2 This file is part of GNUnet.
3 (C) 2010,2011 Christian Grothoff (and other contributing authors)
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file transport/gnunet-service-transport_validation.c
23 * @brief address validation subsystem
24 * @author Christian Grothoff
27 #include "gnunet-service-transport_validation.h"
28 #include "gnunet-service-transport_plugins.h"
29 #include "gnunet-service-transport_hello.h"
30 #include "gnunet-service-transport_blacklist.h"
31 #include "gnunet-service-transport.h"
32 #include "gnunet_hello_lib.h"
33 #include "gnunet_ats_service.h"
34 #include "gnunet_peerinfo_service.h"
35 #include "gnunet_signatures.h"
37 // TODO: observe latency between PING/PONG and give information to ATS!
40 * How long is a PONG signature valid? We'll recycle a signature until
41 * 1/4 of this time is remaining. PONGs should expire so that if our
42 * external addresses change an adversary cannot replay them indefinitely.
43 * OTOH, we don't want to spend too much time generating PONG signatures,
44 * so they must have some lifetime to reduce our CPU usage.
46 #define PONG_SIGNATURE_LIFETIME GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 1)
49 * After how long do we expire an address in a HELLO that we just
50 * validated? This value is also used for our own addresses when we
53 #define HELLO_ADDRESS_EXPIRATION GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12)
56 * How long before an existing address expires should we again try to
57 * validate it? Must be (significantly) smaller than
58 * HELLO_ADDRESS_EXPIRATION.
60 #define HELLO_REVALIDATION_START_TIME GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 1)
63 * Size of the validation map hashmap.
65 #define VALIDATION_MAP_SIZE 256
68 * Priority to use for PINGs
70 #define PING_PRIORITY 2
73 * Priority to use for PONGs
75 #define PONG_PRIORITY 4
79 * Message used to ask a peer to validate receipt (to check an address
80 * from a HELLO). Followed by the address we are trying to validate,
81 * or an empty address if we are just sending a PING to confirm that a
82 * connection which the receiver (of the PING) initiated is still valid.
84 struct TransportPingMessage
88 * Type will be GNUNET_MESSAGE_TYPE_TRANSPORT_PING
90 struct GNUNET_MessageHeader header;
93 * Challenge code (to ensure fresh reply).
95 uint32_t challenge GNUNET_PACKED;
98 * Who is the intended recipient?
100 struct GNUNET_PeerIdentity target;
106 * Message used to validate a HELLO. The challenge is included in the
107 * confirmation to make matching of replies to requests possible. The
108 * signature signs our public key, an expiration time and our address.<p>
110 * This message is followed by our transport address that the PING tried
111 * to confirm (if we liked it). The address can be empty (zero bytes)
112 * if the PING had not address either (and we received the request via
113 * a connection that we initiated).
115 struct TransportPongMessage
119 * Type will be GNUNET_MESSAGE_TYPE_TRANSPORT_PONG
121 struct GNUNET_MessageHeader header;
124 * Challenge code from PING (showing freshness). Not part of what
125 * is signed so that we can re-use signatures.
127 uint32_t challenge GNUNET_PACKED;
132 struct GNUNET_CRYPTO_RsaSignature signature;
135 * GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN to confirm that this is a
136 * plausible address for the signing peer.
138 struct GNUNET_CRYPTO_RsaSignaturePurpose purpose;
141 * When does this signature expire?
143 struct GNUNET_TIME_AbsoluteNBO expiration;
146 * Size of address appended to this message (part of what is
147 * being signed, hence not redundant).
149 uint32_t addrlen GNUNET_PACKED;
155 * Information about an address under validation
157 struct ValidationEntry
161 * Name of the transport.
163 char *transport_name;
166 * The address, actually a pointer to the end
167 * of this struct. Do not free!
172 * Handle to the blacklist check (if we're currently in it).
174 struct GST_BlacklistCheck *bc;
177 * Public key of the peer.
179 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
182 * The identity of the peer.
184 struct GNUNET_PeerIdentity pid;
187 * ID of task that will clean up this entry if nothing happens.
189 GNUNET_SCHEDULER_TaskIdentifier timeout_task;
192 * At what time did we send the latest validation request?
194 struct GNUNET_TIME_Absolute send_time;
197 * Until when is this address valid?
198 * ZERO if it is not currently considered valid.
