2 This file is part of GNUnet.
3 (C) 2010,2011 Christian Grothoff (and other contributing authors)
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file transport/gnunet-service-transport_validation.c
23 * @brief address validation subsystem
24 * @author Christian Grothoff
27 #include "gnunet-service-transport_validation.h"
28 #include "gnunet-service-transport_plugins.h"
29 #include "gnunet-service-transport_hello.h"
30 #include "gnunet-service-transport_blacklist.h"
31 #include "gnunet-service-transport.h"
32 #include "gnunet_hello_lib.h"
33 #include "gnunet_ats_service.h"
34 #include "gnunet_peerinfo_service.h"
35 #include "gnunet_signatures.h"
39 * How long is a PONG signature valid? We'll recycle a signature until
40 * 1/4 of this time is remaining. PONGs should expire so that if our
41 * external addresses change an adversary cannot replay them indefinitely.
42 * OTOH, we don't want to spend too much time generating PONG signatures,
43 * so they must have some lifetime to reduce our CPU usage.
45 #define PONG_SIGNATURE_LIFETIME GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 1)
48 * After how long do we expire an address in a HELLO that we just
49 * validated? This value is also used for our own addresses when we
52 #define HELLO_ADDRESS_EXPIRATION GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12)
55 * How often do we allow PINGing an address that we have not yet
56 * validated? This also determines how long we track an address that
57 * we cannot validate (because after this time we can destroy the
60 #define UNVALIDATED_PING_KEEPALIVE GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)
63 * How often do we PING an address that we have successfully validated
64 * in the past but are not actively using? Should be (significantly)
65 * smaller than HELLO_ADDRESS_EXPIRATION.
67 #define VALIDATED_PING_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 15)
70 * How often do we PING an address that we are currently using?
72 #define CONNECTED_PING_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 2)
75 * How much delay is acceptable for sending the PING or PONG?
77 #define ACCEPTABLE_PING_DELAY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 1)
80 * Size of the validation map hashmap.
82 #define VALIDATION_MAP_SIZE 256
85 * Priority to use for PINGs
87 #define PING_PRIORITY 2
90 * Priority to use for PONGs
92 #define PONG_PRIORITY 4
96 * Message used to ask a peer to validate receipt (to check an address
97 * from a HELLO). Followed by the address we are trying to validate,
98 * or an empty address if we are just sending a PING to confirm that a
99 * connection which the receiver (of the PING) initiated is still valid.
101 struct TransportPingMessage
105 * Type will be GNUNET_MESSAGE_TYPE_TRANSPORT_PING
107 struct GNUNET_MessageHeader header;
110 * Challenge code (to ensure fresh reply).
112 uint32_t challenge GNUNET_PACKED;
115 * Who is the intended recipient?
117 struct GNUNET_PeerIdentity target;
123 * Message used to validate a HELLO. The challenge is included in the
124 * confirmation to make matching of replies to requests possible. The
125 * signature signs our public key, an expiration time and our address.<p>
127 * This message is followed by our transport address that the PING tried
128 * to confirm (if we liked it). The address can be empty (zero bytes)
129 * if the PING had not address either (and we received the request via
130 * a connection that we initiated).
132 struct TransportPongMessage
136 * Type will be GNUNET_MESSAGE_TYPE_TRANSPORT_PONG
138 struct GNUNET_MessageHeader header;
141 * Challenge code from PING (showing freshness). Not part of what
142 * is signed so that we can re-use signatures.
144 uint32_t challenge GNUNET_PACKED;
149 struct GNUNET_CRYPTO_RsaSignature signature;
152 * GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN to confirm that this is a
153 * plausible address for the signing peer.
155 struct GNUNET_CRYPTO_RsaSignaturePurpose purpose;
158 * When does this signature expire?
160 struct GNUNET_TIME_AbsoluteNBO expiration;
163 * Size of address appended to this message (part of what is
164 * being signed, hence not redundant).
166 uint32_t addrlen GNUNET_PACKED;
172 * Information about an address under validation
174 struct ValidationEntry
180 struct GNUNET_HELLO_Address *address;
183 * Handle to the blacklist check (if we're currently in it).
185 struct GST_BlacklistCheck *bc;
188 * Public key of the peer.
