2 This file is part of GNUnet.
3 (C) 2010,2011 Christian Grothoff (and other contributing authors)
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file transport/gnunet-service-transport_validation.c
23 * @brief address validation subsystem
24 * @author Christian Grothoff
27 #include "gnunet-service-transport_validation.h"
28 #include "gnunet-service-transport_plugins.h"
29 #include "gnunet-service-transport_hello.h"
30 #include "gnunet-service-transport_blacklist.h"
31 #include "gnunet-service-transport.h"
32 #include "gnunet_hello_lib.h"
33 #include "gnunet_ats_service.h"
34 #include "gnunet_peerinfo_service.h"
35 #include "gnunet_signatures.h"
37 // TODO: observe latency between PING/PONG and give information to ATS!
40 * How long is a PONG signature valid? We'll recycle a signature until
41 * 1/4 of this time is remaining. PONGs should expire so that if our
42 * external addresses change an adversary cannot replay them indefinitely.
43 * OTOH, we don't want to spend too much time generating PONG signatures,
44 * so they must have some lifetime to reduce our CPU usage.
46 #define PONG_SIGNATURE_LIFETIME GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 1)
49 * After how long do we expire an address in a HELLO that we just
50 * validated? This value is also used for our own addresses when we
53 #define HELLO_ADDRESS_EXPIRATION GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12)
56 * How long before an existing address expires should we again try to
57 * validate it? Must be (significantly) smaller than
58 * HELLO_ADDRESS_EXPIRATION.
60 #define HELLO_REVALIDATION_START_TIME GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 1)
63 * Size of the validation map hashmap.
65 #define VALIDATION_MAP_SIZE 256
68 * Priority to use for PINGs
70 #define PING_PRIORITY 2
73 * Priority to use for PONGs
75 #define PONG_PRIORITY 4
79 * Message used to ask a peer to validate receipt (to check an address
80 * from a HELLO). Followed by the address we are trying to validate,
81 * or an empty address if we are just sending a PING to confirm that a
82 * connection which the receiver (of the PING) initiated is still valid.
84 struct TransportPingMessage
88 * Type will be GNUNET_MESSAGE_TYPE_TRANSPORT_PING
90 struct GNUNET_MessageHeader header;
93 * Challenge code (to ensure fresh reply).
95 uint32_t challenge GNUNET_PACKED;
98 * Who is the intended recipient?
100 struct GNUNET_PeerIdentity target;
106 * Message used to validate a HELLO. The challenge is included in the
107 * confirmation to make matching of replies to requests possible. The
108 * signature signs our public key, an expiration time and our address.<p>
110 * This message is followed by our transport address that the PING tried
111 * to confirm (if we liked it). The address can be empty (zero bytes)
112 * if the PING had not address either (and we received the request via
113 * a connection that we initiated).
115 struct TransportPongMessage
119 * Type will be GNUNET_MESSAGE_TYPE_TRANSPORT_PONG
121 struct GNUNET_MessageHeader header;
124 * Challenge code from PING (showing freshness). Not part of what
125 * is signed so that we can re-use signatures.
127 uint32_t challenge GNUNET_PACKED;
132 struct GNUNET_CRYPTO_RsaSignature signature;
135 * What are we signing and why? Two possible reason codes can be here:
136 * GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN to confirm that this is a
137 * plausible address for this peer (pid is set to identity of signer); or
138 * GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_USING to confirm that this is
139 * an address we used to connect to the peer with the given pid.
141 struct GNUNET_CRYPTO_RsaSignaturePurpose purpose;
144 * When does this signature expire?
146 struct GNUNET_TIME_AbsoluteNBO expiration;
149 * Either the identity of the peer Who signed this message, or the
150 * identity of the peer that we're connected to using the given
151 * address (depending on purpose.type).
153 struct GNUNET_PeerIdentity pid;
156 * Size of address appended to this message (part of what is
157 * being signed, hence not redundant).
159 uint32_t addrlen GNUNET_PACKED;
165 * Information about an address under validation
167 struct ValidationEntry
171 * Name of the transport.
