2 This file is part of GNUnet
3 Copyright (C) 2010-2014, 2018, 2019 GNUnet e.V.
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 SPDX-License-Identifier: AGPL3.0-or-later
22 * @file transport/gnunet-communicator-tcp.c
23 * @brief Transport plugin using TCP.
24 * @author Christian Grothoff
27 * - support DNS names in BINDTO option (#5528)
28 * - support NAT connection reversal method (#5529)
29 * - support other TCP-specific NAT traversal methods (#5531)
30 * - add replay protection support to the protocol by
31 * adding a nonce in the KX and requiring (!) a
32 * nounce ACK to be send within the first X bytes of
36 #include "gnunet_util_lib.h"
37 #include "gnunet_protocols.h"
38 #include "gnunet_signatures.h"
39 #include "gnunet_constants.h"
40 #include "gnunet_nt_lib.h"
41 #include "gnunet_nat_service.h"
42 #include "gnunet_statistics_service.h"
43 #include "gnunet_transport_communication_service.h"
46 * How long do we believe our addresses to remain up (before
47 * the other peer should revalidate).
49 #define ADDRESS_VALIDITY_PERIOD \
50 GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4)
53 * How many messages do we keep at most in the queue to the
54 * transport service before we start to drop (default,
55 * can be changed via the configuration file).
56 * Should be _below_ the level of the communicator API, as
57 * otherwise we may read messages just to have them dropped
58 * by the communicator API.
60 #define DEFAULT_MAX_QUEUE_LENGTH 8
63 * Size of our IO buffers for ciphertext data. Must be at
64 * least UINT_MAX + sizeof (struct TCPBox).
66 #define BUF_SIZE (2 * 64 * 1024 + sizeof (struct TCPBox))
69 * How often do we rekey based on time (at least)
71 #define REKEY_TIME_INTERVAL GNUNET_TIME_UNIT_DAYS
74 * How long do we wait until we must have received the initial KX?
76 #define PROTO_QUEUE_TIMEOUT GNUNET_TIME_UNIT_MINUTES
79 * How often do we rekey based on number of bytes transmitted?
80 * (additionally randomized).
82 #define REKEY_MAX_BYTES (1024LLU * 1024 * 1024 * 4LLU)
85 * Size of the initial key exchange message sent first in both
88 #define INITIAL_KX_SIZE \
89 (sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + \
90 sizeof (struct TCPConfirmation))
94 * Address prefix used by the communicator.
96 #define COMMUNICATOR_ADDRESS_PREFIX "tcp"
99 * Configuration section used by the communicator.
101 #define COMMUNICATOR_CONFIG_SECTION "communicator-tcp"
103 GNUNET_NETWORK_STRUCT_BEGIN
107 * Signature we use to verify that the ephemeral key was really chosen by
108 * the specified sender.
110 struct TcpHandshakeSignature
113 * Purpose must be #GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE
115 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
118 * Identity of the inititor of the TCP connection (TCP client).
120 struct GNUNET_PeerIdentity sender;
123 * Presumed identity of the target of the TCP connection (TCP server)
125 struct GNUNET_PeerIdentity receiver;
128 * Ephemeral key used by the @e sender.
130 struct GNUNET_CRYPTO_EcdhePublicKey ephemeral;
133 * Monotonic time of @e sender, to possibly help detect replay attacks
134 * (if receiver persists times by sender).
136 struct GNUNET_TIME_AbsoluteNBO monotonic_time;
141 * Encrypted continuation of TCP initial handshake.
143 struct TCPConfirmation
148 struct GNUNET_PeerIdentity sender;
151 * Sender's signature of type #GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE
153 struct GNUNET_CRYPTO_EddsaSignature sender_sig;
156 * Monotonic time of @e sender, to possibly help detect replay attacks
157 * (if receiver persists times by sender).
159 struct GNUNET_TIME_AbsoluteNBO monotonic_time;
164 * TCP message box. Always sent encrypted!
170 * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_BOX. Warning: the
171 * header size EXCLUDES the size of the `struct TCPBox`. We usually
172 * never do this, but here the payload may truly be 64k *after* the
173 * TCPBox (as we have no MTU)!!
175 struct GNUNET_MessageHeader header;
178 * HMAC for the following encrypted message. Yes, we MUST use
179 * mac-then-encrypt here, as we want to hide the message sizes on
180 * the wire (zero plaintext design!). Using CTR mode, padding oracle
181 * attacks do not apply. Besides, due to the use of ephemeral keys
182 * (hopefully with effective replay protection from monotonic time!)
183 * the attacker is limited in using the oracle.
185 struct GNUNET_ShortHashCode hmac;
187 /* followed by as may bytes of payload as indicated in @e header,
188 excluding the TCPBox itself! */
193 * TCP rekey message box. Always sent encrypted! Data after
194 * this message will use the new key.
200 * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY.
202 struct GNUNET_MessageHeader header;
205 * HMAC for the following encrypted message. Yes, we MUST use
206 * mac-then-encrypt here, as we want to hide the message sizes on
207 * the wire (zero plaintext design!). Using CTR mode padding oracle
208 * attacks do not apply. Besides, due to the use of ephemeral keys
209 * (hopefully with effective replay protection from monotonic time!)
210 * the attacker is limited in using the oracle.
212 struct GNUNET_ShortHashCode hmac;
217 struct GNUNET_CRYPTO_EcdhePublicKey ephemeral;
220 * Sender's signature of type #GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY
222 struct GNUNET_CRYPTO_EddsaSignature sender_sig;
225 * Monotonic time of @e sender, to possibly help detect replay attacks
226 * (if receiver persists times by sender).
228 struct GNUNET_TIME_AbsoluteNBO monotonic_time;
233 * TCP finish. Sender asks for the connection to be closed.
234 * Needed/useful in case we drop RST/FIN packets on the GNUnet
235 * port due to the possibility of malicious RST/FIN injection.
241 * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH.
243 struct GNUNET_MessageHeader header;
246 * HMAC for the following encrypted message. Yes, we MUST use
247 * mac-then-encrypt here, as we want to hide the message sizes on
248 * the wire (zero plaintext design!). Using CTR mode padding oracle
249 * attacks do not apply. Besides, due to the use of ephemeral keys
250 * (hopefully with effective replay protection from monotonic time!)
251 * the attacker is limited in using the oracle.
253 struct GNUNET_ShortHashCode hmac;
257 GNUNET_NETWORK_STRUCT_END
261 * Handle for a queue.
267 * To whom are we talking to.
269 struct GNUNET_PeerIdentity target;
272 * socket that we transmit all data with on this queue
274 struct GNUNET_NETWORK_Handle *sock;
277 * cipher for decryption of incoming data.
279 gcry_cipher_hd_t in_cipher;
282 * cipher for encryption of outgoing data.
284 gcry_cipher_hd_t out_cipher;
287 * Shared secret for HMAC verification on incoming data.