190 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
193 * The identity of the peer. FIXME: duplicated (also in 'address')
195 struct GNUNET_PeerIdentity pid;
198 * ID of task that will clean up this entry if nothing happens.
200 GNUNET_SCHEDULER_TaskIdentifier timeout_task;
203 * ID of task that will trigger address revalidation.
205 GNUNET_SCHEDULER_TaskIdentifier revalidation_task;
208 * At what time did we send the latest validation request (PING)?
210 struct GNUNET_TIME_Absolute send_time;
213 * Until when is this address valid?
214 * ZERO if it is not currently considered valid.
216 struct GNUNET_TIME_Absolute valid_until;
219 * How long until we can try to validate this address again?
220 * FOREVER if the address is for an unsupported plugin (from PEERINFO)
221 * ZERO if the address is considered valid (no validation needed)
222 * otherwise a time in the future if we're currently denying re-validation
224 struct GNUNET_TIME_Absolute revalidation_block;
227 * Last observed latency for this address (round-trip), delay between
228 * last PING sent and PONG received; FOREVER if we never got a PONG.
230 struct GNUNET_TIME_Relative latency;
233 * Challenge number we used.
238 * When passing the address in 'add_valid_peer_address', did we
239 * copy the address to the HELLO yet?
244 * Are we currently using this address for a connection?
249 * Are we expecting a PONG message for this validation entry?
256 * Context of currently active requests to peerinfo
257 * for validation of HELLOs.
259 struct CheckHelloValidatedContext
263 * This is a doubly-linked list.
265 struct CheckHelloValidatedContext *next;
268 * This is a doubly-linked list.
270 struct CheckHelloValidatedContext *prev;
273 * Hello that we are validating.
275 const struct GNUNET_HELLO_Message *hello;
281 * Head of linked list of HELLOs awaiting validation.
283 static struct CheckHelloValidatedContext *chvc_head;
286 * Tail of linked list of HELLOs awaiting validation
288 static struct CheckHelloValidatedContext *chvc_tail;
291 * Map of PeerIdentities to 'struct ValidationEntry*'s (addresses
292 * of the given peer that we are currently validating, have validated
293 * or are blocked from re-validation for a while).
295 static struct GNUNET_CONTAINER_MultiHashMap *validation_map;
298 * Context for peerinfo iteration.
300 static struct GNUNET_PEERINFO_NotifyContext *pnc;
304 * Context for the validation entry match function.
306 struct ValidationEntryMatchContext
309 * Where to store the result?
311 struct ValidationEntry *ve;
314 * Address we're interested in.
316 const struct GNUNET_HELLO_Address *address;
322 * Iterate over validation entries until a matching one is found.
324 * @param cls the 'struct ValidationEntryMatchContext'
325 * @param key peer identity (unused)
326 * @param value a 'struct ValidationEntry' to match
327 * @return GNUNET_YES if the entry does not match,
328 * GNUNET_NO if the entry does match
331 validation_entry_match (void *cls, const GNUNET_HashCode * key, void *value)
333 struct ValidationEntryMatchContext *vemc = cls;
334 struct ValidationEntry *ve = value;
337 GNUNET_HELLO_address_cmp (ve->address,
348 * Iterate over validation entries and free them.
350 * @param cls (unused)
351 * @param key peer identity (unused)
352 * @param value a 'struct ValidationEntry' to clean up
353 * @return GNUNET_YES (continue to iterate)
356 cleanup_validation_entry (void *cls, const GNUNET_HashCode * key, void *value)
358 struct ValidationEntry *ve = value;
362 GST_blacklist_test_cancel (ve->bc);
365 GNUNET_break (GNUNET_OK ==
366 GNUNET_CONTAINER_multihashmap_remove (validation_map,
367 &ve->pid.hashPubKey, ve));
368 GNUNET_HELLO_address_free (ve->address);
369 if (GNUNET_SCHEDULER_NO_TASK != ve->timeout_task)
371 GNUNET_SCHEDULER_cancel (ve->timeout_task);
372 ve->timeout_task = GNUNET_SCHEDULER_NO_TASK;
374 if (GNUNET_SCHEDULER_NO_TASK != ve->revalidation_task)
376 GNUNET_SCHEDULER_cancel (ve->revalidation_task);
377 ve->revalidation_task = GNUNET_SCHEDULER_NO_TASK;
385 * Address validation cleanup task. Assesses if the record is no
386 * longer valid and then possibly triggers its removal.
