2 This file is part of GNUnet.
3 (C) 2010,2011 Christian Grothoff (and other contributing authors)
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file transport/gnunet-service-transport_validation.c
23 * @brief address validation subsystem
24 * @author Christian Grothoff
27 #include "gnunet-service-transport_validation.h"
28 #include "gnunet-service-transport_plugins.h"
29 #include "gnunet-service-transport_hello.h"
30 #include "gnunet-service-transport.h"
31 #include "gnunet_hello_lib.h"
32 #include "gnunet_peerinfo_service.h"
33 #include "gnunet_signatures.h"
35 // TODO: observe latency between PING/PONG and give information to ATS!
38 * How long is a PONG signature valid? We'll recycle a signature until
39 * 1/4 of this time is remaining. PONGs should expire so that if our
40 * external addresses change an adversary cannot replay them indefinitely.
41 * OTOH, we don't want to spend too much time generating PONG signatures,
42 * so they must have some lifetime to reduce our CPU usage.
44 #define PONG_SIGNATURE_LIFETIME GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 1)
47 * After how long do we expire an address in a HELLO that we just
48 * validated? This value is also used for our own addresses when we
51 #define HELLO_ADDRESS_EXPIRATION GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12)
54 * How long before an existing address expires should we again try to
55 * validate it? Must be (significantly) smaller than
56 * HELLO_ADDRESS_EXPIRATION.
58 #define HELLO_REVALIDATION_START_TIME GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 1)
61 * Size of the validation map hashmap.
63 #define VALIDATION_MAP_SIZE 256
66 * Priority to use for PINGs
68 #define PING_PRIORITY 2
71 * Priority to use for PONGs
73 #define PONG_PRIORITY 4
77 * Message used to ask a peer to validate receipt (to check an address
78 * from a HELLO). Followed by the address we are trying to validate,
79 * or an empty address if we are just sending a PING to confirm that a
80 * connection which the receiver (of the PING) initiated is still valid.
82 struct TransportPingMessage
86 * Type will be GNUNET_MESSAGE_TYPE_TRANSPORT_PING
88 struct GNUNET_MessageHeader header;
91 * Challenge code (to ensure fresh reply).
93 uint32_t challenge GNUNET_PACKED;
96 * Who is the intended recipient?
98 struct GNUNET_PeerIdentity target;
104 * Message used to validate a HELLO. The challenge is included in the
105 * confirmation to make matching of replies to requests possible. The
106 * signature signs our public key, an expiration time and our address.<p>
108 * This message is followed by our transport address that the PING tried
109 * to confirm (if we liked it). The address can be empty (zero bytes)
110 * if the PING had not address either (and we received the request via
111 * a connection that we initiated).
113 struct TransportPongMessage
117 * Type will be GNUNET_MESSAGE_TYPE_TRANSPORT_PONG
119 struct GNUNET_MessageHeader header;
122 * Challenge code from PING (showing freshness). Not part of what
123 * is signed so that we can re-use signatures.
125 uint32_t challenge GNUNET_PACKED;
130 struct GNUNET_CRYPTO_RsaSignature signature;
133 * What are we signing and why? Two possible reason codes can be here:
134 * GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN to confirm that this is a
135 * plausible address for this peer (pid is set to identity of signer); or
136 * GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_USING to confirm that this is
137 * an address we used to connect to the peer with the given pid.
139 struct GNUNET_CRYPTO_RsaSignaturePurpose purpose;
142 * When does this signature expire?
144 struct GNUNET_TIME_AbsoluteNBO expiration;
147 * Either the identity of the peer Who signed this message, or the
148 * identity of the peer that we're connected to using the given
149 * address (depending on purpose.type).
151 struct GNUNET_PeerIdentity pid;
154 * Size of address appended to this message (part of what is
155 * being signed, hence not redundant).
157 uint32_t addrlen GNUNET_PACKED;
163 * Information about an address under validation
165 struct ValidationEntry
169 * Name of the transport.
171 char *transport_name;
174 * The address, actually a pointer to the end
175 * of this struct. Do not free!
180 * Public key of the peer.
182 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
185 * The identity of the peer.
187 struct GNUNET_PeerIdentity pid;
190 * ID of task that will clean up this entry if nothing happens.
