2 This file is part of GNUnet
3 Copyright (C) 2010-2014, 2018, 2019 GNUnet e.V.
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 SPDX-License-Identifier: AGPL3.0-or-later
22 * @file transport/gnunet-communicator-tcp.c
23 * @brief Transport plugin using TCP.
24 * @author Christian Grothoff
27 * - support DNS names in BINDTO option (#5528)
28 * - support NAT connection reversal method (#5529)
29 * - support other TCP-specific NAT traversal methods (#5531)
30 * - add replay protection support to the protocol by
31 * adding a nonce in the KX and requiring (!) a
32 * nounce ACK to be send within the first X bytes of
36 #include "gnunet_util_lib.h"
37 #include "gnunet_protocols.h"
38 #include "gnunet_signatures.h"
39 #include "gnunet_constants.h"
40 #include "gnunet_nt_lib.h"
41 #include "gnunet_nat_service.h"
42 #include "gnunet_statistics_service.h"
43 #include "gnunet_transport_communication_service.h"
46 * How long do we believe our addresses to remain up (before
47 * the other peer should revalidate).
49 #define ADDRESS_VALIDITY_PERIOD \
50 GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4)
53 * How many messages do we keep at most in the queue to the
54 * transport service before we start to drop (default,
55 * can be changed via the configuration file).
56 * Should be _below_ the level of the communicator API, as
57 * otherwise we may read messages just to have them dropped
58 * by the communicator API.
60 #define DEFAULT_MAX_QUEUE_LENGTH 8
63 * Size of our IO buffers for ciphertext data. Must be at
64 * least UINT_MAX + sizeof (struct TCPBox).
66 #define BUF_SIZE (2 * 64 * 1024 + sizeof (struct TCPBox))
69 * How often do we rekey based on time (at least)
71 #define REKEY_TIME_INTERVAL GNUNET_TIME_UNIT_DAYS
74 * How long do we wait until we must have received the initial KX?
76 #define PROTO_QUEUE_TIMEOUT GNUNET_TIME_UNIT_MINUTES
79 * How often do we rekey based on number of bytes transmitted?
80 * (additionally randomized).
82 #define REKEY_MAX_BYTES (1024LLU * 1024 * 1024 * 4LLU)
85 * Size of the initial key exchange message sent first in both
88 #define INITIAL_KX_SIZE \
89 (sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + \
90 sizeof (struct TCPConfirmation))
94 * Address prefix used by the communicator.
96 #define COMMUNICATOR_ADDRESS_PREFIX "tcp"
99 * Configuration section used by the communicator.
101 #define COMMUNICATOR_CONFIG_SECTION "communicator-tcp"
103 GNUNET_NETWORK_STRUCT_BEGIN
107 * Signature we use to verify that the ephemeral key was really chosen by
108 * the specified sender.
110 struct TcpHandshakeSignature
113 * Purpose must be #GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE
115 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
118 * Identity of the inititor of the TCP connection (TCP client).
120 struct GNUNET_PeerIdentity sender;
123 * Presumed identity of the target of the TCP connection (TCP server)
125 struct GNUNET_PeerIdentity receiver;
128 * Ephemeral key used by the @e sender.
130 struct GNUNET_CRYPTO_EcdhePublicKey ephemeral;
133 * Monotonic time of @e sender, to possibly help detect replay attacks
134 * (if receiver persists times by sender).
136 struct GNUNET_TIME_AbsoluteNBO monotonic_time;
141 * Encrypted continuation of TCP initial handshake.
143 struct TCPConfirmation
148 struct GNUNET_PeerIdentity sender;
151 * Sender's signature of type #GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE
153 struct GNUNET_CRYPTO_EddsaSignature sender_sig;
156 * Monotonic time of @e sender, to possibly help detect replay attacks
157 * (if receiver persists times by sender).
159 struct GNUNET_TIME_AbsoluteNBO monotonic_time;
164 * TCP message box. Always sent encrypted!
170 * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_BOX. Warning: the
171 * header size EXCLUDES the size of the `struct TCPBox`. We usually
172 * never do this, but here the payload may truly be 64k *after* the
173 * TCPBox (as we have no MTU)!!
175 struct GNUNET_MessageHeader header;
178 * HMAC for the following encrypted message. Yes, we MUST use
179 * mac-then-encrypt here, as we want to hide the message sizes on
180 * the wire (zero plaintext design!). Using CTR mode, padding oracle
181 * attacks do not apply. Besides, due to the use of ephemeral keys
182 * (hopefully with effective replay protection from monotonic time!)
183 * the attacker is limited in using the oracle.
185 struct GNUNET_ShortHashCode hmac;
187 /* followed by as may bytes of payload as indicated in @e header,
188 excluding the TCPBox itself! */
193 * TCP rekey message box. Always sent encrypted! Data after
194 * this message will use the new key.
200 * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY.
202 struct GNUNET_MessageHeader header;
205 * HMAC for the following encrypted message. Yes, we MUST use
206 * mac-then-encrypt here, as we want to hide the message sizes on
207 * the wire (zero plaintext design!). Using CTR mode padding oracle
208 * attacks do not apply. Besides, due to the use of ephemeral keys
209 * (hopefully with effective replay protection from monotonic time!)
210 * the attacker is limited in using the oracle.
212 struct GNUNET_ShortHashCode hmac;
217 struct GNUNET_CRYPTO_EcdhePublicKey ephemeral;
220 * Sender's signature of type #GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY
222 struct GNUNET_CRYPTO_EddsaSignature sender_sig;
225 * Monotonic time of @e sender, to possibly help detect replay attacks
226 * (if receiver persists times by sender).
228 struct GNUNET_TIME_AbsoluteNBO monotonic_time;
233 * TCP finish. Sender asks for the connection to be closed.
234 * Needed/useful in case we drop RST/FIN packets on the GNUnet
235 * port due to the possibility of malicious RST/FIN injection.
241 * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH.
243 struct GNUNET_MessageHeader header;
246 * HMAC for the following encrypted message. Yes, we MUST use
247 * mac-then-encrypt here, as we want to hide the message sizes on
248 * the wire (zero plaintext design!). Using CTR mode padding oracle
249 * attacks do not apply. Besides, due to the use of ephemeral keys
250 * (hopefully with effective replay protection from monotonic time!)
251 * the attacker is limited in using the oracle.
253 struct GNUNET_ShortHashCode hmac;
257 GNUNET_NETWORK_STRUCT_END
261 * Handle for a queue.
267 * To whom are we talking to.
269 struct GNUNET_PeerIdentity target;
272 * socket that we transmit all data with on this queue
274 struct GNUNET_NETWORK_Handle *sock;
277 * cipher for decryption of incoming data.
279 gcry_cipher_hd_t in_cipher;
282 * cipher for encryption of outgoing data.
284 gcry_cipher_hd_t out_cipher;
287 * Shared secret for HMAC verification on incoming data.
