;
1137 i6 = GNUNET_malloc (sizeof(struct sockaddr_in6));
1138 i6->sin6_family = AF_INET6;
1139 i6->sin6_port = htons ((uint16_t) port);
1140 #if HAVE_SOCKADDR_IN_SIN_LEN
1141 i6->sin6_len = sizeof(sizeof(struct sockaddr_in6));
1143 *sock_len = sizeof(struct sockaddr_in6);
1144 in = (struct sockaddr *) i6;
1148 cp = GNUNET_strdup (bindto);
1149 colon = strrchr (cp, ':');
1152 /* interpet value after colon as port */
1155 if (1 == sscanf (colon, "%u%1s", &port, dummy))
1157 /* interpreting value as just a PORT number */
1158 if (port > UINT16_MAX)
1160 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1161 "BINDTO specification `%s' invalid: value too large for port\n",
1170 GNUNET_ERROR_TYPE_ERROR,
1171 "BINDTO specification `%s' invalid: last ':' not followed by number\n",
1179 /* interpret missing port as 0, aka pick any free one */
1184 struct sockaddr_in v4;
1186 if (1 == inet_pton (AF_INET, cp, &v4.sin_addr))
1188 v4.sin_family = AF_INET;
1189 v4.sin_port = htons ((uint16_t) port);
1190 #if HAVE_SOCKADDR_IN_SIN_LEN
1191 v4.sin_len = sizeof(struct sockaddr_in);
1193 in = GNUNET_memdup (&v4, sizeof(v4));
1194 *sock_len = sizeof(v4);
1201 struct sockaddr_in6 v6;
1205 if (('[' == *cp) && (']' == cp[strlen (cp) - 1]))
1207 start++; /* skip over '[' */
1208 cp[strlen (cp) - 1] = '\0'; /* eat ']' */
1210 if (1 == inet_pton (AF_INET6, start, &v6.sin6_addr))
1212 v6.sin6_family = AF_INET6;
1213 v6.sin6_port = htons ((uint16_t) port);
1214 #if HAVE_SOCKADDR_IN_SIN_LEN
1215 v6.sin6_len = sizeof(sizeof(struct sockaddr_in6));
1217 in = GNUNET_memdup (&v6, sizeof(v6));
1218 *sock_len = sizeof(v6);
1223 /* #5528 FIXME (feature!): maybe also try getnameinfo()? */
1230 * Setup cipher for outgoing data stream based on target and
1231 * our ephemeral private key.
1233 * @param queue queue to setup outgoing (encryption) cipher for
1236 setup_out_cipher (struct Queue *queue)
1238 struct GNUNET_HashCode dh;
1240 GNUNET_CRYPTO_ecdh_eddsa (&queue->ephemeral, &queue->target.public_key, &dh);
1241 /* we don't need the private key anymore, drop it! */
1242 memset (&queue->ephemeral, 0, sizeof(queue->ephemeral));
1243 setup_cipher (&dh, &queue->target, &queue->out_cipher, &queue->out_hmac);
1244 queue->rekey_time = GNUNET_TIME_relative_to_absolute (REKEY_TIME_INTERVAL);
1245 queue->rekey_left_bytes =
1246 GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK, REKEY_MAX_BYTES);
1251 * Inject a `struct TCPRekey` message into the queue's plaintext
1254 * @param queue queue to perform rekeying on
1257 inject_rekey (struct Queue *queue)
1259 struct TCPRekey rekey;
1260 struct TcpHandshakeSignature thp;
1262 GNUNET_assert (0 == queue->pwrite_off);
1263 memset (&rekey, 0, sizeof(rekey));
1264 GNUNET_assert (GNUNET_OK ==
1265 GNUNET_CRYPTO_ecdhe_key_create2 (&queue->ephemeral));
1266 rekey.header.type = ntohs (GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY);
1267 rekey.header.size = ntohs (sizeof(rekey));
1268 GNUNET_CRYPTO_ecdhe_key_get_public (&queue->ephemeral, &rekey.ephemeral);
1269 rekey.monotonic_time =
1270 GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg));
1271 thp.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY);
1272 thp.purpose.size = htonl (sizeof(thp));
1273 thp.sender = my_identity;
1274 thp.receiver = queue->target;
1275 thp.ephemeral = rekey.ephemeral;
1276 thp.monotonic_time = rekey.monotonic_time;
1277 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key,
1279 &rekey.sender_sig));
1280 calculate_hmac (&queue->out_hmac, &rekey, sizeof(rekey), &rekey.hmac);
1282 gcry_cipher_encrypt (queue->out_cipher,
1283 &queue->cwrite_buf[queue->cwrite_off],
1287 queue->cwrite_off += sizeof(rekey);
1292 * We have been notified that our socket is ready to write.
