2 This file is part of GNUnet.
3 (C) 2010,2011 Christian Grothoff (and other contributing authors)
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file transport/gnunet-service-transport_validation.c
23 * @brief address validation subsystem
24 * @author Christian Grothoff
27 #include "gnunet-service-transport_validation.h"
28 #include "gnunet-service-transport_plugins.h"
29 #include "gnunet-service-transport_hello.h"
30 #include "gnunet-service-transport.h"
31 #include "gnunet_hello_lib.h"
32 #include "gnunet_peerinfo_service.h"
33 #include "gnunet_signatures.h"
37 * How long is a PONG signature valid? We'll recycle a signature until
38 * 1/4 of this time is remaining. PONGs should expire so that if our
39 * external addresses change an adversary cannot replay them indefinitely.
40 * OTOH, we don't want to spend too much time generating PONG signatures,
41 * so they must have some lifetime to reduce our CPU usage.
43 #define PONG_SIGNATURE_LIFETIME GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 1)
46 * After how long do we expire an address in a HELLO that we just
47 * validated? This value is also used for our own addresses when we
50 #define HELLO_ADDRESS_EXPIRATION GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12)
53 * How long before an existing address expires should we again try to
54 * validate it? Must be (significantly) smaller than
55 * HELLO_ADDRESS_EXPIRATION.
57 #define HELLO_REVALIDATION_START_TIME GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 1)
60 * Size of the validation map hashmap.
62 #define VALIDATION_MAP_SIZE 256
65 * Priority to use for PINGs
67 #define PING_PRIORITY 2
70 * Priority to use for PONGs
72 #define PONG_PRIORITY 4
76 * Message used to ask a peer to validate receipt (to check an address
77 * from a HELLO). Followed by the address we are trying to validate,
78 * or an empty address if we are just sending a PING to confirm that a
79 * connection which the receiver (of the PING) initiated is still valid.
81 struct TransportPingMessage
85 * Type will be GNUNET_MESSAGE_TYPE_TRANSPORT_PING
87 struct GNUNET_MessageHeader header;
90 * Challenge code (to ensure fresh reply).
92 uint32_t challenge GNUNET_PACKED;
95 * Who is the intended recipient?
97 struct GNUNET_PeerIdentity target;
103 * Message used to validate a HELLO. The challenge is included in the
104 * confirmation to make matching of replies to requests possible. The
105 * signature signs our public key, an expiration time and our address.<p>
107 * This message is followed by our transport address that the PING tried
108 * to confirm (if we liked it). The address can be empty (zero bytes)
109 * if the PING had not address either (and we received the request via
110 * a connection that we initiated).
112 struct TransportPongMessage
116 * Type will be GNUNET_MESSAGE_TYPE_TRANSPORT_PONG
118 struct GNUNET_MessageHeader header;
121 * Challenge code from PING (showing freshness). Not part of what
122 * is signed so that we can re-use signatures.
124 uint32_t challenge GNUNET_PACKED;
129 struct GNUNET_CRYPTO_RsaSignature signature;
132 * What are we signing and why? Two possible reason codes can be here:
133 * GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN to confirm that this is a
134 * plausible address for this peer (pid is set to identity of signer); or
135 * GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_USING to confirm that this is
136 * an address we used to connect to the peer with the given pid.
138 struct GNUNET_CRYPTO_RsaSignaturePurpose purpose;
141 * When does this signature expire?
143 struct GNUNET_TIME_AbsoluteNBO expiration;
146 * Either the identity of the peer Who signed this message, or the
147 * identity of the peer that we're connected to using the given
148 * address (depending on purpose.type).
150 struct GNUNET_PeerIdentity pid;
153 * Size of address appended to this message (part of what is
154 * being signed, hence not redundant).
162 * Information about an address under validation
164 struct ValidationEntry
168 * Name of the transport.
170 char *transport_name;
173 * The address, actually a pointer to the end
174 * of this struct. Do not free!
179 * Public key of the peer.
181 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
184 * The identity of the peer.
186 struct GNUNET_PeerIdentity pid;
189 * ID of task that will clean up this entry if nothing happens.
191 GNUNET_SCHEDULER_TaskIdentifier timeout_task;
194 * At what time did we send the latest validation request?
196 struct GNUNET_TIME_Absolute send_time;
199 * Until when is this address valid?
200 * ZERO if it is not currently considered valid.