192 GNUNET_SCHEDULER_TaskIdentifier timeout_task;
195 * At what time did we send the latest validation request?
197 struct GNUNET_TIME_Absolute send_time;
200 * Until when is this address valid?
201 * ZERO if it is not currently considered valid.
203 struct GNUNET_TIME_Absolute valid_until;
206 * How long until we can try to validate this address again?
207 * FOREVER if the address is for an unsupported plugin (from PEERINFO)
208 * ZERO if the address is considered valid (no validation needed)
209 * otherwise a time in the future if we're currently denying re-validation
211 struct GNUNET_TIME_Absolute validation_block;
214 * Challenge number we used.
227 * Context of currently active requests to peerinfo
228 * for validation of HELLOs.
230 struct CheckHelloValidatedContext
234 * This is a doubly-linked list.
236 struct CheckHelloValidatedContext *next;
239 * This is a doubly-linked list.
241 struct CheckHelloValidatedContext *prev;
244 * Hello that we are validating.
246 const struct GNUNET_HELLO_Message *hello;
252 * Opaque handle to stop incremental validation address callbacks.
254 struct GST_ValidationIteratorContext
257 * Function to call on each address.
259 GST_ValidationAddressCallback cb;
267 * Which peer are we monitoring?
269 struct GNUNET_PeerIdentity target;
274 * Head of linked list of HELLOs awaiting validation.
276 static struct CheckHelloValidatedContext *chvc_head;
279 * Tail of linked list of HELLOs awaiting validation
281 static struct CheckHelloValidatedContext *chvc_tail;
284 * Map of PeerIdentities to 'struct ValidationEntry*'s (addresses
285 * of the given peer that we are currently validating, have validated
286 * or are blocked from re-validation for a while).
288 static struct GNUNET_CONTAINER_MultiHashMap *validation_map;
291 * Map of PeerIdentities to 'struct GST_ValidationIteratorContext's.
293 static struct GNUNET_CONTAINER_MultiHashMap *notify_map;
296 * Context for peerinfo iteration.
298 static struct GNUNET_PEERINFO_NotifyContext *pnc;
302 * Context for the validation entry match function.
304 struct ValidationEntryMatchContext
307 * Where to store the result?
309 struct ValidationEntry *ve;
312 * Transport name we're looking for.
314 const char *transport_name;
317 * Address we're interested in.
322 * Number of bytes in 'addr'.
329 * Iterate over validation entries until a matching one is found.
331 * @param cls the 'struct ValidationEntryMatchContext'
332 * @param key peer identity (unused)
333 * @param value a 'struct ValidationEntry' to match
334 * @return GNUNET_YES if the entry does not match,
335 * GNUNET_NO if the entry does match
338 validation_entry_match (void *cls,
339 const GNUNET_HashCode *key,
342 struct ValidationEntryMatchContext *vemc = cls;
343 struct ValidationEntry *ve = value;
345 if ( (ve->addrlen == vemc->addrlen) &&
346 (0 == memcmp (ve->addr, vemc->addr, ve->addrlen)) &&
347 (0 == strcmp (ve->transport_name, vemc->transport_name)) )
357 * Find a ValidationEntry entry for the given neighbour that matches
358 * the given address and transport. If none exists, create one (but
359 * without starting any validation).
