2 This file is part of GNUnet.
3 Copyright (C) 2010-2015 GNUnet e.V.
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 * @file transport/gnunet-service-transport_validation.c
21 * @brief address validation subsystem
22 * @author Christian Grothoff
25 #include "gnunet-service-transport_ats.h"
26 #include "gnunet-service-transport_hello.h"
27 #include "gnunet-service-transport_neighbours.h"
28 #include "gnunet-service-transport_plugins.h"
29 #include "gnunet-service-transport_validation.h"
30 #include "gnunet-service-transport.h"
31 #include "gnunet_hello_lib.h"
32 #include "gnunet_ats_service.h"
33 #include "gnunet_peerinfo_service.h"
34 #include "gnunet_signatures.h"
37 * Current state of a validation process.
39 * FIXME: what state is used to indicate that a validation
40 * was successful? If that is clarified/determined, "UGH" in
41 * ~gnunetpeerinfogtk.c:1103 should be resolved.
43 enum GNUNET_TRANSPORT_ValidationState
48 * Used for final callback indicating operation done
50 GNUNET_TRANSPORT_VS_NONE,
53 * Fresh validation entry
55 * Entry was just created, no validation process was executed
57 GNUNET_TRANSPORT_VS_NEW,
60 * Updated validation entry
62 * This is an update for an existing validation entry
64 GNUNET_TRANSPORT_VS_UPDATE,
67 * Timeout for validation entry
69 * A timeout occured during the validation process
71 GNUNET_TRANSPORT_VS_TIMEOUT,
74 * Validation entry is removed
76 * The validation entry is getting removed due to a failed validation
78 GNUNET_TRANSPORT_VS_REMOVE
85 * How long is a PONG signature valid? We'll recycle a signature until
86 * 1/4 of this time is remaining. PONGs should expire so that if our
87 * external addresses change an adversary cannot replay them indefinitely.
88 * OTOH, we don't want to spend too much time generating PONG signatures,
89 * so they must have some lifetime to reduce our CPU usage.
91 #define PONG_SIGNATURE_LIFETIME GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 1)
94 * After how long do we expire an address in a HELLO that we just
95 * validated? This value is also used for our own addresses when we
98 #define HELLO_ADDRESS_EXPIRATION GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12)
101 * How often do we allow PINGing an address that we have not yet
102 * validated? This also determines how long we track an address that
103 * we cannot validate (because after this time we can destroy the
104 * validation record).
106 #define UNVALIDATED_PING_KEEPALIVE GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)
109 * How often do we PING an address that we have successfully validated
110 * in the past but are not actively using? Should be (significantly)
111 * smaller than HELLO_ADDRESS_EXPIRATION.
113 #define VALIDATED_PING_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 15)
116 * How often do we PING an address that we are currently using?
118 #define CONNECTED_PING_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 2)
121 * How much delay is acceptable for sending the PING or PONG?
123 #define ACCEPTABLE_PING_DELAY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 1)
126 * Size of the validation map hashmap.
128 #define VALIDATION_MAP_SIZE 256
131 * Priority to use for PINGs
133 #define PING_PRIORITY 2
136 * Priority to use for PONGs
138 #define PONG_PRIORITY 4
141 GNUNET_NETWORK_STRUCT_BEGIN
144 * Message used to ask a peer to validate receipt (to check an address
145 * from a HELLO). Followed by the address we are trying to validate,
146 * or an empty address if we are just sending a PING to confirm that a
147 * connection which the receiver (of the PING) initiated is still valid.
149 struct TransportPingMessage
153 * Type will be #GNUNET_MESSAGE_TYPE_TRANSPORT_PING
155 struct GNUNET_MessageHeader header;
158 * Challenge code (to ensure fresh reply).
160 uint32_t challenge GNUNET_PACKED;
163 * Who is the intended recipient?
165 struct GNUNET_PeerIdentity target;
171 * Message used to validate a HELLO. The challenge is included in the
172 * confirmation to make matching of replies to requests possible. The
173 * signature signs our public key, an expiration time and our address.<p>
175 * This message is followed by our transport address that the PING tried
176 * to confirm (if we liked it). The address can be empty (zero bytes)
177 * if the PING had not address either (and we received the request via
178 * a connection that we initiated).
180 struct TransportPongMessage
184 * Type will be #GNUNET_MESSAGE_TYPE_TRANSPORT_PONG
186 struct GNUNET_MessageHeader header;
189 * Challenge code from PING (showing freshness). Not part of what
190 * is signed so that we can re-use signatures.
192 uint32_t challenge GNUNET_PACKED;
197 struct GNUNET_CRYPTO_EddsaSignature signature;
200 * #GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN to confirm that this is a
201 * plausible address for the signing peer.
203 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
206 * When does this signature expire?
208 struct GNUNET_TIME_AbsoluteNBO expiration;
211 * Size of address appended to this message (part of what is
212 * being signed, hence not redundant).
214 uint32_t addrlen GNUNET_PACKED;
217 GNUNET_NETWORK_STRUCT_END
220 * Information about an address under validation
222 struct ValidationEntry
228 struct GNUNET_HELLO_Address *address;
231 * Handle to the blacklist check (if we're currently in it).
233 struct GST_BlacklistCheck *bc;
236 * Cached PONG signature
238 struct GNUNET_CRYPTO_EddsaSignature pong_sig_cache;
241 * ID of task that will clean up this entry if nothing happens.
243 struct GNUNET_SCHEDULER_Task *timeout_task;
246 * ID of task that will trigger address revalidation.
248 struct GNUNET_SCHEDULER_Task *revalidation_task;
251 * At what time did we send the latest validation request (PING)?
253 struct GNUNET_TIME_Absolute send_time;
256 * At what time do we send the next validation request (PING)?
258 struct GNUNET_TIME_Absolute next_validation;
261 * Until when is this address valid?
262 * ZERO if it is not currently considered valid.
264 struct GNUNET_TIME_Absolute valid_until;
267 * Until when is the cached PONG signature valid?
268 * ZERO if it is not currently considered valid.
270 struct GNUNET_TIME_Absolute pong_sig_valid_until;
273 * How long until we can try to validate this address again?