1293 * Then reschedule this function to be called again once more is available.
1295 * @param cls a `struct Queue`
1298 queue_write (void *cls)
1300 struct Queue *queue = cls;
1302 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "In queue write\n");
1303 queue->write_task = NULL;
1304 if (0 != queue->cwrite_off)
1306 sent = GNUNET_NETWORK_socket_send (queue->sock,
1309 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1310 "Sent %lu bytes to TCP queue\n", sent);
1311 if ((-1 == sent) && (EAGAIN != errno) && (EINTR != errno))
1313 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "send");
1314 queue_destroy (queue);
1319 size_t usent = (size_t) sent;
1320 queue->cwrite_off -= usent;
1321 memmove (queue->cwrite_buf,
1322 &queue->cwrite_buf[usent],
1324 reschedule_queue_timeout (queue);
1327 /* can we encrypt more? (always encrypt full messages, needed
1328 such that #mq_cancel() can work!) */
1329 if ((0 < queue->rekey_left_bytes) &&
1330 (queue->pwrite_off > 0) &&
1331 (queue->cwrite_off + queue->pwrite_off <= BUF_SIZE))
1333 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1334 "Encrypting %lu bytes\n", queue->pwrite_off);
1336 gcry_cipher_encrypt (queue->out_cipher,
1337 &queue->cwrite_buf[queue->cwrite_off],
1340 queue->pwrite_off));
1341 if (queue->rekey_left_bytes > queue->pwrite_off)
1342 queue->rekey_left_bytes -= queue->pwrite_off;
1344 queue->rekey_left_bytes = 0;
1345 queue->cwrite_off += queue->pwrite_off;
1346 queue->pwrite_off = 0;
1348 if ((0 == queue->pwrite_off) &&
1349 ((0 == queue->rekey_left_bytes) ||
1351 GNUNET_TIME_absolute_get_remaining (queue->rekey_time).rel_value_us)))
1353 inject_rekey (queue);
1354 gcry_cipher_close (queue->out_cipher);
1355 setup_out_cipher (queue);
1357 if ((0 == queue->pwrite_off) && (! queue->finishing) &&
1358 (GNUNET_YES == queue->mq_awaits_continue))
1360 queue->mq_awaits_continue = GNUNET_NO;
1361 GNUNET_MQ_impl_send_continue (queue->mq);
1363 /* did we just finish writing 'finish'? */
1364 if ((0 == queue->cwrite_off) && (GNUNET_YES == queue->finishing))
1366 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1367 "Finishing queue\n");
1368 queue_destroy (queue);
1371 /* do we care to write more? */
1372 if ((0 < queue->cwrite_off) || (0 < queue->pwrite_off))
1374 GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
1382 * Signature of functions implementing the sending functionality of a
1385 * @param mq the message queue
1386 * @param msg the message to send
1387 * @param impl_state our `struct Queue`
1390 mq_send (struct GNUNET_MQ_Handle *mq,
1391 const struct GNUNET_MessageHeader *msg,
1394 struct Queue *queue = impl_state;
1395 uint16_t msize = ntohs (msg->size);
1397 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1398 "In MQ send. Queue finishing: %s; write task running: %s\n",
1399 (GNUNET_YES == queue->finishing) ? "yes" : "no",
1400 (NULL == queue->write_task) ? "yes" : "no");
1401 GNUNET_assert (mq == queue->mq);
1402 queue->mq_awaits_continue = GNUNET_YES;
1403 if (GNUNET_YES == queue->finishing)
1404 return; /* this queue is dying, drop msg */
1405 GNUNET_assert (0 == queue->pwrite_off);
1406 box.header.type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_BOX);