289 struct GNUNET_HashCode in_hmac;
292 * Shared secret for HMAC generation on outgoing data, ratcheted after
295 struct GNUNET_HashCode out_hmac;
298 * Our ephemeral key. Stored here temporarily during rekeying / key
301 struct GNUNET_CRYPTO_EcdhePrivateKey ephemeral;
304 * ID of read task for this connection.
306 struct GNUNET_SCHEDULER_Task *read_task;
309 * ID of write task for this connection.
311 struct GNUNET_SCHEDULER_Task *write_task;
314 * Address of the other peer.
316 struct sockaddr *address;
319 * How many more bytes may we sent with the current @e out_cipher
320 * before we should rekey?
322 uint64_t rekey_left_bytes;
325 * Until what time may we sent with the current @e out_cipher
326 * before we should rekey?
328 struct GNUNET_TIME_Absolute rekey_time;
331 * Length of the address.
333 socklen_t address_len;
336 * Message queue we are providing for the #ch.
338 struct GNUNET_MQ_Handle *mq;
341 * handle for this queue with the #ch.
343 struct GNUNET_TRANSPORT_QueueHandle *qh;
346 * Number of bytes we currently have in our write queue.
348 unsigned long long bytes_in_queue;
351 * Buffer for reading ciphertext from network into.
353 char cread_buf[BUF_SIZE];
356 * buffer for writing ciphertext to network.
358 char cwrite_buf[BUF_SIZE];
361 * Plaintext buffer for decrypted plaintext.
363 char pread_buf[UINT16_MAX + 1 + sizeof (struct TCPBox)];
366 * Plaintext buffer for messages to be encrypted.
368 char pwrite_buf[UINT16_MAX + 1 + sizeof (struct TCPBox)];
371 * At which offset in the ciphertext read buffer should we
372 * append more ciphertext for transmission next?
377 * At which offset in the ciphertext write buffer should we
378 * append more ciphertext from reading next?
383 * At which offset in the plaintext input buffer should we
384 * append more plaintext from decryption next?
389 * At which offset in the plaintext output buffer should we
390 * append more plaintext for encryption next?
395 * Timeout for this queue.
397 struct GNUNET_TIME_Absolute timeout;
400 * How may messages did we pass from this queue to CORE for which we
401 * have yet to receive an acknoweldgement that CORE is done with
402 * them? If "large" (or even just non-zero), we should throttle
403 * reading to provide flow control. See also #DEFAULT_MAX_QUEUE_LENGTH
404 * and #max_queue_length.
406 unsigned int backpressure;
409 * Which network type does this queue use?
411 enum GNUNET_NetworkType nt;
414 * Is MQ awaiting a #GNUNET_MQ_impl_send_continue() call?
416 int mq_awaits_continue;
419 * Did we enqueue a finish message and are closing down the queue?
424 * Did we technically destroy this queue, but kept the allocation
425 * around because of @e backpressure not being zero yet? Used
426 * simply to delay the final #GNUNET_free() operation until
427 * #core_read_finished_cb() has been called.
432 * #GNUNET_YES if we just rekeyed and must thus possibly
433 * re-decrypt ciphertext.
440 * Handle for an incoming connection where we do not yet have enough
441 * information to setup a full queue.
449 struct ProtoQueue *next;
454 struct ProtoQueue *prev;
457 * socket that we transmit all data with on this queue
459 struct GNUNET_NETWORK_Handle *sock;
462 * ID of read task for this connection.
464 struct GNUNET_SCHEDULER_Task *read_task;
467 * Address of the other peer.
469 struct sockaddr *address;
472 * Length of the address.
474 socklen_t address_len;
477 * Timeout for this protoqueue.
479 struct GNUNET_TIME_Absolute timeout;
482 * Buffer for reading all the information we need to upgrade from
483 * protoqueue to queue.
485 char ibuf[INITIAL_KX_SIZE];
488 * Current offset for reading into @e ibuf.
497 static struct GNUNET_SCHEDULER_Task *listen_task;
500 * Maximum queue length before we stop reading towards the transport service.
502 static unsigned long long max_queue_length;
505 * For logging statistics.
507 static struct GNUNET_STATISTICS_Handle *stats;
512 static struct GNUNET_TRANSPORT_CommunicatorHandle *ch;
515 * Queues (map from peer identity to `struct Queue`)
517 static struct GNUNET_CONTAINER_MultiPeerMap *queue_map;
522 static struct GNUNET_NETWORK_Handle *listen_sock;
527 static struct GNUNET_PeerIdentity my_identity;
532 static struct GNUNET_CRYPTO_EddsaPrivateKey *my_private_key;
537 static const struct GNUNET_CONFIGURATION_Handle *cfg;
540 * Network scanner to determine network types.
542 static struct GNUNET_NT_InterfaceScanner *is;
545 * Connection to NAT service.
547 static struct GNUNET_NAT_Handle *nat;
550 * Protoqueues DLL head.
552 static struct ProtoQueue *proto_head;
555 * Protoqueues DLL tail.
557 static struct ProtoQueue *proto_tail;
561 * We have been notified that our listen socket has something to
562 * read. Do the read and reschedule this function to be called again
563 * once more is available.
568 listen_cb (void *cls);
572 * Functions with this signature are called whenever we need
573 * to close a queue due to a disconnect or failure to
574 * establish a connection.
576 * @param queue queue to close down
579 queue_destroy (struct Queue *queue)
581 struct GNUNET_MQ_Handle *mq;
583 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
584 "Disconnecting queue for peer `%s'\n",
585 GNUNET_i2s (&queue->target));
586 if (NULL != (mq = queue->mq))
589 GNUNET_MQ_destroy (mq);
591 if (NULL != queue->qh)
593 GNUNET_TRANSPORT_communicator_mq_del (queue->qh);
598 GNUNET_CONTAINER_multipeermap_remove (queue_map, &queue->target, queue));
599 GNUNET_STATISTICS_set (stats,
601 GNUNET_CONTAINER_multipeermap_size (queue_map),
603 if (NULL != queue->read_task)
605 GNUNET_SCHEDULER_cancel (queue->read_task);
606 queue->read_task = NULL;
608 if (NULL != queue->write_task)
610 GNUNET_SCHEDULER_cancel (queue->write_task);
611 queue->write_task = NULL;
613 GNUNET_NETWORK_socket_close (queue->sock);
614 gcry_cipher_close (queue->in_cipher);
615 gcry_cipher_close (queue->out_cipher);
616 GNUNET_free (queue->address);
617 if (0 != queue->backpressure)
618 queue->destroyed = GNUNET_YES;
621 if (NULL == listen_task)
622 listen_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
630 * Compute @a mac over @a buf, and ratched the @a hmac_secret.