274 * FOREVER if the address is for an unsupported plugin (from PEERINFO)
275 * ZERO if the address is considered valid (no validation needed)
276 * otherwise a time in the future if we're currently denying re-validation
278 struct GNUNET_TIME_Absolute revalidation_block;
281 * Last observed latency for this address (round-trip), delay between
282 * last PING sent and PONG received; FOREVER if we never got a PONG.
284 struct GNUNET_TIME_Relative latency;
287 * Current state of this validation entry
289 enum GNUNET_TRANSPORT_ValidationState state;
292 * Challenge number we used.
297 * When passing the address in #add_valid_peer_address(), did we
298 * copy the address to the HELLO yet?
303 * Are we currently using this address for a connection?
308 * Are we expecting a PONG message for this validation entry?
313 * Is this address known to ATS as valid right now?
318 * Which network type does our address belong to?
320 enum GNUNET_NetworkType network;
325 * Map of PeerIdentities to 'struct ValidationEntry*'s (addresses
326 * of the given peer that we are currently validating, have validated
327 * or are blocked from re-validation for a while).
329 static struct GNUNET_CONTAINER_MultiPeerMap *validation_map;
332 * Context for peerinfo iteration.
334 static struct GNUNET_PEERINFO_NotifyContext *pnc;
337 * Minimum delay between to validations
339 static struct GNUNET_TIME_Relative validation_delay;
342 * Number of validations running; any PING that was not yet
343 * matched by a PONG and for which we have not yet hit the
344 * timeout is considered a running 'validation'.
346 static unsigned int validations_running;
349 * Validition fast start threshold
351 static unsigned int validations_fast_start_threshold;
354 * When is next validation allowed
356 static struct GNUNET_TIME_Absolute validation_next;
360 * Context for the validation entry match function.
362 struct ValidationEntryMatchContext
365 * Where to store the result?
367 struct ValidationEntry *ve;
370 * Address we're interested in.
372 const struct GNUNET_HELLO_Address *address;
378 * Provide an update on the `validation_map` map size to statistics.
379 * This function should be called whenever the `validation_map`
383 publish_ve_stat_update ()
385 GNUNET_STATISTICS_set (GST_stats,
386 gettext_noop ("# Addresses in validation map"),
387 GNUNET_CONTAINER_multipeermap_size (validation_map),
393 * Iterate over validation entries until a matching one is found.
395 * @param cls the `struct ValidationEntryMatchContext *`
396 * @param key peer identity (unused)
397 * @param value a `struct ValidationEntry *` to match
398 * @return #GNUNET_YES if the entry does not match,
399 * #GNUNET_NO if the entry does match
402 validation_entry_match (void *cls,
403 const struct GNUNET_PeerIdentity *key,
406 struct ValidationEntryMatchContext *vemc = cls;
407 struct ValidationEntry *ve = value;
409 if (0 == GNUNET_HELLO_address_cmp (ve->address,
420 * A validation entry changed. Update the state and notify
423 * @param ve validation entry that changed
424 * @param state new state
427 validation_entry_changed (struct ValidationEntry *ve,
428 enum GNUNET_TRANSPORT_ValidationState state)
435 * Iterate over validation entries and free them.
437 * @param cls (unused)
438 * @param key peer identity (unused)
439 * @param value a `struct ValidationEntry *` to clean up
440 * @return #GNUNET_YES (continue to iterate)
443 cleanup_validation_entry (void *cls,
444 const struct GNUNET_PeerIdentity *key,
447 struct ValidationEntry *ve = value;
449 ve->next_validation = GNUNET_TIME_UNIT_ZERO_ABS;
450 ve->valid_until = GNUNET_TIME_UNIT_ZERO_ABS;
452 /* Notify about deleted entry */
453 validation_entry_changed (ve,
454 GNUNET_TRANSPORT_VS_REMOVE);
458 GST_blacklist_test_cancel (ve->bc);
461 GNUNET_break (GNUNET_OK ==
462 GNUNET_CONTAINER_multipeermap_remove (validation_map,
465 publish_ve_stat_update ();
466 if (GNUNET_YES == ve->known_to_ats)
468 GST_ats_expire_address (ve->address);
469 GNUNET_assert (GNUNET_NO ==
470 GST_ats_is_known_no_session (ve->address));
471 ve->known_to_ats = GNUNET_NO;
473 GNUNET_HELLO_address_free (ve->address);
474 if (NULL != ve->timeout_task)
476 GNUNET_SCHEDULER_cancel (ve->timeout_task);
477 ve->timeout_task = NULL;
479 if (NULL != ve->revalidation_task)
481 GNUNET_SCHEDULER_cancel (ve->revalidation_task);
482 ve->revalidation_task = NULL;
484 if ( (GNUNET_YES == ve->expecting_pong) &&
485 (validations_running > 0) )
487 validations_running--;
488 GNUNET_STATISTICS_set (GST_stats,
489 gettext_noop ("# validations running"),
499 * Address validation cleanup task. Assesses if the record is no
500 * longer valid and then possibly triggers its removal.
502 * @param cls the `struct ValidationEntry`
505 timeout_hello_validation (void *cls)
507 struct ValidationEntry *ve = cls;
508 struct GNUNET_TIME_Absolute max;
509 struct GNUNET_TIME_Relative left;
511 ve->timeout_task = NULL;
512 /* For valid addresses, we want to wait until the expire;
513 for addresses under PING validation, we want to wait
514 until we give up on the PING */
515 max = GNUNET_TIME_absolute_max (ve->valid_until,
516 ve->revalidation_block);
517 left = GNUNET_TIME_absolute_get_remaining (max);
518 if (left.rel_value_us > 0)
520 /* We should wait a bit longer. This happens when
521 address lifetimes are extended due to successful
524 GNUNET_SCHEDULER_add_delayed (left,
525 &timeout_hello_validation,
529 GNUNET_STATISTICS_update (GST_stats,
530 gettext_noop ("# address records discarded (timeout)"),
533 cleanup_validation_entry (NULL,
540 * Function called with the result from blacklisting.
541 * Send a PING to the other peer if a communication is allowed.