173 char *transport_name;
176 * The address, actually a pointer to the end
177 * of this struct. Do not free!
182 * Handle to the blacklist check (if we're currently in it).
184 struct GST_BlacklistCheck *bc;
187 * Public key of the peer.
189 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
192 * The identity of the peer.
194 struct GNUNET_PeerIdentity pid;
197 * ID of task that will clean up this entry if nothing happens.
199 GNUNET_SCHEDULER_TaskIdentifier timeout_task;
202 * At what time did we send the latest validation request?
204 struct GNUNET_TIME_Absolute send_time;
207 * Until when is this address valid?
208 * ZERO if it is not currently considered valid.
210 struct GNUNET_TIME_Absolute valid_until;
213 * How long until we can try to validate this address again?
214 * FOREVER if the address is for an unsupported plugin (from PEERINFO)
215 * ZERO if the address is considered valid (no validation needed)
216 * otherwise a time in the future if we're currently denying re-validation
218 struct GNUNET_TIME_Absolute validation_block;
221 * Challenge number we used.
234 * Context of currently active requests to peerinfo
235 * for validation of HELLOs.
237 struct CheckHelloValidatedContext
241 * This is a doubly-linked list.
243 struct CheckHelloValidatedContext *next;
246 * This is a doubly-linked list.
248 struct CheckHelloValidatedContext *prev;
251 * Hello that we are validating.
253 const struct GNUNET_HELLO_Message *hello;
259 * Head of linked list of HELLOs awaiting validation.
261 static struct CheckHelloValidatedContext *chvc_head;
264 * Tail of linked list of HELLOs awaiting validation
266 static struct CheckHelloValidatedContext *chvc_tail;
269 * Map of PeerIdentities to 'struct ValidationEntry*'s (addresses
270 * of the given peer that we are currently validating, have validated
271 * or are blocked from re-validation for a while).
273 static struct GNUNET_CONTAINER_MultiHashMap *validation_map;
276 * Context for peerinfo iteration.
278 static struct GNUNET_PEERINFO_NotifyContext *pnc;
282 * Context for the validation entry match function.
284 struct ValidationEntryMatchContext
287 * Where to store the result?
289 struct ValidationEntry *ve;
292 * Transport name we're looking for.
294 const char *transport_name;
297 * Address we're interested in.
302 * Number of bytes in 'addr'.
309 * Iterate over validation entries until a matching one is found.
311 * @param cls the 'struct ValidationEntryMatchContext'
312 * @param key peer identity (unused)
313 * @param value a 'struct ValidationEntry' to match
314 * @return GNUNET_YES if the entry does not match,
315 * GNUNET_NO if the entry does match
318 validation_entry_match (void *cls,
319 const GNUNET_HashCode *key,
322 struct ValidationEntryMatchContext *vemc = cls;
323 struct ValidationEntry *ve = value;
325 if ( (ve->addrlen == vemc->addrlen) &&
326 (0 == memcmp (ve->addr, vemc->addr, ve->addrlen)) &&
327 (0 == strcmp (ve->transport_name, vemc->transport_name)) )
337 * Find a ValidationEntry entry for the given neighbour that matches
338 * the given address and transport. If none exists, create one (but
339 * without starting any validation).
