2 This file is part of GNUnet.
3 (C) 2010,2011 Christian Grothoff (and other contributing authors)
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file transport/gnunet-service-transport_validation.c
23 * @brief address validation subsystem
24 * @author Christian Grothoff
27 #include "gnunet-service-transport_validation.h"
28 #include "gnunet-service-transport_plugins.h"
29 #include "gnunet-service-transport_hello.h"
30 #include "gnunet-service-transport_blacklist.h"
31 #include "gnunet-service-transport.h"
32 #include "gnunet_hello_lib.h"
33 #include "gnunet_ats_service.h"
34 #include "gnunet_peerinfo_service.h"
35 #include "gnunet_signatures.h"
39 * How long is a PONG signature valid? We'll recycle a signature until
40 * 1/4 of this time is remaining. PONGs should expire so that if our
41 * external addresses change an adversary cannot replay them indefinitely.
42 * OTOH, we don't want to spend too much time generating PONG signatures,
43 * so they must have some lifetime to reduce our CPU usage.
45 #define PONG_SIGNATURE_LIFETIME GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 1)
48 * After how long do we expire an address in a HELLO that we just
49 * validated? This value is also used for our own addresses when we
52 #define HELLO_ADDRESS_EXPIRATION GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12)
55 * How often do we allow PINGing an address that we have not yet
56 * validated? This also determines how long we track an address that
57 * we cannot validate (because after this time we can destroy the
60 #define UNVALIDATED_PING_KEEPALIVE GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)
63 * How often do we PING an address that we have successfully validated
64 * in the past but are not actively using? Should be (significantly)
65 * smaller than HELLO_ADDRESS_EXPIRATION.
67 #define VALIDATED_PING_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 15)
70 * How often do we PING an address that we are currently using?
72 #define CONNECTED_PING_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 2)
75 * How much delay is acceptable for sending the PING or PONG?
77 #define ACCEPTABLE_PING_DELAY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 1)
80 * Size of the validation map hashmap.
82 #define VALIDATION_MAP_SIZE 256
85 * Priority to use for PINGs
87 #define PING_PRIORITY 2
90 * Priority to use for PONGs
92 #define PONG_PRIORITY 4
96 * Message used to ask a peer to validate receipt (to check an address
97 * from a HELLO). Followed by the address we are trying to validate,
98 * or an empty address if we are just sending a PING to confirm that a
99 * connection which the receiver (of the PING) initiated is still valid.
101 struct TransportPingMessage
105 * Type will be GNUNET_MESSAGE_TYPE_TRANSPORT_PING
107 struct GNUNET_MessageHeader header;
110 * Challenge code (to ensure fresh reply).
112 uint32_t challenge GNUNET_PACKED;
115 * Who is the intended recipient?
117 struct GNUNET_PeerIdentity target;
123 * Message used to validate a HELLO. The challenge is included in the
124 * confirmation to make matching of replies to requests possible. The
125 * signature signs our public key, an expiration time and our address.<p>
127 * This message is followed by our transport address that the PING tried
128 * to confirm (if we liked it). The address can be empty (zero bytes)
129 * if the PING had not address either (and we received the request via
130 * a connection that we initiated).
132 struct TransportPongMessage
136 * Type will be GNUNET_MESSAGE_TYPE_TRANSPORT_PONG
138 struct GNUNET_MessageHeader header;
141 * Challenge code from PING (showing freshness). Not part of what
142 * is signed so that we can re-use signatures.
144 uint32_t challenge GNUNET_PACKED;
149 struct GNUNET_CRYPTO_RsaSignature signature;
152 * GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN to confirm that this is a
153 * plausible address for the signing peer.
155 struct GNUNET_CRYPTO_RsaSignaturePurpose purpose;
158 * When does this signature expire?
160 struct GNUNET_TIME_AbsoluteNBO expiration;
163 * Size of address appended to this message (part of what is
164 * being signed, hence not redundant).
166 uint32_t addrlen GNUNET_PACKED;
172 * Information about an address under validation
174 struct ValidationEntry
180 struct GNUNET_HELLO_Address *address;
183 * Handle to the blacklist check (if we're currently in it).
185 struct GST_BlacklistCheck *bc;
188 * Public key of the peer.