200 struct GNUNET_TIME_Absolute valid_until;
203 * How long until we can try to validate this address again?
204 * FOREVER if the address is for an unsupported plugin (from PEERINFO)
205 * ZERO if the address is considered valid (no validation needed)
206 * otherwise a time in the future if we're currently denying re-validation
208 struct GNUNET_TIME_Absolute validation_block;
211 * Challenge number we used.
221 * When passing the address in 'add_valid_peer_address', did we
222 * copy the address to the HELLO yet?
230 * Context of currently active requests to peerinfo
231 * for validation of HELLOs.
233 struct CheckHelloValidatedContext
237 * This is a doubly-linked list.
239 struct CheckHelloValidatedContext *next;
242 * This is a doubly-linked list.
244 struct CheckHelloValidatedContext *prev;
247 * Hello that we are validating.
249 const struct GNUNET_HELLO_Message *hello;
255 * Head of linked list of HELLOs awaiting validation.
257 static struct CheckHelloValidatedContext *chvc_head;
260 * Tail of linked list of HELLOs awaiting validation
262 static struct CheckHelloValidatedContext *chvc_tail;
265 * Map of PeerIdentities to 'struct ValidationEntry*'s (addresses
266 * of the given peer that we are currently validating, have validated
267 * or are blocked from re-validation for a while).
269 static struct GNUNET_CONTAINER_MultiHashMap *validation_map;
272 * Context for peerinfo iteration.
274 static struct GNUNET_PEERINFO_NotifyContext *pnc;
278 * Context for the validation entry match function.
280 struct ValidationEntryMatchContext
283 * Where to store the result?
285 struct ValidationEntry *ve;
288 * Transport name we're looking for.
290 const char *transport_name;
293 * Address we're interested in.
298 * Number of bytes in 'addr'.
305 * Iterate over validation entries until a matching one is found.
307 * @param cls the 'struct ValidationEntryMatchContext'
308 * @param key peer identity (unused)
309 * @param value a 'struct ValidationEntry' to match
310 * @return GNUNET_YES if the entry does not match,
311 * GNUNET_NO if the entry does match
314 validation_entry_match (void *cls, const GNUNET_HashCode * key, void *value)
316 struct ValidationEntryMatchContext *vemc = cls;
317 struct ValidationEntry *ve = value;
319 if ((ve->addrlen == vemc->addrlen) &&
320 (0 == memcmp (ve->addr, vemc->addr, ve->addrlen)) &&
321 (0 == strcmp (ve->transport_name, vemc->transport_name)))
331 * Find a ValidationEntry entry for the given neighbour that matches
332 * the given address and transport. If none exists, create one (but
333 * without starting any validation).
335 * @param public_key public key of the peer, NULL for unknown
336 * @param neighbour which peer we care about
337 * @param tname name of the transport plugin
338 * @param addr binary address
339 * @param addrlen length of addr
340 * @return validation entry matching the given specifications, NULL
341 * if we don't have an existing entry and no public key was given
343 static struct ValidationEntry *
344 find_validation_entry (const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded
345 *public_key, const struct GNUNET_PeerIdentity *neighbour,
346 const char *tname, const char *addr, size_t addrlen)
348 struct ValidationEntryMatchContext vemc;
349 struct ValidationEntry *ve;
352 vemc.transport_name = tname;
354 vemc.addrlen = addrlen;
355 GNUNET_CONTAINER_multihashmap_get_multiple (validation_map,
356 &neighbour->hashPubKey,
357 &validation_entry_match, &vemc);
358 if (NULL != (ve = vemc.ve))
360 if (public_key == NULL)
362 ve = GNUNET_malloc (sizeof (struct ValidationEntry) + addrlen);
363 ve->transport_name = GNUNET_strdup (tname);
364 ve->addr = (void *) &ve[1];
365 ve->public_key = *public_key;
366 ve->pid = *neighbour;
368 GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX);
369 memcpy (&ve[1], addr, addrlen);
370 ve->addrlen = addrlen;
371 GNUNET_CONTAINER_multihashmap_put (validation_map, &neighbour->hashPubKey, ve,
372 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
378 * Iterator which adds the given address to the set of validated
381 * @param cls original HELLO message
382 * @param tname name of the transport
383 * @param expiration expiration time
384 * @param addr the address
385 * @param addrlen length of the address
386 * @return GNUNET_OK (keep the address)
389 add_valid_address (void *cls, const char *tname,
390 struct GNUNET_TIME_Absolute expiration, const void *addr,
393 const struct GNUNET_HELLO_Message *hello = cls;
394 struct ValidationEntry *ve;
395 struct GNUNET_PeerIdentity pid;
396 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
398 if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0)
399 return GNUNET_OK; /* expired */
400 if ((GNUNET_OK != GNUNET_HELLO_get_id (hello, &pid)) ||
401 (GNUNET_OK != GNUNET_HELLO_get_key (hello, &public_key)))
404 return GNUNET_OK; /* invalid HELLO !? */
406 ve = find_validation_entry (&public_key, &pid, tname, addr, addrlen);
407 ve->valid_until = GNUNET_TIME_absolute_max (ve->valid_until, expiration);
408 GNUNET_ATS_address_update (GST_ats, &pid, tname, addr,
409 addrlen, NULL, NULL, 0);
415 * Function called for any HELLO known to PEERINFO.