388 * @param cls the 'struct ValidationEntry'
389 * @param tc scheduler context (unused)
392 timeout_hello_validation (void *cls,
393 const struct GNUNET_SCHEDULER_TaskContext *tc)
395 struct ValidationEntry *ve = cls;
396 struct GNUNET_TIME_Absolute max;
397 struct GNUNET_TIME_Relative left;
399 ve->timeout_task = GNUNET_SCHEDULER_NO_TASK;
400 max = GNUNET_TIME_absolute_max (ve->valid_until,
401 ve->revalidation_block);
402 left = GNUNET_TIME_absolute_get_remaining (max);
403 if (left.rel_value > 0)
405 /* should wait a bit longer */
406 ve->timeout_task = GNUNET_SCHEDULER_add_delayed (left,
407 &timeout_hello_validation,
411 GNUNET_STATISTICS_update (GST_stats,
412 gettext_noop ("# address records discarded"), 1,
414 cleanup_validation_entry (NULL, &ve->pid.hashPubKey, ve);
419 * Function called with the result from blacklisting.
420 * Send a PING to the other peer if a communication is allowed.
422 * @param cls our 'struct ValidationEntry'
423 * @param pid identity of the other peer
424 * @param result GNUNET_OK if the connection is allowed, GNUNET_NO if not
427 transmit_ping_if_allowed (void *cls, const struct GNUNET_PeerIdentity *pid,
430 struct ValidationEntry *ve = cls;
431 struct TransportPingMessage ping;
432 struct GNUNET_TRANSPORT_PluginFunctions *papi;
433 const struct GNUNET_MessageHeader *hello;
440 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Transmitting plain PING to `%s' %s\n",
441 GNUNET_i2s (pid), GST_plugins_a2s (ve->address));
443 slen = strlen (ve->address->transport_name) + 1;
444 hello = GST_hello_get ();
445 hsize = ntohs (hello->size);
446 tsize = sizeof (struct TransportPingMessage) + ve->address->address_length + slen + hsize;
449 htons (sizeof (struct TransportPingMessage) + ve->address->address_length + slen);
450 ping.header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PING);
451 ping.challenge = htonl (ve->challenge);
454 if (tsize >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
456 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
458 ("Not transmitting `%s' with `%s', message too big (%u bytes!). This should not happen.\n"),
459 "HELLO", "PING", (unsigned int) tsize);
460 /* message too big (!?), get rid of HELLO */
462 tsize = sizeof (struct TransportPingMessage) + ve->address->address_length + slen + hsize;
465 char message_buf[tsize];
467 /* build message with structure:
468 * [HELLO][TransportPingMessage][Transport name][Address] */
469 memcpy (message_buf, hello, hsize);
470 memcpy (&message_buf[hsize], &ping, sizeof (struct TransportPingMessage));
471 memcpy (&message_buf[sizeof (struct TransportPingMessage) + hsize],
472 ve->address->transport_name, slen);
473 memcpy (&message_buf[sizeof (struct TransportPingMessage) + slen + hsize],
474 ve->address, ve->address->address_length);
475 papi = GST_plugins_find (ve->address->transport_name);
480 GNUNET_assert (papi->send != NULL);
482 papi->send (papi->cls, pid, message_buf, tsize, PING_PRIORITY,
483 ACCEPTABLE_PING_DELAY, NULL /* no session */ ,
484 ve->address->address, ve->address->address_length,
485 GNUNET_YES, NULL, NULL);
490 ve->send_time = GNUNET_TIME_absolute_get ();
491 GNUNET_STATISTICS_update (GST_stats,
493 ("# PING without HELLO messages sent"), 1,
495 ve->expecting_pong = GNUNET_YES;
501 * Do address validation again to keep address valid.
