2 This file is part of GNUnet
3 Copyright (C) 2010-2014, 2018, 2019 GNUnet e.V.
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 SPDX-License-Identifier: AGPL3.0-or-later
22 * @file transport/gnunet-communicator-tcp.c
23 * @brief Transport plugin using TCP.
24 * @author Christian Grothoff
27 * - support DNS names in BINDTO option (#5528)
28 * - support NAT connection reversal method (#5529)
29 * - support other TCP-specific NAT traversal methods (#5531)
30 * - add replay protection support to the protocol by
31 * adding a nonce in the KX and requiring (!) a
32 * nounce ACK to be send within the first X bytes of
36 #include "gnunet_util_lib.h"
37 #include "gnunet_protocols.h"
38 #include "gnunet_signatures.h"
39 #include "gnunet_constants.h"
40 #include "gnunet_nt_lib.h"
41 #include "gnunet_nat_service.h"
42 #include "gnunet_statistics_service.h"
43 #include "gnunet_transport_communication_service.h"
46 * How long do we believe our addresses to remain up (before
47 * the other peer should revalidate).
49 #define ADDRESS_VALIDITY_PERIOD \
50 GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4)
53 * How many messages do we keep at most in the queue to the
54 * transport service before we start to drop (default,
55 * can be changed via the configuration file).
56 * Should be _below_ the level of the communicator API, as
57 * otherwise we may read messages just to have them dropped
58 * by the communicator API.
60 #define DEFAULT_MAX_QUEUE_LENGTH 8
63 * Size of our IO buffers for ciphertext data. Must be at
64 * least UINT_MAX + sizeof (struct TCPBox).
66 #define BUF_SIZE (2 * 64 * 1024 + sizeof(struct TCPBox))
69 * How often do we rekey based on time (at least)
71 #define DEFAULT_REKEY_INTERVAL GNUNET_TIME_UNIT_DAYS
74 * How long do we wait until we must have received the initial KX?
76 #define PROTO_QUEUE_TIMEOUT GNUNET_TIME_UNIT_MINUTES
79 * How often do we rekey based on number of bytes transmitted?
80 * (additionally randomized).
82 #define REKEY_MAX_BYTES (1024LLU * 1024 * 1024 * 4LLU)
85 * Size of the initial key exchange message sent first in both
88 #define INITIAL_KX_SIZE \
89 (sizeof(struct GNUNET_CRYPTO_EcdhePublicKey) \
90 + sizeof(struct TCPConfirmation))
94 * Address prefix used by the communicator.
96 #define COMMUNICATOR_ADDRESS_PREFIX "tcp"
99 * Configuration section used by the communicator.
101 #define COMMUNICATOR_CONFIG_SECTION "communicator-tcp"
103 GNUNET_NETWORK_STRUCT_BEGIN
107 * Signature we use to verify that the ephemeral key was really chosen by
108 * the specified sender.
110 struct TcpHandshakeSignature
113 * Purpose must be #GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE
115 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
118 * Identity of the inititor of the TCP connection (TCP client).
120 struct GNUNET_PeerIdentity sender;
123 * Presumed identity of the target of the TCP connection (TCP server)
125 struct GNUNET_PeerIdentity receiver;
128 * Ephemeral key used by the @e sender.
130 struct GNUNET_CRYPTO_EcdhePublicKey ephemeral;
133 * Monotonic time of @e sender, to possibly help detect replay attacks
134 * (if receiver persists times by sender).
136 struct GNUNET_TIME_AbsoluteNBO monotonic_time;
141 * Encrypted continuation of TCP initial handshake.
143 struct TCPConfirmation
148 struct GNUNET_PeerIdentity sender;
151 * Sender's signature of type #GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE
153 struct GNUNET_CRYPTO_EddsaSignature sender_sig;
156 * Monotonic time of @e sender, to possibly help detect replay attacks
157 * (if receiver persists times by sender).
159 struct GNUNET_TIME_AbsoluteNBO monotonic_time;
164 * TCP message box. Always sent encrypted!
169 * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_BOX. Warning: the
170 * header size EXCLUDES the size of the `struct TCPBox`. We usually
171 * never do this, but here the payload may truly be 64k *after* the
172 * TCPBox (as we have no MTU)!!
174 struct GNUNET_MessageHeader header;
177 * HMAC for the following encrypted message. Yes, we MUST use
178 * mac-then-encrypt here, as we want to hide the message sizes on
179 * the wire (zero plaintext design!). Using CTR mode, padding oracle
180 * attacks do not apply. Besides, due to the use of ephemeral keys
181 * (hopefully with effective replay protection from monotonic time!)
182 * the attacker is limited in using the oracle.
184 struct GNUNET_ShortHashCode hmac;
186 /* followed by as may bytes of payload as indicated in @e header,
187 excluding the TCPBox itself! */
192 * TCP rekey message box. Always sent encrypted! Data after
193 * this message will use the new key.
198 * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY.
200 struct GNUNET_MessageHeader header;
203 * HMAC for the following encrypted message. Yes, we MUST use
204 * mac-then-encrypt here, as we want to hide the message sizes on
205 * the wire (zero plaintext design!). Using CTR mode padding oracle
206 * attacks do not apply. Besides, due to the use of ephemeral keys
207 * (hopefully with effective replay protection from monotonic time!)
208 * the attacker is limited in using the oracle.
210 struct GNUNET_ShortHashCode hmac;
215 struct GNUNET_CRYPTO_EcdhePublicKey ephemeral;
218 * Sender's signature of type #GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY
220 struct GNUNET_CRYPTO_EddsaSignature sender_sig;
223 * Monotonic time of @e sender, to possibly help detect replay attacks
224 * (if receiver persists times by sender).
226 struct GNUNET_TIME_AbsoluteNBO monotonic_time;
231 * TCP finish. Sender asks for the connection to be closed.
232 * Needed/useful in case we drop RST/FIN packets on the GNUnet
233 * port due to the possibility of malicious RST/FIN injection.
238 * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH.
240 struct GNUNET_MessageHeader header;
243 * HMAC for the following encrypted message. Yes, we MUST use
244 * mac-then-encrypt here, as we want to hide the message sizes on
245 * the wire (zero plaintext design!). Using CTR mode padding oracle
246 * attacks do not apply. Besides, due to the use of ephemeral keys
247 * (hopefully with effective replay protection from monotonic time!)
248 * the attacker is limited in using the oracle.
250 struct GNUNET_ShortHashCode hmac;
254 GNUNET_NETWORK_STRUCT_END
258 * Handle for a queue.
263 * To whom are we talking to.
265 struct GNUNET_PeerIdentity target;
268 * socket that we transmit all data with on this queue
270 struct GNUNET_NETWORK_Handle *sock;
273 * cipher for decryption of incoming data.
275 gcry_cipher_hd_t in_cipher;
278 * cipher for encryption of outgoing data.
280 gcry_cipher_hd_t out_cipher;
283 * Shared secret for HMAC verification on incoming data.
285 struct GNUNET_HashCode in_hmac;
288 * Shared secret for HMAC generation on outgoing data, ratcheted after
291 struct GNUNET_HashCode out_hmac;
294 * Our ephemeral key. Stored here temporarily during rekeying / key
297 struct GNUNET_CRYPTO_EcdhePrivateKey ephemeral;
300 * ID of read task for this connection.
302 struct GNUNET_SCHEDULER_Task *read_task;
305 * ID of write task for this connection.