361 * @param public_key public key of the peer, NULL for unknown
362 * @param neighbour which peer we care about
363 * @param tname name of the transport plugin
364 * @param session session to look for, NULL for 'any'; otherwise
365 * can be used for the service to "learn" this session ID
367 * @param addr binary address
368 * @param addrlen length of addr
369 * @return validation entry matching the given specifications, NULL
370 * if we don't have an existing entry and no public key was given
372 static struct ValidationEntry *
373 find_validation_entry (const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *public_key,
374 const struct GNUNET_PeerIdentity *neighbour,
379 struct ValidationEntryMatchContext vemc;
380 struct ValidationEntry *ve;
383 vemc.transport_name = tname;
385 vemc.addrlen = addrlen;
386 GNUNET_CONTAINER_multihashmap_get_multiple (validation_map,
387 &neighbour->hashPubKey,
388 &validation_entry_match,
390 if (NULL != (ve = vemc.ve))
392 if (public_key == NULL)
394 ve = GNUNET_malloc (sizeof (struct ValidationEntry) + addrlen);
395 ve->transport_name = GNUNET_strdup (tname);
396 ve->addr = (void*) &ve[1];
397 ve->public_key = *public_key;
398 ve->pid = *neighbour;
399 ve->challenge = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE,
401 memcpy (&ve[1], addr, addrlen);
402 ve->addrlen = addrlen;
403 GNUNET_CONTAINER_multihashmap_put (validation_map,
404 &neighbour->hashPubKey,
406 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
412 * Notify validation watcher that an entry is now valid
414 * @param cls 'struct ValidationEntry' that is now valid
415 * @param key peer identity (unused)
416 * @param value a 'GST_ValidationIteratorContext' to notify
417 * @return GNUNET_YES (continue to iterate)
420 notify_valid (void *cls,
421 const GNUNET_HashCode *key,
424 struct ValidationEntry *ve = cls;
425 struct GST_ValidationIteratorContext *vic = value;
427 vic->cb (vic->cb_cls,
431 ve->validation_block,
440 * Iterator which adds the given address to the set of validated
443 * @param cls original HELLO message
444 * @param tname name of the transport
445 * @param expiration expiration time
446 * @param addr the address
447 * @param addrlen length of the address
448 * @return GNUNET_OK (keep the address)
451 add_valid_address (void *cls,
453 struct GNUNET_TIME_Absolute expiration,
457 const struct GNUNET_HELLO_Message *hello = cls;
458 struct ValidationEntry *ve;
459 struct GNUNET_PeerIdentity pid;
460 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
462 if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0)
463 return GNUNET_OK; /* expired */
465 GNUNET_HELLO_get_id (hello, &pid)) ||
467 GNUNET_HELLO_get_key (hello, &public_key)) )
470 return GNUNET_OK; /* invalid HELLO !? */
472 ve = find_validation_entry (&public_key, &pid, tname, addr, addrlen);
473 ve->valid_until = GNUNET_TIME_absolute_max (ve->valid_until,
475 GNUNET_CONTAINER_multihashmap_get_multiple (notify_map,
484 * Function called for any HELLO known to PEERINFO.
487 * @param peer id of the peer, NULL for last call
488 * @param hello hello message for the peer (can be NULL)
489 * @param error message
492 process_peerinfo_hello (void *cls,
493 const struct GNUNET_PeerIdentity *peer,
494 const struct GNUNET_HELLO_Message *hello,
497 GNUNET_assert (NULL != peer);
500 GNUNET_assert (NULL ==
501 GNUNET_HELLO_iterate_addresses (hello,
509 * Start the validation subsystem.
512 GST_validation_start ()
514 validation_map = GNUNET_CONTAINER_multihashmap_create (VALIDATION_MAP_SIZE);
515 notify_map = GNUNET_CONTAINER_multihashmap_create (VALIDATION_MAP_SIZE);
516 pnc = GNUNET_PEERINFO_notify (GST_cfg,
517 &process_peerinfo_hello,
523 * Iterate over validation entries and free them.
525 * @param cls (unused)
526 * @param key peer identity (unused)
527 * @param value a 'struct ValidationEntry' to clean up
528 * @return GNUNET_YES (continue to iterate)
531 cleanup_validation_entry (void *cls,
532 const GNUNET_HashCode *key,
535 struct ValidationEntry *ve = value;
537 GNUNET_free (ve->transport_name);
538 if (GNUNET_SCHEDULER_NO_TASK != ve->timeout_task)
540 GNUNET_SCHEDULER_cancel (ve->timeout_task);
541 ve->timeout_task = GNUNET_SCHEDULER_NO_TASK;
549 * Stop the validation subsystem.
552 GST_validation_stop ()
554 struct CheckHelloValidatedContext *chvc;
556 GNUNET_CONTAINER_multihashmap_iterate (validation_map,
557 &cleanup_validation_entry,
559 GNUNET_CONTAINER_multihashmap_destroy (validation_map);
560 validation_map = NULL;
561 GNUNET_assert (GNUNET_CONTAINER_multihashmap_size (notify_map) == 0);
562 GNUNET_CONTAINER_multihashmap_destroy (notify_map);
564 while (NULL != (chvc = chvc_head))
566 GNUNET_CONTAINER_DLL_remove (chvc_head,
571 GNUNET_PEERINFO_notify_cancel (pnc);
576 * Address validation cleanup task (record no longer needed).