418 * @param peer id of the peer, NULL for last call
419 * @param hello hello message for the peer (can be NULL)
420 * @param err_msg error message
423 process_peerinfo_hello (void *cls, const struct GNUNET_PeerIdentity *peer,
424 const struct GNUNET_HELLO_Message *hello,
427 GNUNET_assert (NULL != peer);
430 GNUNET_assert (NULL ==
431 GNUNET_HELLO_iterate_addresses (hello, GNUNET_NO,
438 * Start the validation subsystem.
441 GST_validation_start ()
443 validation_map = GNUNET_CONTAINER_multihashmap_create (VALIDATION_MAP_SIZE);
444 pnc = GNUNET_PEERINFO_notify (GST_cfg, &process_peerinfo_hello, NULL);
449 * Iterate over validation entries and free them.
451 * @param cls (unused)
452 * @param key peer identity (unused)
453 * @param value a 'struct ValidationEntry' to clean up
454 * @return GNUNET_YES (continue to iterate)
457 cleanup_validation_entry (void *cls, const GNUNET_HashCode * key, void *value)
459 struct ValidationEntry *ve = value;
463 GST_blacklist_test_cancel (ve->bc);
466 GNUNET_break (GNUNET_OK ==
467 GNUNET_CONTAINER_multihashmap_remove (validation_map,
468 &ve->pid.hashPubKey, ve));
469 GNUNET_free (ve->transport_name);
470 if (GNUNET_SCHEDULER_NO_TASK != ve->timeout_task)
472 GNUNET_SCHEDULER_cancel (ve->timeout_task);
473 ve->timeout_task = GNUNET_SCHEDULER_NO_TASK;
481 * Stop the validation subsystem.
484 GST_validation_stop ()
486 struct CheckHelloValidatedContext *chvc;
488 GNUNET_CONTAINER_multihashmap_iterate (validation_map,
489 &cleanup_validation_entry, NULL);
490 GNUNET_CONTAINER_multihashmap_destroy (validation_map);
491 validation_map = NULL;
492 while (NULL != (chvc = chvc_head))
494 GNUNET_CONTAINER_DLL_remove (chvc_head, chvc_tail, chvc);
497 GNUNET_PEERINFO_notify_cancel (pnc);
502 * Address validation cleanup task (record no longer needed).
504 * @param cls the 'struct ValidationEntry'
505 * @param tc scheduler context (unused)
508 timeout_hello_validation (void *cls,
509 const struct GNUNET_SCHEDULER_TaskContext *tc)
511 struct ValidationEntry *ve = cls;
513 ve->timeout_task = GNUNET_SCHEDULER_NO_TASK;
514 GNUNET_STATISTICS_update (GST_stats,
515 gettext_noop ("# address records discarded"), 1,
517 cleanup_validation_entry (NULL, &ve->pid.hashPubKey, ve);
522 * Send the given PONG to the given address.
