2 This file is part of GNUnet.
3 (C) 2010,2011 Christian Grothoff (and other contributing authors)
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file transport/gnunet-service-transport_validation.c
23 * @brief address validation subsystem
24 * @author Christian Grothoff
27 #include "gnunet-service-transport_validation.h"
28 #include "gnunet-service-transport_plugins.h"
29 #include "gnunet-service-transport_hello.h"
30 #include "gnunet-service-transport_blacklist.h"
31 #include "gnunet-service-transport.h"
32 #include "gnunet_hello_lib.h"
33 #include "gnunet_ats_service.h"
34 #include "gnunet_peerinfo_service.h"
35 #include "gnunet_signatures.h"
37 #define KEEP_093_COMPATIBILITY GNUNET_NO
40 * How long is a PONG signature valid? We'll recycle a signature until
41 * 1/4 of this time is remaining. PONGs should expire so that if our
42 * external addresses change an adversary cannot replay them indefinitely.
43 * OTOH, we don't want to spend too much time generating PONG signatures,
44 * so they must have some lifetime to reduce our CPU usage.
46 #define PONG_SIGNATURE_LIFETIME GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 1)
49 * After how long do we expire an address in a HELLO that we just
50 * validated? This value is also used for our own addresses when we
53 #define HELLO_ADDRESS_EXPIRATION GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12)
56 * How often do we allow PINGing an address that we have not yet
57 * validated? This also determines how long we track an address that
58 * we cannot validate (because after this time we can destroy the
61 #define UNVALIDATED_PING_KEEPALIVE GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)
64 * How often do we PING an address that we have successfully validated
65 * in the past but are not actively using? Should be (significantly)
66 * smaller than HELLO_ADDRESS_EXPIRATION.
68 #define VALIDATED_PING_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 15)
71 * How often do we PING an address that we are currently using?
73 #define CONNECTED_PING_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 2)
76 * How much delay is acceptable for sending the PING or PONG?
78 #define ACCEPTABLE_PING_DELAY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 1)
81 * Size of the validation map hashmap.
83 #define VALIDATION_MAP_SIZE 256
86 * Priority to use for PINGs
88 #define PING_PRIORITY 2
91 * Priority to use for PONGs
93 #define PONG_PRIORITY 4
96 GNUNET_NETWORK_STRUCT_BEGIN
99 * Message used to ask a peer to validate receipt (to check an address
100 * from a HELLO). Followed by the address we are trying to validate,
101 * or an empty address if we are just sending a PING to confirm that a
102 * connection which the receiver (of the PING) initiated is still valid.
104 struct TransportPingMessage
108 * Type will be GNUNET_MESSAGE_TYPE_TRANSPORT_PING
110 struct GNUNET_MessageHeader header;
113 * Challenge code (to ensure fresh reply).
115 uint32_t challenge GNUNET_PACKED;
118 * Who is the intended recipient?
120 struct GNUNET_PeerIdentity target;
126 * Message used to validate a HELLO. The challenge is included in the
127 * confirmation to make matching of replies to requests possible. The
128 * signature signs our public key, an expiration time and our address.<p>
130 * This message is followed by our transport address that the PING tried
131 * to confirm (if we liked it). The address can be empty (zero bytes)
132 * if the PING had not address either (and we received the request via
133 * a connection that we initiated).
135 struct TransportPongMessage
139 * Type will be GNUNET_MESSAGE_TYPE_TRANSPORT_PONG
141 struct GNUNET_MessageHeader header;
144 * Challenge code from PING (showing freshness). Not part of what
145 * is signed so that we can re-use signatures.
147 uint32_t challenge GNUNET_PACKED;
152 struct GNUNET_CRYPTO_RsaSignature signature;
155 * GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN to confirm that this is a
156 * plausible address for the signing peer.
158 struct GNUNET_CRYPTO_RsaSignaturePurpose purpose;
161 * When does this signature expire?
163 struct GNUNET_TIME_AbsoluteNBO expiration;
166 * Size of address appended to this message (part of what is
167 * being signed, hence not redundant).
169 uint32_t addrlen GNUNET_PACKED;
172 GNUNET_NETWORK_STRUCT_END
175 * Information about an address under validation
177 struct ValidationEntry
183 struct GNUNET_HELLO_Address *address;
186 * Handle to the blacklist check (if we're currently in it).
188 struct GST_BlacklistCheck *bc;
191 * Public key of the peer.
193 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
196 * The identity of the peer. FIXME: duplicated (also in 'address')
198 struct GNUNET_PeerIdentity pid;
201 * ID of task that will clean up this entry if nothing happens.
203 GNUNET_SCHEDULER_TaskIdentifier timeout_task;
206 * ID of task that will trigger address revalidation.
208 GNUNET_SCHEDULER_TaskIdentifier revalidation_task;
211 * At what time did we send the latest validation request (PING)?