543 * @param cls our `struct ValidationEntry`
544 * @param pid identity of the other peer
545 * @param address_null address associated with the request, always NULL
546 * @param session_null session associated with the request, always NULL
547 * @param result #GNUNET_OK if the connection is allowed,
549 * #GNUNET_SYSERR if operation was aborted
552 transmit_ping_if_allowed (void *cls,
553 const struct GNUNET_PeerIdentity *pid,
554 const struct GNUNET_HELLO_Address *address_null,
555 struct GNUNET_ATS_Session *session_null,
558 struct ValidationEntry *ve = cls;
559 struct TransportPingMessage ping;
560 struct GNUNET_TRANSPORT_PluginFunctions *papi;
561 struct GNUNET_TIME_Absolute next;
562 const struct GNUNET_MessageHeader *hello;
567 struct GNUNET_ATS_Session *session;
570 if (GNUNET_OK != result)
572 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
573 "Blacklist denies sending PING to `%s' `%s' `%s'\n",
575 GST_plugins_a2s (ve->address),
576 ve->address->transport_name);
577 GNUNET_STATISTICS_update (GST_stats,
578 gettext_noop ("# address records discarded (blacklist)"),
581 cleanup_validation_entry (NULL,
586 hello = GST_hello_get ();
587 GNUNET_assert (NULL != hello);
588 slen = strlen (ve->address->transport_name) + 1;
589 hsize = ntohs (hello->size);
590 tsize = sizeof (struct TransportPingMessage) +
591 ve->address->address_length + slen + hsize;
594 htons (sizeof (struct TransportPingMessage) +
595 ve->address->address_length + slen);
596 ping.header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PING);
597 ping.challenge = htonl (ve->challenge);
600 if (tsize >= GNUNET_MAX_MESSAGE_SIZE)
605 sizeof (struct TransportPingMessage) + ve->address->address_length +
609 char message_buf[tsize] GNUNET_ALIGN;
611 GNUNET_memcpy (message_buf,
614 GNUNET_memcpy (&message_buf[hsize],
616 sizeof (struct TransportPingMessage));
617 GNUNET_memcpy (&message_buf[sizeof (struct TransportPingMessage) + hsize],
618 ve->address->transport_name,
620 GNUNET_memcpy (&message_buf[sizeof (struct TransportPingMessage) + slen + hsize],
621 ve->address->address,
622 ve->address->address_length);
623 papi = GST_plugins_find (ve->address->transport_name);
624 GNUNET_assert (NULL != papi);
625 session = papi->get_session (papi->cls,
629 /* Could not get a valid session */
630 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
631 "Failed to get session to send PING to `%s' at `%s'\n",
633 GST_plugins_a2s (ve->address));
637 ret = papi->send (papi->cls, session,
640 ACCEPTABLE_PING_DELAY,
644 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
645 "Failed to send PING to `%s' at `%s'\n",
647 GST_plugins_a2s (ve->address));
650 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
651 "Transmitted plain PING to `%s' `%s' `%s'\n",
653 GST_plugins_a2s (ve->address),
654 ve->address->transport_name);
655 ve->network = papi->get_network (papi->cls,
657 GNUNET_break (GNUNET_NT_UNSPECIFIED != ve->network);
658 GST_neighbours_notify_data_sent (ve->address,
661 next = GNUNET_TIME_relative_to_absolute (validation_delay);
662 validation_next = GNUNET_TIME_absolute_max (next,
664 ve->send_time = GNUNET_TIME_absolute_get ();
665 GNUNET_STATISTICS_update (GST_stats,
666 gettext_noop ("# PINGs for address validation sent"),
669 ve->expecting_pong = GNUNET_YES;
670 validations_running++;
671 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
672 "Validation started, %u validation processes running\n",
673 validations_running);
674 GNUNET_STATISTICS_set (GST_stats,
675 gettext_noop ("# validations running"),
678 /* Notify about PING sent */
679 validation_entry_changed (ve,
680 GNUNET_TRANSPORT_VS_UPDATE);
687 * Do address validation again to keep address valid.
689 * @param cls the `struct ValidationEntry`
692 revalidate_address (void *cls)
694 struct ValidationEntry *ve = cls;
695 struct GNUNET_TIME_Relative canonical_delay;
696 struct GNUNET_TIME_Relative delay;
697 struct GNUNET_TIME_Relative blocked_for;
698 struct GST_BlacklistCheck *bc;
701 ve->revalidation_task = NULL;
702 delay = GNUNET_TIME_absolute_get_remaining (ve->revalidation_block);
703 /* Considering current connectivity situation, what is the maximum
704 block period permitted? */
705 if (GNUNET_YES == ve->in_use)
706 canonical_delay = CONNECTED_PING_FREQUENCY;
707 else if (GNUNET_TIME_absolute_get_remaining (ve->valid_until).rel_value_us > 0)
708 canonical_delay = VALIDATED_PING_FREQUENCY;
710 canonical_delay = UNVALIDATED_PING_KEEPALIVE;
711 /* Use delay that is MIN of original delay and possibly adjusted
712 new maximum delay (which may be lower); the real delay
713 is originally randomized between "canonical_delay" and "2 * canonical_delay",
714 so continue to permit that window for the operation. */
715 delay = GNUNET_TIME_relative_min (delay,
716 GNUNET_TIME_relative_multiply (canonical_delay,
718 ve->revalidation_block = GNUNET_TIME_relative_to_absolute (delay);
719 if (delay.rel_value_us > 0)
721 /* should wait a bit longer */
722 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
723 "Waiting for %s longer before (re)validating address `%s'\n",
724 GNUNET_STRINGS_relative_time_to_string (delay,
726 GST_plugins_a2s (ve->address));
727 ve->revalidation_task =
728 GNUNET_SCHEDULER_add_delayed (delay,
729 &revalidate_address, ve);
730 ve->next_validation = GNUNET_TIME_relative_to_absolute (delay);
733 /* check if globally we have too many active validations at a
734 too high rate, if so, delay ours */
735 blocked_for = GNUNET_TIME_absolute_get_remaining (validation_next);
736 if ( (validations_running > validations_fast_start_threshold) &&
737 (blocked_for.rel_value_us > 0) )
739 /* Validations are blocked, have to wait for blocked_for time */