632 * @param[in,out] hmac_secret secret for HMAC calculation
633 * @param buf buffer to MAC
634 * @param buf_size number of bytes in @a buf
635 * @param smac[out] where to write the HMAC
638 calculate_hmac (struct GNUNET_HashCode *hmac_secret,
641 struct GNUNET_ShortHashCode *smac)
643 struct GNUNET_HashCode mac;
645 GNUNET_CRYPTO_hmac_raw (hmac_secret,
646 sizeof (struct GNUNET_HashCode),
650 /* truncate to `struct GNUNET_ShortHashCode` */
651 memcpy (smac, &mac, sizeof (struct GNUNET_ShortHashCode));
652 /* ratchet hmac key */
653 GNUNET_CRYPTO_hash (hmac_secret,
654 sizeof (struct GNUNET_HashCode),
660 * Append a 'finish' message to the outgoing transmission. Once the
661 * finish has been transmitted, destroy the queue.
663 * @param queue queue to shut down nicely
666 queue_finish (struct Queue *queue)
668 struct TCPFinish fin;
670 memset (&fin, 0, sizeof (fin));
671 fin.header.size = htons (sizeof (fin));
672 fin.header.type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH);
673 calculate_hmac (&queue->out_hmac, &fin, sizeof (fin), &fin.hmac);
674 /* if there is any message left in pwrite_buf, we
675 overwrite it (possibly dropping the last message
676 from CORE hard here) */
677 memcpy (queue->pwrite_buf, &fin, sizeof (fin));
678 queue->pwrite_off = sizeof (fin);
679 /* This flag will ensure that #queue_write() no longer
680 notifies CORE about the possibility of sending
681 more data, and that #queue_write() will call
682 #queue_destroy() once the @c fin was fully written. */
683 queue->finishing = GNUNET_YES;
688 * Increment queue timeout due to activity. We do not immediately
689 * notify the monitor here as that might generate excessive
692 * @param queue queue for which the timeout should be rescheduled
695 reschedule_queue_timeout (struct Queue *queue)
698 GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
703 * Queue read task. If we hit the timeout, disconnect it
705 * @param cls the `struct Queue *` to disconnect
708 queue_read (void *cls);
712 * Core tells us it is done processing a message that transport
713 * received on a queue with status @a success.
715 * @param cls a `struct Queue *` where the message originally came from
716 * @param success #GNUNET_OK on success
719 core_read_finished_cb (void *cls, int success)
721 struct Queue *queue = cls;
723 if (GNUNET_OK != success)
724 GNUNET_STATISTICS_update (stats,
725 "# messages lost in communicator API towards CORE",
728 queue->backpressure--;
729 /* handle deferred queue destruction */
730 if ((queue->destroyed) && (0 == queue->backpressure))
735 reschedule_queue_timeout (queue);
736 /* possibly unchoke reading, now that CORE made progress */
737 if (NULL == queue->read_task)
739 GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_absolute_get_remaining (
748 * We received @a plaintext_len bytes of @a plaintext on @a queue.
749 * Pass it on to CORE. If transmission is actually happening,
750 * increase backpressure counter.
752 * @param queue the queue that received the plaintext
753 * @param plaintext the plaintext that was received
754 * @param plaintext_len number of bytes of plaintext received
757 pass_plaintext_to_core (struct Queue *queue,
758 const void *plaintext,
759 size_t plaintext_len)
761 const struct GNUNET_MessageHeader *hdr = plaintext;
764 if (ntohs (hdr->size) != plaintext_len)
766 /* NOTE: If we ever allow multiple CORE messages in one
767 BOX, this will have to change! */
771 ret = GNUNET_TRANSPORT_communicator_receive (ch,
774 ADDRESS_VALIDITY_PERIOD,
775 &core_read_finished_cb,
777 if (GNUNET_OK == ret)
778 queue->backpressure++;
779 GNUNET_break (GNUNET_NO != ret); /* backpressure not working!? */
780 if (GNUNET_SYSERR == ret)
781 GNUNET_STATISTICS_update (stats,
782 "# bytes lost due to CORE not running",
789 * Setup @a cipher based on shared secret @a dh and decrypting
792 * @param dh shared secret
793 * @param pid decrypting peer's identity
794 * @param cipher[out] cipher to initialize
795 * @param hmac_key[out] HMAC key to initialize
798 setup_cipher (const struct GNUNET_HashCode *dh,
799 const struct GNUNET_PeerIdentity *pid,
800 gcry_cipher_hd_t *cipher,
801 struct GNUNET_HashCode *hmac_key)
806 gcry_cipher_open (cipher,
807 GCRY_CIPHER_AES256 /* low level: go for speed */,
808 GCRY_CIPHER_MODE_CTR,
810 GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_kdf (key,
820 gcry_cipher_setkey (*cipher, key, sizeof (key));
821 GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_kdf (ctr,
831 gcry_cipher_setctr (*cipher, ctr, sizeof (ctr));
832 GNUNET_assert (GNUNET_YES ==
833 GNUNET_CRYPTO_kdf (hmac_key,
834 sizeof (struct GNUNET_HashCode),
847 * Setup cipher of @a queue for decryption.
849 * @param ephemeral ephemeral key we received from the other peer
850 * @param queue[in,out] queue to initialize decryption cipher for
853 setup_in_cipher (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
856 struct GNUNET_HashCode dh;
858 GNUNET_CRYPTO_eddsa_ecdh (my_private_key, ephemeral, &dh);
859 setup_cipher (&dh, &my_identity, &queue->in_cipher, &queue->in_hmac);
864 * Handle @a rekey message on @a queue. The message was already
865 * HMAC'ed, but we should additionally still check the signature.
866 * Then we need to stop the old cipher and start afresh.
868 * @param queue the queue @a rekey was received on
869 * @param rekey the rekey message
872 do_rekey (struct Queue *queue, const struct TCPRekey *rekey)
874 struct TcpHandshakeSignature thp;
876 thp.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY);
877 thp.purpose.size = htonl (sizeof (thp));
878 thp.sender = queue->target;
879 thp.receiver = my_identity;
880 thp.ephemeral = rekey->ephemeral;
881 thp.monotonic_time = rekey->monotonic_time;
882 /* FIXME: check monotonic time is monotonic... */
884 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY,
887 &queue->target.public_key))
890 queue_finish (queue);
893 gcry_cipher_close (queue->in_cipher);
894 queue->rekeyed = GNUNET_YES;
895 setup_in_cipher (&rekey->ephemeral, queue);
900 * Test if we have received a full message in plaintext.