213 struct GNUNET_TIME_Absolute send_time;
216 * Until when is this address valid?
217 * ZERO if it is not currently considered valid.
219 struct GNUNET_TIME_Absolute valid_until;
222 * How long until we can try to validate this address again?
223 * FOREVER if the address is for an unsupported plugin (from PEERINFO)
224 * ZERO if the address is considered valid (no validation needed)
225 * otherwise a time in the future if we're currently denying re-validation
227 struct GNUNET_TIME_Absolute revalidation_block;
230 * Last observed latency for this address (round-trip), delay between
231 * last PING sent and PONG received; FOREVER if we never got a PONG.
233 struct GNUNET_TIME_Relative latency;
236 * Challenge number we used.
241 * When passing the address in 'add_valid_peer_address', did we
242 * copy the address to the HELLO yet?
247 * Are we currently using this address for a connection?
252 * Are we expecting a PONG message for this validation entry?
256 /* FIXME: DEBUGGING */
257 int last_line_set_to_no;
258 int last_line_set_to_yes;
263 * Context of currently active requests to peerinfo
264 * for validation of HELLOs.
266 struct CheckHelloValidatedContext
270 * This is a doubly-linked list.
272 struct CheckHelloValidatedContext *next;
275 * This is a doubly-linked list.
277 struct CheckHelloValidatedContext *prev;
280 * Hello that we are validating.
282 const struct GNUNET_HELLO_Message *hello;
288 * Head of linked list of HELLOs awaiting validation.
290 static struct CheckHelloValidatedContext *chvc_head;
293 * Tail of linked list of HELLOs awaiting validation
295 static struct CheckHelloValidatedContext *chvc_tail;
298 * Map of PeerIdentities to 'struct ValidationEntry*'s (addresses
299 * of the given peer that we are currently validating, have validated
300 * or are blocked from re-validation for a while).
302 static struct GNUNET_CONTAINER_MultiHashMap *validation_map;
305 * Context for peerinfo iteration.
307 static struct GNUNET_PEERINFO_NotifyContext *pnc;
311 * Context for the validation entry match function.
313 struct ValidationEntryMatchContext
316 * Where to store the result?
318 struct ValidationEntry *ve;
321 * Address we're interested in.
323 const struct GNUNET_HELLO_Address *address;
329 * Iterate over validation entries until a matching one is found.
331 * @param cls the 'struct ValidationEntryMatchContext'
332 * @param key peer identity (unused)
333 * @param value a 'struct ValidationEntry' to match
334 * @return GNUNET_YES if the entry does not match,
335 * GNUNET_NO if the entry does match
338 validation_entry_match (void *cls, const struct GNUNET_HashCode * key, void *value)
340 struct ValidationEntryMatchContext *vemc = cls;
341 struct ValidationEntry *ve = value;
343 if (0 == GNUNET_HELLO_address_cmp (ve->address, vemc->address))
353 * Iterate over validation entries and free them.
355 * @param cls (unused)
356 * @param key peer identity (unused)
357 * @param value a 'struct ValidationEntry' to clean up
358 * @return GNUNET_YES (continue to iterate)
361 cleanup_validation_entry (void *cls, const struct GNUNET_HashCode * key, void *value)
363 struct ValidationEntry *ve = value;
367 GST_blacklist_test_cancel (ve->bc);
370 GNUNET_break (GNUNET_OK ==
371 GNUNET_CONTAINER_multihashmap_remove (validation_map,
372 &ve->pid.hashPubKey, ve));
373 GNUNET_HELLO_address_free (ve->address);
374 if (GNUNET_SCHEDULER_NO_TASK != ve->timeout_task)
376 GNUNET_SCHEDULER_cancel (ve->timeout_task);
377 ve->timeout_task = GNUNET_SCHEDULER_NO_TASK;
379 if (GNUNET_SCHEDULER_NO_TASK != ve->revalidation_task)
381 GNUNET_SCHEDULER_cancel (ve->revalidation_task);
382 ve->revalidation_task = GNUNET_SCHEDULER_NO_TASK;
390 * Address validation cleanup task. Assesses if the record is no
391 * longer valid and then possibly triggers its removal.
393 * @param cls the 'struct ValidationEntry'
394 * @param tc scheduler context (unused)
397 timeout_hello_validation (void *cls,
398 const struct GNUNET_SCHEDULER_TaskContext *tc)
400 struct ValidationEntry *ve = cls;
401 struct GNUNET_TIME_Absolute max;
402 struct GNUNET_TIME_Relative left;
404 ve->timeout_task = GNUNET_SCHEDULER_NO_TASK;
405 max = GNUNET_TIME_absolute_max (ve->valid_until, ve->revalidation_block);
406 left = GNUNET_TIME_absolute_get_remaining (max);
407 if (left.rel_value > 0)
409 /* should wait a bit longer */
411 GNUNET_SCHEDULER_add_delayed (left, &timeout_hello_validation, ve);
414 GNUNET_STATISTICS_update (GST_stats,
415 gettext_noop ("# address records discarded"), 1,
417 cleanup_validation_entry (NULL, &ve->pid.hashPubKey, ve);
422 * Function called with the result from blacklisting.