524 * @param cls the PONG message
525 * @param public_key public key for the peer, never NULL
526 * @param target peer this change is about, never NULL
527 * @param valid_until is ZERO if we never validated the address,
528 * otherwise a time up to when we consider it (or was) valid
529 * @param validation_block is FOREVER if the address is for an unsupported plugin (from PEERINFO)
530 * is ZERO if the address is considered valid (no validation needed)
531 * otherwise a time in the future if we're currently denying re-validation
532 * @param plugin_name name of the plugin
533 * @param plugin_address binary address
534 * @param plugin_address_len length of address
537 multicast_pong (void *cls,
538 const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded
539 *public_key, const struct GNUNET_PeerIdentity *target,
540 struct GNUNET_TIME_Absolute valid_until,
541 struct GNUNET_TIME_Absolute validation_block,
542 const char *plugin_name, const void *plugin_address,
543 size_t plugin_address_len)
545 struct TransportPongMessage *pong = cls;
546 struct GNUNET_TRANSPORT_PluginFunctions *papi;
548 papi = GST_plugins_find (plugin_name);
551 (void) papi->send (papi->cls, target, (const char *) pong,
552 ntohs (pong->header.size), PONG_PRIORITY,
553 HELLO_REVALIDATION_START_TIME, NULL, plugin_address,
554 plugin_address_len, GNUNET_YES, NULL, NULL);
559 * We've received a PING. If appropriate, generate a PONG.
561 * @param sender peer sending the PING
562 * @param hdr the PING
563 * @param session session we got the PING from
564 * @param plugin_name name of plugin that received the PING
565 * @param sender_address address of the sender as known to the plugin, NULL
566 * if we did not initiate the connection
567 * @param sender_address_len number of bytes in sender_address
570 GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
571 const struct GNUNET_MessageHeader *hdr,
572 const char *plugin_name, struct Session *session,
573 const void *sender_address,
574 size_t sender_address_len)
576 const struct TransportPingMessage *ping;
577 struct TransportPongMessage *pong;
578 struct GNUNET_TRANSPORT_PluginFunctions *papi;
579 struct GNUNET_CRYPTO_RsaSignature *sig_cache;
580 struct GNUNET_TIME_Absolute *sig_cache_exp;
587 if (ntohs (hdr->size) < sizeof (struct TransportPingMessage))
592 ping = (const struct TransportPingMessage *) hdr;
594 memcmp (&ping->target, &GST_my_identity,
595 sizeof (struct GNUNET_PeerIdentity)))
597 GNUNET_STATISTICS_update (GST_stats,
598 gettext_noop ("# PING message for different peer received"), 1,
602 GNUNET_STATISTICS_update (GST_stats,
603 gettext_noop ("# PING messages received"), 1,
605 addr = (const char *) &ping[1];
606 alen = ntohs (hdr->size) - sizeof (struct TransportPingMessage);
607 /* peer wants to confirm that this is one of our addresses, this is what is
608 * used for address validation */
611 sig_cache_exp = NULL;
615 addrend = memchr (addr, '\0', alen);
622 slen = strlen (addr) + 1;
626 GST_hello_test_address (addr, addrend, alen, &sig_cache, &sig_cache_exp))
628 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
630 ("Not confirming PING with address `%s' since I cannot confirm having this address.\n"),
631 GST_plugins_a2s (addr, addrend, alen));
637 addrend = NULL; /* make gcc happy */
639 static struct GNUNET_CRYPTO_RsaSignature no_address_signature;
640 static struct GNUNET_TIME_Absolute no_address_signature_expiration;
642 sig_cache = &no_address_signature;
643 sig_cache_exp = &no_address_signature_expiration;
646 pong = GNUNET_malloc (sizeof (struct TransportPongMessage) + alen + slen);
648 htons (sizeof (struct TransportPongMessage) + alen + slen);
649 pong->header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PONG);
651 htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) +
652 sizeof (uint32_t) + sizeof (struct GNUNET_TIME_AbsoluteNBO) +
654 pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN);
655 pong->challenge = ping->challenge;
656 pong->addrlen = htonl (alen + slen);
657 memcpy (&pong[1], addr, slen);
658 memcpy (&((char *) &pong[1])[slen], addrend, alen);
659 if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value <
660 PONG_SIGNATURE_LIFETIME.rel_value / 4)
662 /* create / update cached sig */
664 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
665 "Creating PONG signature to indicate ownership.\n");
667 *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
668 pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
669 GNUNET_assert (GNUNET_OK ==
670 GNUNET_CRYPTO_rsa_sign (GST_my_private_key, &pong->purpose,
675 pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
677 pong->signature = *sig_cache;
679 /* first see if the session we got this PING from can be used to transmit
680 * a response reliably */
681 papi = GST_plugins_find (plugin_name);
686 papi->send (papi->cls, sender, (const char *) pong,
687 ntohs (pong->header.size), PONG_PRIORITY,
688 HELLO_REVALIDATION_START_TIME, session, sender_address,
689 sender_address_len, GNUNET_SYSERR, NULL, NULL);
692 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
693 "Transmitted PONG to `%s' via reliable mechanism\n",
694 GNUNET_i2s (sender));
696 GNUNET_STATISTICS_update (GST_stats,
698 ("# PONGs unicast via reliable transport"), 1,
704 /* no reliable method found, try transmission via all known addresses */
705 GNUNET_STATISTICS_update (GST_stats,
707 ("# PONGs multicast to all available addresses"), 1,
709 GST_validation_get_addresses (sender, &multicast_pong, pong);
715 * Context for the 'validate_address' function
717 struct ValidateAddressContext
720 * Hash of the public key of the peer whose address is being validated.