903 * @param queue queue to process inbound plaintext for
904 * @return number of bytes of plaintext handled, 0 for none
907 try_handle_plaintext (struct Queue *queue)
909 const struct GNUNET_MessageHeader *hdr =
910 (const struct GNUNET_MessageHeader *) queue->pread_buf;
911 const struct TCPBox *box = (const struct TCPBox *) queue->pread_buf;
912 const struct TCPRekey *rekey = (const struct TCPRekey *) queue->pread_buf;
913 const struct TCPFinish *fin = (const struct TCPFinish *) queue->pread_buf;
914 struct TCPRekey rekeyz;
915 struct TCPFinish finz;
916 struct GNUNET_ShortHashCode tmac;
918 size_t size = 0; /* make compiler happy */
920 if (sizeof (*hdr) > queue->pread_off)
921 return 0; /* not even a header */
922 type = ntohs (hdr->type);
925 case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_BOX:
926 /* Special case: header size excludes box itself! */
927 if (ntohs (hdr->size) + sizeof (struct TCPBox) > queue->pread_off)
929 calculate_hmac (&queue->in_hmac, &box[1], ntohs (hdr->size), &tmac);
930 if (0 != memcmp (&tmac, &box->hmac, sizeof (tmac)))
933 queue_finish (queue);
936 pass_plaintext_to_core (queue, (const void *) &box[1], ntohs (hdr->size));
937 size = ntohs (hdr->size) + sizeof (*box);
939 case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY:
940 if (sizeof (*rekey) > queue->pread_off)
942 if (ntohs (hdr->size) != sizeof (*rekey))
945 queue_finish (queue);
949 memset (&rekeyz.hmac, 0, sizeof (rekeyz.hmac));
950 calculate_hmac (&queue->in_hmac, &rekeyz, sizeof (rekeyz), &tmac);
951 if (0 != memcmp (&tmac, &box->hmac, sizeof (tmac)))
954 queue_finish (queue);
957 do_rekey (queue, rekey);
958 size = ntohs (hdr->size);
960 case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH:
961 if (sizeof (*fin) > queue->pread_off)
963 if (ntohs (hdr->size) != sizeof (*fin))
966 queue_finish (queue);
970 memset (&finz.hmac, 0, sizeof (finz.hmac));
971 calculate_hmac (&queue->in_hmac, &rekeyz, sizeof (rekeyz), &tmac);
972 if (0 != memcmp (&tmac, &fin->hmac, sizeof (tmac)))
975 queue_finish (queue);
978 /* handle FINISH by destroying queue */
979 queue_destroy (queue);
983 queue_finish (queue);
986 GNUNET_assert (0 != size);
992 * Queue read task. If we hit the timeout, disconnect it
994 * @param cls the `struct Queue *` to disconnect
997 queue_read (void *cls)
999 struct Queue *queue = cls;
1000 struct GNUNET_TIME_Relative left;
1003 queue->read_task = NULL;
1004 rcvd = GNUNET_NETWORK_socket_recv (queue->sock,
1005 &queue->cread_buf[queue->cread_off],
1006 BUF_SIZE - queue->cread_off);
1009 if ((EAGAIN != errno) && (EINTR != errno))
1011 GNUNET_log_strerror (GNUNET_ERROR_TYPE_DEBUG, "recv");
1012 queue_finish (queue);
1017 GNUNET_SCHEDULER_add_read_net (left, queue->sock, &queue_read, queue);
1021 reschedule_queue_timeout (queue);
1022 queue->cread_off += rcvd;
1023 while ((queue->pread_off < sizeof (queue->pread_buf)) &&
1024 (queue->cread_off > 0))
1026 size_t max = GNUNET_MIN (sizeof (queue->pread_buf) - queue->pread_off,
1032 gcry_cipher_decrypt (queue->in_cipher,
1033 &queue->pread_buf[queue->pread_off],
1037 queue->pread_off += max;
1039 while ((GNUNET_NO == queue->rekeyed) &&
1040 (0 != (done = try_handle_plaintext (queue))))
1042 /* 'done' bytes of plaintext were used, shift buffer */
1043 GNUNET_assert (done <= queue->pread_off);
1044 /* NOTE: this memmove() could possibly sometimes be
1045 avoided if we pass 'total' into try_handle_plaintext()
1046 and use it at an offset into the buffer there! */
1047 memmove (queue->pread_buf,
1048 &queue->pread_buf[done],
1049 queue->pread_off - done);
1050 queue->pread_off -= done;
1053 /* when we encounter a rekey message, the decryption above uses the
1054 wrong key for everything after the rekey; in that case, we have
1055 to re-do the decryption at 'total' instead of at 'max'. If there
1056 is no rekey and the last message is incomplete (max > total),
1057 it is safe to keep the decryption so we shift by 'max' */
1058 if (GNUNET_YES == queue->rekeyed)
1061 queue->rekeyed = GNUNET_NO;
1063 memmove (queue->cread_buf, &queue->cread_buf[max], queue->cread_off - max);
1064 queue->cread_off -= max;
1067 if (BUF_SIZE == queue->cread_off)
1068 return; /* buffer full, suspend reading */
1069 left = GNUNET_TIME_absolute_get_remaining (queue->timeout);
1070 if (0 != left.rel_value_us)
1072 if (max_queue_length < queue->backpressure)
1074 /* continue reading */
1076 GNUNET_SCHEDULER_add_read_net (left, queue->sock, &queue_read, queue);
1080 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1081 "Queue %p was idle for %s, disconnecting\n",
1083 GNUNET_STRINGS_relative_time_to_string (
1084 GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT,
1086 queue_finish (queue);
1091 * Convert TCP bind specification to a `struct sockaddr *`
1093 * @param bindto bind specification to convert
1094 * @param[out] sock_len set to the length of the address
1095 * @return converted bindto specification
1097 static struct sockaddr *
1098 tcp_address_to_sockaddr (const char *bindto, socklen_t *sock_len)
1100 struct sockaddr *in;
1106 if (1 == SSCANF (bindto, "%u%1s", &port, dummy))
1108 /* interpreting value as just a PORT number */
1109 if (port > UINT16_MAX)
1111 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1112 "BINDTO specification `%s' invalid: value too large for port\n",
1116 if ((GNUNET_NO == GNUNET_NETWORK_test_pf (PF_INET6)) ||
1118 GNUNET_CONFIGURATION_get_value_yesno (cfg,
1119 COMMUNICATOR_CONFIG_SECTION,
1122 struct sockaddr_in *i4;
1124 i4 = GNUNET_malloc (sizeof (struct sockaddr_in));
1125 i4->sin_family = AF_INET;
1126 i4->sin_port = htons ((uint16_t) port);
1127 *sock_len = sizeof (struct sockaddr_in);
1128 in = (struct sockaddr *) i4;
1132 struct sockaddr_in6 *i6;
1134 i6 = GNUNET_malloc (sizeof (struct sockaddr_in6));
1135 i6->sin6_family = AF_INET6;
1136 i6->sin6_port = htons ((uint16_t) port);
1137 *sock_len = sizeof (struct sockaddr_in6);
1138 in = (struct sockaddr *) i6;
1142 cp = GNUNET_strdup (bindto);
1143 colon = strrchr (cp, ':');
1146 /* interpet value after colon as port */
1149 if (1 == SSCANF (colon, "%u%1s", &port, dummy))
1151 /* interpreting value as just a PORT number */
1152 if (port > UINT16_MAX)
1154 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1155 "BINDTO specification `%s' invalid: value too large for port\n",
1164 GNUNET_ERROR_TYPE_ERROR,
1165 "BINDTO specification `%s' invalid: last ':' not followed by number\n",
1173 /* interpret missing port as 0, aka pick any free one */
1178 struct sockaddr_in v4;
1180 if (1 == inet_pton (AF_INET, cp, &v4))
1182 v4.sin_port = htons ((uint16_t) port);
1183 in = GNUNET_memdup (&v4, sizeof (v4));
1184 *sock_len = sizeof (v4);
1191 struct sockaddr_in6 v6;
1195 if (('[' == *cp) && (']' == cp[strlen (cp) - 1]))
1197 start++; /* skip over '[' */
1198 cp[strlen (cp) - 1] = '\0'; /* eat ']' */
1200 if (1 == inet_pton (AF_INET6, start, &v6))
1202 v6.sin6_port = htons ((uint16_t) port);
1203 in = GNUNET_memdup (&v6, sizeof (v6));
1204 *sock_len = sizeof (v6);
1209 /* #5528 FIXME (feature!): maybe also try getnameinfo()? */
1216 * Setup cipher for outgoing data stream based on target and
1217 * our ephemeral private key.