1407 box.header.size = htons (msize);
1408 calculate_hmac (&queue->out_hmac, msg, msize, &box.hmac);
1409 memcpy (&queue->pwrite_buf[queue->pwrite_off], &box, sizeof(box));
1410 queue->pwrite_off += sizeof(box);
1411 memcpy (&queue->pwrite_buf[queue->pwrite_off], msg, msize);
1412 queue->pwrite_off += msize;
1413 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1414 "%lu bytes of plaintext to send\n", queue->pwrite_off);
1415 GNUNET_assert (NULL != queue->sock);
1416 if (NULL == queue->write_task)
1418 GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
1426 * Signature of functions implementing the destruction of a message
1427 * queue. Implementations must not free @a mq, but should take care
1430 * @param mq the message queue to destroy
1431 * @param impl_state our `struct Queue`
1434 mq_destroy (struct GNUNET_MQ_Handle *mq, void *impl_state)
1436 struct Queue *queue = impl_state;
1438 if (mq == queue->mq)
1441 queue_finish (queue);
1447 * Implementation function that cancels the currently sent message.
1449 * @param mq message queue
1450 * @param impl_state our `struct Queue`
1453 mq_cancel (struct GNUNET_MQ_Handle *mq, void *impl_state)
1455 struct Queue *queue = impl_state;
1457 GNUNET_assert (0 != queue->pwrite_off);
1458 queue->pwrite_off = 0;
1463 * Generic error handler, called with the appropriate
1464 * error code and the same closure specified at the creation of
1465 * the message queue.
1466 * Not every message queue implementation supports an error handler.
1468 * @param cls our `struct Queue`
1469 * @param error error code
1472 mq_error (void *cls, enum GNUNET_MQ_Error error)
1474 struct Queue *queue = cls;
1476 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1477 "MQ error in queue to %s: %d\n",
1478 GNUNET_i2s (&queue->target),
1480 queue_finish (queue);
1485 * Add the given @a queue to our internal data structure. Setup the
1486 * MQ processing and inform transport that the queue is ready. Must
1487 * be called after the KX for outgoing messages has been bootstrapped.
1489 * @param queue queue to boot
1492 boot_queue (struct Queue *queue, enum GNUNET_TRANSPORT_ConnectionStatus cs)
1495 GNUNET_NT_scanner_get_type (is, queue->address, queue->address_len);
1496 (void) GNUNET_CONTAINER_multipeermap_put (
1500 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
1501 GNUNET_STATISTICS_set (stats,
1503 GNUNET_CONTAINER_multipeermap_size (queue_map),
1506 GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
1507 queue->mq = GNUNET_MQ_queue_for_callbacks (&mq_send,
1517 switch (queue->address->sa_family)
1520 GNUNET_asprintf (&foreign_addr,
1522 COMMUNICATOR_ADDRESS_PREFIX,
1523 GNUNET_a2s (queue->address, queue->address_len));
1527 GNUNET_asprintf (&foreign_addr,
1529 COMMUNICATOR_ADDRESS_PREFIX,
1530 GNUNET_a2s (queue->address, queue->address_len));
1536 queue->qh = GNUNET_TRANSPORT_communicator_mq_add (ch,
1543 GNUNET_free (foreign_addr);
1549 * Generate and transmit our ephemeral key and the signature for
1550 * the initial KX with the other peer. Must be called first, before
1551 * any other bytes are ever written to the output buffer. Note that
1552 * our cipher must already be initialized when calling this function.