423 * Send a PING to the other peer if a communication is allowed.
425 * @param cls our 'struct ValidationEntry'
426 * @param pid identity of the other peer
427 * @param result GNUNET_OK if the connection is allowed, GNUNET_NO if not
430 transmit_ping_if_allowed (void *cls, const struct GNUNET_PeerIdentity *pid,
433 struct ValidationEntry *ve = cls;
434 struct TransportPingMessage ping;
435 struct GNUNET_TRANSPORT_PluginFunctions *papi;
436 const struct GNUNET_MessageHeader *hello;
443 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Transmitting plain PING to `%s' %s %s\n",
444 GNUNET_i2s (pid), GST_plugins_a2s (ve->address), ve->address->transport_name);
446 slen = strlen (ve->address->transport_name) + 1;
447 hello = GST_hello_get ();
448 hsize = ntohs (hello->size);
450 sizeof (struct TransportPingMessage) + ve->address->address_length +
454 htons (sizeof (struct TransportPingMessage) +
455 ve->address->address_length + slen);
456 ping.header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PING);
457 ping.challenge = htonl (ve->challenge);
460 if (tsize >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
462 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
464 ("Not transmitting `%s' with `%s', message too big (%u bytes!). This should not happen.\n"),
465 "HELLO", "PING", (unsigned int) tsize);
466 /* message too big (!?), get rid of HELLO */
469 sizeof (struct TransportPingMessage) + ve->address->address_length +
473 char message_buf[tsize];
475 /* build message with structure:
476 * [HELLO][TransportPingMessage][Transport name][Address] */
477 memcpy (message_buf, hello, hsize);
478 memcpy (&message_buf[hsize], &ping, sizeof (struct TransportPingMessage));
479 memcpy (&message_buf[sizeof (struct TransportPingMessage) + hsize],
480 ve->address->transport_name, slen);
481 memcpy (&message_buf[sizeof (struct TransportPingMessage) + slen + hsize],
482 ve->address->address, ve->address->address_length);
483 papi = GST_plugins_find (ve->address->transport_name);
488 GNUNET_assert (papi->send != NULL);
489 GNUNET_assert (papi->get_session != NULL);
490 struct Session * session = papi->get_session(papi->cls, ve->address);
494 ret = papi->send (papi->cls, session,
496 PING_PRIORITY, ACCEPTABLE_PING_DELAY,
501 /* Could not get a valid session */
502 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Could not get a valid session for `%s' %s\n",
503 GNUNET_i2s (pid), GST_plugins_a2s (ve->address));
510 ve->send_time = GNUNET_TIME_absolute_get ();
511 GNUNET_STATISTICS_update (GST_stats,
513 ("# PING without HELLO messages sent"), 1,
515 ve->expecting_pong = GNUNET_YES;
521 * Do address validation again to keep address valid.
523 * @param cls the 'struct ValidationEntry'
524 * @param tc scheduler context (unused)
527 revalidate_address (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
529 struct ValidationEntry *ve = cls;
530 struct GNUNET_TIME_Relative canonical_delay;
531 struct GNUNET_TIME_Relative delay;
532 struct GST_BlacklistCheck *bc;
535 ve->revalidation_task = GNUNET_SCHEDULER_NO_TASK;
536 delay = GNUNET_TIME_absolute_get_remaining (ve->revalidation_block);
537 /* How long until we can possibly permit the next PING? */
540 GNUNET_YES) ? CONNECTED_PING_FREQUENCY
541 : ((GNUNET_TIME_absolute_get_remaining (ve->valid_until).rel_value >
542 0) ? VALIDATED_PING_FREQUENCY : UNVALIDATED_PING_KEEPALIVE);
543 if (delay.rel_value > canonical_delay.rel_value * 2)
545 /* situation changed, recalculate delay */
546 delay = canonical_delay;
547 ve->revalidation_block = GNUNET_TIME_relative_to_absolute (delay);
549 if (delay.rel_value > 0)
551 /* should wait a bit longer */
552 ve->revalidation_task =
553 GNUNET_SCHEDULER_add_delayed (delay, &revalidate_address, ve);
556 ve->revalidation_block = GNUNET_TIME_relative_to_absolute (canonical_delay);
558 /* schedule next PINGing with some extra random delay to avoid synchronous re-validations */
560 GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
561 canonical_delay.rel_value);
563 /* Debug code for mantis 0002726*/
564 if (GNUNET_TIME_UNIT_FOREVER_REL.rel_value ==
565 GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MILLISECONDS, rdelay).rel_value)
567 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
568 "Revalidation interval for peer `%s' for is FOREVER (debug: rdelay: %llu, canonical delay %llu)\n",
569 GNUNET_i2s (&ve->pid),
570 (unsigned long long) delay.rel_value,
571 (unsigned long long) canonical_delay.rel_value);
572 delay = canonical_delay;
576 delay = GNUNET_TIME_relative_add (canonical_delay,
577 GNUNET_TIME_relative_multiply
578 (GNUNET_TIME_UNIT_MILLISECONDS, rdelay));
580 /* End debug code for mantis 0002726*/
581 ve->revalidation_task =
582 GNUNET_SCHEDULER_add_delayed (delay, &revalidate_address, ve);
584 /* start PINGing by checking blacklist */
585 GNUNET_STATISTICS_update (GST_stats,
586 gettext_noop ("# address revalidations started"), 1,
588 bc = GST_blacklist_test_allowed (&ve->pid, ve->address->transport_name,
589 &transmit_ping_if_allowed, ve);
591 ve->bc = bc; /* only set 'bc' if 'transmit_ping_if_allowed' was not already
597 * Find a ValidationEntry entry for the given neighbour that matches
598 * the given address and transport. If none exists, create one (but
599 * without starting any validation).