722 struct GNUNET_PeerIdentity pid;
725 * Public key of the peer whose address is being validated.
727 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
732 * Function called with the result from blacklisting.
733 * Send a PING to the other peer if a communication is allowed.
735 * @param cls ou r'struct ValidationEntry'
736 * @param pid identity of the other peer
737 * @param result GNUNET_OK if the connection is allowed, GNUNET_NO if not
740 transmit_ping_if_allowed (void *cls, const struct GNUNET_PeerIdentity *pid,
743 struct ValidationEntry *ve = cls;
744 struct TransportPingMessage ping;
745 struct GNUNET_TRANSPORT_PluginFunctions *papi;
746 const struct GNUNET_MessageHeader *hello;
753 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Transmitting plain PING to `%s'\n",
756 slen = strlen (ve->transport_name) + 1;
757 hello = GST_hello_get ();
758 hsize = ntohs (hello->size);
759 tsize = sizeof (struct TransportPingMessage) + ve->addrlen + slen + hsize;
762 htons (sizeof (struct TransportPingMessage) + ve->addrlen + slen);
763 ping.header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PING);
764 ping.challenge = htonl (ve->challenge);
767 if (tsize >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
769 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
771 ("Not transmitting `%s' with `%s', message too big (%u bytes!). This should not happen.\n"),
772 "HELLO", "PING", (unsigned int) tsize);
773 /* message too big (!?), get rid of HELLO */
775 tsize = sizeof (struct TransportPingMessage) + ve->addrlen + slen + hsize;
778 char message_buf[tsize];
780 /* build message with structure:
781 * [HELLO][TransportPingMessage][Transport name][Address] */
782 memcpy (message_buf, hello, hsize);
783 memcpy (&message_buf[hsize], &ping, sizeof (struct TransportPingMessage));
784 memcpy (&message_buf[sizeof (struct TransportPingMessage) + hsize],
785 ve->transport_name, slen);
786 memcpy (&message_buf[sizeof (struct TransportPingMessage) + slen + hsize],
787 ve->addr, ve->addrlen);
788 papi = GST_plugins_find (ve->transport_name);
793 GNUNET_assert (papi->send != NULL);
795 papi->send (papi->cls, pid, message_buf, tsize, PING_PRIORITY,
796 HELLO_REVALIDATION_START_TIME, NULL /* no session */ ,
797 ve->addr, ve->addrlen, GNUNET_YES, NULL, NULL);
802 ve->send_time = GNUNET_TIME_absolute_get ();
803 GNUNET_STATISTICS_update (GST_stats,
805 ("# PING without HELLO messages sent"), 1,
812 * Iterator callback to go over all addresses and try to validate them
813 * (unless blocked or already validated).