289 struct GNUNET_HashCode in_hmac;
292 * Shared secret for HMAC generation on outgoing data, ratcheted after
295 struct GNUNET_HashCode out_hmac;
298 * Our ephemeral key. Stored here temporarily during rekeying / key
301 struct GNUNET_CRYPTO_EcdhePrivateKey ephemeral;
304 * ID of read task for this connection.
306 struct GNUNET_SCHEDULER_Task *read_task;
309 * ID of write task for this connection.
311 struct GNUNET_SCHEDULER_Task *write_task;
314 * Address of the other peer.
316 struct sockaddr *address;
319 * How many more bytes may we sent with the current @e out_cipher
320 * before we should rekey?
322 uint64_t rekey_left_bytes;
325 * Until what time may we sent with the current @e out_cipher
326 * before we should rekey?
328 struct GNUNET_TIME_Absolute rekey_time;
331 * Length of the address.
333 socklen_t address_len;
336 * Message queue we are providing for the #ch.
338 struct GNUNET_MQ_Handle *mq;
341 * handle for this queue with the #ch.
343 struct GNUNET_TRANSPORT_QueueHandle *qh;
346 * Number of bytes we currently have in our write queue.
348 unsigned long long bytes_in_queue;
351 * Buffer for reading ciphertext from network into.
353 char cread_buf[BUF_SIZE];
356 * buffer for writing ciphertext to network.
358 char cwrite_buf[BUF_SIZE];
361 * Plaintext buffer for decrypted plaintext.
363 char pread_buf[UINT16_MAX + 1 + sizeof (struct TCPBox)];
366 * Plaintext buffer for messages to be encrypted.
368 char pwrite_buf[UINT16_MAX + 1 + sizeof (struct TCPBox)];
371 * At which offset in the ciphertext read buffer should we
372 * append more ciphertext for transmission next?
377 * At which offset in the ciphertext write buffer should we
378 * append more ciphertext from reading next?
383 * At which offset in the plaintext input buffer should we
384 * append more plaintext from decryption next?
389 * At which offset in the plaintext output buffer should we
390 * append more plaintext for encryption next?
395 * Timeout for this queue.
397 struct GNUNET_TIME_Absolute timeout;
400 * How may messages did we pass from this queue to CORE for which we
401 * have yet to receive an acknoweldgement that CORE is done with
402 * them? If "large" (or even just non-zero), we should throttle
403 * reading to provide flow control. See also #DEFAULT_MAX_QUEUE_LENGTH
404 * and #max_queue_length.
406 unsigned int backpressure;
409 * Which network type does this queue use?
411 enum GNUNET_NetworkType nt;
414 * Is MQ awaiting a #GNUNET_MQ_impl_send_continue() call?
416 int mq_awaits_continue;
419 * Did we enqueue a finish message and are closing down the queue?
424 * Did we technically destroy this queue, but kept the allocation
425 * around because of @e backpressure not being zero yet? Used
426 * simply to delay the final #GNUNET_free() operation until
427 * #core_read_finished_cb() has been called.
432 * #GNUNET_YES after #inject_key() placed the rekey message into the
433 * plaintext buffer. Once the plaintext buffer is drained, this
434 * means we must switch to the new key material.
439 * #GNUNET_YES if we just rekeyed and must thus possibly
440 * re-decrypt ciphertext.
447 * Handle for an incoming connection where we do not yet have enough
448 * information to setup a full queue.
456 struct ProtoQueue *next;
461 struct ProtoQueue *prev;
464 * socket that we transmit all data with on this queue
466 struct GNUNET_NETWORK_Handle *sock;
469 * ID of read task for this connection.
471 struct GNUNET_SCHEDULER_Task *read_task;
474 * Address of the other peer.
476 struct sockaddr *address;
479 * Length of the address.
481 socklen_t address_len;
484 * Timeout for this protoqueue.
486 struct GNUNET_TIME_Absolute timeout;
489 * Buffer for reading all the information we need to upgrade from
490 * protoqueue to queue.
492 char ibuf[INITIAL_KX_SIZE];
495 * Current offset for reading into @e ibuf.
504 static struct GNUNET_SCHEDULER_Task *listen_task;
507 * Maximum queue length before we stop reading towards the transport service.
509 static unsigned long long max_queue_length;
512 * For logging statistics.
514 static struct GNUNET_STATISTICS_Handle *stats;
519 static struct GNUNET_TRANSPORT_CommunicatorHandle *ch;
522 * Queues (map from peer identity to `struct Queue`)
524 static struct GNUNET_CONTAINER_MultiPeerMap *queue_map;
529 static struct GNUNET_NETWORK_Handle *listen_sock;
534 static struct GNUNET_PeerIdentity my_identity;
539 static struct GNUNET_CRYPTO_EddsaPrivateKey *my_private_key;
544 static const struct GNUNET_CONFIGURATION_Handle *cfg;
547 * Network scanner to determine network types.
549 static struct GNUNET_NT_InterfaceScanner *is;
552 * Connection to NAT service.
554 static struct GNUNET_NAT_Handle *nat;
557 * Protoqueues DLL head.
559 static struct ProtoQueue *proto_head;
562 * Protoqueues DLL tail.
564 static struct ProtoQueue *proto_tail;
568 * We have been notified that our listen socket has something to
569 * read. Do the read and reschedule this function to be called again
570 * once more is available.
575 listen_cb (void *cls);
579 * Functions with this signature are called whenever we need
580 * to close a queue due to a disconnect or failure to
581 * establish a connection.
583 * @param queue queue to close down
586 queue_destroy (struct Queue *queue)
588 struct GNUNET_MQ_Handle *mq;
590 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
591 "Disconnecting queue for peer `%s'\n",
592 GNUNET_i2s (&queue->target));
593 if (NULL != (mq = queue->mq))
596 GNUNET_MQ_destroy (mq);
598 if (NULL != queue->qh)
600 GNUNET_TRANSPORT_communicator_mq_del (queue->qh);
605 GNUNET_CONTAINER_multipeermap_remove (queue_map, &queue->target, queue));
606 GNUNET_STATISTICS_set (stats,
608 GNUNET_CONTAINER_multipeermap_size (queue_map),
610 if (NULL != queue->read_task)
612 GNUNET_SCHEDULER_cancel (queue->read_task);
613 queue->read_task = NULL;
615 if (NULL != queue->write_task)
617 GNUNET_SCHEDULER_cancel (queue->write_task);
618 queue->write_task = NULL;
620 GNUNET_NETWORK_socket_close (queue->sock);
621 gcry_cipher_close (queue->in_cipher);
622 gcry_cipher_close (queue->out_cipher);
623 GNUNET_free (queue->address);
624 if (0 != queue->backpressure)
625 queue->destroyed = GNUNET_YES;
628 if (NULL == listen_task)
629 listen_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
637 * Compute @a mac over @a buf, and ratched the @a hmac_secret.