740 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
741 "Validations blocked for another %s, delaying validating address `%s'\n",
742 GNUNET_STRINGS_relative_time_to_string (blocked_for,
744 GST_plugins_a2s (ve->address));
745 GNUNET_STATISTICS_update (GST_stats,
746 gettext_noop ("# validations delayed by global throttle"),
749 ve->revalidation_task =
750 GNUNET_SCHEDULER_add_delayed (blocked_for,
753 ve->next_validation = GNUNET_TIME_relative_to_absolute (blocked_for);
757 /* We are good to go; remember to not go again for `canonical_delay` time;
758 add up to `canonical_delay` to randomize start time */
759 ve->revalidation_block = GNUNET_TIME_relative_to_absolute (canonical_delay);
760 /* schedule next PINGing with some extra random delay to avoid synchronous re-validations */
762 GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
763 canonical_delay.rel_value_us);
765 delay = GNUNET_TIME_relative_add (canonical_delay,
766 GNUNET_TIME_relative_multiply
767 (GNUNET_TIME_UNIT_MICROSECONDS,
770 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
771 "Validating now, next scheduled for %s, now validating address `%s'\n",
772 GNUNET_STRINGS_relative_time_to_string (blocked_for,
774 GST_plugins_a2s (ve->address));
775 ve->revalidation_task =
776 GNUNET_SCHEDULER_add_delayed (delay,
779 ve->next_validation = GNUNET_TIME_relative_to_absolute (delay);
781 /* start PINGing by checking blacklist */
782 GNUNET_STATISTICS_update (GST_stats,
783 gettext_noop ("# address revalidations started"), 1,
787 GST_blacklist_test_cancel (ve->bc);
790 bc = GST_blacklist_test_allowed (&ve->address->peer,
791 ve->address->transport_name,
792 &transmit_ping_if_allowed,
798 /* If transmit_ping_if_allowed was already called it may have freed ve,
799 * so only set ve->bc if it has not been called.
807 * Find a ValidationEntry entry for the given neighbour that matches
808 * the given address and transport. If none exists, create one (but
809 * without starting any validation).
811 * @param address address to find
812 * @return validation entry matching the given specifications, NULL
813 * if we don't have an existing entry and no public key was given
815 static struct ValidationEntry *
816 find_validation_entry (const struct GNUNET_HELLO_Address *address)
818 struct ValidationEntryMatchContext vemc;
819 struct ValidationEntry *ve;
822 vemc.address = address;
823 GNUNET_CONTAINER_multipeermap_get_multiple (validation_map,
825 &validation_entry_match, &vemc);
826 if (NULL != (ve = vemc.ve))
828 GNUNET_assert (GNUNET_NO ==
829 GST_ats_is_known_no_session (address));
830 ve = GNUNET_new (struct ValidationEntry);
831 ve->in_use = GNUNET_SYSERR; /* not defined */
832 ve->address = GNUNET_HELLO_address_copy (address);
833 ve->pong_sig_valid_until = GNUNET_TIME_UNIT_ZERO_ABS;
834 memset (&ve->pong_sig_cache,
836 sizeof (struct GNUNET_CRYPTO_EddsaSignature));
837 ve->latency = GNUNET_TIME_UNIT_FOREVER_REL;
839 GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX);
841 GNUNET_SCHEDULER_add_delayed (UNVALIDATED_PING_KEEPALIVE,
842 &timeout_hello_validation,
844 GNUNET_CONTAINER_multipeermap_put (validation_map,
847 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
848 publish_ve_stat_update ();
849 validation_entry_changed (ve,
850 GNUNET_TRANSPORT_VS_NEW);
856 * Iterator which adds the given address to the set of validated
859 * @param cls original HELLO message
860 * @param address the address
861 * @param expiration expiration time
862 * @return #GNUNET_OK (keep the address), could return
863 * #GNUNET_NO (delete address, but this is ignored);
864 * #GNUNET_SYSERR would abort iteration (but we always iterate all)
867 add_valid_address (void *cls,
868 const struct GNUNET_HELLO_Address *address,
869 struct GNUNET_TIME_Absolute expiration)
871 const struct GNUNET_HELLO_Message *hello = cls;
872 struct ValidationEntry *ve;
873 struct GNUNET_PeerIdentity pid;
874 struct GNUNET_ATS_Properties prop;
875 struct GNUNET_TRANSPORT_PluginFunctions *papi;
877 if (0 == GNUNET_TIME_absolute_get_remaining (expiration).rel_value_us)
878 return GNUNET_OK; /* expired */
879 if (GNUNET_OK != GNUNET_HELLO_get_id (hello, &pid))
882 return GNUNET_OK; /* invalid HELLO !? */
884 if (NULL == (papi = GST_plugins_find (address->transport_name)))
886 /* might have been valid in the past, but we don't have that
887 plugin loaded right now */
891 papi->address_to_string (papi->cls,
893 address->address_length))
895 /* Why do we try to add an ill-formed address? */
897 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
898 "Address with %u bytes for plugin %s and peer %s is malformed\n",
899 (unsigned int) address->address_length,
900 address->transport_name,
905 ve = find_validation_entry (address);
906 ve->network = papi->get_network_for_address (papi->cls,
908 GNUNET_break (GNUNET_NT_UNSPECIFIED != ve->network);
909 ve->valid_until = GNUNET_TIME_absolute_max (ve->valid_until,
911 if (NULL == ve->revalidation_task)
913 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
914 "Starting revalidations for valid address `%s'\n",
915 GST_plugins_a2s (ve->address));
916 ve->next_validation = GNUNET_TIME_absolute_get();
917 ve->revalidation_task = GNUNET_SCHEDULER_add_now (&revalidate_address, ve);
919 validation_entry_changed (ve,
920 GNUNET_TRANSPORT_VS_UPDATE);
921 memset (&prop, 0, sizeof (prop));
922 prop.scope = ve->network;
923 prop.delay = GNUNET_TIME_relative_divide (ve->latency, 2);
924 if (GNUNET_YES != ve->known_to_ats)
926 ve->known_to_ats = GNUNET_YES;
927 GST_ats_add_address (address, &prop);
928 GNUNET_assert (GNUNET_YES ==
929 GST_ats_is_known_no_session (ve->address));
936 * Function called for any HELLO known to PEERINFO.