601 * @param public_key public key of the peer, NULL for unknown
602 * @param address address to find
603 * @return validation entry matching the given specifications, NULL
604 * if we don't have an existing entry and no public key was given
606 static struct ValidationEntry *
607 find_validation_entry (const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded
608 *public_key, const struct GNUNET_HELLO_Address *address)
610 struct ValidationEntryMatchContext vemc;
611 struct ValidationEntry *ve;
614 vemc.address = address;
615 GNUNET_CONTAINER_multihashmap_get_multiple (validation_map,
616 &address->peer.hashPubKey,
617 &validation_entry_match, &vemc);
618 if (NULL != (ve = vemc.ve))
620 if (public_key == NULL)
622 ve = GNUNET_malloc (sizeof (struct ValidationEntry));
623 ve->in_use = GNUNET_SYSERR; /* not defined */
624 ve->last_line_set_to_no = 0;
625 ve->last_line_set_to_yes = 0;
626 ve->address = GNUNET_HELLO_address_copy (address);
627 ve->public_key = *public_key;
628 ve->pid = address->peer;
629 ve->latency = GNUNET_TIME_UNIT_FOREVER_REL;
631 GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX);
633 GNUNET_SCHEDULER_add_delayed (UNVALIDATED_PING_KEEPALIVE,
634 &timeout_hello_validation, ve);
635 GNUNET_CONTAINER_multihashmap_put (validation_map, &address->peer.hashPubKey,
637 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
638 ve->expecting_pong = GNUNET_NO;
644 * Iterator which adds the given address to the set of validated
647 * @param cls original HELLO message
648 * @param address the address
649 * @param expiration expiration time
650 * @return GNUNET_OK (keep the address)
653 add_valid_address (void *cls, const struct GNUNET_HELLO_Address *address,
654 struct GNUNET_TIME_Absolute expiration)
656 const struct GNUNET_HELLO_Message *hello = cls;
657 struct ValidationEntry *ve;
658 struct GNUNET_PeerIdentity pid;
659 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
661 if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0)
662 return GNUNET_OK; /* expired */
663 if ((GNUNET_OK != GNUNET_HELLO_get_id (hello, &pid)) ||
664 (GNUNET_OK != GNUNET_HELLO_get_key (hello, &public_key)))
667 return GNUNET_OK; /* invalid HELLO !? */
669 if (0 == memcmp (&GST_my_identity, &pid, sizeof (struct GNUNET_PeerIdentity)))
671 /* Peerinfo returned own identity, skip validation */
675 ve = find_validation_entry (&public_key, address);
676 ve->valid_until = GNUNET_TIME_absolute_max (ve->valid_until, expiration);
678 if (GNUNET_SCHEDULER_NO_TASK == ve->revalidation_task)
679 ve->revalidation_task = GNUNET_SCHEDULER_add_now (&revalidate_address, ve);
680 GNUNET_ATS_address_add (GST_ats, address, NULL, NULL, 0);
686 * Function called for any HELLO known to PEERINFO.
689 * @param peer id of the peer, NULL for last call
690 * @param hello hello message for the peer (can be NULL)
691 * @param err_msg error message
694 process_peerinfo_hello (void *cls, const struct GNUNET_PeerIdentity *peer,
695 const struct GNUNET_HELLO_Message *hello,
698 GNUNET_assert (NULL != peer);
701 GNUNET_assert (NULL ==
702 GNUNET_HELLO_iterate_addresses (hello, GNUNET_NO,
709 * Start the validation subsystem.
