2 This file is part of GNUnet.
3 (C) 2010,2011 Christian Grothoff (and other contributing authors)
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file transport/gnunet-service-transport_validation.c
23 * @brief address validation subsystem
24 * @author Christian Grothoff
27 #include "gnunet-service-transport_validation.h"
28 #include "gnunet-service-transport_plugins.h"
29 #include "gnunet-service-transport_hello.h"
30 #include "gnunet-service-transport_blacklist.h"
31 #include "gnunet-service-transport.h"
32 #include "gnunet_hello_lib.h"
33 #include "gnunet_ats_service.h"
34 #include "gnunet_peerinfo_service.h"
35 #include "gnunet_signatures.h"
39 * How long is a PONG signature valid? We'll recycle a signature until
40 * 1/4 of this time is remaining. PONGs should expire so that if our
41 * external addresses change an adversary cannot replay them indefinitely.
42 * OTOH, we don't want to spend too much time generating PONG signatures,
43 * so they must have some lifetime to reduce our CPU usage.
45 #define PONG_SIGNATURE_LIFETIME GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 1)
48 * After how long do we expire an address in a HELLO that we just
49 * validated? This value is also used for our own addresses when we
52 #define HELLO_ADDRESS_EXPIRATION GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12)
55 * How often do we allow PINGing an address that we have not yet
56 * validated? This also determines how long we track an address that
57 * we cannot validate (because after this time we can destroy the
60 #define UNVALIDATED_PING_KEEPALIVE GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)
63 * How often do we PING an address that we have successfully validated
64 * in the past but are not actively using? Should be (significantly)
65 * smaller than HELLO_ADDRESS_EXPIRATION.
67 #define VALIDATED_PING_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 15)
70 * How often do we PING an address that we are currently using?
72 #define CONNECTED_PING_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 2)
75 * How much delay is acceptable for sending the PING or PONG?
77 #define ACCEPTABLE_PING_DELAY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 1)
80 * Size of the validation map hashmap.
82 #define VALIDATION_MAP_SIZE 256
85 * Priority to use for PINGs
87 #define PING_PRIORITY 2
90 * Priority to use for PONGs
92 #define PONG_PRIORITY 4
95 GNUNET_NETWORK_STRUCT_BEGIN
98 * Message used to ask a peer to validate receipt (to check an address
99 * from a HELLO). Followed by the address we are trying to validate,
100 * or an empty address if we are just sending a PING to confirm that a
101 * connection which the receiver (of the PING) initiated is still valid.
103 struct TransportPingMessage
107 * Type will be GNUNET_MESSAGE_TYPE_TRANSPORT_PING
109 struct GNUNET_MessageHeader header;
112 * Challenge code (to ensure fresh reply).
114 uint32_t challenge GNUNET_PACKED;
117 * Who is the intended recipient?
119 struct GNUNET_PeerIdentity target;
125 * Message used to validate a HELLO. The challenge is included in the
126 * confirmation to make matching of replies to requests possible. The
127 * signature signs our public key, an expiration time and our address.<p>
129 * This message is followed by our transport address that the PING tried
130 * to confirm (if we liked it). The address can be empty (zero bytes)
131 * if the PING had not address either (and we received the request via
132 * a connection that we initiated).
134 struct TransportPongMessage
138 * Type will be GNUNET_MESSAGE_TYPE_TRANSPORT_PONG
140 struct GNUNET_MessageHeader header;
143 * Challenge code from PING (showing freshness). Not part of what
144 * is signed so that we can re-use signatures.
146 uint32_t challenge GNUNET_PACKED;
151 struct GNUNET_CRYPTO_RsaSignature signature;
154 * GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN to confirm that this is a
155 * plausible address for the signing peer.
157 struct GNUNET_CRYPTO_RsaSignaturePurpose purpose;
160 * When does this signature expire?
162 struct GNUNET_TIME_AbsoluteNBO expiration;
165 * Size of address appended to this message (part of what is
166 * being signed, hence not redundant).
168 uint32_t addrlen GNUNET_PACKED;
171 GNUNET_NETWORK_STRUCT_END
174 * Information about an address under validation
176 struct ValidationEntry
182 struct GNUNET_HELLO_Address *address;
185 * Handle to the blacklist check (if we're currently in it).