503 * @param cls the 'struct ValidationEntry'
504 * @param tc scheduler context (unused)
507 revalidate_address (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
509 struct ValidationEntry *ve = cls;
510 struct GNUNET_TIME_Relative canonical_delay;
511 struct GNUNET_TIME_Relative delay;
512 struct GST_BlacklistCheck *bc;
515 ve->revalidation_task = GNUNET_SCHEDULER_NO_TASK;
516 delay = GNUNET_TIME_absolute_get_remaining (ve->revalidation_block);
517 /* How long until we can possibly permit the next PING? */
519 (ve->in_use == GNUNET_YES)
520 ? CONNECTED_PING_FREQUENCY
521 : ( (GNUNET_TIME_absolute_get_remaining (ve->valid_until).rel_value > 0)
522 ? VALIDATED_PING_FREQUENCY
523 : UNVALIDATED_PING_KEEPALIVE);
524 if (delay.rel_value > canonical_delay.rel_value * 2)
526 /* situation changed, recalculate delay */
527 delay = canonical_delay;
528 ve->revalidation_block = GNUNET_TIME_relative_to_absolute (delay);
530 if (delay.rel_value > 0)
532 /* should wait a bit longer */
533 ve->revalidation_task =
534 GNUNET_SCHEDULER_add_delayed (delay, &revalidate_address, ve);
537 ve->revalidation_block =
538 GNUNET_TIME_relative_to_absolute (canonical_delay);
540 /* schedule next PINGing with some extra random delay to avoid synchronous re-validations */
541 rdelay = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
542 canonical_delay.rel_value);
544 GNUNET_TIME_relative_add (canonical_delay,
545 GNUNET_TIME_relative_multiply
546 (GNUNET_TIME_UNIT_MILLISECONDS, rdelay));
547 ve->revalidation_task =
548 GNUNET_SCHEDULER_add_delayed (delay, &revalidate_address, ve);
550 /* start PINGing by checking blacklist */
551 GNUNET_STATISTICS_update (GST_stats,
552 gettext_noop ("# address revalidations started"), 1,
554 bc = GST_blacklist_test_allowed (&ve->pid, ve->address->transport_name,
555 &transmit_ping_if_allowed, ve);
557 ve->bc = bc; /* only set 'bc' if 'transmit_ping_if_allowed' was not already
563 * Find a ValidationEntry entry for the given neighbour that matches
564 * the given address and transport. If none exists, create one (but
565 * without starting any validation).
567 * @param public_key public key of the peer, NULL for unknown
568 * @param address address to find
569 * @return validation entry matching the given specifications, NULL
570 * if we don't have an existing entry and no public key was given
572 static struct ValidationEntry *
573 find_validation_entry (const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded
574 *public_key, const struct GNUNET_HELLO_Address *address)
576 struct ValidationEntryMatchContext vemc;
577 struct ValidationEntry *ve;
580 vemc.address = address;
581 GNUNET_CONTAINER_multihashmap_get_multiple (validation_map,
582 &address->peer.hashPubKey,
583 &validation_entry_match, &vemc);
584 if (NULL != (ve = vemc.ve))
586 if (public_key == NULL)
588 ve = GNUNET_malloc (sizeof (struct ValidationEntry));
589 ve->address = GNUNET_HELLO_address_copy (address);
590 ve->public_key = *public_key;
591 ve->pid = address->peer;
592 ve->latency = GNUNET_TIME_UNIT_FOREVER_REL;
594 GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX);
595 ve->timeout_task = GNUNET_SCHEDULER_add_delayed (UNVALIDATED_PING_KEEPALIVE,
596 &timeout_hello_validation, ve);
597 GNUNET_CONTAINER_multihashmap_put (validation_map, &address->peer.hashPubKey, ve,
598 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
599 ve->expecting_pong = GNUNET_NO;
605 * Iterator which adds the given address to the set of validated
608 * @param cls original HELLO message
609 * @param address the address
610 * @param expiration expiration time
611 * @return GNUNET_OK (keep the address)
614 add_valid_address (void *cls,
615 const struct GNUNET_HELLO_Address *address,
616 struct GNUNET_TIME_Absolute expiration)
618 const struct GNUNET_HELLO_Message *hello = cls;
619 struct ValidationEntry *ve;
620 struct GNUNET_PeerIdentity pid;
621 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
623 if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0)
624 return GNUNET_OK; /* expired */
625 if ((GNUNET_OK != GNUNET_HELLO_get_id (hello, &pid)) ||
626 (GNUNET_OK != GNUNET_HELLO_get_key (hello, &public_key)))
629 return GNUNET_OK; /* invalid HELLO !? */
631 if (0 == memcmp(&GST_my_identity, &pid, sizeof (struct GNUNET_PeerIdentity)))
633 /* Peerinfo returned own identity, skip validation */
637 ve = find_validation_entry (&public_key, address);
638 ve->valid_until = GNUNET_TIME_absolute_max (ve->valid_until, expiration);
640 if (GNUNET_SCHEDULER_NO_TASK == ve->revalidation_task)
641 ve->revalidation_task = GNUNET_SCHEDULER_add_now (&revalidate_address, ve);
642 GNUNET_ATS_address_update (GST_ats, address, NULL, NULL,
649 * Function called for any HELLO known to PEERINFO.