712 GST_validation_start ()
714 validation_map = GNUNET_CONTAINER_multihashmap_create (VALIDATION_MAP_SIZE,
716 pnc = GNUNET_PEERINFO_notify (GST_cfg, &process_peerinfo_hello, NULL);
721 * Stop the validation subsystem.
724 GST_validation_stop ()
726 struct CheckHelloValidatedContext *chvc;
728 GNUNET_CONTAINER_multihashmap_iterate (validation_map,
729 &cleanup_validation_entry, NULL);
730 GNUNET_CONTAINER_multihashmap_destroy (validation_map);
731 validation_map = NULL;
732 while (NULL != (chvc = chvc_head))
734 GNUNET_CONTAINER_DLL_remove (chvc_head, chvc_tail, chvc);
737 GNUNET_PEERINFO_notify_cancel (pnc);
742 * Send the given PONG to the given address.
744 * @param cls the PONG message
745 * @param public_key public key for the peer, never NULL
746 * @param valid_until is ZERO if we never validated the address,
747 * otherwise a time up to when we consider it (or was) valid
748 * @param validation_block is FOREVER if the address is for an unsupported plugin (from PEERINFO)
749 * is ZERO if the address is considered valid (no validation needed)
750 * otherwise a time in the future if we're currently denying re-validation
751 * @param address target address
754 multicast_pong (void *cls,
755 const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded
756 *public_key, struct GNUNET_TIME_Absolute valid_until,
757 struct GNUNET_TIME_Absolute validation_block,
758 const struct GNUNET_HELLO_Address *address)
760 struct TransportPongMessage *pong = cls;
761 struct GNUNET_TRANSPORT_PluginFunctions *papi;
763 papi = GST_plugins_find (address->transport_name);
767 GNUNET_assert (papi->send != NULL);
768 GNUNET_assert (papi->get_session != NULL);
770 struct Session * session = papi->get_session(papi->cls, address);
777 papi->send (papi->cls, session,
778 (const char *) pong, ntohs (pong->header.size),
779 PONG_PRIORITY, ACCEPTABLE_PING_DELAY,
785 * We've received a PING. If appropriate, generate a PONG.
787 * @param sender peer sending the PING
788 * @param hdr the PING
789 * @param sender_address the sender address as we got it
790 * @param session session we got the PING from
793 GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
794 const struct GNUNET_MessageHeader *hdr,
795 const struct GNUNET_HELLO_Address *sender_address,
796 struct Session *session)
798 const struct TransportPingMessage *ping;
799 struct TransportPongMessage *pong;
800 struct GNUNET_TRANSPORT_PluginFunctions *papi;
801 struct GNUNET_CRYPTO_RsaSignature *sig_cache;
802 struct GNUNET_TIME_Absolute *sig_cache_exp;
808 int buggy = GNUNET_NO;
809 struct GNUNET_HELLO_Address address;
811 if (ntohs (hdr->size) < sizeof (struct TransportPingMessage))
816 ping = (const struct TransportPingMessage *) hdr;
818 memcmp (&ping->target, &GST_my_identity,
819 sizeof (struct GNUNET_PeerIdentity)))
821 GNUNET_STATISTICS_update (GST_stats,
823 ("# PING message for different peer received"), 1,
827 GNUNET_STATISTICS_update (GST_stats,
828 gettext_noop ("# PING messages received"), 1,
830 addr = (const char *) &ping[1];
831 alen = ntohs (hdr->size) - sizeof (struct TransportPingMessage);
832 /* peer wants to confirm that this is one of our addresses, this is what is
833 * used for address validation */
836 sig_cache_exp = NULL;
840 addrend = memchr (addr, '\0', alen);
847 slen = strlen (addr) + 1;
849 address.address = addrend;
850 address.address_length = alen;
851 address.transport_name = addr;
852 address.peer = GST_my_identity;
855 if (GNUNET_YES != GST_hello_test_address (&address, &sig_cache, &sig_cache_exp))
857 #if KEEP_093_COMPATIBILITY
858 int idsize = sizeof (GST_my_identity);
861 if (0 == memcmp (address.address, &GST_my_identity, alen))
864 else if (alen <= (idsize + strlen (address.transport_name)))
866 char *achar = (char *) &address.address;
867 if ((0 == memcmp (address.address, &GST_my_identity, idsize)) &&
868 (0 == memcmp (&achar[idsize], address.transport_name, alen - idsize)))
873 /* Not predicatable */
877 if (GNUNET_NO == buggy)
879 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
880 "Not confirming PING from peer `%s' with address `%s' since I cannot confirm having this address.\n",
882 GST_plugins_a2s (&address));
887 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
888 _("Received a PING message with validation bug from `%s'\n"),
889 GNUNET_i2s (sender));
895 addrend = NULL; /* make gcc happy */
897 static struct GNUNET_CRYPTO_RsaSignature no_address_signature;
898 static struct GNUNET_TIME_Absolute no_address_signature_expiration;
900 sig_cache = &no_address_signature;