187 struct GST_BlacklistCheck *bc;
190 * Public key of the peer.
192 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
195 * The identity of the peer. FIXME: duplicated (also in 'address')
197 struct GNUNET_PeerIdentity pid;
200 * ID of task that will clean up this entry if nothing happens.
202 GNUNET_SCHEDULER_TaskIdentifier timeout_task;
205 * ID of task that will trigger address revalidation.
207 GNUNET_SCHEDULER_TaskIdentifier revalidation_task;
210 * At what time did we send the latest validation request (PING)?
212 struct GNUNET_TIME_Absolute send_time;
215 * Until when is this address valid?
216 * ZERO if it is not currently considered valid.
218 struct GNUNET_TIME_Absolute valid_until;
221 * How long until we can try to validate this address again?
222 * FOREVER if the address is for an unsupported plugin (from PEERINFO)
223 * ZERO if the address is considered valid (no validation needed)
224 * otherwise a time in the future if we're currently denying re-validation
226 struct GNUNET_TIME_Absolute revalidation_block;
229 * Last observed latency for this address (round-trip), delay between
230 * last PING sent and PONG received; FOREVER if we never got a PONG.
232 struct GNUNET_TIME_Relative latency;
235 * Challenge number we used.
240 * When passing the address in 'add_valid_peer_address', did we
241 * copy the address to the HELLO yet?
246 * Are we currently using this address for a connection?
251 * Are we expecting a PONG message for this validation entry?
258 * Context of currently active requests to peerinfo
259 * for validation of HELLOs.
261 struct CheckHelloValidatedContext
265 * This is a doubly-linked list.
267 struct CheckHelloValidatedContext *next;
270 * This is a doubly-linked list.
272 struct CheckHelloValidatedContext *prev;
275 * Hello that we are validating.
277 const struct GNUNET_HELLO_Message *hello;
283 * Head of linked list of HELLOs awaiting validation.
285 static struct CheckHelloValidatedContext *chvc_head;
288 * Tail of linked list of HELLOs awaiting validation
290 static struct CheckHelloValidatedContext *chvc_tail;
293 * Map of PeerIdentities to 'struct ValidationEntry*'s (addresses
294 * of the given peer that we are currently validating, have validated
295 * or are blocked from re-validation for a while).
297 static struct GNUNET_CONTAINER_MultiHashMap *validation_map;
300 * Context for peerinfo iteration.
302 static struct GNUNET_PEERINFO_NotifyContext *pnc;
306 * Context for the validation entry match function.
308 struct ValidationEntryMatchContext
311 * Where to store the result?
313 struct ValidationEntry *ve;
316 * Address we're interested in.
318 const struct GNUNET_HELLO_Address *address;
324 * Iterate over validation entries until a matching one is found.
326 * @param cls the 'struct ValidationEntryMatchContext'
327 * @param key peer identity (unused)
328 * @param value a 'struct ValidationEntry' to match
329 * @return GNUNET_YES if the entry does not match,
330 * GNUNET_NO if the entry does match
333 validation_entry_match (void *cls, const GNUNET_HashCode * key, void *value)
335 struct ValidationEntryMatchContext *vemc = cls;
336 struct ValidationEntry *ve = value;
338 if (0 == GNUNET_HELLO_address_cmp (ve->address, vemc->address))
348 * Iterate over validation entries and free them.
350 * @param cls (unused)
351 * @param key peer identity (unused)
352 * @param value a 'struct ValidationEntry' to clean up
353 * @return GNUNET_YES (continue to iterate)
356 cleanup_validation_entry (void *cls, const GNUNET_HashCode * key, void *value)
358 struct ValidationEntry *ve = value;
362 GST_blacklist_test_cancel (ve->bc);
365 GNUNET_break (GNUNET_OK ==
366 GNUNET_CONTAINER_multihashmap_remove (validation_map,
367 &ve->pid.hashPubKey, ve));
368 GNUNET_HELLO_address_free (ve->address);
369 if (GNUNET_SCHEDULER_NO_TASK != ve->timeout_task)
371 GNUNET_SCHEDULER_cancel (ve->timeout_task);
372 ve->timeout_task = GNUNET_SCHEDULER_NO_TASK;
374 if (GNUNET_SCHEDULER_NO_TASK != ve->revalidation_task)
376 GNUNET_SCHEDULER_cancel (ve->revalidation_task);
377 ve->revalidation_task = GNUNET_SCHEDULER_NO_TASK;
385 * Address validation cleanup task. Assesses if the record is no
386 * longer valid and then possibly triggers its removal.