307 struct GNUNET_SCHEDULER_Task *write_task;
310 * Address of the other peer.
312 struct sockaddr *address;
315 * How many more bytes may we sent with the current @e out_cipher
316 * before we should rekey?
318 uint64_t rekey_left_bytes;
321 * Until what time may we sent with the current @e out_cipher
322 * before we should rekey?
324 struct GNUNET_TIME_Absolute rekey_time;
327 * Length of the address.
329 socklen_t address_len;
332 * Message queue we are providing for the #ch.
334 struct GNUNET_MQ_Handle *mq;
337 * handle for this queue with the #ch.
339 struct GNUNET_TRANSPORT_QueueHandle *qh;
342 * Number of bytes we currently have in our write queue.
344 unsigned long long bytes_in_queue;
347 * Buffer for reading ciphertext from network into.
349 char cread_buf[BUF_SIZE];
352 * buffer for writing ciphertext to network.
354 char cwrite_buf[BUF_SIZE];
357 * Plaintext buffer for decrypted plaintext.
359 char pread_buf[UINT16_MAX + 1 + sizeof(struct TCPBox)];
362 * Plaintext buffer for messages to be encrypted.
364 char pwrite_buf[UINT16_MAX + 1 + sizeof(struct TCPBox)];
367 * At which offset in the ciphertext read buffer should we
368 * append more ciphertext for transmission next?
373 * At which offset in the ciphertext write buffer should we
374 * append more ciphertext from reading next?
379 * At which offset in the plaintext input buffer should we
380 * append more plaintext from decryption next?
385 * At which offset in the plaintext output buffer should we
386 * append more plaintext for encryption next?
391 * Timeout for this queue.
393 struct GNUNET_TIME_Absolute timeout;
396 * How may messages did we pass from this queue to CORE for which we
397 * have yet to receive an acknoweldgement that CORE is done with
398 * them? If "large" (or even just non-zero), we should throttle
399 * reading to provide flow control. See also #DEFAULT_MAX_QUEUE_LENGTH
400 * and #max_queue_length.
402 unsigned int backpressure;
405 * Which network type does this queue use?
407 enum GNUNET_NetworkType nt;
410 * Is MQ awaiting a #GNUNET_MQ_impl_send_continue() call?
412 int mq_awaits_continue;
415 * Did we enqueue a finish message and are closing down the queue?
420 * Did we technically destroy this queue, but kept the allocation
421 * around because of @e backpressure not being zero yet? Used
422 * simply to delay the final #GNUNET_free() operation until
423 * #core_read_finished_cb() has been called.
428 * #GNUNET_YES if we just rekeyed and must thus possibly
429 * re-decrypt ciphertext.
436 * Handle for an incoming connection where we do not yet have enough
437 * information to setup a full queue.
444 struct ProtoQueue *next;
449 struct ProtoQueue *prev;
452 * socket that we transmit all data with on this queue
454 struct GNUNET_NETWORK_Handle *sock;
457 * ID of read task for this connection.
459 struct GNUNET_SCHEDULER_Task *read_task;
462 * Address of the other peer.
464 struct sockaddr *address;
467 * Length of the address.
469 socklen_t address_len;
472 * Timeout for this protoqueue.
474 struct GNUNET_TIME_Absolute timeout;
477 * Buffer for reading all the information we need to upgrade from
478 * protoqueue to queue.
480 char ibuf[INITIAL_KX_SIZE];
483 * Current offset for reading into @e ibuf.
492 static struct GNUNET_SCHEDULER_Task *listen_task;
495 * Maximum queue length before we stop reading towards the transport service.
497 static unsigned long long max_queue_length;
500 * For logging statistics.
502 static struct GNUNET_STATISTICS_Handle *stats;
507 static struct GNUNET_TRANSPORT_CommunicatorHandle *ch;
510 * Queues (map from peer identity to `struct Queue`)
512 static struct GNUNET_CONTAINER_MultiPeerMap *queue_map;
517 static struct GNUNET_NETWORK_Handle *listen_sock;
522 static struct GNUNET_PeerIdentity my_identity;
527 static struct GNUNET_TIME_Relative rekey_interval;
532 static struct GNUNET_CRYPTO_EddsaPrivateKey *my_private_key;
537 static const struct GNUNET_CONFIGURATION_Handle *cfg;
540 * Network scanner to determine network types.
542 static struct GNUNET_NT_InterfaceScanner *is;
545 * Connection to NAT service.
547 static struct GNUNET_NAT_Handle *nat;
550 * Protoqueues DLL head.
552 static struct ProtoQueue *proto_head;
555 * Protoqueues DLL tail.
557 static struct ProtoQueue *proto_tail;
561 * We have been notified that our listen socket has something to
562 * read. Do the read and reschedule this function to be called again
563 * once more is available.
568 listen_cb (void *cls);
572 * Functions with this signature are called whenever we need
573 * to close a queue due to a disconnect or failure to
574 * establish a connection.
576 * @param queue queue to close down
579 queue_destroy (struct Queue *queue)
581 struct GNUNET_MQ_Handle *mq;
583 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
584 "Disconnecting queue for peer `%s'\n",
585 GNUNET_i2s (&queue->target));
586 if (NULL != (mq = queue->mq))
589 GNUNET_MQ_destroy (mq);
591 if (NULL != queue->qh)
593 GNUNET_TRANSPORT_communicator_mq_del (queue->qh);
598 GNUNET_CONTAINER_multipeermap_remove (queue_map, &queue->target, queue));
599 GNUNET_STATISTICS_set (stats,
601 GNUNET_CONTAINER_multipeermap_size (queue_map),
603 if (NULL != queue->read_task)
605 GNUNET_SCHEDULER_cancel (queue->read_task);
606 queue->read_task = NULL;
608 if (NULL != queue->write_task)
610 GNUNET_SCHEDULER_cancel (queue->write_task);
611 queue->write_task = NULL;
613 GNUNET_NETWORK_socket_close (queue->sock);
614 gcry_cipher_close (queue->in_cipher);
615 gcry_cipher_close (queue->out_cipher);
616 GNUNET_free (queue->address);
617 if (0 != queue->backpressure)
618 queue->destroyed = GNUNET_YES;
621 if (NULL == listen_task)
622 listen_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
630 * Compute @a mac over @a buf, and ratched the @a hmac_secret.
632 * @param[in,out] hmac_secret secret for HMAC calculation
633 * @param buf buffer to MAC
634 * @param buf_size number of bytes in @a buf
635 * @param smac[out] where to write the HMAC
638 calculate_hmac (struct GNUNET_HashCode *hmac_secret,
641 struct GNUNET_ShortHashCode *smac)
643 struct GNUNET_HashCode mac;
645 GNUNET_CRYPTO_hmac_raw (hmac_secret,
646 sizeof(struct GNUNET_HashCode),
650 /* truncate to `struct GNUNET_ShortHashCode` */
651 memcpy (smac, &mac, sizeof(struct GNUNET_ShortHashCode));
652 /* ratchet hmac key */
653 GNUNET_CRYPTO_hash (hmac_secret,
654 sizeof(struct GNUNET_HashCode),
660 * Append a 'finish' message to the outgoing transmission. Once the
661 * finish has been transmitted, destroy the queue.