341 * @param public_key public key of the peer, NULL for unknown
342 * @param neighbour which peer we care about
343 * @param tname name of the transport plugin
344 * @param session session to look for, NULL for 'any'; otherwise
345 * can be used for the service to "learn" this session ID
347 * @param addr binary address
348 * @param addrlen length of addr
349 * @return validation entry matching the given specifications, NULL
350 * if we don't have an existing entry and no public key was given
352 static struct ValidationEntry *
353 find_validation_entry (const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *public_key,
354 const struct GNUNET_PeerIdentity *neighbour,
359 struct ValidationEntryMatchContext vemc;
360 struct ValidationEntry *ve;
363 vemc.transport_name = tname;
365 vemc.addrlen = addrlen;
366 GNUNET_CONTAINER_multihashmap_get_multiple (validation_map,
367 &neighbour->hashPubKey,
368 &validation_entry_match,
370 if (NULL != (ve = vemc.ve))
372 if (public_key == NULL)
374 ve = GNUNET_malloc (sizeof (struct ValidationEntry) + addrlen);
375 ve->transport_name = GNUNET_strdup (tname);
376 ve->addr = (void*) &ve[1];
377 ve->public_key = *public_key;
378 ve->pid = *neighbour;
379 ve->challenge = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE,
381 memcpy (&ve[1], addr, addrlen);
382 ve->addrlen = addrlen;
383 GNUNET_CONTAINER_multihashmap_put (validation_map,
384 &neighbour->hashPubKey,
386 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
392 * Iterator which adds the given address to the set of validated
395 * @param cls original HELLO message
396 * @param tname name of the transport
397 * @param expiration expiration time
398 * @param addr the address
399 * @param addrlen length of the address
400 * @return GNUNET_OK (keep the address)
403 add_valid_address (void *cls,
405 struct GNUNET_TIME_Absolute expiration,
409 const struct GNUNET_HELLO_Message *hello = cls;
410 struct ValidationEntry *ve;
411 struct GNUNET_PeerIdentity pid;
412 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
414 if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0)
415 return GNUNET_OK; /* expired */
417 GNUNET_HELLO_get_id (hello, &pid)) ||
419 GNUNET_HELLO_get_key (hello, &public_key)) )
422 return GNUNET_OK; /* invalid HELLO !? */
424 ve = find_validation_entry (&public_key, &pid, tname, addr, addrlen);
425 ve->valid_until = GNUNET_TIME_absolute_max (ve->valid_until,
427 GNUNET_ATS_address_update (GST_ats,
440 * Function called for any HELLO known to PEERINFO.
443 * @param peer id of the peer, NULL for last call
444 * @param hello hello message for the peer (can be NULL)
445 * @param error message
448 process_peerinfo_hello (void *cls,
449 const struct GNUNET_PeerIdentity *peer,
450 const struct GNUNET_HELLO_Message *hello,
453 GNUNET_assert (NULL != peer);
456 GNUNET_assert (NULL ==
457 GNUNET_HELLO_iterate_addresses (hello,
465 * Start the validation subsystem.
468 GST_validation_start ()
470 validation_map = GNUNET_CONTAINER_multihashmap_create (VALIDATION_MAP_SIZE);
471 pnc = GNUNET_PEERINFO_notify (GST_cfg,
472 &process_peerinfo_hello,
478 * Iterate over validation entries and free them.
480 * @param cls (unused)
481 * @param key peer identity (unused)
482 * @param value a 'struct ValidationEntry' to clean up
483 * @return GNUNET_YES (continue to iterate)
486 cleanup_validation_entry (void *cls,
487 const GNUNET_HashCode *key,
490 struct ValidationEntry *ve = value;
494 GST_blacklist_test_cancel (ve->bc);
497 GNUNET_break (GNUNET_OK ==
498 GNUNET_CONTAINER_multihashmap_remove (validation_map,
501 GNUNET_free (ve->transport_name);
502 if (GNUNET_SCHEDULER_NO_TASK != ve->timeout_task)
504 GNUNET_SCHEDULER_cancel (ve->timeout_task);
505 ve->timeout_task = GNUNET_SCHEDULER_NO_TASK;
513 * Stop the validation subsystem.
516 GST_validation_stop ()
518 struct CheckHelloValidatedContext *chvc;
520 GNUNET_CONTAINER_multihashmap_iterate (validation_map,
521 &cleanup_validation_entry,
523 GNUNET_CONTAINER_multihashmap_destroy (validation_map);
524 validation_map = NULL;
525 while (NULL != (chvc = chvc_head))
527 GNUNET_CONTAINER_DLL_remove (chvc_head,
532 GNUNET_PEERINFO_notify_cancel (pnc);
537 * Address validation cleanup task (record no longer needed).