202 struct GNUNET_TIME_Absolute valid_until;
205 * How long until we can try to validate this address again?
206 * FOREVER if the address is for an unsupported plugin (from PEERINFO)
207 * ZERO if the address is considered valid (no validation needed)
208 * otherwise a time in the future if we're currently denying re-validation
210 struct GNUNET_TIME_Absolute validation_block;
213 * Challenge number we used.
226 * Context of currently active requests to peerinfo
227 * for validation of HELLOs.
229 struct CheckHelloValidatedContext
233 * This is a doubly-linked list.
235 struct CheckHelloValidatedContext *next;
238 * This is a doubly-linked list.
240 struct CheckHelloValidatedContext *prev;
243 * Hello that we are validating.
245 const struct GNUNET_HELLO_Message *hello;
251 * Head of linked list of HELLOs awaiting validation.
253 static struct CheckHelloValidatedContext *chvc_head;
256 * Tail of linked list of HELLOs awaiting validation
258 static struct CheckHelloValidatedContext *chvc_tail;
261 * Map of PeerIdentities to 'struct ValidationEntry*'s (addresses
262 * of the given peer that we are currently validating, have validated
263 * or are blocked from re-validation for a while).
265 static struct GNUNET_CONTAINER_MultiHashMap *validation_map;
268 * Map of PeerIdentities to 'struct GST_ValidationIteratorContext's.
270 static struct GNUNET_CONTAINER_MultiHashMap *notify_map;
273 * Context for peerinfo iteration.
275 static struct GNUNET_PEERINFO_NotifyContext *pnc;
279 * Context for the validation entry match function.
281 struct ValidationEntryMatchContext
284 * Where to store the result?
286 struct ValidationEntry *ve;
289 * Transport name we're looking for.
291 const char *transport_name;
294 * Address we're interested in.
299 * Number of bytes in 'addr'.
306 * Iterate over validation entries until a matching one is found.
308 * @param cls the 'struct ValidationEntryMatchContext'
309 * @param key peer identity (unused)
310 * @param value a 'struct ValidationEntry' to match
311 * @return GNUNET_YES if the entry does not match,
312 * GNUNET_NO if the entry does match
315 validation_entry_match (void *cls,
316 const GNUNET_HashCode *key,
319 struct ValidationEntryMatchContext *vemc = cls;
320 struct ValidationEntry *ve = value;
322 if ( (ve->addrlen == vemc->addrlen) &&
323 (0 == memcmp (ve->addr, vemc->addr, ve->addrlen)) &&
324 (0 == strcmp (ve->transport_name, vemc->transport_name)) )
334 * Find a ValidationEntry entry for the given neighbour that matches
335 * the given address and transport. If none exists, create one (but
336 * without starting any validation).
338 * @param public_key public key of the peer, NULL for unknown
339 * @param neighbour which peer we care about
340 * @param tname name of the transport plugin
341 * @param session session to look for, NULL for 'any'; otherwise
342 * can be used for the service to "learn" this session ID
344 * @param addr binary address
345 * @param addrlen length of addr
346 * @return validation entry matching the given specifications, NULL
347 * if we don't have an existing entry and no public key was given
349 static struct ValidationEntry *
350 find_validation_entry (const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *public_key,
351 const struct GNUNET_PeerIdentity *neighbour,
356 struct ValidationEntryMatchContext vemc;
357 struct ValidationEntry *ve;
360 vemc.transport_name = tname;
362 vemc.addrlen = addrlen;
363 GNUNET_CONTAINER_multihashmap_get_multiple (validation_map,
364 &neighbour->hashPubKey,
365 &validation_entry_match,
367 if (NULL != (ve = vemc.ve))
369 if (public_key == NULL)
371 ve = GNUNET_malloc (sizeof (struct ValidationEntry) + addrlen);
372 ve->transport_name = GNUNET_strdup (tname);
373 ve->addr = (void*) &ve[1];
374 ve->public_key = *public_key;
375 ve->pid = *neighbour;
376 ve->challenge = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE,
378 memcpy (&ve[1], addr, addrlen);
379 ve->addrlen = addrlen;
380 GNUNET_CONTAINER_multihashmap_put (validation_map,
381 &neighbour->hashPubKey,
383 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
389 * Iterator which adds the given address to the set of validated
392 * @param cls original HELLO message
393 * @param tname name of the transport
394 * @param expiration expiration time
395 * @param addr the address
396 * @param addrlen length of the address
397 * @return GNUNET_OK (keep the address)
400 add_valid_address (void *cls,
402 struct GNUNET_TIME_Absolute expiration,
406 const struct GNUNET_HELLO_Message *hello = cls;
407 struct ValidationEntry *ve;
408 struct GNUNET_PeerIdentity pid;
409 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
411 if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0)
412 return GNUNET_OK; /* expired */
414 GNUNET_HELLO_get_id (hello, &pid)) ||
416 GNUNET_HELLO_get_key (hello, &public_key)) )
419 return GNUNET_OK; /* invalid HELLO !? */
422 ve = find_validation_entry (&public_key, &pid, tname, addr, addrlen);
423 ve->valid_until = GNUNET_TIME_absolute_max (ve->valid_until,
430 * Function called for any HELLO known to PEERINFO.