190 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
193 * The identity of the peer. FIXME: duplicated (also in 'address')
195 struct GNUNET_PeerIdentity pid;
198 * ID of task that will clean up this entry if nothing happens.
200 GNUNET_SCHEDULER_TaskIdentifier timeout_task;
203 * ID of task that will trigger address revalidation.
205 GNUNET_SCHEDULER_TaskIdentifier revalidation_task;
208 * At what time did we send the latest validation request (PING)?
210 struct GNUNET_TIME_Absolute send_time;
213 * Until when is this address valid?
214 * ZERO if it is not currently considered valid.
216 struct GNUNET_TIME_Absolute valid_until;
219 * How long until we can try to validate this address again?
220 * FOREVER if the address is for an unsupported plugin (from PEERINFO)
221 * ZERO if the address is considered valid (no validation needed)
222 * otherwise a time in the future if we're currently denying re-validation
224 struct GNUNET_TIME_Absolute revalidation_block;
227 * Last observed latency for this address (round-trip), delay between
228 * last PING sent and PONG received; FOREVER if we never got a PONG.
230 struct GNUNET_TIME_Relative latency;
233 * Challenge number we used.
238 * When passing the address in 'add_valid_peer_address', did we
239 * copy the address to the HELLO yet?
244 * Are we currently using this address for a connection?
249 * Are we expecting a PONG message for this validation entry?
256 * Context of currently active requests to peerinfo
257 * for validation of HELLOs.
259 struct CheckHelloValidatedContext
263 * This is a doubly-linked list.
265 struct CheckHelloValidatedContext *next;
268 * This is a doubly-linked list.
270 struct CheckHelloValidatedContext *prev;
273 * Hello that we are validating.
275 const struct GNUNET_HELLO_Message *hello;
281 * Head of linked list of HELLOs awaiting validation.
283 static struct CheckHelloValidatedContext *chvc_head;
286 * Tail of linked list of HELLOs awaiting validation
288 static struct CheckHelloValidatedContext *chvc_tail;
291 * Map of PeerIdentities to 'struct ValidationEntry*'s (addresses
292 * of the given peer that we are currently validating, have validated
293 * or are blocked from re-validation for a while).
295 static struct GNUNET_CONTAINER_MultiHashMap *validation_map;
298 * Context for peerinfo iteration.
300 static struct GNUNET_PEERINFO_NotifyContext *pnc;
304 * Context for the validation entry match function.
306 struct ValidationEntryMatchContext
309 * Where to store the result?
311 struct ValidationEntry *ve;
314 * Address we're interested in.
316 const struct GNUNET_HELLO_Address *address;
322 * Iterate over validation entries until a matching one is found.
324 * @param cls the 'struct ValidationEntryMatchContext'
325 * @param key peer identity (unused)
326 * @param value a 'struct ValidationEntry' to match
327 * @return GNUNET_YES if the entry does not match,
328 * GNUNET_NO if the entry does match
331 validation_entry_match (void *cls, const GNUNET_HashCode * key, void *value)
333 struct ValidationEntryMatchContext *vemc = cls;
334 struct ValidationEntry *ve = value;
336 if (0 == GNUNET_HELLO_address_cmp (ve->address, vemc->address))
346 * Iterate over validation entries and free them.
348 * @param cls (unused)
349 * @param key peer identity (unused)
350 * @param value a 'struct ValidationEntry' to clean up
351 * @return GNUNET_YES (continue to iterate)
354 cleanup_validation_entry (void *cls, const GNUNET_HashCode * key, void *value)
356 struct ValidationEntry *ve = value;
360 GST_blacklist_test_cancel (ve->bc);
363 GNUNET_break (GNUNET_OK ==
364 GNUNET_CONTAINER_multihashmap_remove (validation_map,
365 &ve->pid.hashPubKey, ve));
366 GNUNET_HELLO_address_free (ve->address);
367 if (GNUNET_SCHEDULER_NO_TASK != ve->timeout_task)
369 GNUNET_SCHEDULER_cancel (ve->timeout_task);
370 ve->timeout_task = GNUNET_SCHEDULER_NO_TASK;
372 if (GNUNET_SCHEDULER_NO_TASK != ve->revalidation_task)
374 GNUNET_SCHEDULER_cancel (ve->revalidation_task);
375 ve->revalidation_task = GNUNET_SCHEDULER_NO_TASK;
383 * Address validation cleanup task. Assesses if the record is no
384 * longer valid and then possibly triggers its removal.