539 * @param cls the 'struct ValidationEntry'
540 * @param tc scheduler context (unused)
543 timeout_hello_validation (void *cls,
544 const struct GNUNET_SCHEDULER_TaskContext *tc)
546 struct ValidationEntry *ve = cls;
548 ve->timeout_task = GNUNET_SCHEDULER_NO_TASK;
549 GNUNET_STATISTICS_update (GST_stats,
550 gettext_noop ("# address records discarded"),
553 cleanup_validation_entry (NULL, &ve->pid.hashPubKey, ve);
558 * Send the given PONG to the given address.
560 * @param cls the PONG message
561 * @param public_key public key for the peer, never NULL
562 * @param target peer this change is about, never NULL
563 * @param valid_until is ZERO if we never validated the address,
564 * otherwise a time up to when we consider it (or was) valid
565 * @param validation_block is FOREVER if the address is for an unsupported plugin (from PEERINFO)
566 * is ZERO if the address is considered valid (no validation needed)
567 * otherwise a time in the future if we're currently denying re-validation
568 * @param plugin_name name of the plugin
569 * @param plugin_address binary address
570 * @param plugin_address_len length of address
573 multicast_pong (void *cls,
574 const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *public_key,
575 const struct GNUNET_PeerIdentity *target,
576 struct GNUNET_TIME_Absolute valid_until,
577 struct GNUNET_TIME_Absolute validation_block,
578 const char *plugin_name,
579 const void *plugin_address,
580 size_t plugin_address_len)
582 struct TransportPongMessage *pong = cls;
583 struct GNUNET_TRANSPORT_PluginFunctions *papi;
585 papi = GST_plugins_find (plugin_name);
588 (void) papi->send (papi->cls,
591 ntohs (pong->header.size),
593 HELLO_REVALIDATION_START_TIME,
603 * We've received a PING. If appropriate, generate a PONG.
605 * @param sender peer sending the PING
606 * @param hdr the PING
607 * @param session session we got the PING from
608 * @param plugin_name name of plugin that received the PING
609 * @param sender_address address of the sender as known to the plugin, NULL
610 * if we did not initiate the connection
611 * @param sender_address_len number of bytes in sender_address
614 GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
615 const struct GNUNET_MessageHeader *hdr,
616 const char *plugin_name,
617 struct Session *session,
618 const void *sender_address,
619 size_t sender_address_len)
622 const struct TransportPingMessage *ping;
623 struct TransportPongMessage *pong;
624 struct GNUNET_TRANSPORT_PluginFunctions *papi;
625 struct GNUNET_CRYPTO_RsaSignature *sig_cache;
626 struct GNUNET_TIME_Absolute *sig_cache_exp;
633 if (ntohs (hdr->size) < sizeof (struct TransportPingMessage))
638 ping = (const struct TransportPingMessage *) hdr;
639 if (0 != memcmp (&ping->target,
641 sizeof (struct GNUNET_PeerIdentity)))
647 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG | GNUNET_ERROR_TYPE_BULK,
648 "Processing `%s' from `%s'\n",
650 (sender_address != NULL)
651 ? GST_plugin_a2s (plugin_name,
656 GNUNET_STATISTICS_update (GST_stats,
657 gettext_noop ("# PING messages received"),
660 addr = (const char*) &ping[1];
661 alen = ntohs (hdr->size) - sizeof (struct TransportPingMessage);
662 /* peer wants to confirm that this is one of our addresses, this is what is
663 used for address validation */
665 addrend = memchr (addr, '\0', alen);
676 GST_hello_test_address (addr,
682 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
683 _("Not confirming PING with address `%s' since I cannot confirm having this address.\n"),
684 GST_plugins_a2s (addr,
690 pong = GNUNET_malloc (sizeof (struct TransportPongMessage) + alen + slen);
691 pong->header.size = htons (sizeof (struct TransportPongMessage) + alen + slen);
692 pong->header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PONG);
694 htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) +
696 sizeof (struct GNUNET_TIME_AbsoluteNBO) +
697 sizeof (struct GNUNET_PeerIdentity) + alen + slen);