578 * @param cls the 'struct ValidationEntry'
579 * @param tc scheduler context (unused)
582 timeout_hello_validation (void *cls,
583 const struct GNUNET_SCHEDULER_TaskContext *tc)
585 struct ValidationEntry *va = cls;
587 va->timeout_task = GNUNET_SCHEDULER_NO_TASK;
588 GNUNET_STATISTICS_update (GST_stats,
589 gettext_noop ("# address records discarded"),
592 GNUNET_break (GNUNET_OK ==
593 GNUNET_CONTAINER_multihashmap_remove (validation_map,
596 GNUNET_free (va->transport_name);
602 * Send the given PONG to the given address.
604 * @param cls the PONG message
605 * @param public_key public key for the peer, never NULL
606 * @param target peer this change is about, never NULL
607 * @param valid_until is ZERO if we never validated the address,
608 * otherwise a time up to when we consider it (or was) valid
609 * @param validation_block is FOREVER if the address is for an unsupported plugin (from PEERINFO)
610 * is ZERO if the address is considered valid (no validation needed)
611 * otherwise a time in the future if we're currently denying re-validation
612 * @param plugin_name name of the plugin
613 * @param plugin_address binary address
614 * @param plugin_address_len length of address
617 multicast_pong (void *cls,
618 const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *public_key,
619 const struct GNUNET_PeerIdentity *target,
620 struct GNUNET_TIME_Absolute valid_until,
621 struct GNUNET_TIME_Absolute validation_block,
622 const char *plugin_name,
623 const void *plugin_address,
624 size_t plugin_address_len)
626 struct TransportPongMessage *pong = cls;
627 struct GNUNET_TRANSPORT_PluginFunctions *papi;
629 papi = GST_plugins_find (plugin_name);
632 (void) papi->send (papi->cls,
635 ntohs (pong->header.size),
637 HELLO_REVALIDATION_START_TIME,
647 * We've received a PING. If appropriate, generate a PONG.
649 * @param sender peer sending the PING
650 * @param hdr the PING
651 * @param session session we got the PING from
652 * @param plugin_name name of plugin that received the PING
653 * @param sender_address address of the sender as known to the plugin, NULL
654 * if we did not initiate the connection
655 * @param sender_address_len number of bytes in sender_address
658 GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
659 const struct GNUNET_MessageHeader *hdr,
660 const char *plugin_name,
661 struct Session *session,
662 const void *sender_address,
663 size_t sender_address_len)
666 const struct TransportPingMessage *ping;
667 struct TransportPongMessage *pong;
668 struct GNUNET_TRANSPORT_PluginFunctions *papi;
669 struct GNUNET_CRYPTO_RsaSignature *sig_cache;
670 struct GNUNET_TIME_Absolute *sig_cache_exp;
677 if (ntohs (hdr->size) < sizeof (struct TransportPingMessage))
682 ping = (const struct TransportPingMessage *) hdr;
683 if (0 != memcmp (&ping->target,
685 sizeof (struct GNUNET_PeerIdentity)))
691 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG | GNUNET_ERROR_TYPE_BULK,
692 "Processing `%s' from `%s'\n",
694 (sender_address != NULL)
695 ? GST_plugin_a2s (plugin_name,
700 GNUNET_STATISTICS_update (GST_stats,
701 gettext_noop ("# PING messages received"),
704 addr = (const char*) &ping[1];
705 alen = ntohs (hdr->size) - sizeof (struct TransportPingMessage);
706 /* peer wants to confirm that this is one of our addresses, this is what is
707 used for address validation */
709 addrend = memchr (addr, '\0', alen);
720 GST_hello_test_address (addr,
726 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
727 _("Not confirming PING with address `%s' since I cannot confirm having this address.\n"),
728 GST_plugins_a2s (addr,
734 pong = GNUNET_malloc (sizeof (struct TransportPongMessage) + alen + slen);
735 pong->header.size = htons (sizeof (struct TransportPongMessage) + alen + slen);
736 pong->header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PONG);
738 htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) +
740 sizeof (struct GNUNET_TIME_AbsoluteNBO) +
741 sizeof (struct GNUNET_PeerIdentity) + alen + slen);
742 pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN);
743 pong->challenge = ping->challenge;
744 pong->addrlen = htonl(alen + slen);
745 pong->pid = GST_my_identity;
746 memcpy (&pong[1], addr, slen);
747 memcpy (&((char*)&pong[1])[slen], addrend, alen);
748 if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value < PONG_SIGNATURE_LIFETIME.rel_value / 4)
750 /* create / update cached sig */