386 * @param cls the 'struct ValidationEntry'
387 * @param tc scheduler context (unused)
390 timeout_hello_validation (void *cls,
391 const struct GNUNET_SCHEDULER_TaskContext *tc)
393 struct ValidationEntry *ve = cls;
394 struct GNUNET_TIME_Absolute max;
395 struct GNUNET_TIME_Relative left;
397 ve->timeout_task = GNUNET_SCHEDULER_NO_TASK;
398 max = GNUNET_TIME_absolute_max (ve->valid_until, ve->revalidation_block);
399 left = GNUNET_TIME_absolute_get_remaining (max);
400 if (left.rel_value > 0)
402 /* should wait a bit longer */
404 GNUNET_SCHEDULER_add_delayed (left, &timeout_hello_validation, ve);
407 GNUNET_STATISTICS_update (GST_stats,
408 gettext_noop ("# address records discarded"), 1,
410 cleanup_validation_entry (NULL, &ve->pid.hashPubKey, ve);
415 * Function called with the result from blacklisting.
416 * Send a PING to the other peer if a communication is allowed.
418 * @param cls our 'struct ValidationEntry'
419 * @param pid identity of the other peer
420 * @param result GNUNET_OK if the connection is allowed, GNUNET_NO if not
423 transmit_ping_if_allowed (void *cls, const struct GNUNET_PeerIdentity *pid,
426 struct ValidationEntry *ve = cls;
427 struct TransportPingMessage ping;
428 struct GNUNET_TRANSPORT_PluginFunctions *papi;
429 const struct GNUNET_MessageHeader *hello;
436 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Transmitting plain PING to `%s' %s\n",
437 GNUNET_i2s (pid), GST_plugins_a2s (ve->address));
439 slen = strlen (ve->address->transport_name) + 1;
440 hello = GST_hello_get ();
441 hsize = ntohs (hello->size);
443 sizeof (struct TransportPingMessage) + ve->address->address_length +
447 htons (sizeof (struct TransportPingMessage) +
448 ve->address->address_length + slen);
449 ping.header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PING);
450 ping.challenge = htonl (ve->challenge);
453 if (tsize >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
455 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
457 ("Not transmitting `%s' with `%s', message too big (%u bytes!). This should not happen.\n"),
458 "HELLO", "PING", (unsigned int) tsize);
459 /* message too big (!?), get rid of HELLO */
462 sizeof (struct TransportPingMessage) + ve->address->address_length +
466 char message_buf[tsize];
468 /* build message with structure:
469 * [HELLO][TransportPingMessage][Transport name][Address] */
470 memcpy (message_buf, hello, hsize);
471 memcpy (&message_buf[hsize], &ping, sizeof (struct TransportPingMessage));
472 memcpy (&message_buf[sizeof (struct TransportPingMessage) + hsize],
473 ve->address->transport_name, slen);
474 memcpy (&message_buf[sizeof (struct TransportPingMessage) + slen + hsize],
475 ve->address, ve->address->address_length);
476 papi = GST_plugins_find (ve->address->transport_name);
481 GNUNET_assert (papi->send != NULL);
483 papi->send (papi->cls, pid, message_buf, tsize, PING_PRIORITY,
484 ACCEPTABLE_PING_DELAY, NULL /* no session */ ,
485 ve->address->address, ve->address->address_length,
486 GNUNET_YES, NULL, NULL);
491 ve->send_time = GNUNET_TIME_absolute_get ();
492 GNUNET_STATISTICS_update (GST_stats,
494 ("# PING without HELLO messages sent"), 1,
496 ve->expecting_pong = GNUNET_YES;
502 * Do address validation again to keep address valid.