698 pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN);
699 pong->challenge = ping->challenge;
700 pong->addrlen = htonl(alen + slen);
701 pong->pid = GST_my_identity;
702 memcpy (&pong[1], addr, slen);
703 memcpy (&((char*)&pong[1])[slen], addrend, alen);
704 if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value < PONG_SIGNATURE_LIFETIME.rel_value / 4)
706 /* create / update cached sig */
708 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
709 "Creating PONG signature to indicate ownership.\n");
711 *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
712 pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
713 GNUNET_assert (GNUNET_OK ==
714 GNUNET_CRYPTO_rsa_sign (GST_my_private_key,
720 pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
722 pong->signature = *sig_cache;
724 /* first see if the session we got this PING from can be used to transmit
725 a response reliably */
726 papi = GST_plugins_find (plugin_name);
730 ret = papi->send (papi->cls,
733 ntohs (pong->header.size),
735 HELLO_REVALIDATION_START_TIME,
743 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
744 "Transmitted PONG to `%s' via reliable mechanism\n",
745 GNUNET_i2s (sender));
747 GNUNET_STATISTICS_update (GST_stats,
748 gettext_noop ("# PONGs unicast via reliable transport"),
755 /* no reliable method found, try transmission via all known addresses */
756 GNUNET_STATISTICS_update (GST_stats,
757 gettext_noop ("# PONGs multicast to all available addresses"),
760 GST_validation_get_addresses (sender,
768 * Context for the 'validate_address' function
770 struct ValidateAddressContext
773 * Hash of the public key of the peer whose address is being validated.
775 struct GNUNET_PeerIdentity pid;
778 * Public key of the peer whose address is being validated.
780 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
785 * Function called with the result from blacklisting.
786 * Send a PING to the other peer if a communication is allowed.
788 * @param cls ou r'struct ValidationEntry'
789 * @param pid identity of the other peer
790 * @param result GNUNET_OK if the connection is allowed, GNUNET_NO if not
793 transmit_ping_if_allowed (void *cls,
794 const struct GNUNET_PeerIdentity *pid,
797 struct ValidationEntry *ve = cls;
798 struct TransportPingMessage ping;
799 struct GNUNET_TRANSPORT_PluginFunctions *papi;
800 const struct GNUNET_MessageHeader *hello;
807 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
808 "Transmitting plain PING to `%s'\n",
810 ping.header.size = htons(sizeof(struct TransportPingMessage));
811 ping.header.type = htons(GNUNET_MESSAGE_TYPE_TRANSPORT_PING);
812 ping.challenge = htonl(ve->challenge);
815 slen = strlen(ve->transport_name) + 1;
816 hello = GST_hello_get ();
817 hsize = ntohs (hello->size);
818 tsize = sizeof(struct TransportPingMessage) + ve->addrlen + slen + hsize;
819 if (tsize >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
821 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
822 _("Not transmitting `%s' with `%s', message too big (%u bytes!). This should not happen.\n"),
825 (unsigned int) tsize);
826 /* message too big (!?), get rid of HELLO */
828 tsize = sizeof(struct TransportPingMessage) + ve->addrlen + slen + hsize;
831 char message_buf[tsize];
833 memcpy(message_buf, hello, hsize);
834 memcpy(&message_buf[hsize], &ping, sizeof (struct TransportPingMessage));
835 memcpy(&message_buf[sizeof (struct TransportPingMessage) + hsize],
838 memcpy(&message_buf[sizeof (struct TransportPingMessage) + slen + hsize],
841 papi = GST_plugins_find (ve->transport_name);
845 ret = papi->send (papi->cls,
850 HELLO_REVALIDATION_START_TIME,
851 NULL /* no session */,
859 ve->send_time = GNUNET_TIME_absolute_get ();
860 GNUNET_STATISTICS_update (GST_stats,
861 gettext_noop ("# PING without HELLO messages sent"),
869 * Iterator callback to go over all addresses and try to validate them
870 * (unless blocked or already validated).