938 * @param cls unused (NULL)
939 * @param peer id of the peer, NULL for last call (during iteration,
940 * as we are monitoring, this should never happen)
941 * @param hello hello message for the peer (can be NULL)
942 * @param err_msg error message
945 process_peerinfo_hello (void *cls,
946 const struct GNUNET_PeerIdentity *peer,
947 const struct GNUNET_HELLO_Message *hello,
950 GNUNET_assert (NULL != peer);
953 if (0 == memcmp (&GST_my_identity,
955 sizeof (struct GNUNET_PeerIdentity)))
957 /* Peerinfo returned own identity, skip validation */
960 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
961 "Handling HELLO for peer `%s'\n",
963 GNUNET_assert (NULL ==
964 GNUNET_HELLO_iterate_addresses (hello, GNUNET_NO,
971 * Start the validation subsystem.
973 * @param max_fds maximum number of fds to use
976 GST_validation_start (unsigned int max_fds)
979 * Initialization for validation throttling
981 * We have a maximum number max_fds of connections we can use for validation
982 * We monitor the number of validations in parallel and start to throttle it
983 * when doing to many validations in parallel:
984 * if (running validations < (max_fds / 2))
985 * - "fast start": run validation immediately
986 * - have delay of (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT.rel_value_us) / (max_fds / 2)
987 * (300 sec / ~150 == ~2 sec.) between two validations
990 validation_next = GNUNET_TIME_absolute_get();
991 validation_delay.rel_value_us = (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT.rel_value_us) / (max_fds / 2);
992 validations_fast_start_threshold = (max_fds / 2);
993 validations_running = 0;
994 GNUNET_STATISTICS_set (GST_stats,
995 gettext_noop ("# validations running"),
998 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
999 "Validation uses a fast start threshold of %u connections and a delay of %s\n",
1000 validations_fast_start_threshold,
1001 GNUNET_STRINGS_relative_time_to_string (validation_delay,
1003 validation_map = GNUNET_CONTAINER_multipeermap_create (VALIDATION_MAP_SIZE,
1005 pnc = GNUNET_PEERINFO_notify (GST_cfg, GNUNET_YES,
1006 &process_peerinfo_hello, NULL);
1011 * Stop the validation subsystem.
1014 GST_validation_stop ()
1016 GNUNET_CONTAINER_multipeermap_iterate (validation_map,
1017 &cleanup_validation_entry,
1019 GNUNET_CONTAINER_multipeermap_destroy (validation_map);
1020 validation_map = NULL;
1021 GNUNET_PEERINFO_notify_cancel (pnc);
1026 * Send the given PONG to the given address.
1028 * @param cls the PONG message
1029 * @param valid_until is ZERO if we never validated the address,
1030 * otherwise a time up to when we consider it (or was) valid
1031 * @param validation_block is FOREVER if the address is for an unsupported plugin (from PEERINFO)
1032 * is ZERO if the address is considered valid (no validation needed)
1033 * otherwise a time in the future if we're currently denying re-validation
1034 * @param address target address
1037 multicast_pong (void *cls,
1038 struct GNUNET_TIME_Absolute valid_until,
1039 struct GNUNET_TIME_Absolute validation_block,
1040 const struct GNUNET_HELLO_Address *address)
1042 struct TransportPongMessage *pong = cls;
1043 struct GNUNET_TRANSPORT_PluginFunctions *papi;
1044 struct GNUNET_ATS_Session *session;
1046 papi = GST_plugins_find (address->transport_name);
1049 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1050 "Plugin %s not supported, cannot send PONG\n",
1051 address->transport_name);
1054 GNUNET_assert (NULL != papi->send);
1055 GNUNET_assert (NULL != papi->get_session);
1056 session = papi->get_session(papi->cls, address);
1057 if (NULL == session)
1062 GST_ats_new_session (address, session);
1063 papi->send (papi->cls, session,
1064 (const char *) pong,
1065 ntohs (pong->header.size),
1067 ACCEPTABLE_PING_DELAY,
1069 GST_neighbours_notify_data_sent (address,
1076 * We've received a PING. If appropriate, generate a PONG.