504 * @param cls the 'struct ValidationEntry'
505 * @param tc scheduler context (unused)
508 revalidate_address (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
510 struct ValidationEntry *ve = cls;
511 struct GNUNET_TIME_Relative canonical_delay;
512 struct GNUNET_TIME_Relative delay;
513 struct GST_BlacklistCheck *bc;
516 ve->revalidation_task = GNUNET_SCHEDULER_NO_TASK;
517 delay = GNUNET_TIME_absolute_get_remaining (ve->revalidation_block);
518 /* How long until we can possibly permit the next PING? */
521 GNUNET_YES) ? CONNECTED_PING_FREQUENCY
522 : ((GNUNET_TIME_absolute_get_remaining (ve->valid_until).rel_value >
523 0) ? VALIDATED_PING_FREQUENCY : UNVALIDATED_PING_KEEPALIVE);
524 if (delay.rel_value > canonical_delay.rel_value * 2)
526 /* situation changed, recalculate delay */
527 delay = canonical_delay;
528 ve->revalidation_block = GNUNET_TIME_relative_to_absolute (delay);
530 if (delay.rel_value > 0)
532 /* should wait a bit longer */
533 ve->revalidation_task =
534 GNUNET_SCHEDULER_add_delayed (delay, &revalidate_address, ve);
537 ve->revalidation_block = GNUNET_TIME_relative_to_absolute (canonical_delay);
539 /* schedule next PINGing with some extra random delay to avoid synchronous re-validations */
541 GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
542 canonical_delay.rel_value);
544 GNUNET_TIME_relative_add (canonical_delay,
545 GNUNET_TIME_relative_multiply
546 (GNUNET_TIME_UNIT_MILLISECONDS, rdelay));
547 ve->revalidation_task =
548 GNUNET_SCHEDULER_add_delayed (delay, &revalidate_address, ve);
550 /* start PINGing by checking blacklist */
551 GNUNET_STATISTICS_update (GST_stats,
552 gettext_noop ("# address revalidations started"), 1,
554 bc = GST_blacklist_test_allowed (&ve->pid, ve->address->transport_name,
555 &transmit_ping_if_allowed, ve);
557 ve->bc = bc; /* only set 'bc' if 'transmit_ping_if_allowed' was not already
563 * Find a ValidationEntry entry for the given neighbour that matches
564 * the given address and transport. If none exists, create one (but
565 * without starting any validation).
567 * @param public_key public key of the peer, NULL for unknown
568 * @param address address to find
569 * @return validation entry matching the given specifications, NULL
570 * if we don't have an existing entry and no public key was given
572 static struct ValidationEntry *
573 find_validation_entry (const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded
574 *public_key, const struct GNUNET_HELLO_Address *address)
576 struct ValidationEntryMatchContext vemc;
577 struct ValidationEntry *ve;
580 vemc.address = address;
581 GNUNET_CONTAINER_multihashmap_get_multiple (validation_map,
582 &address->peer.hashPubKey,
583 &validation_entry_match, &vemc);
584 if (NULL != (ve = vemc.ve))
586 if (public_key == NULL)
588 ve = GNUNET_malloc (sizeof (struct ValidationEntry));
589 ve->address = GNUNET_HELLO_address_copy (address);
590 ve->public_key = *public_key;
591 ve->pid = address->peer;
592 ve->latency = GNUNET_TIME_UNIT_FOREVER_REL;
594 GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX);
596 GNUNET_SCHEDULER_add_delayed (UNVALIDATED_PING_KEEPALIVE,
597 &timeout_hello_validation, ve);
598 GNUNET_CONTAINER_multihashmap_put (validation_map, &address->peer.hashPubKey,
600 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
601 ve->expecting_pong = GNUNET_NO;
607 * Iterator which adds the given address to the set of validated
610 * @param cls original HELLO message
611 * @param address the address
612 * @param expiration expiration time
613 * @return GNUNET_OK (keep the address)
616 add_valid_address (void *cls, const struct GNUNET_HELLO_Address *address,
617 struct GNUNET_TIME_Absolute expiration)
619 const struct GNUNET_HELLO_Message *hello = cls;
620 struct ValidationEntry *ve;
621 struct GNUNET_PeerIdentity pid;
622 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
624 if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0)
625 return GNUNET_OK; /* expired */
626 if ((GNUNET_OK != GNUNET_HELLO_get_id (hello, &pid)) ||
627 (GNUNET_OK != GNUNET_HELLO_get_key (hello, &public_key)))
630 return GNUNET_OK; /* invalid HELLO !? */
632 if (0 == memcmp (&GST_my_identity, &pid, sizeof (struct GNUNET_PeerIdentity)))
634 /* Peerinfo returned own identity, skip validation */
638 ve = find_validation_entry (&public_key, address);
639 ve->valid_until = GNUNET_TIME_absolute_max (ve->valid_until, expiration);
641 if (GNUNET_SCHEDULER_NO_TASK == ve->revalidation_task)
642 ve->revalidation_task = GNUNET_SCHEDULER_add_now (&revalidate_address, ve);
643 GNUNET_ATS_address_update (GST_ats, address, NULL, NULL, 0);
649 * Function called for any HELLO known to PEERINFO.