1553 * Helper function for #start_initial_kx_out().
1555 * @param queue queue to do KX for
1556 * @param epub our public key for the KX
1559 transmit_kx (struct Queue *queue,
1560 const struct GNUNET_CRYPTO_EcdhePublicKey *epub)
1562 struct TcpHandshakeSignature ths;
1563 struct TCPConfirmation tc;
1565 memcpy (queue->cwrite_buf, epub, sizeof(*epub));
1566 queue->cwrite_off = sizeof(*epub);
1567 /* compute 'tc' and append in encrypted format to cwrite_buf */
1568 tc.sender = my_identity;
1570 GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg));
1571 ths.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE);
1572 ths.purpose.size = htonl (sizeof(ths));
1573 ths.sender = my_identity;
1574 ths.receiver = queue->target;
1575 ths.ephemeral = *epub;
1576 ths.monotonic_time = tc.monotonic_time;
1577 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key,
1581 gcry_cipher_encrypt (queue->out_cipher,
1582 &queue->cwrite_buf[queue->cwrite_off],
1586 queue->cwrite_off += sizeof(tc);
1591 * Initialize our key material for outgoing transmissions and
1592 * inform the other peer about it. Must be called first before
1595 * @param queue the queue to setup
1598 start_initial_kx_out (struct Queue *queue)
1600 struct GNUNET_CRYPTO_EcdhePublicKey epub;
1602 GNUNET_assert (GNUNET_OK ==
1603 GNUNET_CRYPTO_ecdhe_key_create2 (&queue->ephemeral));
1604 GNUNET_CRYPTO_ecdhe_key_get_public (&queue->ephemeral, &epub);
1605 setup_out_cipher (queue);
1606 transmit_kx (queue, &epub);
1611 * We have received the first bytes from the other side on a @a queue.
1612 * Decrypt the @a tc contained in @a ibuf and check the signature.
1613 * Note that #setup_in_cipher() must have already been called.
1615 * @param queue queue to decrypt initial bytes from other peer for
1616 * @param tc[out] where to store the result
1617 * @param ibuf incoming data, of size
1619 * @return #GNUNET_OK if the signature was OK, #GNUNET_SYSERR if not
1622 decrypt_and_check_tc (struct Queue *queue,
1623 struct TCPConfirmation *tc,
1626 struct TcpHandshakeSignature ths;
1630 gcry_cipher_decrypt (queue->in_cipher,
1633 &ibuf[sizeof(struct GNUNET_CRYPTO_EcdhePublicKey)],
1635 ths.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE);
1636 ths.purpose.size = htonl (sizeof(ths));
1637 ths.sender = tc->sender;
1638 ths.receiver = my_identity;
1639 memcpy (&ths.ephemeral, ibuf, sizeof(struct GNUNET_CRYPTO_EcdhePublicKey));
1640 ths.monotonic_time = tc->monotonic_time;
1641 /* FIXME: check monotonic time against previous mono times
1642 from this sender! */
1643 return GNUNET_CRYPTO_eddsa_verify (
1644 GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE,
1647 &tc->sender.public_key);
1652 * Closes socket and frees memory associated with @a pq.
1654 * @param pq proto queue to free
1657 free_proto_queue (struct ProtoQueue *pq)
1659 GNUNET_NETWORK_socket_close (pq->sock);
1660 GNUNET_free (pq->address);
1661 GNUNET_CONTAINER_DLL_remove (proto_head, proto_tail, pq);
1667 * Read from the socket of the proto queue until we have enough data
1668 * to upgrade to full queue.