872 * @param cls pointer to a 'struct ValidateAddressContext'
873 * @param tname name of the transport
874 * @param expiration expiration time
875 * @param addr the address
876 * @param addrlen length of the address
877 * @return GNUNET_OK (keep the address)
880 validate_address (void *cls,
882 struct GNUNET_TIME_Absolute expiration,
886 const struct ValidateAddressContext *vac = cls;
887 const struct GNUNET_PeerIdentity *pid = &vac->pid;
888 struct ValidationEntry *ve;
889 struct GST_BlacklistCheck *bc;
891 if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0)
892 return GNUNET_OK; /* expired */
893 ve = find_validation_entry (&vac->public_key, pid, tname, addr, addrlen);
894 if (GNUNET_TIME_absolute_get_remaining (ve->validation_block).rel_value > 0)
895 return GNUNET_OK; /* blocked */
896 if ( (GNUNET_SCHEDULER_NO_TASK != ve->timeout_task) &&
897 (GNUNET_TIME_absolute_get_remaining (ve->valid_until).rel_value > 0) )
898 return GNUNET_OK; /* revalidation task already scheduled & still valid */
899 ve->validation_block = GNUNET_TIME_relative_to_absolute (HELLO_REVALIDATION_START_TIME);
900 if (GNUNET_SCHEDULER_NO_TASK != ve->timeout_task)
901 GNUNET_SCHEDULER_cancel (ve->timeout_task);
902 ve->timeout_task = GNUNET_SCHEDULER_add_delayed (HELLO_REVALIDATION_START_TIME,
903 &timeout_hello_validation,
905 bc = GST_blacklist_test_allowed (pid,
907 &transmit_ping_if_allowed,
916 * Do address validation again to keep address valid.
918 * @param cls the 'struct ValidationEntry'
919 * @param tc scheduler context (unused)
922 revalidate_address (void *cls,
923 const struct GNUNET_SCHEDULER_TaskContext *tc)
925 struct ValidationEntry *ve = cls;
926 struct GNUNET_TIME_Relative delay;
927 struct ValidateAddressContext vac;
929 ve->timeout_task = GNUNET_SCHEDULER_NO_TASK;
930 delay = GNUNET_TIME_absolute_get_remaining (ve->validation_block);
931 if (delay.rel_value > 0)
933 /* should wait a bit longer */
934 ve->timeout_task = GNUNET_SCHEDULER_add_delayed (delay,
939 GNUNET_STATISTICS_update (GST_stats,
940 gettext_noop ("# address revalidations started"),
944 vac.public_key = ve->public_key;
945 validate_address (&vac,
949 (uint16_t) ve->addrlen);
954 * Add the validated peer address to the HELLO.
956 * @param cls the 'struct ValidationEntry' with the validated address
957 * @param max space in buf
958 * @param buf where to add the address
961 add_valid_peer_address (void *cls,
965 struct ValidationEntry *ve = cls;
967 return GNUNET_HELLO_add_address (ve->transport_name,
977 * We've received a PONG. Check if it matches a pending PING and
978 * mark the respective address as confirmed.
980 * @param sender peer sending the PONG
981 * @param hdr the PONG
982 * @param plugin_name name of plugin that received the PONG
983 * @param sender_address address of the sender as known to the plugin, NULL
984 * if we did not initiate the connection
985 * @param sender_address_len number of bytes in sender_address
988 GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
989 const struct GNUNET_MessageHeader *hdr,
990 const char *plugin_name,
991 const void *sender_address,
992 size_t sender_address_len)
994 const struct TransportPongMessage *pong;
995 struct ValidationEntry *ve;
1001 struct GNUNET_TIME_Relative delay;
1002 struct GNUNET_HELLO_Message *hello;
1004 if (ntohs (hdr->size) < sizeof (struct TransportPongMessage))
1006 GNUNET_break_op (0);
1009 GNUNET_STATISTICS_update (GST_stats,
1010 gettext_noop ("# PONG messages received"),
1013 pong = (const struct TransportPongMessage *) hdr;
1014 if (0 != memcmp (&pong->pid,
1016 sizeof (struct GNUNET_PeerIdentity)))
1018 GNUNET_break_op (0);
1022 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG | GNUNET_ERROR_TYPE_BULK,