652 * @param peer id of the peer, NULL for last call
653 * @param hello hello message for the peer (can be NULL)
654 * @param err_msg error message
657 process_peerinfo_hello (void *cls, const struct GNUNET_PeerIdentity *peer,
658 const struct GNUNET_HELLO_Message *hello,
661 GNUNET_assert (NULL != peer);
664 GNUNET_assert (NULL ==
665 GNUNET_HELLO_iterate_addresses (hello, GNUNET_NO,
672 * Start the validation subsystem.
675 GST_validation_start ()
677 validation_map = GNUNET_CONTAINER_multihashmap_create (VALIDATION_MAP_SIZE);
678 pnc = GNUNET_PEERINFO_notify (GST_cfg, &process_peerinfo_hello, NULL);
683 * Stop the validation subsystem.
686 GST_validation_stop ()
688 struct CheckHelloValidatedContext *chvc;
690 GNUNET_CONTAINER_multihashmap_iterate (validation_map,
691 &cleanup_validation_entry, NULL);
692 GNUNET_CONTAINER_multihashmap_destroy (validation_map);
693 validation_map = NULL;
694 while (NULL != (chvc = chvc_head))
696 GNUNET_CONTAINER_DLL_remove (chvc_head, chvc_tail, chvc);
699 GNUNET_PEERINFO_notify_cancel (pnc);
704 * Send the given PONG to the given address.
706 * @param cls the PONG message
707 * @param public_key public key for the peer, never NULL
708 * @param target peer this change is about, never NULL
709 * @param valid_until is ZERO if we never validated the address,
710 * otherwise a time up to when we consider it (or was) valid
711 * @param validation_block is FOREVER if the address is for an unsupported plugin (from PEERINFO)
712 * is ZERO if the address is considered valid (no validation needed)
713 * otherwise a time in the future if we're currently denying re-validation
714 * @param adress target address
717 multicast_pong (void *cls,
718 const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded
720 struct GNUNET_TIME_Absolute valid_until,
721 struct GNUNET_TIME_Absolute validation_block,
722 const struct GNUNET_HELLO_Address *address)
724 struct TransportPongMessage *pong = cls;
725 struct GNUNET_TRANSPORT_PluginFunctions *papi;
727 papi = GST_plugins_find (address->transport_name);
730 (void) papi->send (papi->cls, &address->peer, (const char *) pong,
731 ntohs (pong->header.size), PONG_PRIORITY,
732 ACCEPTABLE_PING_DELAY, NULL,
734 address->address_length, GNUNET_YES, NULL, NULL);
739 * We've received a PING. If appropriate, generate a PONG.