652 * @param peer id of the peer, NULL for last call
653 * @param hello hello message for the peer (can be NULL)
654 * @param err_msg error message
657 process_peerinfo_hello (void *cls, const struct GNUNET_PeerIdentity *peer,
658 const struct GNUNET_HELLO_Message *hello,
661 GNUNET_assert (NULL != peer);
664 GNUNET_assert (NULL ==
665 GNUNET_HELLO_iterate_addresses (hello, GNUNET_NO,
672 * Start the validation subsystem.
675 GST_validation_start ()
677 validation_map = GNUNET_CONTAINER_multihashmap_create (VALIDATION_MAP_SIZE);
678 pnc = GNUNET_PEERINFO_notify (GST_cfg, &process_peerinfo_hello, NULL);
683 * Stop the validation subsystem.
686 GST_validation_stop ()
688 struct CheckHelloValidatedContext *chvc;
690 GNUNET_CONTAINER_multihashmap_iterate (validation_map,
691 &cleanup_validation_entry, NULL);
692 GNUNET_CONTAINER_multihashmap_destroy (validation_map);
693 validation_map = NULL;
694 while (NULL != (chvc = chvc_head))
696 GNUNET_CONTAINER_DLL_remove (chvc_head, chvc_tail, chvc);
699 GNUNET_PEERINFO_notify_cancel (pnc);
704 * Send the given PONG to the given address.
706 * @param cls the PONG message
707 * @param public_key public key for the peer, never NULL
708 * @param valid_until is ZERO if we never validated the address,
709 * otherwise a time up to when we consider it (or was) valid
710 * @param validation_block is FOREVER if the address is for an unsupported plugin (from PEERINFO)
711 * is ZERO if the address is considered valid (no validation needed)
712 * otherwise a time in the future if we're currently denying re-validation
713 * @param address target address
716 multicast_pong (void *cls,
717 const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded
718 *public_key, struct GNUNET_TIME_Absolute valid_until,
719 struct GNUNET_TIME_Absolute validation_block,
720 const struct GNUNET_HELLO_Address *address)
722 struct TransportPongMessage *pong = cls;
723 struct GNUNET_TRANSPORT_PluginFunctions *papi;
725 papi = GST_plugins_find (address->transport_name);
728 (void) papi->send (papi->cls, &address->peer, (const char *) pong,
729 ntohs (pong->header.size), PONG_PRIORITY,
730 ACCEPTABLE_PING_DELAY, NULL, address->address,
731 address->address_length, GNUNET_YES, NULL, NULL);
736 * We've received a PING. If appropriate, generate a PONG.