639 * @param[in,out] hmac_secret secret for HMAC calculation
640 * @param buf buffer to MAC
641 * @param buf_size number of bytes in @a buf
642 * @param smac[out] where to write the HMAC
645 calculate_hmac (struct GNUNET_HashCode *hmac_secret,
648 struct GNUNET_ShortHashCode *smac)
650 struct GNUNET_HashCode mac;
652 GNUNET_CRYPTO_hmac_raw (hmac_secret,
653 sizeof (struct GNUNET_HashCode),
657 /* truncate to `struct GNUNET_ShortHashCode` */
658 memcpy (smac, &mac, sizeof (struct GNUNET_ShortHashCode));
659 /* ratchet hmac key */
660 GNUNET_CRYPTO_hash (hmac_secret,
661 sizeof (struct GNUNET_HashCode),
667 * Append a 'finish' message to the outgoing transmission. Once the
668 * finish has been transmitted, destroy the queue.
670 * @param queue queue to shut down nicely
673 queue_finish (struct Queue *queue)
675 struct TCPFinish fin;
677 memset (&fin, 0, sizeof (fin));
678 fin.header.size = htons (sizeof (fin));
679 fin.header.type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH);
680 calculate_hmac (&queue->out_hmac, &fin, sizeof (fin), &fin.hmac);
681 /* if there is any message left in pwrite_buf, we
682 overwrite it (possibly dropping the last message
683 from CORE hard here) */
684 memcpy (queue->pwrite_buf, &fin, sizeof (fin));
685 queue->pwrite_off = sizeof (fin);
686 /* This flag will ensure that #queue_write() no longer
687 notifies CORE about the possibility of sending
688 more data, and that #queue_write() will call
689 #queue_destroy() once the @c fin was fully written. */
690 queue->finishing = GNUNET_YES;
695 * Increment queue timeout due to activity. We do not immediately
696 * notify the monitor here as that might generate excessive
699 * @param queue queue for which the timeout should be rescheduled
702 reschedule_queue_timeout (struct Queue *queue)
705 GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
710 * Queue read task. If we hit the timeout, disconnect it
712 * @param cls the `struct Queue *` to disconnect
715 queue_read (void *cls);
719 * Core tells us it is done processing a message that transport
720 * received on a queue with status @a success.
722 * @param cls a `struct Queue *` where the message originally came from
723 * @param success #GNUNET_OK on success
726 core_read_finished_cb (void *cls, int success)
728 struct Queue *queue = cls;
730 if (GNUNET_OK != success)
731 GNUNET_STATISTICS_update (stats,
732 "# messages lost in communicator API towards CORE",
735 queue->backpressure--;
736 /* handle deferred queue destruction */
737 if ((queue->destroyed) && (0 == queue->backpressure))
742 reschedule_queue_timeout (queue);
743 /* possibly unchoke reading, now that CORE made progress */
744 if (NULL == queue->read_task)
746 GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_absolute_get_remaining (
755 * We received @a plaintext_len bytes of @a plaintext on @a queue.
756 * Pass it on to CORE. If transmission is actually happening,
757 * increase backpressure counter.
759 * @param queue the queue that received the plaintext
760 * @param plaintext the plaintext that was received
761 * @param plaintext_len number of bytes of plaintext received
764 pass_plaintext_to_core (struct Queue *queue,
765 const void *plaintext,
766 size_t plaintext_len)
768 const struct GNUNET_MessageHeader *hdr = plaintext;
771 if (ntohs (hdr->size) != plaintext_len)
773 /* NOTE: If we ever allow multiple CORE messages in one
774 BOX, this will have to change! */
778 ret = GNUNET_TRANSPORT_communicator_receive (ch,
781 ADDRESS_VALIDITY_PERIOD,
782 &core_read_finished_cb,
784 if (GNUNET_OK == ret)
785 queue->backpressure++;
786 GNUNET_break (GNUNET_NO != ret); /* backpressure not working!? */
787 if (GNUNET_SYSERR == ret)
788 GNUNET_STATISTICS_update (stats,
789 "# bytes lost due to CORE not running",
796 * Setup @a cipher based on shared secret @a dh and decrypting
799 * @param dh shared secret
800 * @param pid decrypting peer's identity
801 * @param cipher[out] cipher to initialize
802 * @param hmac_key[out] HMAC key to initialize
805 setup_cipher (const struct GNUNET_HashCode *dh,
806 const struct GNUNET_PeerIdentity *pid,
807 gcry_cipher_hd_t *cipher,
808 struct GNUNET_HashCode *hmac_key)
813 gcry_cipher_open (cipher,
814 GCRY_CIPHER_AES256 /* low level: go for speed */,
815 GCRY_CIPHER_MODE_CTR,
817 GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_kdf (key,
827 gcry_cipher_setkey (*cipher, key, sizeof (key));
828 GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_kdf (ctr,
838 gcry_cipher_setctr (*cipher, ctr, sizeof (ctr));
839 GNUNET_assert (GNUNET_YES ==
840 GNUNET_CRYPTO_kdf (hmac_key,
841 sizeof (struct GNUNET_HashCode),
854 * Setup cipher of @a queue for decryption.
856 * @param ephemeral ephemeral key we received from the other peer
857 * @param queue[in,out] queue to initialize decryption cipher for
860 setup_in_cipher (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
863 struct GNUNET_HashCode dh;
865 GNUNET_CRYPTO_eddsa_ecdh (my_private_key, ephemeral, &dh);
866 setup_cipher (&dh, &my_identity, &queue->in_cipher, &queue->in_hmac);
871 * Handle @a rekey message on @a queue. The message was already
872 * HMAC'ed, but we should additionally still check the signature.
873 * Then we need to stop the old cipher and start afresh.
875 * @param queue the queue @a rekey was received on
876 * @param rekey the rekey message
879 do_rekey (struct Queue *queue, const struct TCPRekey *rekey)
881 struct TcpHandshakeSignature thp;
883 thp.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY);
884 thp.purpose.size = htonl (sizeof (thp));
885 thp.sender = queue->target;
886 thp.receiver = my_identity;
887 thp.ephemeral = rekey->ephemeral;
888 thp.monotonic_time = rekey->monotonic_time;
890 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY,
893 &queue->target.public_key))
896 queue_finish (queue);
899 gcry_cipher_close (queue->in_cipher);
900 queue->rekeyed = GNUNET_YES;
901 setup_in_cipher (&rekey->ephemeral, queue);
906 * Test if we have received a full message in plaintext.