815 * @param cls pointer to a 'struct ValidateAddressContext'
816 * @param tname name of the transport
817 * @param expiration expiration time
818 * @param addr the address
819 * @param addrlen length of the address
820 * @return GNUNET_OK (keep the address)
823 validate_address (void *cls, const char *tname,
824 struct GNUNET_TIME_Absolute expiration, const void *addr,
827 const struct ValidateAddressContext *vac = cls;
828 const struct GNUNET_PeerIdentity *pid = &vac->pid;
829 struct ValidationEntry *ve;
830 struct GST_BlacklistCheck *bc;
832 if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0)
833 return GNUNET_OK; /* expired */
834 ve = find_validation_entry (&vac->public_key, pid, tname, addr, addrlen);
835 if (GNUNET_TIME_absolute_get_remaining (ve->validation_block).rel_value > 0)
836 return GNUNET_OK; /* blocked */
837 if ((GNUNET_SCHEDULER_NO_TASK != ve->timeout_task) &&
838 (GNUNET_TIME_absolute_get_remaining (ve->valid_until).rel_value > 0))
839 return GNUNET_OK; /* revalidation task already scheduled & still valid */
840 ve->validation_block =
841 GNUNET_TIME_relative_to_absolute (HELLO_REVALIDATION_START_TIME);
842 if (GNUNET_SCHEDULER_NO_TASK != ve->timeout_task)
843 GNUNET_SCHEDULER_cancel (ve->timeout_task);
845 GNUNET_SCHEDULER_add_delayed (HELLO_REVALIDATION_START_TIME,
846 &timeout_hello_validation, ve);
847 bc = GST_blacklist_test_allowed (pid, tname, &transmit_ping_if_allowed, ve);
855 * Do address validation again to keep address valid.
857 * @param cls the 'struct ValidationEntry'
858 * @param tc scheduler context (unused)
861 revalidate_address (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
863 struct ValidationEntry *ve = cls;
864 struct GNUNET_TIME_Relative delay;
865 struct ValidateAddressContext vac;
867 ve->timeout_task = GNUNET_SCHEDULER_NO_TASK;
868 delay = GNUNET_TIME_absolute_get_remaining (ve->validation_block);
869 if (delay.rel_value > 0)
871 /* should wait a bit longer */
873 GNUNET_SCHEDULER_add_delayed (delay, &revalidate_address, ve);
876 GNUNET_STATISTICS_update (GST_stats,
877 gettext_noop ("# address revalidations started"), 1,
880 vac.public_key = ve->public_key;
881 validate_address (&vac, ve->transport_name, ve->valid_until, ve->addr,
882 (uint16_t) ve->addrlen);
887 * Add the validated peer address to the HELLO.
889 * @param cls the 'struct ValidationEntry' with the validated address
890 * @param max space in buf
891 * @param buf where to add the address
892 * @return number of bytes written, 0 to signal the
893 * end of the iteration.
896 add_valid_peer_address (void *cls, size_t max, void *buf)
898 struct ValidationEntry *ve = cls;
900 if (GNUNET_YES == ve->copied)
901 return 0; /* terminate */
902 ve->copied = GNUNET_YES;
903 return GNUNET_HELLO_add_address (ve->transport_name, ve->valid_until,
904 ve->addr, ve->addrlen, buf, max);
909 * We've received a PONG. Check if it matches a pending PING and
910 * mark the respective address as confirmed.
912 * @param sender peer sending the PONG
913 * @param hdr the PONG
916 GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
917 const struct GNUNET_MessageHeader *hdr)
919 const struct TransportPongMessage *pong;
920 struct ValidationEntry *ve;
927 struct GNUNET_TIME_Relative delay;
928 struct GNUNET_HELLO_Message *hello;
930 if (ntohs (hdr->size) < sizeof (struct TransportPongMessage))
935 GNUNET_STATISTICS_update (GST_stats,
936 gettext_noop ("# PONG messages received"), 1,
939 pong = (const struct TransportPongMessage *) hdr;
940 tname = (const char *) &pong[1];
941 size = ntohs (hdr->size) - sizeof (struct TransportPongMessage);
942 addr = memchr (tname, '\0', size);
949 slen = strlen (tname) + 1;
950 addrlen = size - slen;
952 ve = find_validation_entry (NULL, sender, tname, addr, addrlen);
956 GNUNET_STATISTICS_update (GST_stats,
958 ("# PONGs dropped, no matching pending validation"),
962 /* now check that PONG is well-formed */
963 if (0 != memcmp (&ve->pid, sender, sizeof (struct GNUNET_PeerIdentity)))