1219 * @param queue queue to setup outgoing (encryption) cipher for
1222 setup_out_cipher (struct Queue *queue)
1224 struct GNUNET_HashCode dh;
1226 GNUNET_CRYPTO_ecdh_eddsa (&queue->ephemeral, &queue->target.public_key, &dh);
1227 /* we don't need the private key anymore, drop it! */
1228 memset (&queue->ephemeral, 0, sizeof (queue->ephemeral));
1229 setup_cipher (&dh, &queue->target, &queue->out_cipher, &queue->out_hmac);
1230 queue->rekey_time = GNUNET_TIME_relative_to_absolute (REKEY_TIME_INTERVAL);
1231 queue->rekey_left_bytes =
1232 GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK, REKEY_MAX_BYTES);
1237 * Inject a `struct TCPRekey` message into the queue's plaintext
1240 * @param queue queue to perform rekeying on
1243 inject_rekey (struct Queue *queue)
1245 struct TCPRekey rekey;
1246 struct TcpHandshakeSignature thp;
1248 GNUNET_assert (0 == queue->pwrite_off);
1249 memset (&rekey, 0, sizeof (rekey));
1250 GNUNET_assert (GNUNET_OK ==
1251 GNUNET_CRYPTO_ecdhe_key_create2 (&queue->ephemeral));
1252 rekey.header.type = ntohs (GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY);
1253 rekey.header.size = ntohs (sizeof (rekey));
1254 GNUNET_CRYPTO_ecdhe_key_get_public (&queue->ephemeral, &rekey.ephemeral);
1255 rekey.monotonic_time =
1256 GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg));
1257 thp.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY);
1258 thp.purpose.size = htonl (sizeof (thp));
1259 thp.sender = my_identity;
1260 thp.receiver = queue->target;
1261 thp.ephemeral = rekey.ephemeral;
1262 thp.monotonic_time = rekey.monotonic_time;
1263 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key,
1265 &rekey.sender_sig));
1266 calculate_hmac (&queue->out_hmac, &rekey, sizeof (rekey), &rekey.hmac);
1267 memcpy (queue->pwrite_buf, &rekey, sizeof (rekey));
1268 queue->pwrite_off = sizeof (rekey);
1273 * We have been notified that our socket is ready to write.
1274 * Then reschedule this function to be called again once more is available.
1276 * @param cls a `struct Queue`
1279 queue_write (void *cls)
1281 struct Queue *queue = cls;
1284 queue->write_task = NULL;
1285 if (0 != queue->cwrite_off)
1287 sent = GNUNET_NETWORK_socket_send (queue->sock,
1290 if ((-1 == sent) && (EAGAIN != errno) && (EINTR != errno))
1292 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "send");
1293 queue_destroy (queue);
1298 size_t usent = (size_t) sent;
1300 memmove (queue->cwrite_buf,
1301 &queue->cwrite_buf[usent],
1302 queue->cwrite_off - usent);
1303 reschedule_queue_timeout (queue);
1306 /* can we encrypt more? (always encrypt full messages, needed
1307 such that #mq_cancel() can work!) */
1308 if ((0 < queue->rekey_left_bytes) &&
1309 (queue->cwrite_off + queue->pwrite_off <= BUF_SIZE))
1312 gcry_cipher_encrypt (queue->out_cipher,
1313 &queue->cwrite_buf[queue->cwrite_off],
1316 queue->pwrite_off));
1317 if (queue->rekey_left_bytes > queue->pwrite_off)
1318 queue->rekey_left_bytes -= queue->pwrite_off;
1320 queue->rekey_left_bytes = 0;
1321 queue->cwrite_off += queue->pwrite_off;
1322 queue->pwrite_off = 0;
1324 if ((0 == queue->pwrite_off) &&
1325 ((0 == queue->rekey_left_bytes) ||
1327 GNUNET_TIME_absolute_get_remaining (queue->rekey_time).rel_value_us)))
1329 gcry_cipher_close (queue->out_cipher);
1330 setup_out_cipher (queue);
1331 inject_rekey (queue);
1333 if ((0 == queue->pwrite_off) && (! queue->finishing) &&
1334 (queue->mq_awaits_continue))
1336 queue->mq_awaits_continue = GNUNET_NO;
1337 GNUNET_MQ_impl_send_continue (queue->mq);
1339 /* did we just finish writing 'finish'? */
1340 if ((0 == queue->cwrite_off) && (GNUNET_YES == queue->finishing))
1342 queue_destroy (queue);
1345 /* do we care to write more? */
1346 if ((0 < queue->cwrite_off) || (0 < queue->pwrite_off))
1348 GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
1356 * Signature of functions implementing the sending functionality of a
1359 * @param mq the message queue
1360 * @param msg the message to send
1361 * @param impl_state our `struct Queue`
1364 mq_send (struct GNUNET_MQ_Handle *mq,
1365 const struct GNUNET_MessageHeader *msg,
1368 struct Queue *queue = impl_state;
1369 uint16_t msize = ntohs (msg->size);
1372 GNUNET_assert (mq == queue->mq);
1373 if (GNUNET_YES == queue->finishing)
1374 return; /* this queue is dying, drop msg */
1375 GNUNET_assert (0 == queue->pread_off);
1376 box.header.type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_BOX);
1377 box.header.size = htons (msize);
1378 calculate_hmac (&queue->out_hmac, msg, msize, &box.hmac);
1379 memcpy (&queue->pread_buf[queue->pread_off], &box, sizeof (box));
1380 queue->pread_off += sizeof (box);
1381 memcpy (&queue->pread_buf[queue->pread_off], msg, msize);
1382 queue->pread_off += msize;
1383 GNUNET_assert (NULL != queue->sock);
1384 if (NULL == queue->write_task)
1386 GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
1394 * Signature of functions implementing the destruction of a message
1395 * queue. Implementations must not free @a mq, but should take care
1398 * @param mq the message queue to destroy
1399 * @param impl_state our `struct Queue`
1402 mq_destroy (struct GNUNET_MQ_Handle *mq, void *impl_state)
1404 struct Queue *queue = impl_state;
1406 if (mq == queue->mq)
1409 queue_finish (queue);
1415 * Implementation function that cancels the currently sent message.