909 * @param queue queue to process inbound plaintext for
910 * @return number of bytes of plaintext handled, 0 for none
913 try_handle_plaintext (struct Queue *queue)
915 const struct GNUNET_MessageHeader *hdr =
916 (const struct GNUNET_MessageHeader *) queue->pread_buf;
917 const struct TCPBox *box = (const struct TCPBox *) queue->pread_buf;
918 const struct TCPRekey *rekey = (const struct TCPRekey *) queue->pread_buf;
919 const struct TCPFinish *fin = (const struct TCPFinish *) queue->pread_buf;
920 struct TCPRekey rekeyz;
921 struct TCPFinish finz;
922 struct GNUNET_ShortHashCode tmac;
924 size_t size = 0; /* make compiler happy */
926 if (sizeof (*hdr) > queue->pread_off)
927 return 0; /* not even a header */
928 type = ntohs (hdr->type);
931 case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_BOX:
932 /* Special case: header size excludes box itself! */
933 if (ntohs (hdr->size) + sizeof (struct TCPBox) > queue->pread_off)
935 calculate_hmac (&queue->in_hmac, &box[1], ntohs (hdr->size), &tmac);
936 if (0 != memcmp (&tmac, &box->hmac, sizeof (tmac)))
939 queue_finish (queue);
942 pass_plaintext_to_core (queue, (const void *) &box[1], ntohs (hdr->size));
943 size = ntohs (hdr->size) + sizeof (*box);
945 case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY:
946 if (sizeof (*rekey) > queue->pread_off)
948 if (ntohs (hdr->size) != sizeof (*rekey))
951 queue_finish (queue);
955 memset (&rekeyz.hmac, 0, sizeof (rekeyz.hmac));
956 calculate_hmac (&queue->in_hmac, &rekeyz, sizeof (rekeyz), &tmac);
957 if (0 != memcmp (&tmac, &box->hmac, sizeof (tmac)))
960 queue_finish (queue);
963 do_rekey (queue, rekey);
964 size = ntohs (hdr->size);
966 case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH:
967 if (sizeof (*fin) > queue->pread_off)
969 if (ntohs (hdr->size) != sizeof (*fin))
972 queue_finish (queue);
976 memset (&finz.hmac, 0, sizeof (finz.hmac));
977 calculate_hmac (&queue->in_hmac, &rekeyz, sizeof (rekeyz), &tmac);
978 if (0 != memcmp (&tmac, &fin->hmac, sizeof (tmac)))
981 queue_finish (queue);
984 /* handle FINISH by destroying queue */
985 queue_destroy (queue);
989 queue_finish (queue);
992 GNUNET_assert (0 != size);
998 * Queue read task. If we hit the timeout, disconnect it
1000 * @param cls the `struct Queue *` to disconnect
1003 queue_read (void *cls)
1005 struct Queue *queue = cls;
1006 struct GNUNET_TIME_Relative left;
1009 queue->read_task = NULL;
1010 rcvd = GNUNET_NETWORK_socket_recv (queue->sock,
1011 &queue->cread_buf[queue->cread_off],
1012 BUF_SIZE - queue->cread_off);
1015 if ((EAGAIN != errno) && (EINTR != errno))
1017 GNUNET_log_strerror (GNUNET_ERROR_TYPE_DEBUG, "recv");
1018 queue_finish (queue);
1023 GNUNET_SCHEDULER_add_read_net (left, queue->sock, &queue_read, queue);
1027 reschedule_queue_timeout (queue);
1028 queue->cread_off += rcvd;
1029 while ((queue->pread_off < sizeof (queue->pread_buf)) &&
1030 (queue->cread_off > 0))
1032 size_t max = GNUNET_MIN (sizeof (queue->pread_buf) - queue->pread_off,
1038 gcry_cipher_decrypt (queue->in_cipher,
1039 &queue->pread_buf[queue->pread_off],
1043 queue->pread_off += max;
1045 while ((GNUNET_NO == queue->rekeyed) &&
1046 (0 != (done = try_handle_plaintext (queue))))
1048 /* 'done' bytes of plaintext were used, shift buffer */
1049 GNUNET_assert (done <= queue->pread_off);
1050 /* NOTE: this memmove() could possibly sometimes be
1051 avoided if we pass 'total' into try_handle_plaintext()
1052 and use it at an offset into the buffer there! */
1053 memmove (queue->pread_buf,
1054 &queue->pread_buf[done],
1055 queue->pread_off - done);
1056 queue->pread_off -= done;
1059 /* when we encounter a rekey message, the decryption above uses the
1060 wrong key for everything after the rekey; in that case, we have
1061 to re-do the decryption at 'total' instead of at 'max'. If there
1062 is no rekey and the last message is incomplete (max > total),
1063 it is safe to keep the decryption so we shift by 'max' */
1064 if (GNUNET_YES == queue->rekeyed)
1067 queue->rekeyed = GNUNET_NO;
1069 memmove (queue->cread_buf, &queue->cread_buf[max], queue->cread_off - max);
1070 queue->cread_off -= max;
1073 if (BUF_SIZE == queue->cread_off)
1074 return; /* buffer full, suspend reading */
1075 left = GNUNET_TIME_absolute_get_remaining (queue->timeout);
1076 if (0 != left.rel_value_us)
1078 if (max_queue_length < queue->backpressure)
1080 /* continue reading */
1082 GNUNET_SCHEDULER_add_read_net (left, queue->sock, &queue_read, queue);
1086 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1087 "Queue %p was idle for %s, disconnecting\n",
1089 GNUNET_STRINGS_relative_time_to_string (
1090 GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT,
1092 queue_finish (queue);
1097 * Convert TCP bind specification to a `struct sockaddr *`
1099 * @param bindto bind specification to convert
1100 * @param[out] sock_len set to the length of the address
1101 * @return converted bindto specification
1103 static struct sockaddr *
1104 tcp_address_to_sockaddr (const char *bindto, socklen_t *sock_len)
1106 struct sockaddr *in;
1112 if (1 == SSCANF (bindto, "%u%1s", &port, dummy))
1114 /* interpreting value as just a PORT number */
1115 if (port > UINT16_MAX)
1117 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1118 "BINDTO specification `%s' invalid: value too large for port\n",
1122 if ((GNUNET_NO == GNUNET_NETWORK_test_pf (PF_INET6)) ||
1124 GNUNET_CONFIGURATION_get_value_yesno (cfg,
1125 COMMUNICATOR_CONFIG_SECTION,
1128 struct sockaddr_in *i4;
1130 i4 = GNUNET_malloc (sizeof (struct sockaddr_in));
1131 i4->sin_family = AF_INET;
1132 i4->sin_port = htons ((uint16_t) port);
1133 *sock_len = sizeof (struct sockaddr_in);
1134 in = (struct sockaddr *) i4;
1138 struct sockaddr_in6 *i6;
1140 i6 = GNUNET_malloc (sizeof (struct sockaddr_in6));
1141 i6->sin6_family = AF_INET6;
1142 i6->sin6_port = htons ((uint16_t) port);
1143 *sock_len = sizeof (struct sockaddr_in6);
1144 in = (struct sockaddr *) i6;
1148 cp = GNUNET_strdup (bindto);
1149 colon = strrchr (cp, ':');
1152 /* interpet value after colon as port */
1155 if (1 == SSCANF (colon, "%u%1s", &port, dummy))
1157 /* interpreting value as just a PORT number */
1158 if (port > UINT16_MAX)
1160 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1161 "BINDTO specification `%s' invalid: value too large for port\n",
1170 GNUNET_ERROR_TYPE_ERROR,
1171 "BINDTO specification `%s' invalid: last ':' not followed by number\n",
1179 /* interpret missing port as 0, aka pick any free one */
1184 struct sockaddr_in v4;
1186 if (1 == inet_pton (AF_INET, cp, &v4))
1188 v4.sin_port = htons ((uint16_t) port);
1189 in = GNUNET_memdup (&v4, sizeof (v4));
1190 *sock_len = sizeof (v4);
1197 struct sockaddr_in6 v6;
1201 if (('[' == *cp) && (']' == cp[strlen (cp) - 1]))
1203 start++; /* skip over '[' */
1204 cp[strlen (cp) - 1] = '\0'; /* eat ']' */
1206 if (1 == inet_pton (AF_INET6, start, &v6))
1208 v6.sin6_port = htons ((uint16_t) port);
1209 in = GNUNET_memdup (&v6, sizeof (v6));
1210 *sock_len = sizeof (v6);
1215 /* #5528 FIXME (feature!): maybe also try getnameinfo()? */
1222 * Setup cipher for outgoing data stream based on target and
1223 * our ephemeral private key.