1078 * @param sender peer sending the PING
1079 * @param hdr the PING
1080 * @param sender_address the sender address as we got it
1081 * @param session session we got the PING from
1082 * @return #GNUNET_OK if the message was fine, #GNUNET_SYSERR on serious error
1085 GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
1086 const struct GNUNET_MessageHeader *hdr,
1087 const struct GNUNET_HELLO_Address *sender_address,
1088 struct GNUNET_ATS_Session *session)
1090 const struct TransportPingMessage *ping;
1091 struct TransportPongMessage *pong;
1092 struct GNUNET_TRANSPORT_PluginFunctions *papi;
1093 struct GNUNET_CRYPTO_EddsaSignature *sig_cache;
1094 struct GNUNET_TIME_Absolute *sig_cache_exp;
1096 const char *addrend;
1102 struct GNUNET_HELLO_Address address;
1105 memcmp (&GST_my_identity,
1107 sizeof (struct GNUNET_PeerIdentity)))
1108 return GNUNET_OK; /* our own, ignore! */
1109 if (ntohs (hdr->size) < sizeof (struct TransportPingMessage))
1111 GNUNET_break_op (0);
1112 return GNUNET_SYSERR;
1114 ping = (const struct TransportPingMessage *) hdr;
1116 memcmp (&ping->target, &GST_my_identity,
1117 sizeof (struct GNUNET_PeerIdentity)))
1119 GNUNET_STATISTICS_update (GST_stats,
1121 ("# PING message for different peer received"), 1,
1123 return GNUNET_SYSERR;
1125 GNUNET_STATISTICS_update (GST_stats,
1126 gettext_noop ("# PING messages received"), 1,
1128 addr = (const char *) &ping[1];
1129 len_address = ntohs (hdr->size) - sizeof (struct TransportPingMessage);
1130 /* peer wants to confirm that this is one of our addresses, this is what is
1131 * used for address validation */
1134 sig_cache_exp = NULL;
1136 if (len_address > 0)
1138 addrend = memchr (addr, '\0', len_address);
1139 if (NULL == addrend)
1141 GNUNET_break_op (0);
1142 return GNUNET_SYSERR;
1145 len_plugin = strlen (addr) + 1;
1146 len_address -= len_plugin;
1147 address.local_info = GNUNET_HELLO_ADDRESS_INFO_NONE;
1148 address.address = addrend;
1149 address.address_length = len_address;
1150 address.transport_name = addr;
1151 address.peer = GST_my_identity;
1153 if (NULL == address.transport_name)
1158 if (0 != strstr (address.transport_name, "_client"))
1160 plugin_name = GNUNET_strdup (address.transport_name);
1161 pos = strstr (plugin_name, "_client");
1162 GNUNET_assert (NULL != pos);
1163 GNUNET_snprintf (pos, strlen ("_server") + 1, "%s", "_server");
1166 plugin_name = GNUNET_strdup (address.transport_name);
1168 if (NULL == (papi = GST_plugins_find (plugin_name)))
1170 /* we don't have the plugin for this address */
1171 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1172 _("Plugin `%s' not available, cannot confirm having this address\n"),
1174 GNUNET_free (plugin_name);
1175 return GNUNET_SYSERR;
1177 GNUNET_free (plugin_name);
1179 papi->check_address (papi->cls,
1183 GNUNET_STATISTICS_update (GST_stats,
1185 ("# failed address checks during validation"), 1,
1187 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1188 _("Address `%s' is not one of my addresses, not confirming PING\n"),
1189 GST_plugins_a2s (&address));
1190 return GNUNET_SYSERR;
1194 GNUNET_STATISTICS_update (GST_stats,
1196 ("# successful address checks during validation"), 1,
1198 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1199 "Address `%s' is one of my addresses, confirming PING\n",
1200 GST_plugins_a2s (&address));
1204 GST_hello_test_address (&address,
1208 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1209 _("Not confirming PING from peer `%s' with address `%s' since I cannot confirm having this address.\n"),
1210 GNUNET_i2s (sender),
1211 GST_plugins_a2s (&address));
1212 return GNUNET_SYSERR;
1217 addrend = NULL; /* make gcc happy */
1219 static struct GNUNET_CRYPTO_EddsaSignature no_address_signature;
1220 static struct GNUNET_TIME_Absolute no_address_signature_expiration;
1222 sig_cache = &no_address_signature;
1223 sig_cache_exp = &no_address_signature_expiration;
1226 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1227 "I am `%s', sending PONG to peer `%s'\n",
1228 GNUNET_i2s_full (&GST_my_identity),
1229 GNUNET_i2s (sender));
1231 /* message with structure:
1232 * [TransportPongMessage][Transport name][Address] */
1234 pong = GNUNET_malloc (sizeof (struct TransportPongMessage) + len_address + len_plugin);
1236 htons (sizeof (struct TransportPongMessage) + len_address + len_plugin);
1237 pong->header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PONG);
1238 pong->purpose.size =
1239 htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
1240 sizeof (uint32_t) + sizeof (struct GNUNET_TIME_AbsoluteNBO) +
1241 len_address + len_plugin);
1242 pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN);
1243 GNUNET_memcpy (&pong->challenge, &ping->challenge, sizeof (ping->challenge));
1244 pong->addrlen = htonl (len_address + len_plugin);
1245 GNUNET_memcpy (&pong[1], addr, len_plugin); /* Copy transport plugin */
1246 if (len_address > 0)
1248 GNUNET_assert (NULL != addrend);
1249 GNUNET_memcpy (&((char *) &pong[1])[len_plugin], addrend, len_address);
1251 if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value_us <
1252 PONG_SIGNATURE_LIFETIME.rel_value_us / 4)
1254 /* create / update cached sig */
1255 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1256 "Creating PONG signature to indicate ownership.\n");
1257 *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
1258 pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
1260 GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, &pong->purpose,
1263 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1264 _("Failed to create PONG signature for peer `%s'\n"), GNUNET_i2s (sender));
1269 pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
1271 pong->signature = *sig_cache;
1273 GNUNET_assert (NULL != sender_address);
1275 /* first see if the session we got this PING from can be used to transmit
1276 * a response reliably */
1283 GNUNET_assert (NULL != papi->send);
1284 GNUNET_assert (NULL != papi->get_session);
1285 if (NULL == session)
1287 session = papi->get_session (papi->cls, sender_address);
1289 if (NULL == session)
1296 ret = papi->send (papi->cls, session,
1297 (const char *) pong,
1298 ntohs (pong->header.size),
1299 PONG_PRIORITY, ACCEPTABLE_PING_DELAY,
1302 GST_neighbours_notify_data_sent (sender_address,
1309 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1310 "Transmitted PONG to `%s' via reliable mechanism\n",
1311 GNUNET_i2s (sender));
1313 GNUNET_STATISTICS_update (GST_stats,
1315 ("# PONGs unicast via reliable transport"), 1,
1321 /* no reliable method found, try transmission via all known addresses */
1322 GNUNET_STATISTICS_update (GST_stats,
1324 ("# PONGs multicast to all available addresses"), 1,
1326 GST_validation_get_addresses (sender,
1327 &multicast_pong, pong);
1334 * Validate an individual address.
1336 * @param address address we should try to validate
1339 GST_validation_handle_address (const struct GNUNET_HELLO_Address *address)
1341 struct GNUNET_TRANSPORT_PluginFunctions *papi;
1342 struct ValidationEntry *ve;
1344 papi = GST_plugins_find (address->transport_name);
1347 /* This plugin is currently unvailable ... ignore */
1348 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1349 "No plugin available for %s\n",
1350 address->transport_name);
1353 ve = find_validation_entry (address);
1354 if (NULL == ve->revalidation_task)
1356 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1357 "Validation process started for fresh address `%s' of %s\n",
1358 GST_plugins_a2s (ve->address),
1359 GNUNET_i2s (&ve->address->peer));
1360 ve->revalidation_task = GNUNET_SCHEDULER_add_now (&revalidate_address, ve);
1364 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1365 "Validation already running for address `%s' of %s\n",
1366 GST_plugins_a2s (ve->address),
1367 GNUNET_i2s (&ve->address->peer));
1373 * Iterator callback to go over all addresses and try to validate them
1374 * (unless blocked or already validated).