663 * @param queue queue to shut down nicely
666 queue_finish (struct Queue *queue)
668 struct TCPFinish fin;
670 memset (&fin, 0, sizeof(fin));
671 fin.header.size = htons (sizeof(fin));
672 fin.header.type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH);
673 calculate_hmac (&queue->out_hmac, &fin, sizeof(fin), &fin.hmac);
674 /* if there is any message left in pwrite_buf, we
675 overwrite it (possibly dropping the last message
676 from CORE hard here) */
677 memcpy (queue->pwrite_buf, &fin, sizeof(fin));
678 queue->pwrite_off = sizeof(fin);
679 /* This flag will ensure that #queue_write() no longer
680 notifies CORE about the possibility of sending
681 more data, and that #queue_write() will call
682 #queue_destroy() once the @c fin was fully written. */
683 queue->finishing = GNUNET_YES;
688 * Increment queue timeout due to activity. We do not immediately
689 * notify the monitor here as that might generate excessive
692 * @param queue queue for which the timeout should be rescheduled
695 reschedule_queue_timeout (struct Queue *queue)
698 GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
703 * Queue read task. If we hit the timeout, disconnect it
705 * @param cls the `struct Queue *` to disconnect
708 queue_read (void *cls);
712 * Core tells us it is done processing a message that transport
713 * received on a queue with status @a success.
715 * @param cls a `struct Queue *` where the message originally came from
716 * @param success #GNUNET_OK on success
719 core_read_finished_cb (void *cls, int success)
721 struct Queue *queue = cls;
722 if (GNUNET_OK != success)
723 GNUNET_STATISTICS_update (stats,
724 "# messages lost in communicator API towards CORE",
727 queue->backpressure--;
728 /* handle deferred queue destruction */
729 if ((queue->destroyed) && (0 == queue->backpressure))
734 reschedule_queue_timeout (queue);
735 /* possibly unchoke reading, now that CORE made progress */
736 if (NULL == queue->read_task)
738 GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_absolute_get_remaining (
747 * We received @a plaintext_len bytes of @a plaintext on @a queue.
748 * Pass it on to CORE. If transmission is actually happening,
749 * increase backpressure counter.
751 * @param queue the queue that received the plaintext
752 * @param plaintext the plaintext that was received
753 * @param plaintext_len number of bytes of plaintext received
756 pass_plaintext_to_core (struct Queue *queue,
757 const void *plaintext,
758 size_t plaintext_len)
760 const struct GNUNET_MessageHeader *hdr = plaintext;
763 if (ntohs (hdr->size) != plaintext_len)
765 /* NOTE: If we ever allow multiple CORE messages in one
766 BOX, this will have to change! */
770 ret = GNUNET_TRANSPORT_communicator_receive (ch,
773 ADDRESS_VALIDITY_PERIOD,
774 &core_read_finished_cb,
776 if (GNUNET_OK == ret)
777 queue->backpressure++;
778 GNUNET_break (GNUNET_NO != ret); /* backpressure not working!? */
779 if (GNUNET_SYSERR == ret)
780 GNUNET_STATISTICS_update (stats,
781 "# bytes lost due to CORE not running",
788 * Setup @a cipher based on shared secret @a dh and decrypting
791 * @param dh shared secret
792 * @param pid decrypting peer's identity
793 * @param cipher[out] cipher to initialize
794 * @param hmac_key[out] HMAC key to initialize
797 setup_cipher (const struct GNUNET_HashCode *dh,
798 const struct GNUNET_PeerIdentity *pid,
799 gcry_cipher_hd_t *cipher,
800 struct GNUNET_HashCode *hmac_key)
805 gcry_cipher_open (cipher,
806 GCRY_CIPHER_AES256 /* low level: go for speed */,
807 GCRY_CIPHER_MODE_CTR,
809 GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_kdf (key,
819 gcry_cipher_setkey (*cipher, key, sizeof(key));
820 GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_kdf (ctr,
830 gcry_cipher_setctr (*cipher, ctr, sizeof(ctr));
831 GNUNET_assert (GNUNET_YES ==
832 GNUNET_CRYPTO_kdf (hmac_key,
833 sizeof(struct GNUNET_HashCode),
846 * Setup cipher of @a queue for decryption.
848 * @param ephemeral ephemeral key we received from the other peer
849 * @param queue[in,out] queue to initialize decryption cipher for
852 setup_in_cipher (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
855 struct GNUNET_HashCode dh;
857 GNUNET_CRYPTO_eddsa_ecdh (my_private_key, ephemeral, &dh);
858 setup_cipher (&dh, &my_identity, &queue->in_cipher, &queue->in_hmac);
863 * Handle @a rekey message on @a queue. The message was already
864 * HMAC'ed, but we should additionally still check the signature.
865 * Then we need to stop the old cipher and start afresh.
867 * @param queue the queue @a rekey was received on
868 * @param rekey the rekey message
871 do_rekey (struct Queue *queue, const struct TCPRekey *rekey)
873 struct TcpHandshakeSignature thp;
874 thp.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY);
875 thp.purpose.size = htonl (sizeof(thp));
876 thp.sender = queue->target;
877 thp.receiver = my_identity;
878 thp.ephemeral = rekey->ephemeral;
879 thp.monotonic_time = rekey->monotonic_time;
880 /* FIXME: check monotonic time is monotonic... */
882 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY,
885 &queue->target.public_key))
888 queue_finish (queue);
891 gcry_cipher_close (queue->in_cipher);
892 queue->rekeyed = GNUNET_YES;
893 setup_in_cipher (&rekey->ephemeral, queue);
898 * Test if we have received a full message in plaintext.