741 * @param sender peer sending the PING
742 * @param hdr the PING
743 * @param sender_address the sender address as we got it
744 * @param session session we got the PING from
747 GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
748 const struct GNUNET_MessageHeader *hdr,
749 const struct GNUNET_HELLO_Address *sender_address,
750 struct Session *session)
752 const struct TransportPingMessage *ping;
753 struct TransportPongMessage *pong;
754 struct GNUNET_TRANSPORT_PluginFunctions *papi;
755 struct GNUNET_CRYPTO_RsaSignature *sig_cache;
756 struct GNUNET_TIME_Absolute *sig_cache_exp;
762 struct GNUNET_HELLO_Address address;
764 if (ntohs (hdr->size) < sizeof (struct TransportPingMessage))
769 ping = (const struct TransportPingMessage *) hdr;
771 memcmp (&ping->target, &GST_my_identity,
772 sizeof (struct GNUNET_PeerIdentity)))
774 GNUNET_STATISTICS_update (GST_stats,
776 ("# PING message for different peer received"), 1,
780 GNUNET_STATISTICS_update (GST_stats,
781 gettext_noop ("# PING messages received"), 1,
783 addr = (const char *) &ping[1];
784 alen = ntohs (hdr->size) - sizeof (struct TransportPingMessage);
785 /* peer wants to confirm that this is one of our addresses, this is what is
786 * used for address validation */
789 sig_cache_exp = NULL;
793 addrend = memchr (addr, '\0', alen);
800 slen = strlen (addr) + 1;
802 address.address = addrend;
803 address.address_length = alen;
804 address.transport_name = addr;
805 address.peer = *sender;
807 GST_hello_test_address (&address, &sig_cache,
810 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
812 ("Not confirming PING with address `%s' since I cannot confirm having this address.\n"),
813 GST_plugins_a2s (&address));
819 addrend = NULL; /* make gcc happy */
821 static struct GNUNET_CRYPTO_RsaSignature no_address_signature;
822 static struct GNUNET_TIME_Absolute no_address_signature_expiration;
824 sig_cache = &no_address_signature;
825 sig_cache_exp = &no_address_signature_expiration;
828 pong = GNUNET_malloc (sizeof (struct TransportPongMessage) + alen + slen);
830 htons (sizeof (struct TransportPongMessage) + alen + slen);
831 pong->header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PONG);
833 htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) +
834 sizeof (uint32_t) + sizeof (struct GNUNET_TIME_AbsoluteNBO) +
836 pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN);
837 pong->challenge = ping->challenge;
838 pong->addrlen = htonl (alen + slen);
839 memcpy (&pong[1], addr, slen);
840 memcpy (&((char *) &pong[1])[slen], addrend, alen);
841 if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value <
842 PONG_SIGNATURE_LIFETIME.rel_value / 4)
844 /* create / update cached sig */
846 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
847 "Creating PONG signature to indicate ownership.\n");
849 *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
850 pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
851 GNUNET_assert (GNUNET_OK ==
852 GNUNET_CRYPTO_rsa_sign (GST_my_private_key, &pong->purpose,
857 pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
859 pong->signature = *sig_cache;
861 /* first see if the session we got this PING from can be used to transmit
862 * a response reliably */
863 papi = GST_plugins_find (sender_address->transport_name);
868 papi->send (papi->cls, sender, (const char *) pong,
869 ntohs (pong->header.size), PONG_PRIORITY,
870 ACCEPTABLE_PING_DELAY, session,
871 sender_address->address,
872 sender_address->address_length,
873 GNUNET_SYSERR, NULL, NULL);
876 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
877 "Transmitted PONG to `%s' via reliable mechanism\n",
878 GNUNET_i2s (sender));
880 GNUNET_STATISTICS_update (GST_stats,
882 ("# PONGs unicast via reliable transport"), 1,
888 /* no reliable method found, try transmission via all known addresses */
889 GNUNET_STATISTICS_update (GST_stats,
891 ("# PONGs multicast to all available addresses"), 1,
893 GST_validation_get_addresses (sender, &multicast_pong, pong);
899 * Context for the 'validate_address' function
901 struct ValidateAddressContext
904 * Hash of the public key of the peer whose address is being validated.
906 struct GNUNET_PeerIdentity pid;
909 * Public key of the peer whose address is being validated.
911 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
916 * Iterator callback to go over all addresses and try to validate them
917 * (unless blocked or already validated).
919 * @param cls pointer to a 'struct ValidateAddressContext'
920 * @param address the address
921 * @param expiration expiration time
922 * @return GNUNET_OK (keep the address)
925 validate_address_iterator (void *cls,
926 const struct GNUNET_HELLO_Address *address,
927 struct GNUNET_TIME_Absolute expiration)
929 const struct ValidateAddressContext *vac = cls;
930 struct ValidationEntry *ve;
932 if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0)
933 return GNUNET_OK; /* expired */
934 ve = find_validation_entry (&vac->public_key, address);
935 if (GNUNET_SCHEDULER_NO_TASK == ve->revalidation_task)
936 ve->revalidation_task = GNUNET_SCHEDULER_add_now (&revalidate_address,
943 * Add the validated peer address to the HELLO.
945 * @param cls the 'struct ValidationEntry' with the validated address
946 * @param max space in buf
947 * @param buf where to add the address
948 * @return number of bytes written, 0 to signal the
949 * end of the iteration.