738 * @param sender peer sending the PING
739 * @param hdr the PING
740 * @param sender_address the sender address as we got it
741 * @param session session we got the PING from
744 GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
745 const struct GNUNET_MessageHeader *hdr,
746 const struct GNUNET_HELLO_Address *sender_address,
747 struct Session *session)
749 const struct TransportPingMessage *ping;
750 struct TransportPongMessage *pong;
751 struct GNUNET_TRANSPORT_PluginFunctions *papi;
752 struct GNUNET_CRYPTO_RsaSignature *sig_cache;
753 struct GNUNET_TIME_Absolute *sig_cache_exp;
759 struct GNUNET_HELLO_Address address;
761 if (ntohs (hdr->size) < sizeof (struct TransportPingMessage))
766 ping = (const struct TransportPingMessage *) hdr;
768 memcmp (&ping->target, &GST_my_identity,
769 sizeof (struct GNUNET_PeerIdentity)))
771 GNUNET_STATISTICS_update (GST_stats,
773 ("# PING message for different peer received"), 1,
777 GNUNET_STATISTICS_update (GST_stats,
778 gettext_noop ("# PING messages received"), 1,
780 addr = (const char *) &ping[1];
781 alen = ntohs (hdr->size) - sizeof (struct TransportPingMessage);
782 /* peer wants to confirm that this is one of our addresses, this is what is
783 * used for address validation */
786 sig_cache_exp = NULL;
790 addrend = memchr (addr, '\0', alen);
797 slen = strlen (addr) + 1;
799 address.address = addrend;
800 address.address_length = alen;
801 address.transport_name = addr;
802 address.peer = *sender;
804 GST_hello_test_address (&address, &sig_cache, &sig_cache_exp))
806 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
808 ("Not confirming PING with address `%s' since I cannot confirm having this address.\n"),
809 GST_plugins_a2s (&address));
815 addrend = NULL; /* make gcc happy */
817 static struct GNUNET_CRYPTO_RsaSignature no_address_signature;
818 static struct GNUNET_TIME_Absolute no_address_signature_expiration;
820 sig_cache = &no_address_signature;
821 sig_cache_exp = &no_address_signature_expiration;
824 pong = GNUNET_malloc (sizeof (struct TransportPongMessage) + alen + slen);
826 htons (sizeof (struct TransportPongMessage) + alen + slen);
827 pong->header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PONG);
829 htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) +
830 sizeof (uint32_t) + sizeof (struct GNUNET_TIME_AbsoluteNBO) +
832 pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN);
833 pong->challenge = ping->challenge;
834 pong->addrlen = htonl (alen + slen);
835 memcpy (&pong[1], addr, slen);
836 memcpy (&((char *) &pong[1])[slen], addrend, alen);
837 if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value <
838 PONG_SIGNATURE_LIFETIME.rel_value / 4)
840 /* create / update cached sig */
842 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
843 "Creating PONG signature to indicate ownership.\n");
845 *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
846 pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
847 GNUNET_assert (GNUNET_OK ==
848 GNUNET_CRYPTO_rsa_sign (GST_my_private_key, &pong->purpose,
853 pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
855 pong->signature = *sig_cache;
857 /* first see if the session we got this PING from can be used to transmit
858 * a response reliably */
859 papi = GST_plugins_find (sender_address->transport_name);
864 papi->send (papi->cls, sender, (const char *) pong,
865 ntohs (pong->header.size), PONG_PRIORITY,
866 ACCEPTABLE_PING_DELAY, session, sender_address->address,
867 sender_address->address_length, GNUNET_SYSERR, NULL, NULL);
870 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
871 "Transmitted PONG to `%s' via reliable mechanism\n",
872 GNUNET_i2s (sender));
874 GNUNET_STATISTICS_update (GST_stats,
876 ("# PONGs unicast via reliable transport"), 1,
882 /* no reliable method found, try transmission via all known addresses */
883 GNUNET_STATISTICS_update (GST_stats,
885 ("# PONGs multicast to all available addresses"), 1,
887 GST_validation_get_addresses (sender, &multicast_pong, pong);
893 * Context for the 'validate_address' function
895 struct ValidateAddressContext
898 * Hash of the public key of the peer whose address is being validated.
900 struct GNUNET_PeerIdentity pid;
903 * Public key of the peer whose address is being validated.
905 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
910 * Iterator callback to go over all addresses and try to validate them
911 * (unless blocked or already validated).
913 * @param cls pointer to a 'struct ValidateAddressContext'
914 * @param address the address
915 * @param expiration expiration time
916 * @return GNUNET_OK (keep the address)
919 validate_address_iterator (void *cls,
920 const struct GNUNET_HELLO_Address *address,
921 struct GNUNET_TIME_Absolute expiration)
923 const struct ValidateAddressContext *vac = cls;
924 struct ValidationEntry *ve;
926 if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0)
927 return GNUNET_OK; /* expired */
928 ve = find_validation_entry (&vac->public_key, address);
929 if (GNUNET_SCHEDULER_NO_TASK == ve->revalidation_task)
930 ve->revalidation_task = GNUNET_SCHEDULER_add_now (&revalidate_address, ve);
936 * Add the validated peer address to the HELLO.
938 * @param cls the 'struct ValidationEntry' with the validated address
939 * @param max space in buf
940 * @param buf where to add the address
941 * @return number of bytes written, 0 to signal the
942 * end of the iteration.