901 sig_cache_exp = &no_address_signature_expiration;
904 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
905 "I am `%s', sending PONG to peer `%s'\n",
906 GNUNET_h2s (&GST_my_identity.hashPubKey),
907 GNUNET_i2s (sender));
909 /* message with structure:
910 * [TransportPongMessage][Transport name][Address] */
912 pong = GNUNET_malloc (sizeof (struct TransportPongMessage) + alen + slen);
914 htons (sizeof (struct TransportPongMessage) + alen + slen);
915 pong->header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PONG);
917 htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) +
918 sizeof (uint32_t) + sizeof (struct GNUNET_TIME_AbsoluteNBO) +
920 pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN);
921 memcpy (&pong->challenge, &ping->challenge, sizeof (ping->challenge));
922 pong->addrlen = htonl (alen + slen);
923 memcpy (&pong[1], addr, slen); /* Copy transport plugin */
924 #if KEEP_093_COMPATIBILITY
925 if (GNUNET_YES == buggy)
927 int idsize = sizeof (GST_my_identity);
930 memcpy (&((char *) &pong[1])[slen], &GST_my_identity, alen);
932 else if (alen <= (idsize + strlen (address.transport_name) + 1))
934 memcpy (&((char *) &pong[1])[slen], &GST_my_identity, idsize);
935 memcpy (&((char *) &pong[1])[slen + idsize], address.transport_name, alen-idsize);
939 /* If this would happen, we would have a inconsistent PING we cannot reproduce */
944 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating buggy PONG signature to indicate ownership.\n");
945 pong->expiration = GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME));
946 GNUNET_assert (GNUNET_OK ==
947 GNUNET_CRYPTO_rsa_sign (GST_my_private_key, &pong->purpose,
955 GNUNET_assert (NULL != addrend);
956 memcpy (&((char *) &pong[1])[slen], addrend, alen);
958 if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value <
959 PONG_SIGNATURE_LIFETIME.rel_value / 4)
961 /* create / update cached sig */
962 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
963 "Creating PONG signature to indicate ownership.\n");
964 *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
965 pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
966 GNUNET_assert (GNUNET_OK ==
967 GNUNET_CRYPTO_rsa_sign (GST_my_private_key, &pong->purpose,
972 pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
974 pong->signature = *sig_cache;
976 #if KEEP_093_COMPATIBILITY
980 GNUNET_assert (sender_address != NULL);
982 /* first see if the session we got this PING from can be used to transmit
983 * a response reliably */
984 papi = GST_plugins_find (sender_address->transport_name);
989 GNUNET_assert (papi->send != NULL);
990 GNUNET_assert (papi->get_session != NULL);
994 session = papi->get_session (papi->cls, sender_address);
1003 ret = papi->send (papi->cls, session,
1004 (const char *) pong, ntohs (pong->header.size),
1005 PONG_PRIORITY, ACCEPTABLE_PING_DELAY,
1011 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1012 "Transmitted PONG to `%s' via reliable mechanism\n",
1013 GNUNET_i2s (sender));
1015 GNUNET_STATISTICS_update (GST_stats,
1017 ("# PONGs unicast via reliable transport"), 1,
1023 /* no reliable method found, try transmission via all known addresses */
1024 GNUNET_STATISTICS_update (GST_stats,
1026 ("# PONGs multicast to all available addresses"), 1,
1028 GST_validation_get_addresses (sender, &multicast_pong, pong);
1034 * Context for the 'validate_address' function
1036 struct ValidateAddressContext
1039 * Hash of the public key of the peer whose address is being validated.
1041 struct GNUNET_PeerIdentity pid;
1044 * Public key of the peer whose address is being validated.
1046 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
1051 * Iterator callback to go over all addresses and try to validate them
1052 * (unless blocked or already validated).
1054 * @param cls pointer to a 'struct ValidateAddressContext'
1055 * @param address the address
1056 * @param expiration expiration time
1057 * @return GNUNET_OK (keep the address)
1060 validate_address_iterator (void *cls,
1061 const struct GNUNET_HELLO_Address *address,
1062 struct GNUNET_TIME_Absolute expiration)
1064 const struct ValidateAddressContext *vac = cls;
1065 struct ValidationEntry *ve;
1067 if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0)
1068 return GNUNET_OK; /* expired */
1069 ve = find_validation_entry (&vac->public_key, address);
1070 if (GNUNET_SCHEDULER_NO_TASK == ve->revalidation_task)
1071 ve->revalidation_task = GNUNET_SCHEDULER_add_now (&revalidate_address, ve);
1077 * Add the validated peer address to the HELLO.