901 * @param queue queue to process inbound plaintext for
902 * @return number of bytes of plaintext handled, 0 for none
905 try_handle_plaintext (struct Queue *queue)
907 const struct GNUNET_MessageHeader *hdr =
908 (const struct GNUNET_MessageHeader *) queue->pread_buf;
909 const struct TCPBox *box = (const struct TCPBox *) queue->pread_buf;
910 const struct TCPRekey *rekey = (const struct TCPRekey *) queue->pread_buf;
911 const struct TCPFinish *fin = (const struct TCPFinish *) queue->pread_buf;
912 struct TCPRekey rekeyz;
913 struct TCPFinish finz;
914 struct GNUNET_ShortHashCode tmac;
916 size_t size = 0; /* make compiler happy */
918 if (sizeof(*hdr) > queue->pread_off)
919 return 0; /* not even a header */
920 type = ntohs (hdr->type);
923 case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_BOX:
924 /* Special case: header size excludes box itself! */
925 if (ntohs (hdr->size) + sizeof(struct TCPBox) > queue->pread_off)
927 calculate_hmac (&queue->in_hmac, &box[1], ntohs (hdr->size), &tmac);
928 if (0 != memcmp (&tmac, &box->hmac, sizeof(tmac)))
931 queue_finish (queue);
934 pass_plaintext_to_core (queue, (const void *) &box[1], ntohs (hdr->size));
935 size = ntohs (hdr->size) + sizeof(*box);
938 case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY:
939 if (sizeof(*rekey) > queue->pread_off)
941 if (ntohs (hdr->size) != sizeof(*rekey))
944 queue_finish (queue);
948 memset (&rekeyz.hmac, 0, sizeof(rekeyz.hmac));
949 calculate_hmac (&queue->in_hmac, &rekeyz, sizeof(rekeyz), &tmac);
950 if (0 != memcmp (&tmac, &rekey->hmac, sizeof(tmac)))
953 queue_finish (queue);
956 do_rekey (queue, rekey);
957 size = ntohs (hdr->size);
960 case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH:
961 if (sizeof(*fin) > queue->pread_off)
963 if (ntohs (hdr->size) != sizeof(*fin))
966 queue_finish (queue);
970 memset (&finz.hmac, 0, sizeof(finz.hmac));
971 calculate_hmac (&queue->in_hmac, &rekeyz, sizeof(rekeyz), &tmac);
972 if (0 != memcmp (&tmac, &fin->hmac, sizeof(tmac)))
975 queue_finish (queue);
978 /* handle FINISH by destroying queue */
979 queue_destroy (queue);
984 queue_finish (queue);
987 GNUNET_assert (0 != size);
993 * Queue read task. If we hit the timeout, disconnect it
995 * @param cls the `struct Queue *` to disconnect
998 queue_read (void *cls)
1000 struct Queue *queue = cls;
1001 struct GNUNET_TIME_Relative left;
1004 queue->read_task = NULL;
1005 rcvd = GNUNET_NETWORK_socket_recv (queue->sock,
1006 &queue->cread_buf[queue->cread_off],
1007 BUF_SIZE - queue->cread_off);
1008 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1009 "Received %lu bytes from TCP queue\n", rcvd);
1012 if ((EAGAIN != errno) && (EINTR != errno))
1014 GNUNET_log_strerror (GNUNET_ERROR_TYPE_DEBUG, "recv");
1015 queue_finish (queue);
1019 left = GNUNET_TIME_absolute_get_remaining (queue->timeout);
1021 GNUNET_SCHEDULER_add_read_net (left, queue->sock, &queue_read, queue);
1025 reschedule_queue_timeout (queue);
1026 queue->cread_off += rcvd;
1027 while ((queue->pread_off < sizeof(queue->pread_buf)) &&
1028 (queue->cread_off > 0))
1030 size_t max = GNUNET_MIN (sizeof(queue->pread_buf) - queue->pread_off,
1034 size_t old_pread_off = queue->pread_off;
1037 gcry_cipher_decrypt (queue->in_cipher,
1038 &queue->pread_buf[queue->pread_off],
1042 queue->pread_off += max;
1044 while (0 != (done = try_handle_plaintext (queue)))
1046 /* 'done' bytes of plaintext were used, shift buffer */
1047 GNUNET_assert (done <= queue->pread_off);
1048 /* NOTE: this memmove() could possibly sometimes be
1049 avoided if we pass 'total' into try_handle_plaintext()
1050 and use it at an offset into the buffer there! */
1051 memmove (queue->pread_buf,
1052 &queue->pread_buf[done],
1053 queue->pread_off - done);
1054 queue->pread_off -= done;
1056 /* The last plaintext was a rekey, abort for now */
1057 if (GNUNET_YES == queue->rekeyed)
1060 /* when we encounter a rekey message, the decryption above uses the
1061 wrong key for everything after the rekey; in that case, we have
1062 to re-do the decryption at 'total' instead of at 'max'.
1063 However, we have to take into account that the plaintext buffer may have
1064 already contained data and not jumpt too far ahead in the ciphertext.
1065 If there is no rekey and the last message is incomplete (max > total),
1066 it is safe to keep the decryption so we shift by 'max' */if (GNUNET_YES == queue->rekeyed)
1068 max = total - old_pread_off;
1069 queue->rekeyed = GNUNET_NO;
1070 queue->pread_off = 0;
1072 memmove (queue->cread_buf, &queue->cread_buf[max], queue->cread_off - max);
1073 queue->cread_off -= max;
1075 if (BUF_SIZE == queue->cread_off)
1076 return; /* buffer full, suspend reading */
1077 left = GNUNET_TIME_absolute_get_remaining (queue->timeout);
1078 if (0 != left.rel_value_us)
1080 if (max_queue_length > queue->backpressure)
1082 /* continue reading */
1083 left = GNUNET_TIME_absolute_get_remaining (queue->timeout);
1085 GNUNET_SCHEDULER_add_read_net (left, queue->sock, &queue_read, queue);
1089 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1090 "Queue %p was idle for %s, disconnecting\n",
1092 GNUNET_STRINGS_relative_time_to_string (
1093 GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT,
1095 queue_finish (queue);
1100 * Convert TCP bind specification to a `struct sockaddr *`
1102 * @param bindto bind specification to convert
1103 * @param[out] sock_len set to the length of the address
1104 * @return converted bindto specification
1106 static struct sockaddr *
1107 tcp_address_to_sockaddr (const char *bindto, socklen_t *sock_len)
1109 struct sockaddr *in;
1115 if (1 == sscanf (bindto, "%u%1s", &port, dummy))
1117 /* interpreting value as just a PORT number */
1118 if (port > UINT16_MAX)
1120 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1121 "BINDTO specification `%s' invalid: value too large for port\n",
1125 if ((GNUNET_NO == GNUNET_NETWORK_test_pf (PF_INET6)) ||
1127 GNUNET_CONFIGURATION_get_value_yesno (cfg,
1128 COMMUNICATOR_CONFIG_SECTION,
1131 struct sockaddr_in *i4;
1133 i4 = GNUNET_malloc (sizeof(struct sockaddr_in));
1134 i4->sin_family = AF_INET;
1135 i4->sin_port = htons ((uint16_t) port);
1136 #if HAVE_SOCKADDR_IN_SIN_LEN
1137 i4->sin_len = sizeof(sizeof(struct sockaddr_in));
1139 *sock_len = sizeof(struct sockaddr_in);
1140 in = (struct sockaddr *) i4;
1144 struct sockaddr_in6 *i6;
1146 i6 = GNUNET_malloc (sizeof(struct sockaddr_in6));
1147 i6->sin6_family = AF_INET6;
1148 i6->sin6_port = htons ((uint16_t) port);
1149 #if HAVE_SOCKADDR_IN_SIN_LEN
1150 i6->sin6_len = sizeof(sizeof(struct sockaddr_in6));
1152 *sock_len = sizeof(struct sockaddr_in6);
1153 in = (struct sockaddr *) i6;
1157 cp = GNUNET_strdup (bindto);
1158 colon = strrchr (cp, ':');
1161 /* interpet value after colon as port */
1164 if (1 == sscanf (colon, "%u%1s", &port, dummy))
1166 /* interpreting value as just a PORT number */
1167 if (port > UINT16_MAX)
1169 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1170 "BINDTO specification `%s' invalid: value too large for port\n",
1179 GNUNET_ERROR_TYPE_ERROR,
1180 "BINDTO specification `%s' invalid: last ':' not followed by number\n",
1188 /* interpret missing port as 0, aka pick any free one */
1193 struct sockaddr_in v4;
1195 if (1 == inet_pton (AF_INET, cp, &v4.sin_addr))
1197 v4.sin_family = AF_INET;
1198 v4.sin_port = htons ((uint16_t) port);
1199 #if HAVE_SOCKADDR_IN_SIN_LEN
1200 v4.sin_len = sizeof(struct sockaddr_in);
1202 in = GNUNET_memdup (&v4, sizeof(v4));
1203 *sock_len = sizeof(v4);
1210 struct sockaddr_in6 v6;
1214 if (('[' == *cp) && (']' == cp[strlen (cp) - 1]))
1216 start++; /* skip over '[' */
1217 cp[strlen (cp) - 1] = '\0'; /* eat ']' */
1219 if (1 == inet_pton (AF_INET6, start, &v6.sin6_addr))
1221 v6.sin6_family = AF_INET6;
1222 v6.sin6_port = htons ((uint16_t) port);
1223 #if HAVE_SOCKADDR_IN_SIN_LEN
1224 v6.sin6_len = sizeof(sizeof(struct sockaddr_in6));
1226 in = GNUNET_memdup (&v6, sizeof(v6));
1227 *sock_len = sizeof(v6);
1232 /* #5528 FIXME (feature!): maybe also try getnameinfo()? */
1239 * Setup cipher for outgoing data stream based on target and
1240 * our ephemeral private key.