945 add_valid_peer_address (void *cls, size_t max, void *buf)
947 struct ValidationEntry *ve = cls;
949 if (GNUNET_YES == ve->copied)
950 return 0; /* terminate */
951 ve->copied = GNUNET_YES;
952 return GNUNET_HELLO_add_address (ve->address, ve->valid_until, buf, max);
957 * We've received a PONG. Check if it matches a pending PING and
958 * mark the respective address as confirmed.
960 * @param sender peer sending the PONG
961 * @param hdr the PONG
964 GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
965 const struct GNUNET_MessageHeader *hdr)
967 const struct TransportPongMessage *pong;
968 struct ValidationEntry *ve;
974 struct GNUNET_HELLO_Message *hello;
975 struct GNUNET_HELLO_Address address;
977 if (ntohs (hdr->size) < sizeof (struct TransportPongMessage))
982 GNUNET_STATISTICS_update (GST_stats,
983 gettext_noop ("# PONG messages received"), 1,
986 pong = (const struct TransportPongMessage *) hdr;
987 tname = (const char *) &pong[1];
988 size = ntohs (hdr->size) - sizeof (struct TransportPongMessage);
989 addr = memchr (tname, '\0', size);
996 slen = strlen (tname) + 1;
997 addrlen = size - slen;
998 address.peer = *sender;
999 address.address = addr;
1000 address.address_length = addrlen;
1001 address.transport_name = tname;
1002 ve = find_validation_entry (NULL, &address);
1003 if ((NULL == ve) || (ve->expecting_pong == GNUNET_NO))
1005 GNUNET_STATISTICS_update (GST_stats,
1007 ("# PONGs dropped, no matching pending validation"),
1011 /* now check that PONG is well-formed */
1012 if (0 != memcmp (&ve->pid, sender, sizeof (struct GNUNET_PeerIdentity)))
1014 GNUNET_break_op (0);
1019 GNUNET_CRYPTO_rsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
1020 &pong->purpose, &pong->signature,
1023 GNUNET_break_op (0);
1027 if (GNUNET_TIME_absolute_get_remaining
1028 (GNUNET_TIME_absolute_ntoh (pong->expiration)).rel_value == 0)
1030 GNUNET_STATISTICS_update (GST_stats,
1032 ("# PONGs dropped, signature expired"), 1,
1037 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1038 "Address validated for peer `%s' with plugin `%s': `%s'\n",
1039 GNUNET_i2s (sender), tname, GST_plugins_a2s (tname, addr,
1043 /* validity achieved, remember it! */
1044 ve->expecting_pong = GNUNET_NO;
1045 ve->valid_until = GNUNET_TIME_relative_to_absolute (HELLO_ADDRESS_EXPIRATION);
1046 ve->latency = GNUNET_TIME_absolute_get_duration (ve->send_time);
1048 struct GNUNET_ATS_Information ats;
1050 ats.type = htonl (GNUNET_ATS_QUALITY_NET_DELAY);
1051 ats.value = htonl ((uint32_t) ve->latency.rel_value);
1052 GNUNET_ATS_address_update (GST_ats, ve->address, NULL, &ats, 1);
1054 /* build HELLO to store in PEERINFO */
1055 ve->copied = GNUNET_NO;
1056 hello = GNUNET_HELLO_create (&ve->public_key, &add_valid_peer_address, ve);
1057 GNUNET_PEERINFO_add_peer (GST_peerinfo, hello);
1058 GNUNET_free (hello);
1063 * We've received a HELLO, check which addresses are new and trigger
1066 * @param hello the HELLO we received
1069 GST_validation_handle_hello (const struct GNUNET_MessageHeader *hello)
1071 const struct GNUNET_HELLO_Message *hm =
1072 (const struct GNUNET_HELLO_Message *) hello;
1073 struct ValidateAddressContext vac;
1074 struct GNUNET_HELLO_Message *h;
1076 if ((GNUNET_OK != GNUNET_HELLO_get_id (hm, &vac.pid)) ||
1077 (GNUNET_OK != GNUNET_HELLO_get_key (hm, &vac.public_key)))
1079 /* malformed HELLO */
1084 memcmp (&GST_my_identity, &vac.pid, sizeof (struct GNUNET_PeerIdentity)))
1086 /* Add peer identity without addresses to peerinfo service */
1087 h = GNUNET_HELLO_create (&vac.public_key, NULL, NULL);
1088 GNUNET_PEERINFO_add_peer (GST_peerinfo, h);
1089 #if VERBOSE_VALIDATION
1090 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1091 _("Adding `%s' without addresses for peer `%s'\n"), "HELLO",
1092 GNUNET_i2s (&vac.pid));
1095 GNUNET_assert (NULL ==
1096 GNUNET_HELLO_iterate_addresses (hm, GNUNET_NO,
1097 &validate_address_iterator,
1103 * Closure for 'iterate_addresses'
1105 struct IteratorContext
1108 * Function to call on each address.