1079 * @param cls the 'struct ValidationEntry' with the validated address
1080 * @param max space in buf
1081 * @param buf where to add the address
1082 * @return number of bytes written, 0 to signal the
1083 * end of the iteration.
1086 add_valid_peer_address (void *cls, size_t max, void *buf)
1088 struct ValidationEntry *ve = cls;
1090 if (GNUNET_YES == ve->copied)
1091 return 0; /* terminate */
1092 ve->copied = GNUNET_YES;
1093 return GNUNET_HELLO_add_address (ve->address, ve->valid_until, buf, max);
1098 * We've received a PONG. Check if it matches a pending PING and
1099 * mark the respective address as confirmed.
1101 * @param sender peer sending the PONG
1102 * @param hdr the PONG
1105 GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
1106 const struct GNUNET_MessageHeader *hdr)
1108 const struct TransportPongMessage *pong;
1109 struct ValidationEntry *ve;
1115 struct GNUNET_HELLO_Message *hello;
1116 struct GNUNET_HELLO_Address address;
1118 if (ntohs (hdr->size) < sizeof (struct TransportPongMessage))
1120 GNUNET_break_op (0);
1123 GNUNET_STATISTICS_update (GST_stats,
1124 gettext_noop ("# PONG messages received"), 1,
1127 /* message with structure:
1128 * [TransportPongMessage][Transport name][Address] */
1130 pong = (const struct TransportPongMessage *) hdr;
1131 tname = (const char *) &pong[1];
1132 size = ntohs (hdr->size) - sizeof (struct TransportPongMessage);
1133 addr = memchr (tname, '\0', size);
1136 GNUNET_break_op (0);
1140 slen = strlen (tname) + 1;
1141 addrlen = size - slen;
1142 address.peer = *sender;
1143 address.address = addr;
1144 address.address_length = addrlen;
1145 address.transport_name = tname;
1146 ve = find_validation_entry (NULL, &address);
1147 if ((NULL == ve) || (ve->expecting_pong == GNUNET_NO))
1149 GNUNET_STATISTICS_update (GST_stats,
1151 ("# PONGs dropped, no matching pending validation"),
1155 /* now check that PONG is well-formed */
1156 if (0 != memcmp (&ve->pid, sender, sizeof (struct GNUNET_PeerIdentity)))
1158 GNUNET_break_op (0);
1163 GNUNET_CRYPTO_rsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
1164 &pong->purpose, &pong->signature,
1167 GNUNET_break_op (0);
1169 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1170 "Invalid signature on address %s:%s from peer `%s'\n",
1171 tname, GST_plugins_a2s (ve->address),
1172 GNUNET_i2s (sender));*/
1176 if (GNUNET_TIME_absolute_get_remaining
1177 (GNUNET_TIME_absolute_ntoh (pong->expiration)).rel_value == 0)
1179 GNUNET_STATISTICS_update (GST_stats,
1181 ("# PONGs dropped, signature expired"), 1,
1185 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1186 "Address validated for peer `%s' with plugin `%s': `%s'\n",
1187 GNUNET_i2s (sender), tname, GST_plugins_a2s (ve->address));
1188 /* validity achieved, remember it! */
1189 ve->expecting_pong = GNUNET_NO;
1190 ve->valid_until = GNUNET_TIME_relative_to_absolute (HELLO_ADDRESS_EXPIRATION);
1191 ve->latency = GNUNET_TIME_absolute_get_duration (ve->send_time);
1193 struct GNUNET_ATS_Information ats;
1194 ats.type = htonl (GNUNET_ATS_QUALITY_NET_DELAY);
1195 ats.value = htonl ((uint32_t) ve->latency.rel_value);
1196 GNUNET_ATS_address_add (GST_ats, ve->address, NULL, &ats, 1);
1198 /* build HELLO to store in PEERINFO */
1199 ve->copied = GNUNET_NO;
1200 hello = GNUNET_HELLO_create (&ve->public_key, &add_valid_peer_address, ve);
1201 GNUNET_PEERINFO_add_peer (GST_peerinfo, hello, NULL, NULL);
1202 GNUNET_free (hello);
1207 * We've received a HELLO, check which addresses are new and trigger
1210 * @param hello the HELLO we received
1213 GST_validation_handle_hello (const struct GNUNET_MessageHeader *hello)
1215 const struct GNUNET_HELLO_Message *hm =
1216 (const struct GNUNET_HELLO_Message *) hello;
1217 struct ValidateAddressContext vac;
1218 struct GNUNET_HELLO_Message *h;
1220 if ((GNUNET_OK != GNUNET_HELLO_get_id (hm, &vac.pid)) ||
1221 (GNUNET_OK != GNUNET_HELLO_get_key (hm, &vac.public_key)))
1223 /* malformed HELLO */
1228 memcmp (&GST_my_identity, &vac.pid, sizeof (struct GNUNET_PeerIdentity)))
1230 /* Add peer identity without addresses to peerinfo service */
1231 h = GNUNET_HELLO_create (&vac.public_key, NULL, NULL);
1232 GNUNET_PEERINFO_add_peer (GST_peerinfo, h, NULL, NULL);
1234 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1235 _("Adding `%s' without addresses for peer `%s'\n"), "HELLO",
1236 GNUNET_i2s (&vac.pid));
1239 GNUNET_assert (NULL ==
1240 GNUNET_HELLO_iterate_addresses (hm, GNUNET_NO,
1241 &validate_address_iterator,
1247 * Closure for 'iterate_addresses'
1249 struct IteratorContext
1252 * Function to call on each address.