1670 * @param cls a `struct ProtoQueue`
1673 proto_read_kx (void *cls)
1675 struct ProtoQueue *pq = cls;
1677 struct GNUNET_TIME_Relative left;
1678 struct Queue *queue;
1679 struct TCPConfirmation tc;
1681 pq->read_task = NULL;
1682 left = GNUNET_TIME_absolute_get_remaining (pq->timeout);
1683 if (0 == left.rel_value_us)
1685 free_proto_queue (pq);
1688 rcvd = GNUNET_NETWORK_socket_recv (pq->sock,
1689 &pq->ibuf[pq->ibuf_off],
1690 sizeof(pq->ibuf) - pq->ibuf_off);
1691 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1692 "Received %lu bytes for KX\n", rcvd);
1695 if ((EAGAIN != errno) && (EINTR != errno))
1697 GNUNET_log_strerror (GNUNET_ERROR_TYPE_DEBUG, "recv");
1698 free_proto_queue (pq);
1703 GNUNET_SCHEDULER_add_read_net (left, pq->sock, &proto_read_kx, pq);
1706 pq->ibuf_off += rcvd;
1707 if (pq->ibuf_off > sizeof(pq->ibuf))
1711 GNUNET_SCHEDULER_add_read_net (left, pq->sock, &proto_read_kx, pq);
1714 /* we got all the data, let's find out who we are talking to! */
1715 queue = GNUNET_new (struct Queue);
1716 setup_in_cipher ((const struct GNUNET_CRYPTO_EcdhePublicKey *) pq->ibuf,
1718 if (GNUNET_OK != decrypt_and_check_tc (queue, &tc, pq->ibuf))
1720 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1721 "Invalid TCP KX received from %s\n",
1722 GNUNET_a2s (queue->address, queue->address_len));
1723 gcry_cipher_close (queue->in_cipher);
1724 GNUNET_free (queue);
1725 free_proto_queue (pq);
1728 queue->address = pq->address; /* steals reference */
1729 queue->address_len = pq->address_len;
1730 queue->target = tc.sender;
1731 queue->sock = pq->sock;
1732 start_initial_kx_out (queue);
1733 boot_queue (queue, GNUNET_TRANSPORT_CS_INBOUND);
1735 GNUNET_SCHEDULER_add_read_net (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT,
1740 GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
1744 GNUNET_CONTAINER_DLL_remove (proto_head, proto_tail, pq);
1750 * We have been notified that our listen socket has something to
1751 * read. Do the read and reschedule this function to be called again
1752 * once more is available.
1757 listen_cb (void *cls)
1759 struct sockaddr_storage in;
1761 struct GNUNET_NETWORK_Handle *sock;
1762 struct ProtoQueue *pq;
1765 GNUNET_assert (NULL != listen_sock);
1766 addrlen = sizeof(in);
1767 memset (&in, 0, sizeof(in));
1768 sock = GNUNET_NETWORK_socket_accept (listen_sock,
1769 (struct sockaddr*) &in,
1771 if ((NULL == sock) && ((EMFILE == errno) || (ENFILE == errno)))
1772 return; /* system limit reached, wait until connection goes down */
1773 listen_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
1777 if ((NULL == sock) && ((EAGAIN == errno) || (ENOBUFS == errno)))
1781 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "accept");
1784 pq = GNUNET_new (struct ProtoQueue);
1785 pq->address_len = addrlen;
1786 pq->address = GNUNET_memdup (&in, addrlen);
1787 pq->timeout = GNUNET_TIME_relative_to_absolute (PROTO_QUEUE_TIMEOUT);
1789 pq->read_task = GNUNET_SCHEDULER_add_read_net (PROTO_QUEUE_TIMEOUT,
1793 GNUNET_CONTAINER_DLL_insert (proto_head, proto_tail, pq);
1798 * Read from the socket of the queue until we have enough data
1799 * to initialize the decryption logic and can switch to regular
1802 * @param cls a `struct Queue`
1805 queue_read_kx (void *cls)
1807 struct Queue *queue = cls;
1809 struct GNUNET_TIME_Relative left;
1810 struct TCPConfirmation tc;
1812 queue->read_task = NULL;
1813 left = GNUNET_TIME_absolute_get_remaining (queue->timeout);
1814 if (0 == left.rel_value_us)
1816 queue_destroy (queue);
1819 rcvd = GNUNET_NETWORK_socket_recv (queue->sock,
1820 &queue->cread_buf[queue->cread_off],
1821 BUF_SIZE - queue->cread_off);
1822 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received %lu bytes for KX\n", rcvd);