1225 * @param queue queue to setup outgoing (encryption) cipher for
1228 setup_out_cipher (struct Queue *queue)
1230 struct GNUNET_HashCode dh;
1232 GNUNET_CRYPTO_ecdh_eddsa (&queue->ephemeral, &queue->target.public_key, &dh);
1233 /* we don't need the private key anymore, drop it! */
1234 memset (&queue->ephemeral, 0, sizeof (queue->ephemeral));
1235 setup_cipher (&dh, &queue->target, &queue->out_cipher, &queue->out_hmac);
1236 queue->rekey_time = GNUNET_TIME_relative_to_absolute (REKEY_TIME_INTERVAL);
1237 queue->rekey_left_bytes =
1238 GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK, REKEY_MAX_BYTES);
1243 * Inject a `struct TCPRekey` message into the queue's plaintext
1246 * @param queue queue to perform rekeying on
1249 inject_rekey (struct Queue *queue)
1251 struct TCPRekey rekey;
1252 struct TcpHandshakeSignature thp;
1254 GNUNET_assert (0 == queue->pwrite_off);
1255 memset (&rekey, 0, sizeof (rekey));
1256 GNUNET_assert (GNUNET_OK ==
1257 GNUNET_CRYPTO_ecdhe_key_create2 (&queue->ephemeral));
1258 rekey.header.type = ntohs (GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY);
1259 rekey.header.size = ntohs (sizeof (rekey));
1260 GNUNET_CRYPTO_ecdhe_key_get_public (&queue->ephemeral, &rekey.ephemeral);
1261 rekey.monotonic_time =
1262 GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg));
1263 thp.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY);
1264 thp.purpose.size = htonl (sizeof (thp));
1265 thp.sender = my_identity;
1266 thp.receiver = queue->target;
1267 thp.ephemeral = rekey.ephemeral;
1268 thp.monotonic_time = rekey.monotonic_time;
1269 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key,
1271 &rekey.sender_sig));
1272 calculate_hmac (&queue->out_hmac, &rekey, sizeof (rekey), &rekey.hmac);
1273 memcpy (queue->pwrite_buf, &rekey, sizeof (rekey));
1274 queue->rekey_state = GNUNET_YES;
1279 * We encrypted the rekey message, now update actually swap the key
1280 * material and update the key freshness parameters of @a queue.
1283 switch_key (struct Queue *queue)
1285 queue->rekey_state = GNUNET_NO;
1286 gcry_cipher_close (queue->out_cipher);
1287 setup_out_cipher (queue);
1292 * We have been notified that our socket is ready to write.
1293 * Then reschedule this function to be called again once more is available.
1295 * @param cls a `struct Queue`
1298 queue_write (void *cls)
1300 struct Queue *queue = cls;
1303 queue->write_task = NULL;
1304 sent = GNUNET_NETWORK_socket_send (queue->sock,
1307 if ((-1 == sent) && (EAGAIN != errno) && (EINTR != errno))
1309 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "send");
1310 queue_destroy (queue);
1315 size_t usent = (size_t) sent;
1317 memmove (queue->cwrite_buf,
1318 &queue->cwrite_buf[usent],
1319 queue->cwrite_off - usent);
1320 reschedule_queue_timeout (queue);
1322 /* can we encrypt more? (always encrypt full messages, needed
1323 such that #mq_cancel() can work!) */
1324 if (queue->cwrite_off + queue->pwrite_off <= BUF_SIZE)
1327 gcry_cipher_encrypt (queue->out_cipher,
1328 &queue->cwrite_buf[queue->cwrite_off],
1331 queue->pwrite_off));
1332 if (queue->rekey_left_bytes > queue->pwrite_off)
1333 queue->rekey_left_bytes -= queue->pwrite_off;
1335 queue->rekey_left_bytes = 0;
1336 queue->cwrite_off += queue->pwrite_off;
1337 queue->pwrite_off = 0;
1339 if ((GNUNET_YES == queue->rekey_state) && (0 == queue->pwrite_off))
1341 if ((0 == queue->pwrite_off) &&
1342 ((0 == queue->rekey_left_bytes) ||
1344 GNUNET_TIME_absolute_get_remaining (queue->rekey_time).rel_value_us)))
1345 inject_rekey (queue);
1346 if ((0 == queue->pwrite_off) && (! queue->finishing) &&
1347 (queue->mq_awaits_continue))
1349 queue->mq_awaits_continue = GNUNET_NO;
1350 GNUNET_MQ_impl_send_continue (queue->mq);
1352 /* did we just finish writing 'finish'? */
1353 if ((0 == queue->cwrite_off) && (GNUNET_YES == queue->finishing))
1355 queue_destroy (queue);
1358 /* do we care to write more? */
1359 if (0 < queue->cwrite_off)
1361 GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
1369 * Signature of functions implementing the sending functionality of a
1372 * @param mq the message queue
1373 * @param msg the message to send
1374 * @param impl_state our `struct Queue`
1377 mq_send (struct GNUNET_MQ_Handle *mq,
1378 const struct GNUNET_MessageHeader *msg,
1381 struct Queue *queue = impl_state;
1382 uint16_t msize = ntohs (msg->size);
1385 GNUNET_assert (mq == queue->mq);
1386 if (GNUNET_YES == queue->finishing)
1387 return; /* this queue is dying, drop msg */
1388 GNUNET_assert (0 == queue->pread_off);
1389 box.header.type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_BOX);
1390 box.header.size = htons (msize);
1391 calculate_hmac (&queue->out_hmac, msg, msize, &box.hmac);
1392 memcpy (&queue->pread_buf[queue->pread_off], &box, sizeof (box));
1393 queue->pread_off += sizeof (box);
1394 memcpy (&queue->pread_buf[queue->pread_off], msg, msize);
1395 queue->pread_off += msize;
1396 GNUNET_assert (NULL != queue->sock);
1397 if (NULL == queue->write_task)
1399 GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
1407 * Signature of functions implementing the destruction of a message
1408 * queue. Implementations must not free @a mq, but should take care
1411 * @param mq the message queue to destroy
1412 * @param impl_state our `struct Queue`
1415 mq_destroy (struct GNUNET_MQ_Handle *mq, void *impl_state)
1417 struct Queue *queue = impl_state;
1419 if (mq == queue->mq)
1422 queue_finish (queue);
1428 * Implementation function that cancels the currently sent message.