433 * @param peer id of the peer, NULL for last call
434 * @param hello hello message for the peer (can be NULL)
435 * @param error message
438 process_peerinfo_hello (void *cls,
439 const struct GNUNET_PeerIdentity *peer,
440 const struct GNUNET_HELLO_Message *hello,
443 GNUNET_assert (NULL != peer);
446 GNUNET_assert (NULL ==
447 GNUNET_HELLO_iterate_addresses (hello,
455 * Start the validation subsystem.
458 GST_validation_start ()
460 validation_map = GNUNET_CONTAINER_multihashmap_create (VALIDATION_MAP_SIZE);
461 notify_map = GNUNET_CONTAINER_multihashmap_create (VALIDATION_MAP_SIZE);
462 pnc = GNUNET_PEERINFO_notify (GST_cfg,
463 &process_peerinfo_hello,
469 * Iterate over validation entries and free them.
471 * @param cls (unused)
472 * @param key peer identity (unused)
473 * @param value a 'struct ValidationEntry' to clean up
474 * @return GNUNET_YES (continue to iterate)
477 cleanup_validation_entry (void *cls,
478 const GNUNET_HashCode *key,
481 struct ValidationEntry *ve = value;
483 GNUNET_free (ve->transport_name);
484 if (GNUNET_SCHEDULER_NO_TASK != ve->timeout_task)
486 GNUNET_SCHEDULER_cancel (ve->timeout_task);
487 ve->timeout_task = GNUNET_SCHEDULER_NO_TASK;
495 * Stop the validation subsystem.
498 GST_validation_stop ()
500 struct CheckHelloValidatedContext *chvc;
502 GNUNET_CONTAINER_multihashmap_iterate (validation_map,
503 &cleanup_validation_entry,
505 GNUNET_CONTAINER_multihashmap_destroy (validation_map);
506 validation_map = NULL;
507 GNUNET_assert (GNUNET_CONTAINER_multihashmap_size (notify_map) == 0);
508 GNUNET_CONTAINER_multihashmap_destroy (notify_map);
510 while (NULL != (chvc = chvc_head))
512 GNUNET_CONTAINER_DLL_remove (chvc_head,
517 GNUNET_PEERINFO_notify_cancel (pnc);
522 * Address validation cleanup task (record no longer needed).
524 * @param cls the 'struct ValidationEntry'
525 * @param tc scheduler context (unused)
528 timeout_hello_validation (void *cls,
529 const struct GNUNET_SCHEDULER_TaskContext *tc)
531 struct ValidationEntry *va = cls;
533 va->timeout_task = GNUNET_SCHEDULER_NO_TASK;
534 GNUNET_STATISTICS_update (GST_stats,
535 gettext_noop ("# address records discarded"),
538 GNUNET_break (GNUNET_OK ==
539 GNUNET_CONTAINER_multihashmap_remove (validation_map,
542 GNUNET_free (va->transport_name);
548 * Send the given PONG to the given address.