388 * @param cls the 'struct ValidationEntry'
389 * @param tc scheduler context (unused)
392 timeout_hello_validation (void *cls,
393 const struct GNUNET_SCHEDULER_TaskContext *tc)
395 struct ValidationEntry *ve = cls;
396 struct GNUNET_TIME_Absolute max;
397 struct GNUNET_TIME_Relative left;
399 ve->timeout_task = GNUNET_SCHEDULER_NO_TASK;
400 max = GNUNET_TIME_absolute_max (ve->valid_until, ve->revalidation_block);
401 left = GNUNET_TIME_absolute_get_remaining (max);
402 if (left.rel_value > 0)
404 /* should wait a bit longer */
406 GNUNET_SCHEDULER_add_delayed (left, &timeout_hello_validation, ve);
409 GNUNET_STATISTICS_update (GST_stats,
410 gettext_noop ("# address records discarded"), 1,
412 cleanup_validation_entry (NULL, &ve->pid.hashPubKey, ve);
417 * Function called with the result from blacklisting.
418 * Send a PING to the other peer if a communication is allowed.
420 * @param cls our 'struct ValidationEntry'
421 * @param pid identity of the other peer
422 * @param result GNUNET_OK if the connection is allowed, GNUNET_NO if not
425 transmit_ping_if_allowed (void *cls, const struct GNUNET_PeerIdentity *pid,
428 struct ValidationEntry *ve = cls;
429 struct TransportPingMessage ping;
430 struct GNUNET_TRANSPORT_PluginFunctions *papi;
431 const struct GNUNET_MessageHeader *hello;
438 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Transmitting plain PING to `%s' %s\n",
439 GNUNET_i2s (pid), GST_plugins_a2s (ve->address));
441 slen = strlen (ve->address->transport_name) + 1;
442 hello = GST_hello_get ();
443 hsize = ntohs (hello->size);
445 sizeof (struct TransportPingMessage) + ve->address->address_length +
449 htons (sizeof (struct TransportPingMessage) +
450 ve->address->address_length + slen);
451 ping.header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PING);
452 ping.challenge = htonl (ve->challenge);
455 if (tsize >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
457 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
459 ("Not transmitting `%s' with `%s', message too big (%u bytes!). This should not happen.\n"),
460 "HELLO", "PING", (unsigned int) tsize);
461 /* message too big (!?), get rid of HELLO */
464 sizeof (struct TransportPingMessage) + ve->address->address_length +
468 char message_buf[tsize];
470 /* build message with structure:
471 * [HELLO][TransportPingMessage][Transport name][Address] */
472 memcpy (message_buf, hello, hsize);
473 memcpy (&message_buf[hsize], &ping, sizeof (struct TransportPingMessage));
474 memcpy (&message_buf[sizeof (struct TransportPingMessage) + hsize],
475 ve->address->transport_name, slen);
476 memcpy (&message_buf[sizeof (struct TransportPingMessage) + slen + hsize],
477 ve->address, ve->address->address_length);
478 papi = GST_plugins_find (ve->address->transport_name);
483 GNUNET_assert (papi->send != NULL);
485 papi->send (papi->cls, pid, message_buf, tsize, PING_PRIORITY,
486 ACCEPTABLE_PING_DELAY, NULL /* no session */ ,
487 ve->address->address, ve->address->address_length,
488 GNUNET_YES, NULL, NULL);
493 ve->send_time = GNUNET_TIME_absolute_get ();
494 GNUNET_STATISTICS_update (GST_stats,
496 ("# PING without HELLO messages sent"), 1,
498 ve->expecting_pong = GNUNET_YES;
504 * Do address validation again to keep address valid.