969 if (GNUNET_TIME_absolute_get_remaining
970 (GNUNET_TIME_absolute_ntoh (pong->expiration)).rel_value == 0)
972 GNUNET_STATISTICS_update (GST_stats,
974 ("# PONGs dropped, signature expired"), 1,
979 GNUNET_CRYPTO_rsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
980 &pong->purpose, &pong->signature,
987 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
988 "Address validated for peer `%s' with plugin `%s': `%s'\n",
989 GNUNET_i2s (sender), tname, GST_plugins_a2s (tname, addr,
993 /* validity achieved, remember it! */
994 ve->valid_until = GNUNET_TIME_relative_to_absolute (HELLO_ADDRESS_EXPIRATION);
996 struct GNUNET_ATS_Information ats;
998 ats.type = htonl (GNUNET_ATS_QUALITY_NET_DELAY);
999 ats.value = htonl ((uint32_t) GNUNET_TIME_absolute_get_duration (ve->send_time).rel_value);
1000 GNUNET_ATS_address_update (GST_ats, &ve->pid,
1001 ve->transport_name,ve->addr, ve->addrlen, NULL,
1005 /* build HELLO to store in PEERINFO */
1006 ve->copied = GNUNET_NO;
1007 hello = GNUNET_HELLO_create (&ve->public_key, &add_valid_peer_address, ve);
1008 GNUNET_PEERINFO_add_peer (GST_peerinfo, hello);
1009 GNUNET_free (hello);
1011 if (GNUNET_SCHEDULER_NO_TASK != ve->timeout_task)
1012 GNUNET_SCHEDULER_cancel (ve->timeout_task);
1014 /* randomly delay by up to 1h to avoid synchronous validations */
1015 rdelay = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, 60 * 60);
1017 GNUNET_TIME_relative_add (HELLO_REVALIDATION_START_TIME,
1018 GNUNET_TIME_relative_multiply
1019 (GNUNET_TIME_UNIT_SECONDS, rdelay));
1021 GNUNET_SCHEDULER_add_delayed (delay, &revalidate_address, ve);
1026 * We've received a HELLO, check which addresses are new and trigger
1029 * @param hello the HELLO we received
1032 GST_validation_handle_hello (const struct GNUNET_MessageHeader *hello)
1034 const struct GNUNET_HELLO_Message *hm =
1035 (const struct GNUNET_HELLO_Message *) hello;
1036 struct ValidateAddressContext vac;
1037 struct GNUNET_HELLO_Message *h;
1039 if ((GNUNET_OK != GNUNET_HELLO_get_id (hm, &vac.pid)) ||
1040 (GNUNET_OK != GNUNET_HELLO_get_key (hm, &vac.public_key)))
1042 /* malformed HELLO */
1046 /* Add peer identity without addresses to peerinfo service */
1047 h = GNUNET_HELLO_create (&vac.public_key, NULL, NULL);
1048 GNUNET_PEERINFO_add_peer (GST_peerinfo, h);
1049 #if VERBOSE_VALIDATION
1050 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1052 ("Adding `%s' without addresses for peer `%s'\n"),
1054 GNUNET_i2s(&vac.pid));
1058 GNUNET_assert (NULL ==
1059 GNUNET_HELLO_iterate_addresses (hm, GNUNET_NO,
1060 &validate_address, &vac));
1065 * Closure for 'iterate_addresses'
1067 struct IteratorContext
1070 * Function to call on each address.
1072 GST_ValidationAddressCallback cb;
1083 * Call the callback in the closure for each validation entry.
1085 * @param cls the 'struct GST_ValidationIteratorContext'
1086 * @param key the peer's identity
1087 * @param value the 'struct ValidationEntry'
1088 * @return GNUNET_OK (continue to iterate)
1091 iterate_addresses (void *cls, const GNUNET_HashCode * key, void *value)
1093 struct IteratorContext *ic = cls;
1094 struct ValidationEntry *ve = value;
1096 ic->cb (ic->cb_cls, &ve->public_key, &ve->pid, ve->valid_until,
1097 ve->validation_block, ve->transport_name, ve->addr, ve->addrlen);
1103 * Call the given function for each address for the given target.
1104 * Can either give a snapshot (synchronous API) or be continuous.
1106 * @param target peer information is requested for
1107 * @param cb function to call; will not be called after this function returns
1108 * @param cb_cls closure for 'cb'
1111 GST_validation_get_addresses (const struct GNUNET_PeerIdentity *target,
1112 GST_ValidationAddressCallback cb, void *cb_cls)
1114 struct IteratorContext ic;
1118 GNUNET_CONTAINER_multihashmap_get_multiple (validation_map,
1119 &target->hashPubKey,
1120 &iterate_addresses, &ic);
1124 /* end of file gnunet-service-transport_validation.c */
projects / oweals / gnunet.git / blob