1417 * @param mq message queue
1418 * @param impl_state our `struct Queue`
1421 mq_cancel (struct GNUNET_MQ_Handle *mq, void *impl_state)
1423 struct Queue *queue = impl_state;
1425 GNUNET_assert (0 != queue->pwrite_off);
1426 queue->pwrite_off = 0;
1431 * Generic error handler, called with the appropriate
1432 * error code and the same closure specified at the creation of
1433 * the message queue.
1434 * Not every message queue implementation supports an error handler.
1436 * @param cls our `struct Queue`
1437 * @param error error code
1440 mq_error (void *cls, enum GNUNET_MQ_Error error)
1442 struct Queue *queue = cls;
1444 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1445 "MQ error in queue to %s: %d\n",
1446 GNUNET_i2s (&queue->target),
1448 queue_finish (queue);
1453 * Add the given @a queue to our internal data structure. Setup the
1454 * MQ processing and inform transport that the queue is ready. Must
1455 * be called after the KX for outgoing messages has been bootstrapped.
1457 * @param queue queue to boot
1460 boot_queue (struct Queue *queue, enum GNUNET_TRANSPORT_ConnectionStatus cs)
1463 GNUNET_NT_scanner_get_type (is, queue->address, queue->address_len);
1464 (void) GNUNET_CONTAINER_multipeermap_put (
1468 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
1469 GNUNET_STATISTICS_set (stats,
1471 GNUNET_CONTAINER_multipeermap_size (queue_map),
1474 GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
1475 queue->mq = GNUNET_MQ_queue_for_callbacks (&mq_send,
1485 switch (queue->address->sa_family)
1488 GNUNET_asprintf (&foreign_addr,
1490 COMMUNICATOR_ADDRESS_PREFIX,
1491 GNUNET_a2s (queue->address, queue->address_len));
1494 GNUNET_asprintf (&foreign_addr,
1496 COMMUNICATOR_ADDRESS_PREFIX,
1497 GNUNET_a2s (queue->address, queue->address_len));
1502 queue->qh = GNUNET_TRANSPORT_communicator_mq_add (ch,
1509 GNUNET_free (foreign_addr);
1515 * Generate and transmit our ephemeral key and the signature for
1516 * the initial KX with the other peer. Must be called first, before
1517 * any other bytes are ever written to the output buffer. Note that
1518 * our cipher must already be initialized when calling this function.
1519 * Helper function for #start_initial_kx_out().
1521 * @param queue queue to do KX for
1522 * @param epub our public key for the KX
1525 transmit_kx (struct Queue *queue,
1526 const struct GNUNET_CRYPTO_EcdhePublicKey *epub)
1528 struct TcpHandshakeSignature ths;
1529 struct TCPConfirmation tc;
1531 memcpy (queue->cwrite_buf, epub, sizeof (*epub));
1532 queue->cwrite_off = sizeof (epub);
1533 /* compute 'tc' and append in encrypted format to cwrite_buf */
1534 tc.sender = my_identity;
1536 GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg));
1537 ths.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE);
1538 ths.purpose.size = htonl (sizeof (ths));
1539 ths.sender = my_identity;
1540 ths.receiver = queue->target;
1541 ths.ephemeral = *epub;
1542 ths.monotonic_time = tc.monotonic_time;
1543 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key,
1547 gcry_cipher_encrypt (queue->out_cipher,
1548 &queue->cwrite_buf[queue->cwrite_off],
1552 queue->cwrite_off += sizeof (tc);
1557 * Initialize our key material for outgoing transmissions and
1558 * inform the other peer about it. Must be called first before
1561 * @param queue the queue to setup
1564 start_initial_kx_out (struct Queue *queue)
1566 struct GNUNET_CRYPTO_EcdhePublicKey epub;
1568 GNUNET_assert (GNUNET_OK ==
1569 GNUNET_CRYPTO_ecdhe_key_create2 (&queue->ephemeral));
1570 GNUNET_CRYPTO_ecdhe_key_get_public (&queue->ephemeral, &epub);
1571 setup_out_cipher (queue);
1572 transmit_kx (queue, &epub);
1577 * We have received the first bytes from the other side on a @a queue.
1578 * Decrypt the @a tc contained in @a ibuf and check the signature.
1579 * Note that #setup_in_cipher() must have already been called.
1581 * @param queue queue to decrypt initial bytes from other peer for
1582 * @param tc[out] where to store the result
1583 * @param ibuf incoming data, of size
1585 * @return #GNUNET_OK if the signature was OK, #GNUNET_SYSERR if not
1588 decrypt_and_check_tc (struct Queue *queue,
1589 struct TCPConfirmation *tc,
1592 struct TcpHandshakeSignature ths;
1596 gcry_cipher_decrypt (queue->in_cipher,
1599 &ibuf[sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)],
1601 ths.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE);
1602 ths.purpose.size = htonl (sizeof (ths));
1603 ths.sender = tc->sender;
1604 ths.receiver = my_identity;
1605 memcpy (&ths.ephemeral, ibuf, sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1606 ths.monotonic_time = tc->monotonic_time;
1607 /* FIXME: check monotonic time against previous mono times
1608 from this sender! */
1609 return GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE,
1612 &tc->sender.public_key);
1617 * Closes socket and frees memory associated with @a pq.
1619 * @param pq proto queue to free
1622 free_proto_queue (struct ProtoQueue *pq)
1624 GNUNET_NETWORK_socket_close (pq->sock);
1625 GNUNET_free (pq->address);
1626 GNUNET_CONTAINER_DLL_remove (proto_head, proto_tail, pq);
1632 * Read from the socket of the proto queue until we have enough data
1633 * to upgrade to full queue.
1635 * @param cls a `struct ProtoQueue`
1638 proto_read_kx (void *cls)
1640 struct ProtoQueue *pq = cls;
1642 struct GNUNET_TIME_Relative left;
1643 struct Queue *queue;
1644 struct TCPConfirmation tc;
1646 pq->read_task = NULL;
1647 left = GNUNET_TIME_absolute_get_remaining (pq->timeout);
1648 if (0 == left.rel_value_us)
1650 free_proto_queue (pq);
1653 rcvd = GNUNET_NETWORK_socket_recv (pq->sock,
1654 &pq->ibuf[pq->ibuf_off],
1655 sizeof (pq->ibuf) - pq->ibuf_off);
1658 if ((EAGAIN != errno) && (EINTR != errno))
1660 GNUNET_log_strerror (GNUNET_ERROR_TYPE_DEBUG, "recv");
1661 free_proto_queue (pq);
1666 GNUNET_SCHEDULER_add_read_net (left, pq->sock, &proto_read_kx, pq);
1669 pq->ibuf_off += rcvd;
1670 if (pq->ibuf_off > sizeof (pq->ibuf))
1674 GNUNET_SCHEDULER_add_read_net (left, pq->sock, &proto_read_kx, pq);
1677 /* we got all the data, let's find out who we are talking to! */
1678 queue = GNUNET_new (struct Queue);
1679 setup_in_cipher ((const struct GNUNET_CRYPTO_EcdhePublicKey *) pq->ibuf,
1681 if (GNUNET_OK != decrypt_and_check_tc (queue, &tc, pq->ibuf))
1683 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1684 "Invalid TCP KX received from %s\n",
1685 GNUNET_a2s (queue->address, queue->address_len));
1686 gcry_cipher_close (queue->in_cipher);
1687 GNUNET_free (queue);
1688 free_proto_queue (pq);
1691 queue->address = pq->address; /* steals reference */
1692 queue->address_len = pq->address_len;
1693 queue->target = tc.sender;
1694 start_initial_kx_out (queue);
1695 boot_queue (queue, GNUNET_TRANSPORT_CS_INBOUND);
1697 GNUNET_SCHEDULER_add_read_net (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT,
1702 GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
1706 GNUNET_CONTAINER_DLL_remove (proto_head, proto_tail, pq);
1712 * We have been notified that our listen socket has something to
1713 * read. Do the read and reschedule this function to be called again
1714 * once more is available.