506 * @param cls the 'struct ValidationEntry'
507 * @param tc scheduler context (unused)
510 revalidate_address (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
512 struct ValidationEntry *ve = cls;
513 struct GNUNET_TIME_Relative canonical_delay;
514 struct GNUNET_TIME_Relative delay;
515 struct GST_BlacklistCheck *bc;
518 ve->revalidation_task = GNUNET_SCHEDULER_NO_TASK;
519 delay = GNUNET_TIME_absolute_get_remaining (ve->revalidation_block);
520 /* How long until we can possibly permit the next PING? */
523 GNUNET_YES) ? CONNECTED_PING_FREQUENCY
524 : ((GNUNET_TIME_absolute_get_remaining (ve->valid_until).rel_value >
525 0) ? VALIDATED_PING_FREQUENCY : UNVALIDATED_PING_KEEPALIVE);
526 if (delay.rel_value > canonical_delay.rel_value * 2)
528 /* situation changed, recalculate delay */
529 delay = canonical_delay;
530 ve->revalidation_block = GNUNET_TIME_relative_to_absolute (delay);
532 if (delay.rel_value > 0)
534 /* should wait a bit longer */
535 ve->revalidation_task =
536 GNUNET_SCHEDULER_add_delayed (delay, &revalidate_address, ve);
539 ve->revalidation_block = GNUNET_TIME_relative_to_absolute (canonical_delay);
541 /* schedule next PINGing with some extra random delay to avoid synchronous re-validations */
543 GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
544 canonical_delay.rel_value);
546 GNUNET_TIME_relative_add (canonical_delay,
547 GNUNET_TIME_relative_multiply
548 (GNUNET_TIME_UNIT_MILLISECONDS, rdelay));
549 ve->revalidation_task =
550 GNUNET_SCHEDULER_add_delayed (delay, &revalidate_address, ve);
552 /* start PINGing by checking blacklist */
553 GNUNET_STATISTICS_update (GST_stats,
554 gettext_noop ("# address revalidations started"), 1,
556 bc = GST_blacklist_test_allowed (&ve->pid, ve->address->transport_name,
557 &transmit_ping_if_allowed, ve);
559 ve->bc = bc; /* only set 'bc' if 'transmit_ping_if_allowed' was not already
565 * Find a ValidationEntry entry for the given neighbour that matches
566 * the given address and transport. If none exists, create one (but
567 * without starting any validation).
569 * @param public_key public key of the peer, NULL for unknown
570 * @param address address to find
571 * @return validation entry matching the given specifications, NULL
572 * if we don't have an existing entry and no public key was given
574 static struct ValidationEntry *
575 find_validation_entry (const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded
576 *public_key, const struct GNUNET_HELLO_Address *address)
578 struct ValidationEntryMatchContext vemc;
579 struct ValidationEntry *ve;
582 vemc.address = address;
583 GNUNET_CONTAINER_multihashmap_get_multiple (validation_map,
584 &address->peer.hashPubKey,
585 &validation_entry_match, &vemc);
586 if (NULL != (ve = vemc.ve))
588 if (public_key == NULL)
590 ve = GNUNET_malloc (sizeof (struct ValidationEntry));
591 ve->address = GNUNET_HELLO_address_copy (address);
592 ve->public_key = *public_key;
593 ve->pid = address->peer;
594 ve->latency = GNUNET_TIME_UNIT_FOREVER_REL;
596 GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX);
598 GNUNET_SCHEDULER_add_delayed (UNVALIDATED_PING_KEEPALIVE,
599 &timeout_hello_validation, ve);
600 GNUNET_CONTAINER_multihashmap_put (validation_map, &address->peer.hashPubKey,
602 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
603 ve->expecting_pong = GNUNET_NO;
609 * Iterator which adds the given address to the set of validated
612 * @param cls original HELLO message
613 * @param address the address
614 * @param expiration expiration time
615 * @return GNUNET_OK (keep the address)
618 add_valid_address (void *cls, const struct GNUNET_HELLO_Address *address,
619 struct GNUNET_TIME_Absolute expiration)
621 const struct GNUNET_HELLO_Message *hello = cls;
622 struct ValidationEntry *ve;
623 struct GNUNET_PeerIdentity pid;
624 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
626 if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0)
627 return GNUNET_OK; /* expired */
628 if ((GNUNET_OK != GNUNET_HELLO_get_id (hello, &pid)) ||
629 (GNUNET_OK != GNUNET_HELLO_get_key (hello, &public_key)))
632 return GNUNET_OK; /* invalid HELLO !? */
634 if (0 == memcmp (&GST_my_identity, &pid, sizeof (struct GNUNET_PeerIdentity)))
636 /* Peerinfo returned own identity, skip validation */
640 ve = find_validation_entry (&public_key, address);
641 ve->valid_until = GNUNET_TIME_absolute_max (ve->valid_until, expiration);
643 if (GNUNET_SCHEDULER_NO_TASK == ve->revalidation_task)
644 ve->revalidation_task = GNUNET_SCHEDULER_add_now (&revalidate_address, ve);
645 GNUNET_ATS_address_update (GST_ats, address, NULL, NULL, 0);
651 * Function called for any HELLO known to PEERINFO.