952 add_valid_peer_address (void *cls, size_t max, void *buf)
954 struct ValidationEntry *ve = cls;
956 if (GNUNET_YES == ve->copied)
957 return 0; /* terminate */
958 ve->copied = GNUNET_YES;
959 return GNUNET_HELLO_add_address (ve->address, ve->valid_until,
965 * We've received a PONG. Check if it matches a pending PING and
966 * mark the respective address as confirmed.
968 * @param sender peer sending the PONG
969 * @param hdr the PONG
972 GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
973 const struct GNUNET_MessageHeader *hdr)
975 const struct TransportPongMessage *pong;
976 struct ValidationEntry *ve;
982 struct GNUNET_HELLO_Message *hello;
983 struct GNUNET_HELLO_Address address;
985 if (ntohs (hdr->size) < sizeof (struct TransportPongMessage))
990 GNUNET_STATISTICS_update (GST_stats,
991 gettext_noop ("# PONG messages received"), 1,
994 pong = (const struct TransportPongMessage *) hdr;
995 tname = (const char *) &pong[1];
996 size = ntohs (hdr->size) - sizeof (struct TransportPongMessage);
997 addr = memchr (tname, '\0', size);
1000 GNUNET_break_op (0);
1004 slen = strlen (tname) + 1;
1005 addrlen = size - slen;
1006 address.peer = *sender;
1007 address.address = addr;
1008 address.address_length = addrlen;
1009 address.transport_name = tname;
1010 ve = find_validation_entry (NULL, &address);
1011 if ((NULL == ve) || (ve->expecting_pong == GNUNET_NO))
1013 GNUNET_STATISTICS_update (GST_stats,
1015 ("# PONGs dropped, no matching pending validation"),
1019 /* now check that PONG is well-formed */
1020 if (0 != memcmp (&ve->pid, sender, sizeof (struct GNUNET_PeerIdentity)))
1022 GNUNET_break_op (0);
1027 GNUNET_CRYPTO_rsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
1028 &pong->purpose, &pong->signature,
1031 GNUNET_break_op (0);
1035 if (GNUNET_TIME_absolute_get_remaining
1036 (GNUNET_TIME_absolute_ntoh (pong->expiration)).rel_value == 0)
1038 GNUNET_STATISTICS_update (GST_stats,
1040 ("# PONGs dropped, signature expired"), 1,
1045 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1046 "Address validated for peer `%s' with plugin `%s': `%s'\n",
1047 GNUNET_i2s (sender), tname, GST_plugins_a2s (tname, addr,
1051 /* validity achieved, remember it! */
1052 ve->expecting_pong = GNUNET_NO;
1053 ve->valid_until = GNUNET_TIME_relative_to_absolute (HELLO_ADDRESS_EXPIRATION);
1054 ve->latency = GNUNET_TIME_absolute_get_duration (ve->send_time);
1056 struct GNUNET_ATS_Information ats;
1058 ats.type = htonl (GNUNET_ATS_QUALITY_NET_DELAY);
1059 ats.value = htonl ((uint32_t) ve->latency.rel_value);
1060 GNUNET_ATS_address_update (GST_ats, ve->address, NULL, &ats, 1);
1062 /* build HELLO to store in PEERINFO */
1063 ve->copied = GNUNET_NO;
1064 hello = GNUNET_HELLO_create (&ve->public_key, &add_valid_peer_address, ve);
1065 GNUNET_PEERINFO_add_peer (GST_peerinfo, hello);
1066 GNUNET_free (hello);
1071 * We've received a HELLO, check which addresses are new and trigger
1074 * @param hello the HELLO we received
1077 GST_validation_handle_hello (const struct GNUNET_MessageHeader *hello)
1079 const struct GNUNET_HELLO_Message *hm =
1080 (const struct GNUNET_HELLO_Message *) hello;
1081 struct ValidateAddressContext vac;
1082 struct GNUNET_HELLO_Message *h;
1084 if ((GNUNET_OK != GNUNET_HELLO_get_id (hm, &vac.pid)) ||
1085 (GNUNET_OK != GNUNET_HELLO_get_key (hm, &vac.public_key)))
1087 /* malformed HELLO */
1092 memcmp (&GST_my_identity, &vac.pid, sizeof (struct GNUNET_PeerIdentity)))
1094 /* Add peer identity without addresses to peerinfo service */
1095 h = GNUNET_HELLO_create (&vac.public_key, NULL, NULL);
1096 GNUNET_PEERINFO_add_peer (GST_peerinfo, h);
1097 #if VERBOSE_VALIDATION
1098 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1099 _("Adding `%s' without addresses for peer `%s'\n"), "HELLO",
1100 GNUNET_i2s (&vac.pid));
1103 GNUNET_assert (NULL ==
1104 GNUNET_HELLO_iterate_addresses (hm, GNUNET_NO,
1105 &validate_address_iterator, &vac));
1110 * Closure for 'iterate_addresses'
1112 struct IteratorContext
1115 * Function to call on each address.