550 * @param cls the PONG message
551 * @param public_key public key for the peer, never NULL
552 * @param target peer this change is about, never NULL
553 * @param valid_until is ZERO if we never validated the address,
554 * otherwise a time up to when we consider it (or was) valid
555 * @param validation_block is FOREVER if the address is for an unsupported plugin (from PEERINFO)
556 * is ZERO if the address is considered valid (no validation needed)
557 * otherwise a time in the future if we're currently denying re-validation
558 * @param plugin_name name of the plugin
559 * @param plugin_address binary address
560 * @param plugin_address_len length of address
563 multicast_pong (void *cls,
564 const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *public_key,
565 const struct GNUNET_PeerIdentity *target,
566 struct GNUNET_TIME_Absolute valid_until,
567 struct GNUNET_TIME_Absolute validation_block,
568 const char *plugin_name,
569 const void *plugin_address,
570 size_t plugin_address_len)
572 struct TransportPongMessage *pong = cls;
573 struct GNUNET_TRANSPORT_PluginFunctions *papi;
575 papi = GST_plugins_find (plugin_name);
578 (void) papi->send (papi->cls,
581 ntohs (pong->header.size),
583 HELLO_REVALIDATION_START_TIME,
593 * We've received a PING. If appropriate, generate a PONG.
595 * @param sender peer sending the PING
596 * @param hdr the PING
597 * @param session session we got the PING from
598 * @param plugin_name name of plugin that received the PING
599 * @param sender_address address of the sender as known to the plugin, NULL
600 * if we did not initiate the connection
601 * @param sender_address_len number of bytes in sender_address
604 GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
605 const struct GNUNET_MessageHeader *hdr,
606 const char *plugin_name,
607 struct Session *session,
608 const void *sender_address,
609 size_t sender_address_len)
612 const struct TransportPingMessage *ping;
613 struct TransportPongMessage *pong;
614 struct GNUNET_TRANSPORT_PluginFunctions *papi;
615 struct SessionHeader *session_header;
622 if (ntohs (hdr->size) < sizeof (struct TransportPingMessage))
627 ping = (const struct TransportPingMessage *) hdr;
628 if (0 != memcmp (&ping->target,
630 sizeof (struct GNUNET_PeerIdentity)))
633 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
634 _("Received `%s' message from `%s' destined for `%s' which is not me!\n"),
636 (sender_address != NULL)
637 ? GST_plugin_a2s (plugin_name,
641 GNUNET_i2s (&ping->target));
646 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG | GNUNET_ERROR_TYPE_BULK,
647 "Processing `%s' from `%s'\n",
649 (sender_address != NULL)
650 ? GST_plugin_a2s (plugin_name,
655 GNUNET_STATISTICS_update (GST_stats,
656 gettext_noop ("# PING messages received"),
659 addr = (const char*) &ping[1];
660 alen = ntohs (hdr->size) - sizeof (struct TransportPingMessage);
663 /* peer wants to confirm that we have an outbound connection to him;
664 we handle this case here even though it has nothing to do with
665 address validation (!) */
666 if ( (sender_address == NULL) || (session == NULL) )
668 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
669 _("Refusing to create PONG since I do initiate the session with `%s'.\n"),
670 GNUNET_i2s (sender));
673 session_header = (struct SessionHeader *)session;
675 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
676 "Creating PONG indicating that we initiated a connection to peer `%s' using address `%s' \n",
678 GST_plugin_a2s (plugin_name,
680 sender_address_len));
682 slen = strlen (plugin_name) + 1;
683 pong = GNUNET_malloc (sizeof (struct TransportPongMessage) + sender_address_len + slen);
684 pong->header.size = htons (sizeof (struct TransportPongMessage) + sender_address_len + slen);
685 pong->header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PONG);
687 htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) +
689 sizeof (struct GNUNET_TIME_AbsoluteNBO) +
690 sizeof (struct GNUNET_PeerIdentity) + sender_address_len + slen);
691 pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_USING);
692 pong->challenge = ping->challenge;
693 pong->addrlen = htonl(sender_address_len + slen);
698 memcpy (&((char*)&pong[1])[slen],
701 if (GNUNET_TIME_absolute_get_remaining (session_header->pong_sig_expires).rel_value <
702 PONG_SIGNATURE_LIFETIME.rel_value / 4)
704 /* create / update cached sig */
706 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
707 "Creating PONG signature to indicate active connection.\n");
709 session_header->pong_sig_expires = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
710 pong->expiration = GNUNET_TIME_absolute_hton (session_header->pong_sig_expires);
711 GNUNET_assert (GNUNET_OK ==
712 GNUNET_CRYPTO_rsa_sign (GST_my_private_key,
714 &session_header->pong_signature));
718 pong->expiration = GNUNET_TIME_absolute_hton (session_header->pong_sig_expires);
720 pong->signature = session_header->pong_signature;
724 /* peer wants to confirm that this is one of our addresses, this is what is
725 used for address validation */