752 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
753 "Creating PONG signature to indicate ownership.\n");
755 *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
756 pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
757 GNUNET_assert (GNUNET_OK ==
758 GNUNET_CRYPTO_rsa_sign (GST_my_private_key,
764 pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
766 pong->signature = *sig_cache;
768 /* first see if the session we got this PING from can be used to transmit
769 a response reliably */
770 papi = GST_plugins_find (plugin_name);
774 ret = papi->send (papi->cls,
777 ntohs (pong->header.size),
779 HELLO_REVALIDATION_START_TIME,
787 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
788 "Transmitted PONG to `%s' via reliable mechanism\n",
789 GNUNET_i2s (sender));
791 GNUNET_STATISTICS_update (GST_stats,
792 gettext_noop ("# PONGs unicast via reliable transport"),
799 /* no reliable method found, try transmission via all known addresses */
800 GNUNET_STATISTICS_update (GST_stats,
801 gettext_noop ("# PONGs multicast to all available addresses"),
804 (void) GST_validation_get_addresses (sender,
813 * Context for the 'validate_address' function
815 struct ValidateAddressContext
818 * Hash of the public key of the peer whose address is being validated.
820 struct GNUNET_PeerIdentity pid;
823 * Public key of the peer whose address is being validated.
825 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
830 * Iterator callback to go over all addresses and try to validate them
831 * (unless blocked or already validated).
833 * @param cls pointer to a 'struct ValidateAddressContext'
834 * @param tname name of the transport
835 * @param expiration expiration time
836 * @param addr the address
837 * @param addrlen length of the address
838 * @return GNUNET_OK (keep the address)
841 validate_address (void *cls,
843 struct GNUNET_TIME_Absolute expiration,
847 const struct ValidateAddressContext *vac = cls;
848 const struct GNUNET_PeerIdentity *pid = &vac->pid;
849 struct ValidationEntry *ve;
850 struct TransportPingMessage ping;
851 struct GNUNET_TRANSPORT_PluginFunctions *papi;
852 const struct GNUNET_MessageHeader *hello;
858 if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0)
859 return GNUNET_OK; /* expired */
860 ve = find_validation_entry (&vac->public_key, pid, tname, addr, addrlen);
861 if (GNUNET_TIME_absolute_get_remaining (ve->validation_block).rel_value > 0)
862 return GNUNET_OK; /* blocked */
863 if ( (GNUNET_SCHEDULER_NO_TASK != ve->timeout_task) &&
864 (GNUNET_TIME_absolute_get_remaining (ve->valid_until).rel_value > 0) )
865 return GNUNET_OK; /* revalidation task already scheduled & still valid */
866 ve->validation_block = GNUNET_TIME_relative_to_absolute (HELLO_REVALIDATION_START_TIME);
867 if (GNUNET_SCHEDULER_NO_TASK != ve->timeout_task)
868 GNUNET_SCHEDULER_cancel (ve->timeout_task);
869 ve->timeout_task = GNUNET_SCHEDULER_add_delayed (HELLO_REVALIDATION_START_TIME,
870 &timeout_hello_validation,
872 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
873 "Transmitting plain PING to `%s'\n",
875 ping.header.size = htons(sizeof(struct TransportPingMessage));
876 ping.header.type = htons(GNUNET_MESSAGE_TYPE_TRANSPORT_PING);
877 ping.challenge = htonl(ve->challenge);
880 slen = strlen(ve->transport_name) + 1;
881 hello = GST_hello_get ();
882 hsize = ntohs (hello->size);
883 tsize = sizeof(struct TransportPingMessage) + ve->addrlen + slen + hsize;
884 if (tsize >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
886 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
887 _("Not transmitting `%s' with `%s', message too big (%u bytes!). This should not happen.\n"),
890 (unsigned int) tsize);
891 /* message too big (!?), get rid of HELLO */
893 tsize = sizeof(struct TransportPingMessage) + ve->addrlen + slen + hsize;
896 char message_buf[tsize];
898 memcpy(message_buf, hello, hsize);
899 memcpy(&message_buf[hsize], &ping, sizeof (struct TransportPingMessage));
900 memcpy(&message_buf[sizeof (struct TransportPingMessage) + hsize],
903 memcpy(&message_buf[sizeof (struct TransportPingMessage) + slen + hsize],
906 papi = GST_plugins_find (ve->transport_name);
910 ret = papi->send (papi->cls,
915 HELLO_REVALIDATION_START_TIME,
916 NULL /* no session */,
924 ve->send_time = GNUNET_TIME_absolute_get ();
925 GNUNET_STATISTICS_update (GST_stats,
926 gettext_noop ("# PING without HELLO messages sent"),
935 * Do address validation again to keep address valid.