1430 * @param mq message queue
1431 * @param impl_state our `struct Queue`
1434 mq_cancel (struct GNUNET_MQ_Handle *mq, void *impl_state)
1436 struct Queue *queue = impl_state;
1438 GNUNET_assert (0 != queue->pwrite_off);
1439 queue->pwrite_off = 0;
1444 * Generic error handler, called with the appropriate
1445 * error code and the same closure specified at the creation of
1446 * the message queue.
1447 * Not every message queue implementation supports an error handler.
1449 * @param cls our `struct Queue`
1450 * @param error error code
1453 mq_error (void *cls, enum GNUNET_MQ_Error error)
1455 struct Queue *queue = cls;
1457 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1458 "MQ error in queue to %s: %d\n",
1459 GNUNET_i2s (&queue->target),
1461 queue_finish (queue);
1466 * Add the given @a queue to our internal data structure. Setup the
1467 * MQ processing and inform transport that the queue is ready. Must
1468 * be called after the KX for outgoing messages has been bootstrapped.
1470 * @param queue queue to boot
1473 boot_queue (struct Queue *queue, enum GNUNET_TRANSPORT_ConnectionStatus cs)
1476 GNUNET_NT_scanner_get_type (is, queue->address, queue->address_len);
1477 (void) GNUNET_CONTAINER_multipeermap_put (
1481 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
1482 GNUNET_STATISTICS_set (stats,
1484 GNUNET_CONTAINER_multipeermap_size (queue_map),
1487 GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
1488 queue->mq = GNUNET_MQ_queue_for_callbacks (&mq_send,
1498 switch (queue->address->sa_family)
1501 GNUNET_asprintf (&foreign_addr,
1503 COMMUNICATOR_ADDRESS_PREFIX,
1504 GNUNET_a2s (queue->address, queue->address_len));
1507 GNUNET_asprintf (&foreign_addr,
1509 COMMUNICATOR_ADDRESS_PREFIX,
1510 GNUNET_a2s (queue->address, queue->address_len));
1515 queue->qh = GNUNET_TRANSPORT_communicator_mq_add (ch,
1522 GNUNET_free (foreign_addr);
1528 * Generate and transmit our ephemeral key and the signature for
1529 * the initial KX with the other peer. Must be called first, before
1530 * any other bytes are ever written to the output buffer. Note that
1531 * our cipher must already be initialized when calling this function.
1532 * Helper function for #start_initial_kx_out().
1534 * @param queue queue to do KX for
1535 * @param epub our public key for the KX
1538 transmit_kx (struct Queue *queue,
1539 const struct GNUNET_CRYPTO_EcdhePublicKey *epub)
1541 struct TcpHandshakeSignature ths;
1542 struct TCPConfirmation tc;
1544 memcpy (queue->cwrite_buf, epub, sizeof (*epub));
1545 queue->cwrite_off = sizeof (epub);
1546 /* compute 'tc' and append in encrypted format to cwrite_buf */
1547 tc.sender = my_identity;
1549 GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg));
1550 ths.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE);
1551 ths.purpose.size = htonl (sizeof (ths));
1552 ths.sender = my_identity;
1553 ths.receiver = queue->target;
1554 ths.ephemeral = *epub;
1555 ths.monotonic_time = tc.monotonic_time;
1556 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key,
1560 gcry_cipher_encrypt (queue->out_cipher,
1561 &queue->cwrite_buf[queue->cwrite_off],
1565 queue->cwrite_off += sizeof (tc);
1570 * Initialize our key material for outgoing transmissions and
1571 * inform the other peer about it. Must be called first before
1574 * @param queue the queue to setup
1577 start_initial_kx_out (struct Queue *queue)
1579 struct GNUNET_CRYPTO_EcdhePublicKey epub;
1581 GNUNET_assert (GNUNET_OK ==
1582 GNUNET_CRYPTO_ecdhe_key_create2 (&queue->ephemeral));
1583 GNUNET_CRYPTO_ecdhe_key_get_public (&queue->ephemeral, &epub);
1584 setup_out_cipher (queue);
1585 transmit_kx (queue, &epub);
1590 * We have received the first bytes from the other side on a @a queue.
1591 * Decrypt the @a tc contained in @a ibuf and check the signature.
1592 * Note that #setup_in_cipher() must have already been called.
1594 * @param queue queue to decrypt initial bytes from other peer for
1595 * @param tc[out] where to store the result
1596 * @param ibuf incoming data, of size
1598 * @return #GNUNET_OK if the signature was OK, #GNUNET_SYSERR if not
1601 decrypt_and_check_tc (struct Queue *queue,
1602 struct TCPConfirmation *tc,
1605 struct TcpHandshakeSignature ths;
1609 gcry_cipher_decrypt (queue->in_cipher,
1612 &ibuf[sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)],
1614 ths.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE);
1615 ths.purpose.size = htonl (sizeof (ths));
1616 ths.sender = tc->sender;
1617 ths.receiver = my_identity;
1618 memcpy (&ths.ephemeral, ibuf, sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1619 ths.monotonic_time = tc->monotonic_time;
1620 return GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE,
1623 &tc->sender.public_key);
1628 * Closes socket and frees memory associated with @a pq.
1630 * @param pq proto queue to free
1633 free_proto_queue (struct ProtoQueue *pq)
1635 GNUNET_NETWORK_socket_close (pq->sock);
1636 GNUNET_free (pq->address);
1637 GNUNET_CONTAINER_DLL_remove (proto_head, proto_tail, pq);
1643 * Read from the socket of the proto queue until we have enough data
1644 * to upgrade to full queue.
1646 * @param cls a `struct ProtoQueue`
1649 proto_read_kx (void *cls)
1651 struct ProtoQueue *pq = cls;
1653 struct GNUNET_TIME_Relative left;
1654 struct Queue *queue;
1655 struct TCPConfirmation tc;
1657 pq->read_task = NULL;
1658 left = GNUNET_TIME_absolute_get_remaining (pq->timeout);
1659 if (0 == left.rel_value_us)
1661 free_proto_queue (pq);
1664 rcvd = GNUNET_NETWORK_socket_recv (pq->sock,
1665 &pq->ibuf[pq->ibuf_off],
1666 sizeof (pq->ibuf) - pq->ibuf_off);
1669 if ((EAGAIN != errno) && (EINTR != errno))
1671 GNUNET_log_strerror (GNUNET_ERROR_TYPE_DEBUG, "recv");
1672 free_proto_queue (pq);
1677 GNUNET_SCHEDULER_add_read_net (left, pq->sock, &proto_read_kx, pq);
1680 pq->ibuf_off += rcvd;
1681 if (pq->ibuf_off > sizeof (pq->ibuf))
1685 GNUNET_SCHEDULER_add_read_net (left, pq->sock, &proto_read_kx, pq);
1688 /* we got all the data, let's find out who we are talking to! */
1689 queue = GNUNET_new (struct Queue);
1690 setup_in_cipher ((const struct GNUNET_CRYPTO_EcdhePublicKey *) pq->ibuf,
1692 if (GNUNET_OK != decrypt_and_check_tc (queue, &tc, pq->ibuf))
1694 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1695 "Invalid TCP KX received from %s\n",
1696 GNUNET_a2s (queue->address, queue->address_len));
1697 gcry_cipher_close (queue->in_cipher);
1698 GNUNET_free (queue);
1699 free_proto_queue (pq);
1702 queue->address = pq->address; /* steals reference */
1703 queue->address_len = pq->address_len;
1704 queue->target = tc.sender;
1705 start_initial_kx_out (queue);
1706 boot_queue (queue, GNUNET_TRANSPORT_CS_INBOUND);
1708 GNUNET_SCHEDULER_add_read_net (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT,
1712 GNUNET_CONTAINER_DLL_remove (proto_head, proto_tail, pq);
1718 * We have been notified that our listen socket has something to
1719 * read. Do the read and reschedule this function to be called again
1720 * once more is available.