1242 * @param queue queue to setup outgoing (encryption) cipher for
1245 setup_out_cipher (struct Queue *queue)
1247 struct GNUNET_HashCode dh;
1249 GNUNET_CRYPTO_ecdh_eddsa (&queue->ephemeral, &queue->target.public_key, &dh);
1250 /* we don't need the private key anymore, drop it! */
1251 memset (&queue->ephemeral, 0, sizeof(queue->ephemeral));
1252 setup_cipher (&dh, &queue->target, &queue->out_cipher, &queue->out_hmac);
1253 queue->rekey_time = GNUNET_TIME_relative_to_absolute (rekey_interval);
1254 queue->rekey_left_bytes =
1255 GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK, REKEY_MAX_BYTES);
1260 * Inject a `struct TCPRekey` message into the queue's plaintext
1263 * @param queue queue to perform rekeying on
1266 inject_rekey (struct Queue *queue)
1268 struct TCPRekey rekey;
1269 struct TcpHandshakeSignature thp;
1271 GNUNET_assert (0 == queue->pwrite_off);
1272 memset (&rekey, 0, sizeof(rekey));
1273 GNUNET_assert (GNUNET_OK ==
1274 GNUNET_CRYPTO_ecdhe_key_create2 (&queue->ephemeral));
1275 rekey.header.type = ntohs (GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY);
1276 rekey.header.size = ntohs (sizeof(rekey));
1277 GNUNET_CRYPTO_ecdhe_key_get_public (&queue->ephemeral, &rekey.ephemeral);
1278 rekey.monotonic_time =
1279 GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg));
1280 thp.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY);
1281 thp.purpose.size = htonl (sizeof(thp));
1282 thp.sender = my_identity;
1283 thp.receiver = queue->target;
1284 thp.ephemeral = rekey.ephemeral;
1285 thp.monotonic_time = rekey.monotonic_time;
1286 GNUNET_CRYPTO_eddsa_sign (my_private_key,
1289 calculate_hmac (&queue->out_hmac, &rekey, sizeof(rekey), &rekey.hmac);
1290 /* Encrypt rekey message with 'old' cipher */
1292 gcry_cipher_encrypt (queue->out_cipher,
1293 &queue->cwrite_buf[queue->cwrite_off],
1297 queue->cwrite_off += sizeof(rekey);
1298 /* Setup new cipher for successive messages */
1299 gcry_cipher_close (queue->out_cipher);
1300 setup_out_cipher (queue);
1305 * We have been notified that our socket is ready to write.
1306 * Then reschedule this function to be called again once more is available.
1308 * @param cls a `struct Queue`
1311 queue_write (void *cls)
1313 struct Queue *queue = cls;
1315 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "In queue write\n");
1316 queue->write_task = NULL;
1317 if (0 != queue->cwrite_off)
1319 sent = GNUNET_NETWORK_socket_send (queue->sock,
1322 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1323 "Sent %lu bytes to TCP queue\n", sent);
1324 if ((-1 == sent) && (EAGAIN != errno) && (EINTR != errno))
1326 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "send");
1327 queue_destroy (queue);
1332 size_t usent = (size_t) sent;
1333 queue->cwrite_off -= usent;
1334 memmove (queue->cwrite_buf,
1335 &queue->cwrite_buf[usent],
1337 reschedule_queue_timeout (queue);
1340 /* can we encrypt more? (always encrypt full messages, needed
1341 such that #mq_cancel() can work!) */
1342 if ((0 < queue->rekey_left_bytes) &&
1343 (queue->pwrite_off > 0) &&
1344 (queue->cwrite_off + queue->pwrite_off <= BUF_SIZE))
1346 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1347 "Encrypting %lu bytes\n", queue->pwrite_off);
1349 gcry_cipher_encrypt (queue->out_cipher,
1350 &queue->cwrite_buf[queue->cwrite_off],
1353 queue->pwrite_off));
1354 if (queue->rekey_left_bytes > queue->pwrite_off)
1355 queue->rekey_left_bytes -= queue->pwrite_off;
1357 queue->rekey_left_bytes = 0;
1358 queue->cwrite_off += queue->pwrite_off;
1359 queue->pwrite_off = 0;
1361 if ((0 == queue->pwrite_off) &&
1362 ((0 == queue->rekey_left_bytes) ||
1364 GNUNET_TIME_absolute_get_remaining (queue->rekey_time).rel_value_us)))
1366 inject_rekey (queue);
1368 if ((0 == queue->pwrite_off) && (! queue->finishing) &&
1369 (GNUNET_YES == queue->mq_awaits_continue))
1371 queue->mq_awaits_continue = GNUNET_NO;
1372 GNUNET_MQ_impl_send_continue (queue->mq);
1374 /* did we just finish writing 'finish'? */
1375 if ((0 == queue->cwrite_off) && (GNUNET_YES == queue->finishing))
1377 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1378 "Finishing queue\n");
1379 queue_destroy (queue);
1382 /* do we care to write more? */
1383 if ((0 < queue->cwrite_off) || (0 < queue->pwrite_off))
1385 GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
1393 * Signature of functions implementing the sending functionality of a
1396 * @param mq the message queue
1397 * @param msg the message to send
1398 * @param impl_state our `struct Queue`
1401 mq_send (struct GNUNET_MQ_Handle *mq,
1402 const struct GNUNET_MessageHeader *msg,
1405 struct Queue *queue = impl_state;
1406 uint16_t msize = ntohs (msg->size);
1408 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1409 "In MQ send. Queue finishing: %s; write task running: %s\n",
1410 (GNUNET_YES == queue->finishing) ? "yes" : "no",
1411 (NULL == queue->write_task) ? "yes" : "no");
1412 GNUNET_assert (mq == queue->mq);
1413 queue->mq_awaits_continue = GNUNET_YES;
1414 if (GNUNET_YES == queue->finishing)
1415 return; /* this queue is dying, drop msg */
1416 GNUNET_assert (0 == queue->pwrite_off);
1417 box.header.type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_BOX);
1418 box.header.size = htons (msize);
1419 calculate_hmac (&queue->out_hmac, msg, msize, &box.hmac);
1420 memcpy (&queue->pwrite_buf[queue->pwrite_off], &box, sizeof(box));
1421 queue->pwrite_off += sizeof(box);
1422 memcpy (&queue->pwrite_buf[queue->pwrite_off], msg, msize);
1423 queue->pwrite_off += msize;
1424 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1425 "%lu bytes of plaintext to send\n", queue->pwrite_off);
1426 GNUNET_assert (NULL != queue->sock);
1427 if (NULL == queue->write_task)
1429 GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
1437 * Signature of functions implementing the destruction of a message
1438 * queue. Implementations must not free @a mq, but should take care
1441 * @param mq the message queue to destroy
1442 * @param impl_state our `struct Queue`
1445 mq_destroy (struct GNUNET_MQ_Handle *mq, void *impl_state)
1447 struct Queue *queue = impl_state;
1449 if (mq == queue->mq)
1452 queue_finish (queue);
1458 * Implementation function that cancels the currently sent message.