654 * @param peer id of the peer, NULL for last call
655 * @param hello hello message for the peer (can be NULL)
656 * @param err_msg error message
659 process_peerinfo_hello (void *cls, const struct GNUNET_PeerIdentity *peer,
660 const struct GNUNET_HELLO_Message *hello,
663 GNUNET_assert (NULL != peer);
666 GNUNET_assert (NULL ==
667 GNUNET_HELLO_iterate_addresses (hello, GNUNET_NO,
674 * Start the validation subsystem.
677 GST_validation_start ()
679 validation_map = GNUNET_CONTAINER_multihashmap_create (VALIDATION_MAP_SIZE);
680 pnc = GNUNET_PEERINFO_notify (GST_cfg, &process_peerinfo_hello, NULL);
685 * Stop the validation subsystem.
688 GST_validation_stop ()
690 struct CheckHelloValidatedContext *chvc;
692 GNUNET_CONTAINER_multihashmap_iterate (validation_map,
693 &cleanup_validation_entry, NULL);
694 GNUNET_CONTAINER_multihashmap_destroy (validation_map);
695 validation_map = NULL;
696 while (NULL != (chvc = chvc_head))
698 GNUNET_CONTAINER_DLL_remove (chvc_head, chvc_tail, chvc);
701 GNUNET_PEERINFO_notify_cancel (pnc);
706 * Send the given PONG to the given address.
708 * @param cls the PONG message
709 * @param public_key public key for the peer, never NULL
710 * @param valid_until is ZERO if we never validated the address,
711 * otherwise a time up to when we consider it (or was) valid
712 * @param validation_block is FOREVER if the address is for an unsupported plugin (from PEERINFO)
713 * is ZERO if the address is considered valid (no validation needed)
714 * otherwise a time in the future if we're currently denying re-validation
715 * @param address target address
718 multicast_pong (void *cls,
719 const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded
720 *public_key, struct GNUNET_TIME_Absolute valid_until,
721 struct GNUNET_TIME_Absolute validation_block,
722 const struct GNUNET_HELLO_Address *address)
724 struct TransportPongMessage *pong = cls;
725 struct GNUNET_TRANSPORT_PluginFunctions *papi;
727 papi = GST_plugins_find (address->transport_name);
730 (void) papi->send (papi->cls, &address->peer, (const char *) pong,
731 ntohs (pong->header.size), PONG_PRIORITY,
732 ACCEPTABLE_PING_DELAY, NULL, address->address,
733 address->address_length, GNUNET_YES, NULL, NULL);
738 * We've received a PING. If appropriate, generate a PONG.