1110 GST_ValidationAddressCallback cb;
1121 * Call the callback in the closure for each validation entry.
1123 * @param cls the 'struct GST_ValidationIteratorContext'
1124 * @param key the peer's identity
1125 * @param value the 'struct ValidationEntry'
1126 * @return GNUNET_OK (continue to iterate)
1129 iterate_addresses (void *cls, const GNUNET_HashCode * key, void *value)
1131 struct IteratorContext *ic = cls;
1132 struct ValidationEntry *ve = value;
1134 ic->cb (ic->cb_cls, &ve->public_key, ve->valid_until, ve->revalidation_block,
1141 * Call the given function for each address for the given target.
1142 * Can either give a snapshot (synchronous API) or be continuous.
1144 * @param target peer information is requested for
1145 * @param cb function to call; will not be called after this function returns
1146 * @param cb_cls closure for 'cb'
1149 GST_validation_get_addresses (const struct GNUNET_PeerIdentity *target,
1150 GST_ValidationAddressCallback cb, void *cb_cls)
1152 struct IteratorContext ic;
1156 GNUNET_CONTAINER_multihashmap_get_multiple (validation_map,
1157 &target->hashPubKey,
1158 &iterate_addresses, &ic);
1163 * Update if we are using an address for a connection actively right now.
1164 * Based on this, the validation module will measure latency for the
1165 * address more or less often.
1167 * @param address the address
1168 * @param session the session
1169 * @param in_use GNUNET_YES if we are now using the address for a connection,
1170 * GNUNET_NO if we are no longer using the address for a connection
1173 GST_validation_set_address_use (const struct GNUNET_HELLO_Address *address,
1174 struct Session *session,
1177 struct ValidationEntry *ve;
1179 if (NULL != address)
1180 ve = find_validation_entry (NULL, address);
1182 ve = NULL; /* FIXME: lookup based on session... */
1185 /* this can happen for inbound connections (sender_address_len == 0); */
1188 if (ve->in_use == in_use)
1189 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1190 "GST_validation_set_address_use: %s %s: ve->in_use %i <-> in_use %i\n",
1191 GNUNET_i2s (&address->peer), GST_plugins_a2s (address), ve->in_use,
1193 GNUNET_break (ve->in_use != in_use); /* should be different... */
1194 ve->in_use = in_use;
1195 if (in_use == GNUNET_YES)
1197 /* from now on, higher frequeny, so reschedule now */
1198 GNUNET_SCHEDULER_cancel (ve->revalidation_task);
1199 ve->revalidation_task = GNUNET_SCHEDULER_add_now (&revalidate_address, ve);
1205 * Query validation about the latest observed latency on a given
1208 * @param sender peer
1209 * @param address the address
1210 * @param session session
1211 * @return observed latency of the address, FOREVER if the address was
1212 * never successfully validated
1214 struct GNUNET_TIME_Relative
1215 GST_validation_get_address_latency (const struct GNUNET_PeerIdentity *sender,
1216 const struct GNUNET_HELLO_Address *address,
1217 struct Session *session)
1219 struct ValidationEntry *ve;
1221 if (NULL == address)
1223 GNUNET_break (0); // FIXME: support having latency only with session...
1224 return GNUNET_TIME_UNIT_FOREVER_REL;
1226 ve = find_validation_entry (NULL, address);
1228 return GNUNET_TIME_UNIT_FOREVER_REL;
1233 /* end of file gnunet-service-transport_validation.c */