1023 "Processing `%s' from `%s'\n",
1025 (sender_address != NULL)
1026 ? GST_plugin_a2s (plugin_name,
1031 addr = (const char*) &pong[1];
1032 alen = ntohs (hdr->size) - sizeof (struct TransportPongMessage);
1033 addrend = memchr (addr, '\0', alen);
1034 if (NULL == addrend)
1036 GNUNET_break_op (0);
1040 slen = strlen(addr);
1042 ve = find_validation_entry (NULL,
1049 GNUNET_STATISTICS_update (GST_stats,
1050 gettext_noop ("# PONGs dropped, no matching pending validation"),
1055 /* now check that PONG is well-formed */
1056 if (GNUNET_TIME_absolute_get_remaining (GNUNET_TIME_absolute_ntoh (pong->expiration)).rel_value == 0)
1058 GNUNET_STATISTICS_update (GST_stats,
1059 gettext_noop ("# PONGs dropped, signature expired"),
1065 GNUNET_CRYPTO_rsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
1070 GNUNET_break_op (0);
1074 /* validity achieved, remember it! */
1075 ve->valid_until = GNUNET_TIME_relative_to_absolute (HELLO_ADDRESS_EXPIRATION);
1076 GNUNET_ATS_address_update (GST_ats,
1083 NULL, 0); /* FIXME: compute and add latency here... */
1085 /* build HELLO to store in PEERINFO */
1086 hello = GNUNET_HELLO_create (&ve->public_key,
1087 &add_valid_peer_address,
1089 GNUNET_PEERINFO_add_peer (GST_peerinfo,
1091 GNUNET_free (hello);
1093 if (GNUNET_SCHEDULER_NO_TASK != ve->timeout_task)
1094 GNUNET_SCHEDULER_cancel (ve->timeout_task);
1096 /* randomly delay by up to 1h to avoid synchronous validations */
1097 rdelay = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1099 delay = GNUNET_TIME_relative_add (HELLO_REVALIDATION_START_TIME,
1100 GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS,
1102 ve->timeout_task = GNUNET_SCHEDULER_add_delayed (delay,
1103 &revalidate_address,
1109 * We've received a HELLO, check which addresses are new and trigger
1112 * @param hello the HELLO we received
1115 GST_validation_handle_hello (const struct GNUNET_MessageHeader *hello)
1117 const struct GNUNET_HELLO_Message* hm = (const struct GNUNET_HELLO_Message*) hello;
1118 struct ValidateAddressContext vac;
1121 GNUNET_HELLO_get_id (hm, &vac.pid)) ||
1123 GNUNET_HELLO_get_key (hm, &vac.public_key)) )
1125 /* malformed HELLO */
1129 GNUNET_assert (NULL ==
1130 GNUNET_HELLO_iterate_addresses (hm,
1138 * Closure for 'iterate_addresses'
1140 struct IteratorContext
1143 * Function to call on each address.
1145 GST_ValidationAddressCallback cb;
1156 * Call the callback in the closure for each validation entry.
1158 * @param cls the 'struct GST_ValidationIteratorContext'
1159 * @param key the peer's identity
1160 * @param value the 'struct ValidationEntry'
1161 * @return GNUNET_OK (continue to iterate)
1164 iterate_addresses (void *cls,
1165 const GNUNET_HashCode *key,
1168 struct IteratorContext *ic = cls;
1169 struct ValidationEntry *ve = value;
1175 ve->validation_block,
1184 * Call the given function for each address for the given target.
1185 * Can either give a snapshot (synchronous API) or be continuous.
1187 * @param target peer information is requested for
1188 * @param snapshot_only GNUNET_YES to iterate over addresses once, GNUNET_NO to
1189 * continue to give information about addresses as it evolves
1190 * @param cb function to call; will not be called after this function returns
1191 * if snapshot_only is GNUNET_YES
1192 * @param cb_cls closure for 'cb'
1193 * @return context to cancel, NULL if 'snapshot_only' is GNUNET_YES
1196 GST_validation_get_addresses (const struct GNUNET_PeerIdentity *target,
1197 GST_ValidationAddressCallback cb,
1200 struct IteratorContext ic;
1204 GNUNET_CONTAINER_multihashmap_get_multiple (validation_map,
1205 &target->hashPubKey,
1211 /* end of file gnunet-service-transport_validation.c */
projects / oweals / gnunet.git / blob