740 * @param sender peer sending the PING
741 * @param hdr the PING
742 * @param sender_address the sender address as we got it
743 * @param session session we got the PING from
746 GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
747 const struct GNUNET_MessageHeader *hdr,
748 const struct GNUNET_HELLO_Address *sender_address,
749 struct Session *session)
751 const struct TransportPingMessage *ping;
752 struct TransportPongMessage *pong;
753 struct GNUNET_TRANSPORT_PluginFunctions *papi;
754 struct GNUNET_CRYPTO_RsaSignature *sig_cache;
755 struct GNUNET_TIME_Absolute *sig_cache_exp;
761 struct GNUNET_HELLO_Address address;
763 if (ntohs (hdr->size) < sizeof (struct TransportPingMessage))
768 ping = (const struct TransportPingMessage *) hdr;
770 memcmp (&ping->target, &GST_my_identity,
771 sizeof (struct GNUNET_PeerIdentity)))
773 GNUNET_STATISTICS_update (GST_stats,
775 ("# PING message for different peer received"), 1,
779 GNUNET_STATISTICS_update (GST_stats,
780 gettext_noop ("# PING messages received"), 1,
782 addr = (const char *) &ping[1];
783 alen = ntohs (hdr->size) - sizeof (struct TransportPingMessage);
784 /* peer wants to confirm that this is one of our addresses, this is what is
785 * used for address validation */
788 sig_cache_exp = NULL;
792 addrend = memchr (addr, '\0', alen);
799 slen = strlen (addr) + 1;
801 address.address = addrend;
802 address.address_length = alen;
803 address.transport_name = addr;
804 address.peer = *sender;
806 GST_hello_test_address (&address, &sig_cache, &sig_cache_exp))
808 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
810 ("Not confirming PING with address `%s' since I cannot confirm having this address.\n"),
811 GST_plugins_a2s (&address));
817 addrend = NULL; /* make gcc happy */
819 static struct GNUNET_CRYPTO_RsaSignature no_address_signature;
820 static struct GNUNET_TIME_Absolute no_address_signature_expiration;
822 sig_cache = &no_address_signature;
823 sig_cache_exp = &no_address_signature_expiration;
826 pong = GNUNET_malloc (sizeof (struct TransportPongMessage) + alen + slen);
828 htons (sizeof (struct TransportPongMessage) + alen + slen);
829 pong->header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PONG);
831 htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) +
832 sizeof (uint32_t) + sizeof (struct GNUNET_TIME_AbsoluteNBO) +
834 pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN);
835 pong->challenge = ping->challenge;
836 pong->addrlen = htonl (alen + slen);
837 memcpy (&pong[1], addr, slen);
838 memcpy (&((char *) &pong[1])[slen], addrend, alen);
839 if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value <
840 PONG_SIGNATURE_LIFETIME.rel_value / 4)
842 /* create / update cached sig */
844 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
845 "Creating PONG signature to indicate ownership.\n");
847 *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
848 pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
849 GNUNET_assert (GNUNET_OK ==
850 GNUNET_CRYPTO_rsa_sign (GST_my_private_key, &pong->purpose,
855 pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
857 pong->signature = *sig_cache;
859 /* first see if the session we got this PING from can be used to transmit
860 * a response reliably */
861 papi = GST_plugins_find (sender_address->transport_name);
866 papi->send (papi->cls, sender, (const char *) pong,
867 ntohs (pong->header.size), PONG_PRIORITY,
868 ACCEPTABLE_PING_DELAY, session, sender_address->address,
869 sender_address->address_length, GNUNET_SYSERR, NULL, NULL);
872 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
873 "Transmitted PONG to `%s' via reliable mechanism\n",
874 GNUNET_i2s (sender));
876 GNUNET_STATISTICS_update (GST_stats,
878 ("# PONGs unicast via reliable transport"), 1,
884 /* no reliable method found, try transmission via all known addresses */
885 GNUNET_STATISTICS_update (GST_stats,
887 ("# PONGs multicast to all available addresses"), 1,
889 GST_validation_get_addresses (sender, &multicast_pong, pong);
895 * Context for the 'validate_address' function
897 struct ValidateAddressContext
900 * Hash of the public key of the peer whose address is being validated.
902 struct GNUNET_PeerIdentity pid;
905 * Public key of the peer whose address is being validated.
907 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
912 * Iterator callback to go over all addresses and try to validate them
913 * (unless blocked or already validated).
915 * @param cls pointer to a 'struct ValidateAddressContext'
916 * @param address the address
917 * @param expiration expiration time
918 * @return GNUNET_OK (keep the address)
921 validate_address_iterator (void *cls,
922 const struct GNUNET_HELLO_Address *address,
923 struct GNUNET_TIME_Absolute expiration)
925 const struct ValidateAddressContext *vac = cls;
926 struct ValidationEntry *ve;
928 if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0)
929 return GNUNET_OK; /* expired */
930 ve = find_validation_entry (&vac->public_key, address);
931 if (GNUNET_SCHEDULER_NO_TASK == ve->revalidation_task)
932 ve->revalidation_task = GNUNET_SCHEDULER_add_now (&revalidate_address, ve);
938 * Add the validated peer address to the HELLO.