1460 * @param mq message queue
1461 * @param impl_state our `struct Queue`
1464 mq_cancel (struct GNUNET_MQ_Handle *mq, void *impl_state)
1466 struct Queue *queue = impl_state;
1468 GNUNET_assert (0 != queue->pwrite_off);
1469 queue->pwrite_off = 0;
1474 * Generic error handler, called with the appropriate
1475 * error code and the same closure specified at the creation of
1476 * the message queue.
1477 * Not every message queue implementation supports an error handler.
1479 * @param cls our `struct Queue`
1480 * @param error error code
1483 mq_error (void *cls, enum GNUNET_MQ_Error error)
1485 struct Queue *queue = cls;
1487 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1488 "MQ error in queue to %s: %d\n",
1489 GNUNET_i2s (&queue->target),
1491 queue_finish (queue);
1496 * Add the given @a queue to our internal data structure. Setup the
1497 * MQ processing and inform transport that the queue is ready. Must
1498 * be called after the KX for outgoing messages has been bootstrapped.
1500 * @param queue queue to boot
1503 boot_queue (struct Queue *queue, enum GNUNET_TRANSPORT_ConnectionStatus cs)
1506 GNUNET_NT_scanner_get_type (is, queue->address, queue->address_len);
1507 (void) GNUNET_CONTAINER_multipeermap_put (
1511 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
1512 GNUNET_STATISTICS_set (stats,
1514 GNUNET_CONTAINER_multipeermap_size (queue_map),
1517 GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
1518 queue->mq = GNUNET_MQ_queue_for_callbacks (&mq_send,
1528 switch (queue->address->sa_family)
1531 GNUNET_asprintf (&foreign_addr,
1533 COMMUNICATOR_ADDRESS_PREFIX,
1534 GNUNET_a2s (queue->address, queue->address_len));
1538 GNUNET_asprintf (&foreign_addr,
1540 COMMUNICATOR_ADDRESS_PREFIX,
1541 GNUNET_a2s (queue->address, queue->address_len));
1547 queue->qh = GNUNET_TRANSPORT_communicator_mq_add (ch,
1554 GNUNET_free (foreign_addr);
1560 * Generate and transmit our ephemeral key and the signature for
1561 * the initial KX with the other peer. Must be called first, before
1562 * any other bytes are ever written to the output buffer. Note that
1563 * our cipher must already be initialized when calling this function.
1564 * Helper function for #start_initial_kx_out().
1566 * @param queue queue to do KX for
1567 * @param epub our public key for the KX
1570 transmit_kx (struct Queue *queue,
1571 const struct GNUNET_CRYPTO_EcdhePublicKey *epub)
1573 struct TcpHandshakeSignature ths;
1574 struct TCPConfirmation tc;
1576 memcpy (queue->cwrite_buf, epub, sizeof(*epub));
1577 queue->cwrite_off = sizeof(*epub);
1578 /* compute 'tc' and append in encrypted format to cwrite_buf */
1579 tc.sender = my_identity;
1581 GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg));
1582 ths.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE);
1583 ths.purpose.size = htonl (sizeof(ths));
1584 ths.sender = my_identity;
1585 ths.receiver = queue->target;
1586 ths.ephemeral = *epub;
1587 ths.monotonic_time = tc.monotonic_time;
1588 GNUNET_CRYPTO_eddsa_sign (my_private_key,
1592 gcry_cipher_encrypt (queue->out_cipher,
1593 &queue->cwrite_buf[queue->cwrite_off],
1597 queue->cwrite_off += sizeof(tc);
1602 * Initialize our key material for outgoing transmissions and
1603 * inform the other peer about it. Must be called first before
1606 * @param queue the queue to setup
1609 start_initial_kx_out (struct Queue *queue)
1611 struct GNUNET_CRYPTO_EcdhePublicKey epub;
1613 GNUNET_assert (GNUNET_OK ==
1614 GNUNET_CRYPTO_ecdhe_key_create2 (&queue->ephemeral));
1615 GNUNET_CRYPTO_ecdhe_key_get_public (&queue->ephemeral, &epub);
1616 setup_out_cipher (queue);
1617 transmit_kx (queue, &epub);
1622 * We have received the first bytes from the other side on a @a queue.
1623 * Decrypt the @a tc contained in @a ibuf and check the signature.
1624 * Note that #setup_in_cipher() must have already been called.
1626 * @param queue queue to decrypt initial bytes from other peer for
1627 * @param tc[out] where to store the result
1628 * @param ibuf incoming data, of size
1630 * @return #GNUNET_OK if the signature was OK, #GNUNET_SYSERR if not
1633 decrypt_and_check_tc (struct Queue *queue,
1634 struct TCPConfirmation *tc,
1637 struct TcpHandshakeSignature ths;
1641 gcry_cipher_decrypt (queue->in_cipher,
1644 &ibuf[sizeof(struct GNUNET_CRYPTO_EcdhePublicKey)],
1646 ths.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE);
1647 ths.purpose.size = htonl (sizeof(ths));
1648 ths.sender = tc->sender;
1649 ths.receiver = my_identity;
1650 memcpy (&ths.ephemeral, ibuf, sizeof(struct GNUNET_CRYPTO_EcdhePublicKey));
1651 ths.monotonic_time = tc->monotonic_time;
1652 /* FIXME: check monotonic time against previous mono times
1653 from this sender! */
1654 return GNUNET_CRYPTO_eddsa_verify (
1655 GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE,
1658 &tc->sender.public_key);
1663 * Closes socket and frees memory associated with @a pq.
1665 * @param pq proto queue to free
1668 free_proto_queue (struct ProtoQueue *pq)
1670 GNUNET_NETWORK_socket_close (pq->sock);
1671 GNUNET_free (pq->address);
1672 GNUNET_CONTAINER_DLL_remove (proto_head, proto_tail, pq);
1678 * Read from the socket of the proto queue until we have enough data
1679 * to upgrade to full queue.
1681 * @param cls a `struct ProtoQueue`
1684 proto_read_kx (void *cls)
1686 struct ProtoQueue *pq = cls;
1688 struct GNUNET_TIME_Relative left;
1689 struct Queue *queue;
1690 struct TCPConfirmation tc;
1692 pq->read_task = NULL;
1693 left = GNUNET_TIME_absolute_get_remaining (pq->timeout);
1694 if (0 == left.rel_value_us)
1696 free_proto_queue (pq);
1699 rcvd = GNUNET_NETWORK_socket_recv (pq->sock,
1700 &pq->ibuf[pq->ibuf_off],
1701 sizeof(pq->ibuf) - pq->ibuf_off);
1702 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1703 "Received %lu bytes for KX\n", rcvd);
1706 if ((EAGAIN != errno) && (EINTR != errno))
1708 GNUNET_log_strerror (GNUNET_ERROR_TYPE_DEBUG, "recv");
1709 free_proto_queue (pq);
1714 GNUNET_SCHEDULER_add_read_net (left, pq->sock, &proto_read_kx, pq);
1717 pq->ibuf_off += rcvd;
1718 if (pq->ibuf_off > sizeof(pq->ibuf))
1722 GNUNET_SCHEDULER_add_read_net (left, pq->sock, &proto_read_kx, pq);
1725 /* we got all the data, let's find out who we are talking to! */
1726 queue = GNUNET_new (struct Queue);
1727 setup_in_cipher ((const struct GNUNET_CRYPTO_EcdhePublicKey *) pq->ibuf,
1729 if (GNUNET_OK != decrypt_and_check_tc (queue, &tc, pq->ibuf))
1731 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1732 "Invalid TCP KX received from %s\n",
1733 GNUNET_a2s (queue->address, queue->address_len));
1734 gcry_cipher_close (queue->in_cipher);
1735 GNUNET_free (queue);
1736 free_proto_queue (pq);
1739 queue->address = pq->address; /* steals reference */
1740 queue->address_len = pq->address_len;
1741 queue->target = tc.sender;
1742 queue->sock = pq->sock;
1743 start_initial_kx_out (queue);
1744 boot_queue (queue, GNUNET_TRANSPORT_CS_INBOUND);
1746 GNUNET_SCHEDULER_add_read_net (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT,
1751 GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
1755 GNUNET_CONTAINER_DLL_remove (proto_head, proto_tail, pq);
1761 * We have been notified that our listen socket has something to
1762 * read. Do the read and reschedule this function to be called again
1763 * once more is available.