1825 if ((EAGAIN != errno) && (EINTR != errno))
1827 GNUNET_log_strerror (GNUNET_ERROR_TYPE_DEBUG, "recv");
1828 queue_destroy (queue);
1832 GNUNET_SCHEDULER_add_read_net (left, queue->sock, &queue_read_kx, queue);
1835 queue->cread_off += rcvd;
1836 if (queue->cread_off < INITIAL_KX_SIZE)
1840 GNUNET_SCHEDULER_add_read_net (left, queue->sock, &queue_read_kx, queue);
1843 /* we got all the data, let's find out who we are talking to! */
1844 setup_in_cipher ((const struct GNUNET_CRYPTO_EcdhePublicKey *)
1847 if (GNUNET_OK != decrypt_and_check_tc (queue, &tc, queue->cread_buf))
1849 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1850 "Invalid TCP KX received from %s\n",
1851 GNUNET_a2s (queue->address, queue->address_len));
1852 queue_destroy (queue);
1856 memcmp (&tc.sender, &queue->target, sizeof(struct GNUNET_PeerIdentity)))
1858 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1859 "Invalid sender in TCP KX received from %s\n",
1860 GNUNET_a2s (queue->address, queue->address_len));
1861 queue_destroy (queue);
1865 /* update queue timeout */
1866 reschedule_queue_timeout (queue);
1867 /* prepare to continue with regular read task immediately */
1868 memmove (queue->cread_buf,
1869 &queue->cread_buf[INITIAL_KX_SIZE],
1870 queue->cread_off - (INITIAL_KX_SIZE));
1871 queue->cread_off -= INITIAL_KX_SIZE;
1872 if (0 < queue->cread_off)
1873 queue->read_task = GNUNET_SCHEDULER_add_now (&queue_read, queue);
1878 * Function called by the transport service to initialize a
1879 * message queue given address information about another peer.
1880 * If and when the communication channel is established, the
1881 * communicator must call #GNUNET_TRANSPORT_communicator_mq_add()
1882 * to notify the service that the channel is now up. It is
1883 * the responsibility of the communicator to manage sane
1884 * retries and timeouts for any @a peer/@a address combination
1885 * provided by the transport service. Timeouts and retries
1886 * do not need to be signalled to the transport service.
1888 * @param cls closure
1889 * @param peer identity of the other peer
1890 * @param address where to send the message, human-readable
1891 * communicator-specific format, 0-terminated, UTF-8
1892 * @return #GNUNET_OK on success, #GNUNET_SYSERR if the provided address is
1896 mq_init (void *cls, const struct GNUNET_PeerIdentity *peer, const char *address)
1898 struct Queue *queue;
1900 struct sockaddr *in;
1902 struct GNUNET_NETWORK_Handle *sock;
1904 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1905 "Connecting to %s\n", address);
1906 if (0 != strncmp (address,
1907 COMMUNICATOR_ADDRESS_PREFIX "-",
1908 strlen (COMMUNICATOR_ADDRESS_PREFIX "-")))
1910 GNUNET_break_op (0);
1911 return GNUNET_SYSERR;
1913 path = &address[strlen (COMMUNICATOR_ADDRESS_PREFIX "-")];
1914 in = tcp_address_to_sockaddr (path, &in_len);
1916 sock = GNUNET_NETWORK_socket_create (in->sa_family, SOCK_STREAM, IPPROTO_TCP);
1919 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1920 "socket(%d) failed: %s",
1924 return GNUNET_SYSERR;
1926 if ((GNUNET_OK != GNUNET_NETWORK_socket_connect (sock, in, in_len)) &&
1927 (errno != EINPROGRESS))
1929 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1930 "connect to `%s' failed: %s",
1933 GNUNET_NETWORK_socket_close (sock);
1935 return GNUNET_SYSERR;
1938 queue = GNUNET_new (struct Queue);
1939 queue->target = *peer;
1940 queue->address = in;
1941 queue->address_len = in_len;
1943 boot_queue (queue, GNUNET_TRANSPORT_CS_OUTBOUND);
1944 //queue->mq_awaits_continue = GNUNET_YES;
1946 GNUNET_SCHEDULER_add_read_net (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT,
1950 start_initial_kx_out (queue);
1952 GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
1961 * Iterator over all message queues to clean up.