726 struct GNUNET_CRYPTO_RsaSignature *sig_cache;
727 struct GNUNET_TIME_Absolute *sig_cache_exp;
729 addrend = memchr (addr, '\0', alen);
740 GST_hello_test_address (addr,
746 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
747 _("Not confirming PING with address `%s' since I cannot confirm having this address.\n"),
748 GST_plugins_a2s (addr,
754 pong = GNUNET_malloc (sizeof (struct TransportPongMessage) + alen + slen);
755 pong->header.size = htons (sizeof (struct TransportPongMessage) + alen + slen);
756 pong->header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PONG);
758 htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) +
760 sizeof (struct GNUNET_TIME_AbsoluteNBO) +
761 sizeof (struct GNUNET_PeerIdentity) + alen + slen);
762 pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN);
763 pong->challenge = ping->challenge;
764 pong->addrlen = htonl(alen + slen);
765 pong->pid = GST_my_identity;
766 memcpy (&pong[1], addr, slen);
767 memcpy (&((char*)&pong[1])[slen], addrend, alen);
768 if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value < PONG_SIGNATURE_LIFETIME.rel_value / 4)
770 /* create / update cached sig */
772 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
773 "Creating PONG signature to indicate ownership.\n");
775 *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
776 pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
777 GNUNET_assert (GNUNET_OK ==
778 GNUNET_CRYPTO_rsa_sign (GST_my_private_key,
784 pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
786 pong->signature = *sig_cache;
789 /* first see if the session we got this PING from can be used to transmit
790 a response reliably */
791 papi = GST_plugins_find (plugin_name);
795 ret = papi->send (papi->cls,
798 ntohs (pong->header.size),
800 HELLO_REVALIDATION_START_TIME,
808 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
809 "Transmitted PONG to `%s' via reliable mechanism\n",
810 GNUNET_i2s (sender));
812 GNUNET_STATISTICS_update (GST_stats,
813 gettext_noop ("# PONGs unicast via reliable transport"),
820 /* no reliable method found, try transmission via all known addresses */
821 GNUNET_STATISTICS_update (GST_stats,
822 gettext_noop ("# PONGs multicast to all available addresses"),
825 (void) GST_validation_get_addresses (sender,
834 * Context for the 'validate_address' function
836 struct ValidateAddressContext
839 * Hash of the public key of the peer whose address is being validated.
841 struct GNUNET_PeerIdentity pid;
844 * Public key of the peer whose address is being validated.
846 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
851 * Iterator callback to go over all addresses and try to validate them
852 * (unless blocked or already validated).
854 * @param cls pointer to a 'struct ValidateAddressContext'
855 * @param tname name of the transport
856 * @param expiration expiration time
857 * @param addr the address
858 * @param addrlen length of the address
859 * @return GNUNET_OK (keep the address)
862 validate_address (void *cls,
864 struct GNUNET_TIME_Absolute expiration,
868 const struct ValidateAddressContext *vac = cls;
869 const struct GNUNET_PeerIdentity *pid = &vac->pid;
870 struct ValidationEntry *ve;
871 struct TransportPingMessage ping;
872 struct GNUNET_TRANSPORT_PluginFunctions *papi;
877 if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0)
878 return GNUNET_OK; /* expired */
879 ve = find_validation_entry (&vac->public_key, pid, tname, addr, addrlen);
880 if (GNUNET_TIME_absolute_get_remaining (ve->validation_block).rel_value > 0)
881 return GNUNET_OK; /* blocked */
882 if ( (GNUNET_SCHEDULER_NO_TASK != ve->timeout_task) &&
883 (GNUNET_TIME_absolute_get_remaining (ve->valid_until).rel_value > 0) )
884 return GNUNET_OK; /* revalidation task already scheduled & still valid */
885 ve->validation_block = GNUNET_TIME_relative_to_absolute (HELLO_REVALIDATION_START_TIME);
886 if (GNUNET_SCHEDULER_NO_TASK != ve->timeout_task)
887 GNUNET_SCHEDULER_cancel (ve->timeout_task);
888 ve->timeout_task = GNUNET_SCHEDULER_add_delayed (HELLO_REVALIDATION_START_TIME,
889 &timeout_hello_validation,
891 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
892 "Transmitting plain PING to `%s'\n",
894 ping.header.size = htons(sizeof(struct TransportPingMessage));
895 ping.header.type = htons(GNUNET_MESSAGE_TYPE_TRANSPORT_PING);
896 ping.challenge = htonl(ve->challenge);
899 slen = strlen(ve->transport_name) + 1;
900 tsize = sizeof(struct TransportPingMessage) + ve->addrlen + slen;
902 char message_buf[tsize];
904 memcpy(message_buf, &ping, sizeof (struct TransportPingMessage));
905 memcpy(&message_buf[sizeof (struct TransportPingMessage)],
908 memcpy(&message_buf[sizeof (struct TransportPingMessage) + slen],
911 papi = GST_plugins_find (ve->transport_name);
915 ret = papi->send (papi->cls,
920 HELLO_REVALIDATION_START_TIME,
921 NULL /* no session */,
929 ve->send_time = GNUNET_TIME_absolute_get ();
930 GNUNET_STATISTICS_update (GST_stats,
931 gettext_noop ("# PING without HELLO messages sent"),
940 * Do address validation again to keep address valid.