937 * @param cls the 'struct ValidationEntry'
938 * @param tc scheduler context (unused)
941 revalidate_address (void *cls,
942 const struct GNUNET_SCHEDULER_TaskContext *tc)
944 struct ValidationEntry *ve = cls;
945 struct GNUNET_TIME_Relative delay;
946 struct ValidateAddressContext vac;
948 ve->timeout_task = GNUNET_SCHEDULER_NO_TASK;
949 delay = GNUNET_TIME_absolute_get_remaining (ve->validation_block);
950 if (delay.rel_value > 0)
952 /* should wait a bit longer */
953 ve->timeout_task = GNUNET_SCHEDULER_add_delayed (delay,
958 GNUNET_STATISTICS_update (GST_stats,
959 gettext_noop ("# address revalidations started"),
963 vac.public_key = ve->public_key;
964 validate_address (&vac,
968 (uint16_t) ve->addrlen);
973 * Add the validated peer address to the HELLO.
975 * @param cls the 'struct ValidationEntry' with the validated address
976 * @param max space in buf
977 * @param buf where to add the address
980 add_valid_peer_address (void *cls,
984 struct ValidationEntry *ve = cls;
986 return GNUNET_HELLO_add_address (ve->transport_name,
996 * We've received a PONG. Check if it matches a pending PING and
997 * mark the respective address as confirmed.
999 * @param sender peer sending the PONG
1000 * @param hdr the PONG
1001 * @param plugin_name name of plugin that received the PONG
1002 * @param sender_address address of the sender as known to the plugin, NULL
1003 * if we did not initiate the connection
1004 * @param sender_address_len number of bytes in sender_address
1007 GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
1008 const struct GNUNET_MessageHeader *hdr,
1009 const char *plugin_name,
1010 const void *sender_address,
1011 size_t sender_address_len)
1013 const struct TransportPongMessage *pong;
1014 struct ValidationEntry *ve;
1016 const char *addrend;
1020 struct GNUNET_TIME_Relative delay;
1021 struct GNUNET_HELLO_Message *hello;
1023 if (ntohs (hdr->size) < sizeof (struct TransportPongMessage))
1025 GNUNET_break_op (0);
1028 GNUNET_STATISTICS_update (GST_stats,
1029 gettext_noop ("# PONG messages received"),
1032 pong = (const struct TransportPongMessage *) hdr;
1033 if (0 != memcmp (&pong->pid,
1035 sizeof (struct GNUNET_PeerIdentity)))
1037 GNUNET_break_op (0);
1041 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG | GNUNET_ERROR_TYPE_BULK,
1042 "Processing `%s' from `%s'\n",
1044 (sender_address != NULL)
1045 ? GST_plugin_a2s (plugin_name,
1050 addr = (const char*) &pong[1];
1051 alen = ntohs (hdr->size) - sizeof (struct TransportPongMessage);
1052 addrend = memchr (addr, '\0', alen);
1053 if (NULL == addrend)
1055 GNUNET_break_op (0);
1059 slen = strlen(addr);
1061 ve = find_validation_entry (NULL,
1068 GNUNET_STATISTICS_update (GST_stats,
1069 gettext_noop ("# PONGs dropped, no matching pending validation"),
1074 /* now check that PONG is well-formed */
1075 if (GNUNET_TIME_absolute_get_remaining (GNUNET_TIME_absolute_ntoh (pong->expiration)).rel_value == 0)
1077 GNUNET_STATISTICS_update (GST_stats,
1078 gettext_noop ("# PONGs dropped, signature expired"),
1084 GNUNET_CRYPTO_rsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
1089 GNUNET_break_op (0);
1093 /* validity achieved, remember it! */
1094 ve->valid_until = GNUNET_TIME_relative_to_absolute (HELLO_ADDRESS_EXPIRATION);