1768 listen_cb (void *cls)
1770 struct sockaddr_storage in;
1772 struct GNUNET_NETWORK_Handle *sock;
1773 struct ProtoQueue *pq;
1776 GNUNET_assert (NULL != listen_sock);
1777 addrlen = sizeof(in);
1778 memset (&in, 0, sizeof(in));
1779 sock = GNUNET_NETWORK_socket_accept (listen_sock,
1780 (struct sockaddr*) &in,
1782 if ((NULL == sock) && ((EMFILE == errno) || (ENFILE == errno)))
1783 return; /* system limit reached, wait until connection goes down */
1784 listen_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
1788 if ((NULL == sock) && ((EAGAIN == errno) || (ENOBUFS == errno)))
1792 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "accept");
1795 pq = GNUNET_new (struct ProtoQueue);
1796 pq->address_len = addrlen;
1797 pq->address = GNUNET_memdup (&in, addrlen);
1798 pq->timeout = GNUNET_TIME_relative_to_absolute (PROTO_QUEUE_TIMEOUT);
1800 pq->read_task = GNUNET_SCHEDULER_add_read_net (PROTO_QUEUE_TIMEOUT,
1804 GNUNET_CONTAINER_DLL_insert (proto_head, proto_tail, pq);
1809 * Read from the socket of the queue until we have enough data
1810 * to initialize the decryption logic and can switch to regular
1813 * @param cls a `struct Queue`
1816 queue_read_kx (void *cls)
1818 struct Queue *queue = cls;
1820 struct GNUNET_TIME_Relative left;
1821 struct TCPConfirmation tc;
1823 queue->read_task = NULL;
1824 left = GNUNET_TIME_absolute_get_remaining (queue->timeout);
1825 if (0 == left.rel_value_us)
1827 queue_destroy (queue);
1830 rcvd = GNUNET_NETWORK_socket_recv (queue->sock,
1831 &queue->cread_buf[queue->cread_off],
1832 BUF_SIZE - queue->cread_off);
1833 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received %lu bytes for KX\n", rcvd);
1836 if ((EAGAIN != errno) && (EINTR != errno))
1838 GNUNET_log_strerror (GNUNET_ERROR_TYPE_DEBUG, "recv");
1839 queue_destroy (queue);
1843 GNUNET_SCHEDULER_add_read_net (left, queue->sock, &queue_read_kx, queue);
1846 queue->cread_off += rcvd;
1847 if (queue->cread_off < INITIAL_KX_SIZE)
1851 GNUNET_SCHEDULER_add_read_net (left, queue->sock, &queue_read_kx, queue);
1854 /* we got all the data, let's find out who we are talking to! */
1855 setup_in_cipher ((const struct GNUNET_CRYPTO_EcdhePublicKey *)
1858 if (GNUNET_OK != decrypt_and_check_tc (queue, &tc, queue->cread_buf))
1860 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1861 "Invalid TCP KX received from %s\n",
1862 GNUNET_a2s (queue->address, queue->address_len));
1863 queue_destroy (queue);
1867 memcmp (&tc.sender, &queue->target, sizeof(struct GNUNET_PeerIdentity)))
1869 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1870 "Invalid sender in TCP KX received from %s\n",
1871 GNUNET_a2s (queue->address, queue->address_len));
1872 queue_destroy (queue);
1876 /* update queue timeout */
1877 reschedule_queue_timeout (queue);
1878 /* prepare to continue with regular read task immediately */
1879 memmove (queue->cread_buf,
1880 &queue->cread_buf[INITIAL_KX_SIZE],
1881 queue->cread_off - (INITIAL_KX_SIZE));
1882 queue->cread_off -= INITIAL_KX_SIZE;
1883 if (0 < queue->cread_off)
1884 queue->read_task = GNUNET_SCHEDULER_add_now (&queue_read, queue);
1889 * Function called by the transport service to initialize a
1890 * message queue given address information about another peer.
1891 * If and when the communication channel is established, the
1892 * communicator must call #GNUNET_TRANSPORT_communicator_mq_add()
1893 * to notify the service that the channel is now up. It is
1894 * the responsibility of the communicator to manage sane
1895 * retries and timeouts for any @a peer/@a address combination
1896 * provided by the transport service. Timeouts and retries
1897 * do not need to be signalled to the transport service.
1899 * @param cls closure
1900 * @param peer identity of the other peer
1901 * @param address where to send the message, human-readable
1902 * communicator-specific format, 0-terminated, UTF-8
1903 * @return #GNUNET_OK on success, #GNUNET_SYSERR if the provided address is
1907 mq_init (void *cls, const struct GNUNET_PeerIdentity *peer, const char *address)
1909 struct Queue *queue;
1911 struct sockaddr *in;
1913 struct GNUNET_NETWORK_Handle *sock;
1915 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1916 "Connecting to %s\n", address);
1917 if (0 != strncmp (address,
1918 COMMUNICATOR_ADDRESS_PREFIX "-",
1919 strlen (COMMUNICATOR_ADDRESS_PREFIX "-")))
1921 GNUNET_break_op (0);
1922 return GNUNET_SYSERR;
1924 path = &address[strlen (COMMUNICATOR_ADDRESS_PREFIX "-")];
1925 in = tcp_address_to_sockaddr (path, &in_len);
1927 sock = GNUNET_NETWORK_socket_create (in->sa_family, SOCK_STREAM, IPPROTO_TCP);
1930 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1931 "socket(%d) failed: %s",
1935 return GNUNET_SYSERR;
1937 if ((GNUNET_OK != GNUNET_NETWORK_socket_connect (sock, in, in_len)) &&
1938 (errno != EINPROGRESS))
1940 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1941 "connect to `%s' failed: %s",
1944 GNUNET_NETWORK_socket_close (sock);
1946 return GNUNET_SYSERR;
1949 queue = GNUNET_new (struct Queue);
1950 queue->target = *peer;
1951 queue->address = in;
1952 queue->address_len = in_len;
1954 boot_queue (queue, GNUNET_TRANSPORT_CS_OUTBOUND);
1955 // queue->mq_awaits_continue = GNUNET_YES;
1957 GNUNET_SCHEDULER_add_read_net (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT,
1961 start_initial_kx_out (queue);
1963 GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
1972 * Iterator over all message queues to clean up.