1725 listen_cb (void *cls)
1727 struct sockaddr_storage in;
1729 struct GNUNET_NETWORK_Handle *sock;
1730 struct ProtoQueue *pq;
1733 GNUNET_assert (NULL != listen_sock);
1734 addrlen = sizeof (in);
1735 memset (&in, 0, sizeof (in));
1736 sock = GNUNET_NETWORK_socket_accept (listen_sock,
1737 (struct sockaddr *) &in,
1739 if ((NULL == sock) && ((EMFILE == errno) || (ENFILE == errno)))
1740 return; /* system limit reached, wait until connection goes down */
1741 listen_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
1745 if ((NULL == sock) && ((EAGAIN == errno) || (ENOBUFS == errno)))
1749 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "accept");
1752 pq = GNUNET_new (struct ProtoQueue);
1753 pq->address_len = addrlen;
1754 pq->address = GNUNET_memdup (&in, addrlen);
1755 pq->timeout = GNUNET_TIME_relative_to_absolute (PROTO_QUEUE_TIMEOUT);
1757 pq->read_task = GNUNET_SCHEDULER_add_read_net (PROTO_QUEUE_TIMEOUT,
1761 GNUNET_CONTAINER_DLL_insert (proto_head, proto_tail, pq);
1766 * Read from the socket of the queue until we have enough data
1767 * to initialize the decryption logic and can switch to regular
1770 * @param cls a `struct Queue`
1773 queue_read_kx (void *cls)
1775 struct Queue *queue = cls;
1777 struct GNUNET_TIME_Relative left;
1778 struct TCPConfirmation tc;
1780 queue->read_task = NULL;
1781 left = GNUNET_TIME_absolute_get_remaining (queue->timeout);
1782 if (0 == left.rel_value_us)
1784 queue_destroy (queue);
1787 rcvd = GNUNET_NETWORK_socket_recv (queue->sock,
1788 &queue->cread_buf[queue->cread_off],
1789 BUF_SIZE - queue->cread_off);
1792 if ((EAGAIN != errno) && (EINTR != errno))
1794 GNUNET_log_strerror (GNUNET_ERROR_TYPE_DEBUG, "recv");
1795 queue_destroy (queue);
1799 GNUNET_SCHEDULER_add_read_net (left, queue->sock, &queue_read_kx, queue);
1802 queue->cread_off += rcvd;
1803 if (queue->cread_off < INITIAL_KX_SIZE)
1807 GNUNET_SCHEDULER_add_read_net (left, queue->sock, &queue_read_kx, queue);
1810 /* we got all the data, let's find out who we are talking to! */
1811 setup_in_cipher ((const struct GNUNET_CRYPTO_EcdhePublicKey *)
1814 if (GNUNET_OK != decrypt_and_check_tc (queue, &tc, queue->cread_buf))
1816 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1817 "Invalid TCP KX received from %s\n",
1818 GNUNET_a2s (queue->address, queue->address_len));
1819 queue_destroy (queue);
1823 memcmp (&tc.sender, &queue->target, sizeof (struct GNUNET_PeerIdentity)))
1825 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1826 "Invalid sender in TCP KX received from %s\n",
1827 GNUNET_a2s (queue->address, queue->address_len));
1828 queue_destroy (queue);
1832 /* update queue timeout */
1833 reschedule_queue_timeout (queue);
1834 /* prepare to continue with regular read task immediately */
1835 memmove (queue->cread_buf,
1836 &queue->cread_buf[INITIAL_KX_SIZE],
1837 queue->cread_off - (INITIAL_KX_SIZE));
1838 queue->cread_off -= INITIAL_KX_SIZE;
1839 queue->read_task = GNUNET_SCHEDULER_add_now (&queue_read, queue);
1844 * Function called by the transport service to initialize a
1845 * message queue given address information about another peer.
1846 * If and when the communication channel is established, the
1847 * communicator must call #GNUNET_TRANSPORT_communicator_mq_add()
1848 * to notify the service that the channel is now up. It is
1849 * the responsibility of the communicator to manage sane
1850 * retries and timeouts for any @a peer/@a address combination
1851 * provided by the transport service. Timeouts and retries
1852 * do not need to be signalled to the transport service.
1854 * @param cls closure
1855 * @param peer identity of the other peer
1856 * @param address where to send the message, human-readable
1857 * communicator-specific format, 0-terminated, UTF-8
1858 * @return #GNUNET_OK on success, #GNUNET_SYSERR if the provided address is
1862 mq_init (void *cls, const struct GNUNET_PeerIdentity *peer, const char *address)
1864 struct Queue *queue;
1866 struct sockaddr *in;
1868 struct GNUNET_NETWORK_Handle *sock;
1870 if (0 != strncmp (address,
1871 COMMUNICATOR_ADDRESS_PREFIX "-",
1872 strlen (COMMUNICATOR_ADDRESS_PREFIX "-")))
1874 GNUNET_break_op (0);
1875 return GNUNET_SYSERR;
1877 path = &address[strlen (COMMUNICATOR_ADDRESS_PREFIX "-")];
1878 in = tcp_address_to_sockaddr (path, &in_len);
1880 sock = GNUNET_NETWORK_socket_create (in->sa_family, SOCK_STREAM, IPPROTO_TCP);
1883 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1884 "socket(%d) failed: %s",
1888 return GNUNET_SYSERR;
1890 if (GNUNET_OK != GNUNET_NETWORK_socket_connect (sock, in, in_len))
1892 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1893 "connect to `%s' failed: %s",
1896 GNUNET_NETWORK_socket_close (sock);
1898 return GNUNET_SYSERR;
1901 queue = GNUNET_new (struct Queue);
1902 queue->target = *peer;
1903 queue->address = in;
1904 queue->address_len = in_len;
1906 boot_queue (queue, GNUNET_TRANSPORT_CS_OUTBOUND);
1908 GNUNET_SCHEDULER_add_read_net (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT,
1914 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1915 "Failed to setup queue to %s at `%s'\n",
1918 GNUNET_NETWORK_socket_close (sock);
1921 start_initial_kx_out (queue);
1927 * Iterator over all message queues to clean up.