1096 /* build HELLO to store in PEERINFO */
1097 hello = GNUNET_HELLO_create (&ve->public_key,
1098 &add_valid_peer_address,
1100 GNUNET_PEERINFO_add_peer (GST_peerinfo,
1102 GNUNET_free (hello);
1104 if (GNUNET_SCHEDULER_NO_TASK != ve->timeout_task)
1105 GNUNET_SCHEDULER_cancel (ve->timeout_task);
1107 /* randomly delay by up to 1h to avoid synchronous validations */
1108 rdelay = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1110 delay = GNUNET_TIME_relative_add (HELLO_REVALIDATION_START_TIME,
1111 GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS,
1113 ve->timeout_task = GNUNET_SCHEDULER_add_delayed (delay,
1114 &revalidate_address,
1120 * We've received a HELLO, check which addresses are new and trigger
1123 * @param hello the HELLO we received
1126 GST_validation_handle_hello (const struct GNUNET_MessageHeader *hello)
1128 const struct GNUNET_HELLO_Message* hm = (const struct GNUNET_HELLO_Message*) hello;
1129 struct ValidateAddressContext vac;
1132 GNUNET_HELLO_get_id (hm, &vac.pid)) ||
1134 GNUNET_HELLO_get_key (hm, &vac.public_key)) )
1136 /* malformed HELLO */
1140 GNUNET_assert (NULL ==
1141 GNUNET_HELLO_iterate_addresses (hm,
1149 * Call the callback in the closure for each validation entry.
1151 * @param cls the 'struct GST_ValidationIteratorContext'
1152 * @param key the peer's identity
1153 * @param value the 'struct ValidationEntry'
1154 * @return GNUNET_OK (continue to iterate)
1157 iterate_addresses (void *cls,
1158 const GNUNET_HashCode *key,
1161 struct GST_ValidationIteratorContext *vic = cls;
1162 struct ValidationEntry *ve = value;
1164 vic->cb (vic->cb_cls,
1168 ve->validation_block,
1177 * Call the given function for each address for the given target.
1178 * Can either give a snapshot (synchronous API) or be continuous.
1180 * @param target peer information is requested for
1181 * @param snapshot_only GNUNET_YES to iterate over addresses once, GNUNET_NO to
1182 * continue to give information about addresses as it evolves
1183 * @param cb function to call; will not be called after this function returns
1184 * if snapshot_only is GNUNET_YES
1185 * @param cb_cls closure for 'cb'
1186 * @return context to cancel, NULL if 'snapshot_only' is GNUNET_YES
1188 struct GST_ValidationIteratorContext *
1189 GST_validation_get_addresses (const struct GNUNET_PeerIdentity *target,
1191 GST_ValidationAddressCallback cb,
1194 struct GST_ValidationIteratorContext *vic;
1196 vic = GNUNET_malloc (sizeof (struct GST_ValidationIteratorContext));
1198 vic->cb_cls = cb_cls;
1199 vic->target = *target;
1200 GNUNET_CONTAINER_multihashmap_get_multiple (validation_map,
1201 &target->hashPubKey,
1204 if (GNUNET_YES == snapshot_only)
1209 GNUNET_CONTAINER_multihashmap_put (notify_map,
1210 &target->hashPubKey,
1212 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
1218 * Cancel an active validation address iteration.
1220 * @param ctx the context of the operation that is cancelled
1223 GST_validation_get_addresses_cancel (struct GST_ValidationIteratorContext *ctx)
1225 GNUNET_assert (GNUNET_OK ==
1226 GNUNET_CONTAINER_multihashmap_remove (notify_map,
1227 &ctx->target.hashPubKey,
1233 /* end of file gnunet-service-transport_validation.c */