1964 * @param target unused
1965 * @param value the queue to destroy
1966 * @return #GNUNET_OK to continue to iterate
1969 get_queue_delete_it (void *cls,
1970 const struct GNUNET_PeerIdentity *target,
1973 struct Queue *queue = value;
1977 queue_destroy (queue);
1983 * Shutdown the UNIX communicator.
1985 * @param cls NULL (always)
1988 do_shutdown (void *cls)
1990 while (NULL != proto_head)
1991 free_proto_queue (proto_head);
1994 GNUNET_NAT_unregister (nat);
1997 if (NULL != listen_task)
1999 GNUNET_SCHEDULER_cancel (listen_task);
2002 if (NULL != listen_sock)
2004 GNUNET_break (GNUNET_OK == GNUNET_NETWORK_socket_close (listen_sock));
2007 GNUNET_CONTAINER_multipeermap_iterate (queue_map, &get_queue_delete_it, NULL);
2008 GNUNET_CONTAINER_multipeermap_destroy (queue_map);
2011 GNUNET_TRANSPORT_communicator_disconnect (ch);
2016 GNUNET_STATISTICS_destroy (stats, GNUNET_NO);
2019 if (NULL != my_private_key)
2021 GNUNET_free (my_private_key);
2022 my_private_key = NULL;
2026 GNUNET_NT_scanner_done (is);
2033 * Function called when the transport service has received an
2034 * acknowledgement for this communicator (!) via a different return
2037 * Not applicable for TCP.
2039 * @param cls closure
2040 * @param sender which peer sent the notification
2041 * @param msg payload
2044 enc_notify_cb (void *cls,
2045 const struct GNUNET_PeerIdentity *sender,
2046 const struct GNUNET_MessageHeader *msg)
2051 GNUNET_break_op (0);
2056 * Signature of the callback passed to #GNUNET_NAT_register() for
2057 * a function to call whenever our set of 'valid' addresses changes.
2059 * @param cls closure
2060 * @param app_ctx[in,out] location where the app can store stuff
2061 * on add and retrieve it on remove
2062 * @param add_remove #GNUNET_YES to add a new public IP address,
2063 * #GNUNET_NO to remove a previous (now invalid) one
2064 * @param ac address class the address belongs to
2065 * @param addr either the previous or the new public IP address
2066 * @param addrlen actual length of the @a addr
2069 nat_address_cb (void *cls,
2072 enum GNUNET_NAT_AddressClass ac,
2073 const struct sockaddr *addr,
2077 struct GNUNET_TRANSPORT_AddressIdentifier *ai;
2079 if (GNUNET_YES == add_remove)
2081 enum GNUNET_NetworkType nt;
2083 GNUNET_asprintf (&my_addr,
2085 COMMUNICATOR_ADDRESS_PREFIX,
2086 GNUNET_a2s (addr, addrlen));
2087 nt = GNUNET_NT_scanner_get_type (is, addr, addrlen);
2089 GNUNET_TRANSPORT_communicator_address_add (ch,
2092 GNUNET_TIME_UNIT_FOREVER_REL);
2093 GNUNET_free (my_addr);
2099 GNUNET_TRANSPORT_communicator_address_remove (ai);
2106 * Setup communicator and launch network interactions.