1719 listen_cb (void *cls)
1721 struct sockaddr_storage in;
1723 struct GNUNET_NETWORK_Handle *sock;
1724 struct ProtoQueue *pq;
1727 GNUNET_assert (NULL != listen_sock);
1728 addrlen = sizeof (in);
1729 memset (&in, 0, sizeof (in));
1730 sock = GNUNET_NETWORK_socket_accept (listen_sock,
1731 (struct sockaddr *) &in,
1733 if ((NULL == sock) && ((EMFILE == errno) || (ENFILE == errno)))
1734 return; /* system limit reached, wait until connection goes down */
1735 listen_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
1739 if ((NULL == sock) && ((EAGAIN == errno) || (ENOBUFS == errno)))
1743 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "accept");
1746 pq = GNUNET_new (struct ProtoQueue);
1747 pq->address_len = addrlen;
1748 pq->address = GNUNET_memdup (&in, addrlen);
1749 pq->timeout = GNUNET_TIME_relative_to_absolute (PROTO_QUEUE_TIMEOUT);
1751 pq->read_task = GNUNET_SCHEDULER_add_read_net (PROTO_QUEUE_TIMEOUT,
1755 GNUNET_CONTAINER_DLL_insert (proto_head, proto_tail, pq);
1760 * Read from the socket of the queue until we have enough data
1761 * to initialize the decryption logic and can switch to regular
1764 * @param cls a `struct Queue`
1767 queue_read_kx (void *cls)
1769 struct Queue *queue = cls;
1771 struct GNUNET_TIME_Relative left;
1772 struct TCPConfirmation tc;
1774 queue->read_task = NULL;
1775 left = GNUNET_TIME_absolute_get_remaining (queue->timeout);
1776 if (0 == left.rel_value_us)
1778 queue_destroy (queue);
1781 rcvd = GNUNET_NETWORK_socket_recv (queue->sock,
1782 &queue->cread_buf[queue->cread_off],
1783 BUF_SIZE - queue->cread_off);
1786 if ((EAGAIN != errno) && (EINTR != errno))
1788 GNUNET_log_strerror (GNUNET_ERROR_TYPE_DEBUG, "recv");
1789 queue_destroy (queue);
1793 GNUNET_SCHEDULER_add_read_net (left, queue->sock, &queue_read_kx, queue);
1796 queue->cread_off += rcvd;
1797 if (queue->cread_off < INITIAL_KX_SIZE)
1801 GNUNET_SCHEDULER_add_read_net (left, queue->sock, &queue_read_kx, queue);
1804 /* we got all the data, let's find out who we are talking to! */
1805 setup_in_cipher ((const struct GNUNET_CRYPTO_EcdhePublicKey *)
1808 if (GNUNET_OK != decrypt_and_check_tc (queue, &tc, queue->cread_buf))
1810 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1811 "Invalid TCP KX received from %s\n",
1812 GNUNET_a2s (queue->address, queue->address_len));
1813 queue_destroy (queue);
1817 memcmp (&tc.sender, &queue->target, sizeof (struct GNUNET_PeerIdentity)))
1819 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1820 "Invalid sender in TCP KX received from %s\n",
1821 GNUNET_a2s (queue->address, queue->address_len));
1822 queue_destroy (queue);
1826 /* update queue timeout */
1827 reschedule_queue_timeout (queue);
1828 /* prepare to continue with regular read task immediately */
1829 memmove (queue->cread_buf,
1830 &queue->cread_buf[INITIAL_KX_SIZE],
1831 queue->cread_off - (INITIAL_KX_SIZE));
1832 queue->cread_off -= INITIAL_KX_SIZE;
1833 queue->read_task = GNUNET_SCHEDULER_add_now (&queue_read, queue);
1838 * Function called by the transport service to initialize a
1839 * message queue given address information about another peer.
1840 * If and when the communication channel is established, the
1841 * communicator must call #GNUNET_TRANSPORT_communicator_mq_add()
1842 * to notify the service that the channel is now up. It is
1843 * the responsibility of the communicator to manage sane
1844 * retries and timeouts for any @a peer/@a address combination
1845 * provided by the transport service. Timeouts and retries
1846 * do not need to be signalled to the transport service.
1848 * @param cls closure
1849 * @param peer identity of the other peer
1850 * @param address where to send the message, human-readable
1851 * communicator-specific format, 0-terminated, UTF-8
1852 * @return #GNUNET_OK on success, #GNUNET_SYSERR if the provided address is
1856 mq_init (void *cls, const struct GNUNET_PeerIdentity *peer, const char *address)
1858 struct Queue *queue;
1860 struct sockaddr *in;
1862 struct GNUNET_NETWORK_Handle *sock;
1864 if (0 != strncmp (address,
1865 COMMUNICATOR_ADDRESS_PREFIX "-",
1866 strlen (COMMUNICATOR_ADDRESS_PREFIX "-")))
1868 GNUNET_break_op (0);
1869 return GNUNET_SYSERR;
1871 path = &address[strlen (COMMUNICATOR_ADDRESS_PREFIX "-")];
1872 in = tcp_address_to_sockaddr (path, &in_len);
1874 sock = GNUNET_NETWORK_socket_create (in->sa_family, SOCK_STREAM, IPPROTO_TCP);
1877 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1878 "socket(%d) failed: %s",
1882 return GNUNET_SYSERR;
1884 if (GNUNET_OK != GNUNET_NETWORK_socket_connect (sock, in, in_len))
1886 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1887 "connect to `%s' failed: %s",
1890 GNUNET_NETWORK_socket_close (sock);
1892 return GNUNET_SYSERR;
1895 queue = GNUNET_new (struct Queue);
1896 queue->target = *peer;
1897 queue->address = in;
1898 queue->address_len = in_len;
1900 boot_queue (queue, GNUNET_TRANSPORT_CS_OUTBOUND);
1902 GNUNET_SCHEDULER_add_read_net (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT,
1906 start_initial_kx_out (queue);
1908 GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
1917 * Iterator over all message queues to clean up.