940 * @param cls the 'struct ValidationEntry' with the validated address
941 * @param max space in buf
942 * @param buf where to add the address
943 * @return number of bytes written, 0 to signal the
944 * end of the iteration.
947 add_valid_peer_address (void *cls, size_t max, void *buf)
949 struct ValidationEntry *ve = cls;
951 if (GNUNET_YES == ve->copied)
952 return 0; /* terminate */
953 ve->copied = GNUNET_YES;
954 return GNUNET_HELLO_add_address (ve->address, ve->valid_until, buf, max);
959 * We've received a PONG. Check if it matches a pending PING and
960 * mark the respective address as confirmed.
962 * @param sender peer sending the PONG
963 * @param hdr the PONG
966 GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
967 const struct GNUNET_MessageHeader *hdr)
969 const struct TransportPongMessage *pong;
970 struct ValidationEntry *ve;
976 struct GNUNET_HELLO_Message *hello;
977 struct GNUNET_HELLO_Address address;
979 if (ntohs (hdr->size) < sizeof (struct TransportPongMessage))
984 GNUNET_STATISTICS_update (GST_stats,
985 gettext_noop ("# PONG messages received"), 1,
988 pong = (const struct TransportPongMessage *) hdr;
989 tname = (const char *) &pong[1];
990 size = ntohs (hdr->size) - sizeof (struct TransportPongMessage);
991 addr = memchr (tname, '\0', size);
998 slen = strlen (tname) + 1;
999 addrlen = size - slen;
1000 address.peer = *sender;
1001 address.address = addr;
1002 address.address_length = addrlen;
1003 address.transport_name = tname;
1004 ve = find_validation_entry (NULL, &address);
1005 if ((NULL == ve) || (ve->expecting_pong == GNUNET_NO))
1007 GNUNET_STATISTICS_update (GST_stats,
1009 ("# PONGs dropped, no matching pending validation"),
1013 /* now check that PONG is well-formed */
1014 if (0 != memcmp (&ve->pid, sender, sizeof (struct GNUNET_PeerIdentity)))
1016 GNUNET_break_op (0);
1021 GNUNET_CRYPTO_rsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
1022 &pong->purpose, &pong->signature,
1025 GNUNET_break_op (0);
1029 if (GNUNET_TIME_absolute_get_remaining
1030 (GNUNET_TIME_absolute_ntoh (pong->expiration)).rel_value == 0)
1032 GNUNET_STATISTICS_update (GST_stats,
1034 ("# PONGs dropped, signature expired"), 1,
1039 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1040 "Address validated for peer `%s' with plugin `%s': `%s'\n",
1041 GNUNET_i2s (sender), tname, GST_plugins_a2s (tname, addr,
1045 /* validity achieved, remember it! */
1046 ve->expecting_pong = GNUNET_NO;
1047 ve->valid_until = GNUNET_TIME_relative_to_absolute (HELLO_ADDRESS_EXPIRATION);
1048 ve->latency = GNUNET_TIME_absolute_get_duration (ve->send_time);
1050 struct GNUNET_ATS_Information ats;
1052 ats.type = htonl (GNUNET_ATS_QUALITY_NET_DELAY);
1053 ats.value = htonl ((uint32_t) ve->latency.rel_value);
1054 GNUNET_ATS_address_update (GST_ats, ve->address, NULL, &ats, 1);
1056 /* build HELLO to store in PEERINFO */
1057 ve->copied = GNUNET_NO;
1058 hello = GNUNET_HELLO_create (&ve->public_key, &add_valid_peer_address, ve);
1059 GNUNET_PEERINFO_add_peer (GST_peerinfo, hello);
1060 GNUNET_free (hello);
1065 * We've received a HELLO, check which addresses are new and trigger
1068 * @param hello the HELLO we received
1071 GST_validation_handle_hello (const struct GNUNET_MessageHeader *hello)
1073 const struct GNUNET_HELLO_Message *hm =
1074 (const struct GNUNET_HELLO_Message *) hello;
1075 struct ValidateAddressContext vac;
1076 struct GNUNET_HELLO_Message *h;
1078 if ((GNUNET_OK != GNUNET_HELLO_get_id (hm, &vac.pid)) ||
1079 (GNUNET_OK != GNUNET_HELLO_get_key (hm, &vac.public_key)))
1081 /* malformed HELLO */
1086 memcmp (&GST_my_identity, &vac.pid, sizeof (struct GNUNET_PeerIdentity)))
1088 /* Add peer identity without addresses to peerinfo service */
1089 h = GNUNET_HELLO_create (&vac.public_key, NULL, NULL);
1090 GNUNET_PEERINFO_add_peer (GST_peerinfo, h);
1091 #if VERBOSE_VALIDATION
1092 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1093 _("Adding `%s' without addresses for peer `%s'\n"), "HELLO",
1094 GNUNET_i2s (&vac.pid));
1097 GNUNET_assert (NULL ==
1098 GNUNET_HELLO_iterate_addresses (hm, GNUNET_NO,
1099 &validate_address_iterator,
1105 * Closure for 'iterate_addresses'
1107 struct IteratorContext
1110 * Function to call on each address.