942 * @param cls the 'struct ValidationEntry'
943 * @param tc scheduler context (unused)
946 revalidate_address (void *cls,
947 const struct GNUNET_SCHEDULER_TaskContext *tc)
949 struct ValidationEntry *ve = cls;
950 struct GNUNET_TIME_Relative delay;
951 struct ValidateAddressContext vac;
953 ve->timeout_task = GNUNET_SCHEDULER_NO_TASK;
954 delay = GNUNET_TIME_absolute_get_remaining (ve->validation_block);
955 if (delay.rel_value > 0)
957 /* should wait a bit longer */
958 ve->timeout_task = GNUNET_SCHEDULER_add_delayed (delay,
963 GNUNET_STATISTICS_update (GST_stats,
964 gettext_noop ("# address revalidations started"),
968 vac.public_key = ve->public_key;
969 validate_address (&vac,
973 (uint16_t) ve->addrlen);
978 * Add the validated peer address to the HELLO.
980 * @param cls the 'struct ValidationEntry' with the validated address
981 * @param max space in buf
982 * @param buf where to add the address
985 add_valid_peer_address (void *cls,
989 struct ValidationEntry *ve = cls;
991 return GNUNET_HELLO_add_address (ve->transport_name,
1001 * We've received a PONG. Check if it matches a pending PING and
1002 * mark the respective address as confirmed.
1004 * @param sender peer sending the PONG
1005 * @param hdr the PONG
1006 * @param plugin_name name of plugin that received the PONG
1007 * @param sender_address address of the sender as known to the plugin, NULL
1008 * if we did not initiate the connection
1009 * @param sender_address_len number of bytes in sender_address
1012 GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
1013 const struct GNUNET_MessageHeader *hdr,
1014 const char *plugin_name,
1015 const void *sender_address,
1016 size_t sender_address_len)
1018 const struct TransportPongMessage *pong;
1019 struct ValidationEntry *ve;
1021 const char *addrend;
1025 struct GNUNET_TIME_Relative delay;
1026 struct GNUNET_HELLO_Message *hello;
1028 if (ntohs (hdr->size) < sizeof (struct TransportPongMessage))
1030 GNUNET_break_op (0);
1033 GNUNET_STATISTICS_update (GST_stats,
1034 gettext_noop ("# PONG messages received"),
1037 pong = (const struct TransportPongMessage *) hdr;
1038 if (0 != memcmp (&pong->pid,
1040 sizeof (struct GNUNET_PeerIdentity)))
1042 /* PONG is validating inbound session, not an address, not the case
1043 used for address validation, ignore here! */
1047 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG | GNUNET_ERROR_TYPE_BULK,
1048 "Processing `%s' from `%s'\n",
1050 (sender_address != NULL)
1051 ? GST_plugin_a2s (plugin_name,
1056 addr = (const char*) &pong[1];
1057 alen = ntohs (hdr->size) - sizeof (struct TransportPongMessage);
1058 addrend = memchr (addr, '\0', alen);
1059 if (NULL == addrend)
1061 GNUNET_break_op (0);
1065 slen = strlen(addr);
1067 ve = find_validation_entry (NULL,
1074 GNUNET_STATISTICS_update (GST_stats,
1075 gettext_noop ("# PONGs dropped, no matching pending validation"),
1080 /* now check that PONG is well-formed */
1081 if (GNUNET_TIME_absolute_get_remaining (GNUNET_TIME_absolute_ntoh (pong->expiration)).rel_value == 0)
1083 GNUNET_STATISTICS_update (GST_stats,
1084 gettext_noop ("# PONGs dropped, signature expired"),
1090 GNUNET_CRYPTO_rsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
1095 GNUNET_break_op (0);
1099 /* validity achieved, remember it! */
1100 ve->valid_until = GNUNET_TIME_relative_to_absolute (HELLO_ADDRESS_EXPIRATION);
1102 /* build HELLO to store in PEERINFO */