1254 GST_ValidationAddressCallback cb;
1265 * Call the callback in the closure for each validation entry.
1267 * @param cls the 'struct GST_ValidationIteratorContext'
1268 * @param key the peer's identity
1269 * @param value the 'struct ValidationEntry'
1270 * @return GNUNET_OK (continue to iterate)
1273 iterate_addresses (void *cls, const struct GNUNET_HashCode * key, void *value)
1275 struct IteratorContext *ic = cls;
1276 struct ValidationEntry *ve = value;
1278 ic->cb (ic->cb_cls, &ve->public_key, ve->valid_until, ve->revalidation_block,
1285 * Call the given function for each address for the given target.
1286 * Can either give a snapshot (synchronous API) or be continuous.
1288 * @param target peer information is requested for
1289 * @param cb function to call; will not be called after this function returns
1290 * @param cb_cls closure for 'cb'
1293 GST_validation_get_addresses (const struct GNUNET_PeerIdentity *target,
1294 GST_ValidationAddressCallback cb, void *cb_cls)
1296 struct IteratorContext ic;
1300 GNUNET_CONTAINER_multihashmap_get_multiple (validation_map,
1301 &target->hashPubKey,
1302 &iterate_addresses, &ic);
1307 * Update if we are using an address for a connection actively right now.
1308 * Based on this, the validation module will measure latency for the
1309 * address more or less often.
1311 * @param address the address
1312 * @param session the session
1313 * @param in_use GNUNET_YES if we are now using the address for a connection,
1314 * GNUNET_NO if we are no longer using the address for a connection
1315 * @param line line of caller just for DEBUGGING!
1318 GST_validation_set_address_use (const struct GNUNET_HELLO_Address *address,
1319 struct Session *session,
1323 struct ValidationEntry *ve;
1325 if (NULL != address)
1326 ve = find_validation_entry (NULL, address);
1328 ve = NULL; /* FIXME: lookup based on session... */
1331 /* this can happen for inbound connections (sender_address_len == 0); */
1334 if (ve->in_use == in_use)
1337 if (GNUNET_YES == in_use)
1339 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1340 "Error setting address in use for peer `%s' `%s' to USED: set last time by %i, called now by %i\n",
1341 GNUNET_i2s (&address->peer), GST_plugins_a2s (address),
1342 ve->last_line_set_to_yes, line);
1344 if (GNUNET_NO == in_use)
1346 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1347 "Error setting address in use for peer `%s' `%s' to NOT_USED: set last time by %i, called now by %i\n",
1348 GNUNET_i2s (&address->peer), GST_plugins_a2s (address),
1349 ve->last_line_set_to_no, line);
1353 if (GNUNET_YES == in_use)
1355 ve->last_line_set_to_yes = line;
1357 if (GNUNET_NO == in_use)
1359 ve->last_line_set_to_no = line;
1362 GNUNET_break (ve->in_use != in_use); /* should be different... */
1363 ve->in_use = in_use;
1364 if (in_use == GNUNET_YES)
1366 /* from now on, higher frequeny, so reschedule now */
1367 GNUNET_SCHEDULER_cancel (ve->revalidation_task);
1368 ve->revalidation_task = GNUNET_SCHEDULER_add_now (&revalidate_address, ve);
1374 * Query validation about the latest observed latency on a given
1377 * @param sender peer
1378 * @param address the address
1379 * @param session session
1380 * @return observed latency of the address, FOREVER if the address was
1381 * never successfully validated
1383 struct GNUNET_TIME_Relative
1384 GST_validation_get_address_latency (const struct GNUNET_PeerIdentity *sender,
1385 const struct GNUNET_HELLO_Address *address,
1386 struct Session *session)
1388 struct ValidationEntry *ve;
1390 if (NULL == address)
1392 GNUNET_break (0); // FIXME: support having latency only with session...
1393 return GNUNET_TIME_UNIT_FOREVER_REL;
1395 ve = find_validation_entry (NULL, address);
1397 return GNUNET_TIME_UNIT_FOREVER_REL;
1402 /* end of file gnunet-service-transport_validation.c */