1377 * @param address the address
1378 * @param expiration expiration time
1379 * @return #GNUNET_OK (keep the address)
1382 validate_address_iterator (void *cls,
1383 const struct GNUNET_HELLO_Address *address,
1384 struct GNUNET_TIME_Absolute expiration)
1386 if (0 == GNUNET_TIME_absolute_get_remaining (expiration).rel_value_us)
1388 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1389 "Skipping expired address from HELLO\n");
1390 return GNUNET_OK; /* expired */
1392 GST_validation_handle_address (address);
1398 * Add the validated peer address to the HELLO.
1400 * @param cls the `struct ValidationEntry *` with the validated address
1401 * @param max space in @a buf
1402 * @param buf where to add the address
1403 * @return number of bytes written, #GNUNET_SYSERR to signal the
1404 * end of the iteration.
1407 add_valid_peer_address (void *cls,
1411 struct ValidationEntry *ve = cls;
1413 if (GNUNET_YES == ve->copied)
1414 return GNUNET_SYSERR; /* Done */
1415 ve->copied = GNUNET_YES;
1416 return GNUNET_HELLO_add_address (ve->address,
1424 * We've received a PONG. Check if it matches a pending PING and
1425 * mark the respective address as confirmed.
1427 * @param sender peer sending the PONG
1428 * @param hdr the PONG
1429 * @return #GNUNET_OK if the message was fine, #GNUNET_SYSERR on serious error
1432 GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
1433 const struct GNUNET_MessageHeader *hdr)
1435 const struct TransportPongMessage *pong;
1436 struct ValidationEntry *ve;
1442 struct GNUNET_HELLO_Message *hello;
1443 struct GNUNET_HELLO_Address address;
1448 memcmp (&GST_my_identity,
1450 sizeof (struct GNUNET_PeerIdentity)))
1451 return GNUNET_OK; /* our own, ignore! */
1453 if (ntohs (hdr->size) < sizeof (struct TransportPongMessage))
1455 GNUNET_break_op (0);
1456 return GNUNET_SYSERR;
1458 GNUNET_STATISTICS_update (GST_stats,
1459 gettext_noop ("# PONG messages received"), 1,
1462 /* message with structure:
1463 * [TransportPongMessage][Transport name][Address] */
1465 pong = (const struct TransportPongMessage *) hdr;
1466 tname = (const char *) &pong[1];
1467 size = ntohs (hdr->size) - sizeof (struct TransportPongMessage);
1468 addr = memchr (tname, '\0', size);
1471 GNUNET_break_op (0);
1472 return GNUNET_SYSERR;
1475 slen = strlen (tname) + 1;
1476 addrlen = size - slen;
1478 if (NULL == GST_plugins_find (tname))
1480 /* we got the PONG, but the transport plugin specified in it
1481 is not supported by this peer, so this cannot be a good
1483 GNUNET_break_op (0);
1487 address.peer = *sender;
1488 address.address = addr;
1489 address.address_length = addrlen;
1490 address.transport_name = tname;
1491 address.local_info = GNUNET_HELLO_ADDRESS_INFO_NONE;
1492 ve = find_validation_entry (&address);
1493 if ((NULL == ve) || (GNUNET_NO == ve->expecting_pong))
1495 GNUNET_STATISTICS_update (GST_stats,
1497 ("# PONGs dropped, no matching pending validation"),
1501 /* now check that PONG is well-formed */
1502 if (0 != memcmp (&ve->address->peer,
1504 sizeof (struct GNUNET_PeerIdentity)))
1506 GNUNET_break_op (0);
1507 return GNUNET_SYSERR;
1510 GNUNET_TIME_absolute_get_remaining
1511 (GNUNET_TIME_absolute_ntoh (pong->expiration)).rel_value_us)
1513 GNUNET_STATISTICS_update (GST_stats,
1515 ("# PONGs dropped, signature expired"), 1,
1517 return GNUNET_SYSERR;
1520 sig_res = GNUNET_SYSERR;
1521 do_verify = GNUNET_YES;
1522 if (0 != GNUNET_TIME_absolute_get_remaining (ve->pong_sig_valid_until).rel_value_us)
1524 /* We have a cached and valid signature for this peer,
1525 * try to compare instead of verify */
1526 if (0 == memcmp (&ve->pong_sig_cache,
1528 sizeof (struct GNUNET_CRYPTO_EddsaSignature)))
1530 /* signatures are identical, we can skip verification */
1531 sig_res = GNUNET_OK;
1532 do_verify = GNUNET_NO;
1536 sig_res = GNUNET_SYSERR;
1537 /* signatures do not match, we have to verify */
1541 if (GNUNET_YES == do_verify)
1543 /* Do expensive verification */
1544 sig_res = GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
1547 &ve->address->peer.public_key);
1548 if (sig_res == GNUNET_SYSERR)
1550 GNUNET_break_op (0);
1551 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1552 "Failed to verify: invalid signature on address `%s':%s from peer `%s'\n",
1554 GST_plugins_a2s (ve->address),
1555 GNUNET_i2s (sender));
1558 if (sig_res == GNUNET_SYSERR)
1560 GNUNET_break_op (0);
1561 return GNUNET_SYSERR;
1564 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1565 "Validation process successful for peer `%s' with plugin `%s' address `%s'\n",
1566 GNUNET_i2s (sender),
1568 GST_plugins_a2s (ve->address));
1569 GNUNET_STATISTICS_update (GST_stats,
1570 gettext_noop ("# validations succeeded"),
1573 /* validity achieved, remember it! */
1574 ve->expecting_pong = GNUNET_NO;
1575 ve->valid_until = GNUNET_TIME_relative_to_absolute (HELLO_ADDRESS_EXPIRATION);
1576 ve->pong_sig_cache = pong->signature;
1577 ve->pong_sig_valid_until = GNUNET_TIME_absolute_ntoh (pong->expiration);
1578 ve->latency = GNUNET_TIME_absolute_get_duration (ve->send_time);