1112 GST_ValidationAddressCallback cb;
1123 * Call the callback in the closure for each validation entry.
1125 * @param cls the 'struct GST_ValidationIteratorContext'
1126 * @param key the peer's identity
1127 * @param value the 'struct ValidationEntry'
1128 * @return GNUNET_OK (continue to iterate)
1131 iterate_addresses (void *cls, const GNUNET_HashCode * key, void *value)
1133 struct IteratorContext *ic = cls;
1134 struct ValidationEntry *ve = value;
1136 ic->cb (ic->cb_cls, &ve->public_key, ve->valid_until, ve->revalidation_block,
1143 * Call the given function for each address for the given target.
1144 * Can either give a snapshot (synchronous API) or be continuous.
1146 * @param target peer information is requested for
1147 * @param cb function to call; will not be called after this function returns
1148 * @param cb_cls closure for 'cb'
1151 GST_validation_get_addresses (const struct GNUNET_PeerIdentity *target,
1152 GST_ValidationAddressCallback cb, void *cb_cls)
1154 struct IteratorContext ic;
1158 GNUNET_CONTAINER_multihashmap_get_multiple (validation_map,
1159 &target->hashPubKey,
1160 &iterate_addresses, &ic);
1165 * Update if we are using an address for a connection actively right now.
1166 * Based on this, the validation module will measure latency for the
1167 * address more or less often.
1169 * @param address the address
1170 * @param session the session
1171 * @param in_use GNUNET_YES if we are now using the address for a connection,
1172 * GNUNET_NO if we are no longer using the address for a connection
1175 GST_validation_set_address_use (const struct GNUNET_HELLO_Address *address,
1176 struct Session *session,
1179 struct ValidationEntry *ve;
1181 if (NULL != address)
1182 ve = find_validation_entry (NULL, address);
1184 ve = NULL; /* FIXME: lookup based on session... */
1187 /* this can happen for inbound connections (sender_address_len == 0); */
1190 if (ve->in_use == in_use)
1191 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1192 "GST_validation_set_address_use: %s %s: ve->in_use %i <-> in_use %i\n",
1193 GNUNET_i2s (&address->peer), GST_plugins_a2s (address), ve->in_use,
1195 GNUNET_break (ve->in_use != in_use); /* should be different... */
1196 ve->in_use = in_use;
1197 if (in_use == GNUNET_YES)
1199 /* from now on, higher frequeny, so reschedule now */
1200 GNUNET_SCHEDULER_cancel (ve->revalidation_task);
1201 ve->revalidation_task = GNUNET_SCHEDULER_add_now (&revalidate_address, ve);
1207 * Query validation about the latest observed latency on a given
1210 * @param sender peer
1211 * @param address the address
1212 * @param session session
1213 * @return observed latency of the address, FOREVER if the address was
1214 * never successfully validated
1216 struct GNUNET_TIME_Relative
1217 GST_validation_get_address_latency (const struct GNUNET_PeerIdentity *sender,
1218 const struct GNUNET_HELLO_Address *address,
1219 struct Session *session)
1221 struct ValidationEntry *ve;
1223 if (NULL == address)
1225 GNUNET_break (0); // FIXME: support having latency only with session...
1226 return GNUNET_TIME_UNIT_FOREVER_REL;
1228 ve = find_validation_entry (NULL, address);
1230 return GNUNET_TIME_UNIT_FOREVER_REL;
1235 /* end of file gnunet-service-transport_validation.c */