2108 * @param cls NULL (always)
2109 * @param args remaining command-line arguments
2110 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
2111 * @param c configuration
2116 const char *cfgfile,
2117 const struct GNUNET_CONFIGURATION_Handle *c)
2120 struct sockaddr *in;
2122 struct sockaddr_storage in_sto;
2128 GNUNET_CONFIGURATION_get_value_string (cfg,
2129 COMMUNICATOR_CONFIG_SECTION,
2133 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
2134 COMMUNICATOR_CONFIG_SECTION,
2139 GNUNET_CONFIGURATION_get_value_number (cfg,
2140 COMMUNICATOR_CONFIG_SECTION,
2143 max_queue_length = DEFAULT_MAX_QUEUE_LENGTH;
2145 in = tcp_address_to_sockaddr (bindto, &in_len);
2148 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2149 "Failed to setup TCP socket address with path `%s'\n",
2151 GNUNET_free (bindto);
2155 GNUNET_NETWORK_socket_create (in->sa_family, SOCK_STREAM, IPPROTO_TCP);
2156 if (NULL == listen_sock)
2158 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "socket");
2160 GNUNET_free (bindto);
2163 if (GNUNET_OK != GNUNET_NETWORK_socket_bind (listen_sock, in, in_len))
2165 GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "bind", bindto);
2166 GNUNET_NETWORK_socket_close (listen_sock);
2169 GNUNET_free (bindto);
2173 GNUNET_NETWORK_socket_listen (listen_sock,
2176 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
2178 GNUNET_NETWORK_socket_close (listen_sock);
2181 GNUNET_free (bindto);
2183 /* We might have bound to port 0, allowing the OS to figure it out;
2184 thus, get the real IN-address from the socket */
2185 sto_len = sizeof(in_sto);
2186 if (0 != getsockname (GNUNET_NETWORK_get_fd (listen_sock),
2187 (struct sockaddr *) &in_sto,
2190 memcpy (&in_sto, in, in_len);
2194 GNUNET_free (bindto);
2195 in = (struct sockaddr *) &in_sto;
2197 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2199 GNUNET_a2s ((const struct sockaddr *) &in_sto, sto_len));
2200 stats = GNUNET_STATISTICS_create ("C-TCP", cfg);
2201 GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL);
2202 is = GNUNET_NT_scanner_init ();
2203 my_private_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg);
2204 if (NULL == my_private_key)
2207 GNUNET_ERROR_TYPE_ERROR,
2209 "Transport service is lacking key configuration settings. Exiting.\n"));
2210 GNUNET_SCHEDULER_shutdown ();
2213 GNUNET_CRYPTO_eddsa_key_get_public (my_private_key, &my_identity.public_key);
2214 /* start listening */
2215 listen_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
2219 queue_map = GNUNET_CONTAINER_multipeermap_create (10, GNUNET_NO);
2220 ch = GNUNET_TRANSPORT_communicator_connect (cfg,
2221 COMMUNICATOR_CONFIG_SECTION,
2222 COMMUNICATOR_ADDRESS_PREFIX,
2223 GNUNET_TRANSPORT_CC_RELIABLE,
2231 GNUNET_SCHEDULER_shutdown ();
2234 nat = GNUNET_NAT_register (cfg,
2235 COMMUNICATOR_CONFIG_SECTION,
2237 1 /* one address */,
2238 (const struct sockaddr **) &in,
2241 NULL /* FIXME: support reversal: #5529 */,
2242 NULL /* closure */);
2247 * The main function for the UNIX communicator.
2249 * @param argc number of arguments from the command line
2250 * @param argv command line arguments
2251 * @return 0 ok, 1 on error
2254 main (int argc, char *const *argv)
2256 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
2257 GNUNET_GETOPT_OPTION_END
2261 if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv))
2264 ret = (GNUNET_OK == GNUNET_PROGRAM_run (argc,
2266 "gnunet-communicator-tcp",
2267 _ ("GNUnet TCP communicator"),
2273 GNUNET_free ((void *) argv);
2278 /* end of gnunet-communicator-tcp.c */