1975 * @param target unused
1976 * @param value the queue to destroy
1977 * @return #GNUNET_OK to continue to iterate
1980 get_queue_delete_it (void *cls,
1981 const struct GNUNET_PeerIdentity *target,
1984 struct Queue *queue = value;
1988 queue_destroy (queue);
1994 * Shutdown the UNIX communicator.
1996 * @param cls NULL (always)
1999 do_shutdown (void *cls)
2001 while (NULL != proto_head)
2002 free_proto_queue (proto_head);
2005 GNUNET_NAT_unregister (nat);
2008 if (NULL != listen_task)
2010 GNUNET_SCHEDULER_cancel (listen_task);
2013 if (NULL != listen_sock)
2015 GNUNET_break (GNUNET_OK == GNUNET_NETWORK_socket_close (listen_sock));
2018 GNUNET_CONTAINER_multipeermap_iterate (queue_map, &get_queue_delete_it, NULL);
2019 GNUNET_CONTAINER_multipeermap_destroy (queue_map);
2022 GNUNET_TRANSPORT_communicator_disconnect (ch);
2027 GNUNET_STATISTICS_destroy (stats, GNUNET_NO);
2030 if (NULL != my_private_key)
2032 GNUNET_free (my_private_key);
2033 my_private_key = NULL;
2037 GNUNET_NT_scanner_done (is);
2044 * Function called when the transport service has received an
2045 * acknowledgement for this communicator (!) via a different return
2048 * Not applicable for TCP.
2050 * @param cls closure
2051 * @param sender which peer sent the notification
2052 * @param msg payload
2055 enc_notify_cb (void *cls,
2056 const struct GNUNET_PeerIdentity *sender,
2057 const struct GNUNET_MessageHeader *msg)
2062 GNUNET_break_op (0);
2067 * Signature of the callback passed to #GNUNET_NAT_register() for
2068 * a function to call whenever our set of 'valid' addresses changes.
2070 * @param cls closure
2071 * @param app_ctx[in,out] location where the app can store stuff
2072 * on add and retrieve it on remove
2073 * @param add_remove #GNUNET_YES to add a new public IP address,
2074 * #GNUNET_NO to remove a previous (now invalid) one
2075 * @param ac address class the address belongs to
2076 * @param addr either the previous or the new public IP address
2077 * @param addrlen actual length of the @a addr
2080 nat_address_cb (void *cls,
2083 enum GNUNET_NAT_AddressClass ac,
2084 const struct sockaddr *addr,
2088 struct GNUNET_TRANSPORT_AddressIdentifier *ai;
2090 if (GNUNET_YES == add_remove)
2092 enum GNUNET_NetworkType nt;
2094 GNUNET_asprintf (&my_addr,
2096 COMMUNICATOR_ADDRESS_PREFIX,
2097 GNUNET_a2s (addr, addrlen));
2098 nt = GNUNET_NT_scanner_get_type (is, addr, addrlen);
2100 GNUNET_TRANSPORT_communicator_address_add (ch,
2103 GNUNET_TIME_UNIT_FOREVER_REL);
2104 GNUNET_free (my_addr);
2110 GNUNET_TRANSPORT_communicator_address_remove (ai);
2117 * Setup communicator and launch network interactions.
2119 * @param cls NULL (always)
2120 * @param args remaining command-line arguments
2121 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
2122 * @param c configuration
2127 const char *cfgfile,
2128 const struct GNUNET_CONFIGURATION_Handle *c)
2131 struct sockaddr *in;
2133 struct sockaddr_storage in_sto;
2139 GNUNET_CONFIGURATION_get_value_string (cfg,
2140 COMMUNICATOR_CONFIG_SECTION,
2144 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
2145 COMMUNICATOR_CONFIG_SECTION,
2150 GNUNET_CONFIGURATION_get_value_number (cfg,
2151 COMMUNICATOR_CONFIG_SECTION,
2154 max_queue_length = DEFAULT_MAX_QUEUE_LENGTH;
2156 GNUNET_CONFIGURATION_get_value_time (cfg,
2157 COMMUNICATOR_CONFIG_SECTION,
2160 rekey_interval = DEFAULT_REKEY_INTERVAL;
2162 in = tcp_address_to_sockaddr (bindto, &in_len);
2165 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2166 "Failed to setup TCP socket address with path `%s'\n",
2168 GNUNET_free (bindto);
2172 GNUNET_NETWORK_socket_create (in->sa_family, SOCK_STREAM, IPPROTO_TCP);
2173 if (NULL == listen_sock)
2175 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "socket");
2177 GNUNET_free (bindto);
2180 if (GNUNET_OK != GNUNET_NETWORK_socket_bind (listen_sock, in, in_len))
2182 GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "bind", bindto);
2183 GNUNET_NETWORK_socket_close (listen_sock);
2186 GNUNET_free (bindto);
2190 GNUNET_NETWORK_socket_listen (listen_sock,
2193 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
2195 GNUNET_NETWORK_socket_close (listen_sock);
2198 GNUNET_free (bindto);
2200 /* We might have bound to port 0, allowing the OS to figure it out;
2201 thus, get the real IN-address from the socket */
2202 sto_len = sizeof(in_sto);
2203 if (0 != getsockname (GNUNET_NETWORK_get_fd (listen_sock),
2204 (struct sockaddr *) &in_sto,
2207 memcpy (&in_sto, in, in_len);
2211 GNUNET_free (bindto);
2212 in = (struct sockaddr *) &in_sto;
2214 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2216 GNUNET_a2s ((const struct sockaddr *) &in_sto, sto_len));
2217 stats = GNUNET_STATISTICS_create ("C-TCP", cfg);
2218 GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL);
2219 is = GNUNET_NT_scanner_init ();
2220 my_private_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg);
2221 if (NULL == my_private_key)
2224 GNUNET_ERROR_TYPE_ERROR,
2226 "Transport service is lacking key configuration settings. Exiting.\n"));
2227 GNUNET_SCHEDULER_shutdown ();
2230 GNUNET_CRYPTO_eddsa_key_get_public (my_private_key, &my_identity.public_key);
2231 /* start listening */
2232 listen_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
2236 queue_map = GNUNET_CONTAINER_multipeermap_create (10, GNUNET_NO);
2237 ch = GNUNET_TRANSPORT_communicator_connect (cfg,
2238 COMMUNICATOR_CONFIG_SECTION,
2239 COMMUNICATOR_ADDRESS_PREFIX,
2240 GNUNET_TRANSPORT_CC_RELIABLE,
2248 GNUNET_SCHEDULER_shutdown ();
2251 nat = GNUNET_NAT_register (cfg,
2252 COMMUNICATOR_CONFIG_SECTION,
2254 1 /* one address */,
2255 (const struct sockaddr **) &in,
2258 NULL /* FIXME: support reversal: #5529 */,
2259 NULL /* closure */);
2264 * The main function for the UNIX communicator.
2266 * @param argc number of arguments from the command line
2267 * @param argv command line arguments
2268 * @return 0 ok, 1 on error
2271 main (int argc, char *const *argv)
2273 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
2274 GNUNET_GETOPT_OPTION_END
2278 if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv))
2281 ret = (GNUNET_OK == GNUNET_PROGRAM_run (argc,
2283 "gnunet-communicator-tcp",
2284 _ ("GNUnet TCP communicator"),
2290 GNUNET_free ((void *) argv);
2295 /* end of gnunet-communicator-tcp.c */