1103 hello = GNUNET_HELLO_create (&ve->public_key,
1104 &add_valid_peer_address,
1106 GNUNET_PEERINFO_add_peer (GST_peerinfo,
1108 GNUNET_free (hello);
1110 if (GNUNET_SCHEDULER_NO_TASK != ve->timeout_task)
1111 GNUNET_SCHEDULER_cancel (ve->timeout_task);
1113 /* randomly delay by up to 1h to avoid synchronous validations */
1114 rdelay = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1116 delay = GNUNET_TIME_relative_add (HELLO_REVALIDATION_START_TIME,
1117 GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS,
1119 ve->timeout_task = GNUNET_SCHEDULER_add_delayed (delay,
1120 &revalidate_address,
1126 * We've received a HELLO, check which addresses are new and trigger
1129 * @param hello the HELLO we received
1132 GST_validation_handle_hello (const struct GNUNET_MessageHeader *hello)
1134 const struct GNUNET_HELLO_Message* hm = (const struct GNUNET_HELLO_Message*) hello;
1135 struct ValidateAddressContext vac;
1138 GNUNET_HELLO_get_id (hm, &vac.pid)) ||
1140 GNUNET_HELLO_get_key (hm, &vac.public_key)) )
1142 /* malformed HELLO */
1146 GNUNET_assert (NULL ==
1147 GNUNET_HELLO_iterate_addresses (hm,
1155 * Opaque handle to stop incremental validation address callbacks.
1157 struct GST_ValidationIteratorContext
1160 * Function to call on each address.
1162 GST_ValidationAddressCallback cb;
1170 * Which peer are we monitoring?
1172 struct GNUNET_PeerIdentity target;
1177 * Call the callback in the closure for each validation entry.
1179 * @param cls the 'struct GST_ValidationIteratorContext'
1180 * @param key the peer's identity
1181 * @param value the 'struct ValidationEntry'
1182 * @return GNUNET_OK (continue to iterate)
1185 iterate_addresses (void *cls,
1186 const GNUNET_HashCode *key,
1189 struct GST_ValidationIteratorContext *vic = cls;
1190 struct ValidationEntry *ve = value;
1192 vic->cb (vic->cb_cls,
1196 ve->validation_block,
1205 * Call the given function for each address for the given target.
1206 * Can either give a snapshot (synchronous API) or be continuous.
1208 * @param target peer information is requested for
1209 * @param snapshot_only GNUNET_YES to iterate over addresses once, GNUNET_NO to
1210 * continue to give information about addresses as it evolves
1211 * @param cb function to call; will not be called after this function returns
1212 * if snapshot_only is GNUNET_YES
1213 * @param cb_cls closure for 'cb'
1214 * @return context to cancel, NULL if 'snapshot_only' is GNUNET_YES
1216 struct GST_ValidationIteratorContext *
1217 GST_validation_get_addresses (const struct GNUNET_PeerIdentity *target,
1219 GST_ValidationAddressCallback cb,
1222 struct GST_ValidationIteratorContext *vic;
1224 vic = GNUNET_malloc (sizeof (struct GST_ValidationIteratorContext));
1226 vic->cb_cls = cb_cls;
1227 vic->target = *target;
1228 GNUNET_CONTAINER_multihashmap_get_multiple (validation_map,
1229 &target->hashPubKey,
1232 if (GNUNET_YES == snapshot_only)
1237 GNUNET_CONTAINER_multihashmap_put (notify_map,
1238 &target->hashPubKey,
1240 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
1246 * Cancel an active validation address iteration.
1248 * @param ctx the context of the operation that is cancelled
1251 GST_validation_get_addresses_cancel (struct GST_ValidationIteratorContext *ctx)
1253 GNUNET_assert (GNUNET_OK ==
1254 GNUNET_CONTAINER_multihashmap_remove (notify_map,
1255 &ctx->target.hashPubKey,
1261 /* end of file gnunet-service-transport_validation.c */