1930 * @param target unused
1931 * @param value the queue to destroy
1932 * @return #GNUNET_OK to continue to iterate
1935 get_queue_delete_it (void *cls,
1936 const struct GNUNET_PeerIdentity *target,
1939 struct Queue *queue = value;
1943 queue_destroy (queue);
1949 * Shutdown the UNIX communicator.
1951 * @param cls NULL (always)
1954 do_shutdown (void *cls)
1958 GNUNET_NAT_unregister (nat);
1961 if (NULL != listen_task)
1963 GNUNET_SCHEDULER_cancel (listen_task);
1966 if (NULL != listen_sock)
1968 GNUNET_break (GNUNET_OK == GNUNET_NETWORK_socket_close (listen_sock));
1971 GNUNET_CONTAINER_multipeermap_iterate (queue_map, &get_queue_delete_it, NULL);
1972 GNUNET_CONTAINER_multipeermap_destroy (queue_map);
1975 GNUNET_TRANSPORT_communicator_disconnect (ch);
1980 GNUNET_STATISTICS_destroy (stats, GNUNET_NO);
1983 if (NULL != my_private_key)
1985 GNUNET_free (my_private_key);
1986 my_private_key = NULL;
1990 GNUNET_NT_scanner_done (is);
1997 * Function called when the transport service has received an
1998 * acknowledgement for this communicator (!) via a different return
2001 * Not applicable for TCP.
2003 * @param cls closure
2004 * @param sender which peer sent the notification
2005 * @param msg payload
2008 enc_notify_cb (void *cls,
2009 const struct GNUNET_PeerIdentity *sender,
2010 const struct GNUNET_MessageHeader *msg)
2015 GNUNET_break_op (0);
2020 * Signature of the callback passed to #GNUNET_NAT_register() for
2021 * a function to call whenever our set of 'valid' addresses changes.
2023 * @param cls closure
2024 * @param app_ctx[in,out] location where the app can store stuff
2025 * on add and retrieve it on remove
2026 * @param add_remove #GNUNET_YES to add a new public IP address,
2027 * #GNUNET_NO to remove a previous (now invalid) one
2028 * @param ac address class the address belongs to
2029 * @param addr either the previous or the new public IP address
2030 * @param addrlen actual length of the @a addr
2033 nat_address_cb (void *cls,
2036 enum GNUNET_NAT_AddressClass ac,
2037 const struct sockaddr *addr,
2041 struct GNUNET_TRANSPORT_AddressIdentifier *ai;
2043 if (GNUNET_YES == add_remove)
2045 enum GNUNET_NetworkType nt;
2047 GNUNET_asprintf (&my_addr,
2049 COMMUNICATOR_ADDRESS_PREFIX,
2050 GNUNET_a2s (addr, addrlen));
2051 nt = GNUNET_NT_scanner_get_type (is, addr, addrlen);
2053 GNUNET_TRANSPORT_communicator_address_add (ch,
2056 GNUNET_TIME_UNIT_FOREVER_REL);
2057 GNUNET_free (my_addr);
2063 GNUNET_TRANSPORT_communicator_address_remove (ai);
2070 * Setup communicator and launch network interactions.
2072 * @param cls NULL (always)
2073 * @param args remaining command-line arguments
2074 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
2075 * @param c configuration
2080 const char *cfgfile,
2081 const struct GNUNET_CONFIGURATION_Handle *c)
2084 struct sockaddr *in;
2086 struct sockaddr_storage in_sto;
2092 GNUNET_CONFIGURATION_get_value_filename (cfg,
2093 COMMUNICATOR_CONFIG_SECTION,
2097 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
2098 COMMUNICATOR_CONFIG_SECTION,
2103 GNUNET_CONFIGURATION_get_value_number (cfg,
2104 COMMUNICATOR_CONFIG_SECTION,
2107 max_queue_length = DEFAULT_MAX_QUEUE_LENGTH;
2109 in = tcp_address_to_sockaddr (bindto, &in_len);
2112 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2113 "Failed to setup TCP socket address with path `%s'\n",
2115 GNUNET_free (bindto);
2119 GNUNET_NETWORK_socket_create (in->sa_family, SOCK_STREAM, IPPROTO_TCP);
2120 if (NULL == listen_sock)
2122 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "socket");
2124 GNUNET_free (bindto);
2127 if (GNUNET_OK != GNUNET_NETWORK_socket_bind (listen_sock, in, in_len))
2129 GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "bind", bindto);
2130 GNUNET_NETWORK_socket_close (listen_sock);
2133 GNUNET_free (bindto);
2136 /* We might have bound to port 0, allowing the OS to figure it out;
2137 thus, get the real IN-address from the socket */
2138 sto_len = sizeof (in_sto);
2139 if (0 != getsockname (GNUNET_NETWORK_get_fd (listen_sock),
2140 (struct sockaddr *) &in_sto,
2143 memcpy (&in_sto, in, in_len);
2147 GNUNET_free (bindto);
2148 in = (struct sockaddr *) &in_sto;
2150 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2152 GNUNET_a2s ((const struct sockaddr *) &in_sto, sto_len));
2153 stats = GNUNET_STATISTICS_create ("C-TCP", cfg);
2154 GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL);
2155 is = GNUNET_NT_scanner_init ();
2156 my_private_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg);
2157 if (NULL == my_private_key)
2160 GNUNET_ERROR_TYPE_ERROR,
2162 "Transport service is lacking key configuration settings. Exiting.\n"));
2163 GNUNET_SCHEDULER_shutdown ();
2166 GNUNET_CRYPTO_eddsa_key_get_public (my_private_key, &my_identity.public_key);
2167 /* start listening */
2168 listen_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
2172 queue_map = GNUNET_CONTAINER_multipeermap_create (10, GNUNET_NO);
2173 ch = GNUNET_TRANSPORT_communicator_connect (cfg,
2174 COMMUNICATOR_CONFIG_SECTION,
2175 COMMUNICATOR_ADDRESS_PREFIX,
2176 GNUNET_TRANSPORT_CC_RELIABLE,
2184 GNUNET_SCHEDULER_shutdown ();
2187 nat = GNUNET_NAT_register (cfg,
2188 COMMUNICATOR_CONFIG_SECTION,
2190 1 /* one address */,
2191 (const struct sockaddr **) &in,
2194 NULL /* FIXME: support reversal: #5529 */,
2195 NULL /* closure */);
2200 * The main function for the UNIX communicator.
2202 * @param argc number of arguments from the command line
2203 * @param argv command line arguments
2204 * @return 0 ok, 1 on error
2207 main (int argc, char *const *argv)
2209 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
2210 GNUNET_GETOPT_OPTION_END};
2213 if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv))
2216 ret = (GNUNET_OK == GNUNET_PROGRAM_run (argc,
2218 "gnunet-communicator-tcp",
2219 _ ("GNUnet TCP communicator"),
2225 GNUNET_free ((void *) argv);
2230 /* end of gnunet-communicator-tcp.c */