1920 * @param target unused
1921 * @param value the queue to destroy
1922 * @return #GNUNET_OK to continue to iterate
1925 get_queue_delete_it (void *cls,
1926 const struct GNUNET_PeerIdentity *target,
1929 struct Queue *queue = value;
1933 queue_destroy (queue);
1939 * Shutdown the UNIX communicator.
1941 * @param cls NULL (always)
1944 do_shutdown (void *cls)
1946 while (NULL != proto_head)
1947 free_proto_queue (proto_head);
1950 GNUNET_NAT_unregister (nat);
1953 if (NULL != listen_task)
1955 GNUNET_SCHEDULER_cancel (listen_task);
1958 if (NULL != listen_sock)
1960 GNUNET_break (GNUNET_OK == GNUNET_NETWORK_socket_close (listen_sock));
1963 GNUNET_CONTAINER_multipeermap_iterate (queue_map, &get_queue_delete_it, NULL);
1964 GNUNET_CONTAINER_multipeermap_destroy (queue_map);
1967 GNUNET_TRANSPORT_communicator_disconnect (ch);
1972 GNUNET_STATISTICS_destroy (stats, GNUNET_NO);
1975 if (NULL != my_private_key)
1977 GNUNET_free (my_private_key);
1978 my_private_key = NULL;
1982 GNUNET_NT_scanner_done (is);
1989 * Function called when the transport service has received an
1990 * acknowledgement for this communicator (!) via a different return
1993 * Not applicable for TCP.
1995 * @param cls closure
1996 * @param sender which peer sent the notification
1997 * @param msg payload
2000 enc_notify_cb (void *cls,
2001 const struct GNUNET_PeerIdentity *sender,
2002 const struct GNUNET_MessageHeader *msg)
2007 GNUNET_break_op (0);
2012 * Signature of the callback passed to #GNUNET_NAT_register() for
2013 * a function to call whenever our set of 'valid' addresses changes.
2015 * @param cls closure
2016 * @param app_ctx[in,out] location where the app can store stuff
2017 * on add and retrieve it on remove
2018 * @param add_remove #GNUNET_YES to add a new public IP address,
2019 * #GNUNET_NO to remove a previous (now invalid) one
2020 * @param ac address class the address belongs to
2021 * @param addr either the previous or the new public IP address
2022 * @param addrlen actual length of the @a addr
2025 nat_address_cb (void *cls,
2028 enum GNUNET_NAT_AddressClass ac,
2029 const struct sockaddr *addr,
2033 struct GNUNET_TRANSPORT_AddressIdentifier *ai;
2035 if (GNUNET_YES == add_remove)
2037 enum GNUNET_NetworkType nt;
2039 GNUNET_asprintf (&my_addr,
2041 COMMUNICATOR_ADDRESS_PREFIX,
2042 GNUNET_a2s (addr, addrlen));
2043 nt = GNUNET_NT_scanner_get_type (is, addr, addrlen);
2045 GNUNET_TRANSPORT_communicator_address_add (ch,
2048 GNUNET_TIME_UNIT_FOREVER_REL);
2049 GNUNET_free (my_addr);
2055 GNUNET_TRANSPORT_communicator_address_remove (ai);
2062 * Setup communicator and launch network interactions.
2064 * @param cls NULL (always)
2065 * @param args remaining command-line arguments
2066 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
2067 * @param c configuration
2072 const char *cfgfile,
2073 const struct GNUNET_CONFIGURATION_Handle *c)
2076 struct sockaddr *in;
2078 struct sockaddr_storage in_sto;
2084 GNUNET_CONFIGURATION_get_value_filename (cfg,
2085 COMMUNICATOR_CONFIG_SECTION,
2089 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
2090 COMMUNICATOR_CONFIG_SECTION,
2095 GNUNET_CONFIGURATION_get_value_number (cfg,
2096 COMMUNICATOR_CONFIG_SECTION,
2099 max_queue_length = DEFAULT_MAX_QUEUE_LENGTH;
2101 in = tcp_address_to_sockaddr (bindto, &in_len);
2104 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2105 "Failed to setup TCP socket address with path `%s'\n",
2107 GNUNET_free (bindto);
2111 GNUNET_NETWORK_socket_create (in->sa_family, SOCK_STREAM, IPPROTO_TCP);
2112 if (NULL == listen_sock)
2114 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "socket");
2116 GNUNET_free (bindto);
2119 if (GNUNET_OK != GNUNET_NETWORK_socket_bind (listen_sock, in, in_len))
2121 GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "bind", bindto);
2122 GNUNET_NETWORK_socket_close (listen_sock);
2125 GNUNET_free (bindto);
2128 /* We might have bound to port 0, allowing the OS to figure it out;
2129 thus, get the real IN-address from the socket */
2130 sto_len = sizeof (in_sto);
2131 if (0 != getsockname (GNUNET_NETWORK_get_fd (listen_sock),
2132 (struct sockaddr *) &in_sto,
2135 memcpy (&in_sto, in, in_len);
2139 GNUNET_free (bindto);
2140 in = (struct sockaddr *) &in_sto;
2142 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2144 GNUNET_a2s ((const struct sockaddr *) &in_sto, sto_len));
2145 stats = GNUNET_STATISTICS_create ("C-TCP", cfg);
2146 GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL);
2147 is = GNUNET_NT_scanner_init ();
2148 my_private_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg);
2149 if (NULL == my_private_key)
2152 GNUNET_ERROR_TYPE_ERROR,
2154 "Transport service is lacking key configuration settings. Exiting.\n"));
2155 GNUNET_SCHEDULER_shutdown ();
2158 GNUNET_CRYPTO_eddsa_key_get_public (my_private_key, &my_identity.public_key);
2159 /* start listening */
2160 listen_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
2164 queue_map = GNUNET_CONTAINER_multipeermap_create (10, GNUNET_NO);
2165 ch = GNUNET_TRANSPORT_communicator_connect (cfg,
2166 COMMUNICATOR_CONFIG_SECTION,
2167 COMMUNICATOR_ADDRESS_PREFIX,
2168 GNUNET_TRANSPORT_CC_RELIABLE,
2176 GNUNET_SCHEDULER_shutdown ();
2179 nat = GNUNET_NAT_register (cfg,
2180 COMMUNICATOR_CONFIG_SECTION,
2182 1 /* one address */,
2183 (const struct sockaddr **) &in,
2186 NULL /* FIXME: support reversal: #5529 */,
2187 NULL /* closure */);
2192 * The main function for the UNIX communicator.
2194 * @param argc number of arguments from the command line
2195 * @param argv command line arguments
2196 * @return 0 ok, 1 on error
2199 main (int argc, char *const *argv)
2201 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
2202 GNUNET_GETOPT_OPTION_END};
2205 if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv))
2208 ret = (GNUNET_OK == GNUNET_PROGRAM_run (argc,
2210 "gnunet-communicator-tcp",
2211 _ ("GNUnet TCP communicator"),
2217 GNUNET_free ((void *) argv);
2222 /* end of gnunet-communicator-tcp.c */