1580 if (GNUNET_YES == ve->known_to_ats)
1582 GNUNET_assert (GNUNET_YES ==
1583 GST_ats_is_known_no_session (ve->address));
1584 GST_ats_update_delay (ve->address,
1585 GNUNET_TIME_relative_divide (ve->latency, 2));
1589 struct GNUNET_ATS_Properties prop;
1591 memset (&prop, 0, sizeof (prop));
1592 GNUNET_break (GNUNET_NT_UNSPECIFIED != ve->network);
1593 prop.scope = ve->network;
1594 prop.delay = GNUNET_TIME_relative_divide (ve->latency, 2);
1595 GNUNET_assert (GNUNET_NO ==
1596 GST_ats_is_known_no_session (ve->address));
1597 ve->known_to_ats = GNUNET_YES;
1598 GST_ats_add_address (ve->address, &prop);
1599 GNUNET_assert (GNUNET_YES ==
1600 GST_ats_is_known_no_session (ve->address));
1603 if (validations_running > 0)
1605 validations_running--;
1606 GNUNET_STATISTICS_set (GST_stats,
1607 gettext_noop ("# validations running"),
1608 validations_running,
1610 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1611 "Validation finished, %u validation processes running\n",
1612 validations_running);
1619 /* Notify about new validity */
1620 validation_entry_changed (ve,
1621 GNUNET_TRANSPORT_VS_UPDATE);
1623 /* build HELLO to store in PEERINFO */
1624 GNUNET_STATISTICS_update (GST_stats,
1625 gettext_noop ("# HELLOs given to peerinfo"),
1628 ve->copied = GNUNET_NO;
1629 hello = GNUNET_HELLO_create (&ve->address->peer.public_key,
1630 &add_valid_peer_address,
1633 GNUNET_break (NULL !=
1634 GNUNET_PEERINFO_add_peer (GST_peerinfo,
1638 GNUNET_free (hello);
1644 * We've received a HELLO, check which addresses are new and trigger
1647 * @param hello the HELLO we received
1648 * @return #GNUNET_OK if the message was fine, #GNUNET_SYSERR on serious error
1651 GST_validation_handle_hello (const struct GNUNET_MessageHeader *hello)
1653 const struct GNUNET_HELLO_Message *hm =
1654 (const struct GNUNET_HELLO_Message *) hello;
1655 struct GNUNET_PeerIdentity pid;
1658 friend = GNUNET_HELLO_is_friend_only (hm);
1659 if ( ( (GNUNET_YES != friend) &&
1660 (GNUNET_NO != friend) ) ||
1661 (GNUNET_OK != GNUNET_HELLO_get_id (hm, &pid)) )
1663 /* malformed HELLO */
1664 GNUNET_break_op (0);
1665 return GNUNET_SYSERR;
1668 memcmp (&GST_my_identity,
1670 sizeof (struct GNUNET_PeerIdentity)))
1672 /* got our own HELLO, how boring */
1673 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1674 "Validation received our own HELLO (%s), ignoring\n",
1678 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1679 "Validation received HELLO message for peer `%s' with size %u, checking for new addresses\n",
1681 ntohs (hello->size));
1682 GNUNET_assert (NULL ==
1683 GNUNET_HELLO_iterate_addresses (hm,
1685 &validate_address_iterator,
1692 * Closure for #iterate_addresses().
1694 struct IteratorContext
1697 * Function to call on each address.
1699 GST_ValidationAddressCallback cb;
1702 * Closure for @e cb.
1710 * Call the callback in the closure for each validation entry.
1712 * @param cls the `struct IteratorContext`
1713 * @param key the peer's identity
1714 * @param value the `struct ValidationEntry`
1715 * @return #GNUNET_OK (continue to iterate)
1718 iterate_addresses (void *cls,
1719 const struct GNUNET_PeerIdentity *key,
1722 struct IteratorContext *ic = cls;
1723 struct ValidationEntry *ve = value;
1727 ve->revalidation_block,
1734 * Call the given function for each address for the given target.
1735 * Can either give a snapshot (synchronous API) or be continuous.
1737 * @param target peer information is requested for
1738 * @param cb function to call; will not be called after this function returns
1739 * @param cb_cls closure for @a cb
1742 GST_validation_get_addresses (const struct GNUNET_PeerIdentity *target,
1743 GST_ValidationAddressCallback cb,
1746 struct IteratorContext ic;
1750 GNUNET_CONTAINER_multipeermap_get_multiple (validation_map,
1752 &iterate_addresses, &ic);
1757 * Update if we are using an address for a connection actively right now.
1758 * Based on this, the validation module will measure latency for the
1759 * address more or less often.
1761 * @param address the address that we are now using (or not)
1762 * @param in_use #GNUNET_YES if we are now using the address for a connection,
1763 * #GNUNET_NO if we are no longer using the address for a connection
1766 GST_validation_set_address_use (const struct GNUNET_HELLO_Address *address,
1769 struct ValidationEntry *ve;
1771 if (GNUNET_HELLO_address_check_option (address,
1772 GNUNET_HELLO_ADDRESS_INFO_INBOUND))
1773 return; /* ignore inbound for validation */
1774 if (NULL == GST_plugins_find (address->transport_name))
1776 /* How can we use an address for which we don't have the plugin? */
1780 ve = find_validation_entry (address);
1786 if (in_use == ve->in_use)
1788 ve->in_use = in_use;
1789 if (GNUNET_YES == in_use)
1791 /* from now on, higher frequeny, so reschedule now */
1792 if (NULL != ve->revalidation_task)
1793 GNUNET_SCHEDULER_cancel (ve->revalidation_task);
1794 ve->revalidation_task = GNUNET_SCHEDULER_add_now (&revalidate_address,
1800 /* end of file gnunet-service-transport_validation.c */
projects / oweals / gnunet.git / blob