1117 GST_ValidationAddressCallback cb;
1128 * Call the callback in the closure for each validation entry.
1130 * @param cls the 'struct GST_ValidationIteratorContext'
1131 * @param key the peer's identity
1132 * @param value the 'struct ValidationEntry'
1133 * @return GNUNET_OK (continue to iterate)
1136 iterate_addresses (void *cls, const GNUNET_HashCode * key, void *value)
1138 struct IteratorContext *ic = cls;
1139 struct ValidationEntry *ve = value;
1141 ic->cb (ic->cb_cls, &ve->public_key, ve->valid_until,
1142 ve->revalidation_block, ve->address);
1148 * Call the given function for each address for the given target.
1149 * Can either give a snapshot (synchronous API) or be continuous.
1151 * @param target peer information is requested for
1152 * @param cb function to call; will not be called after this function returns
1153 * @param cb_cls closure for 'cb'
1156 GST_validation_get_addresses (const struct GNUNET_PeerIdentity *target,
1157 GST_ValidationAddressCallback cb, void *cb_cls)
1159 struct IteratorContext ic;
1163 GNUNET_CONTAINER_multihashmap_get_multiple (validation_map,
1164 &target->hashPubKey,
1165 &iterate_addresses, &ic);
1170 * Update if we are using an address for a connection actively right now.
1171 * Based on this, the validation module will measure latency for the
1172 * address more or less often.
1174 * @param sender peer FIXME: redundant!
1175 * @param address the address
1176 * @param in_use GNUNET_YES if we are now using the address for a connection,
1177 * GNUNET_NO if we are no longer using the address for a connection
1180 GST_validation_set_address_use (const struct GNUNET_PeerIdentity *sender,
1181 const struct GNUNET_HELLO_Address *address,
1182 struct Session *session,
1185 struct ValidationEntry *ve;
1187 if (NULL != address)
1188 ve = find_validation_entry (NULL, address);
1190 ve = NULL; /* FIXME: lookup based on session... */
1193 /* this can happen for inbound connections (sender_address_len == 0); */
1196 if (ve->in_use == in_use)
1197 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1198 "GST_validation_set_address_use: %s %s: ve->in_use %i <-> in_use %i\n",
1200 GST_plugins_a2s(address),
1203 GNUNET_break (ve->in_use != in_use); /* should be different... */
1204 ve->in_use = in_use;
1205 if (in_use == GNUNET_YES)
1207 /* from now on, higher frequeny, so reschedule now */
1208 GNUNET_SCHEDULER_cancel (ve->revalidation_task);
1209 ve->revalidation_task =
1210 GNUNET_SCHEDULER_add_now (&revalidate_address, ve);
1216 * Query validation about the latest observed latency on a given
1219 * @param sender peer
1220 * @param address the address
1221 * @param session session
1222 * @return observed latency of the address, FOREVER if the address was
1223 * never successfully validated
1225 struct GNUNET_TIME_Relative
1226 GST_validation_get_address_latency (const struct GNUNET_PeerIdentity *sender,
1227 const struct GNUNET_HELLO_Address *address,
1228 struct Session *session)
1230 struct ValidationEntry *ve;
1232 if (NULL == address)
1234 GNUNET_break (0); // FIXME: support having latency only with session...
1235 return GNUNET_TIME_UNIT_FOREVER_REL;
1237 ve = find_validation_entry (NULL, address);
1239 return GNUNET_TIME_UNIT_FOREVER_REL;
1244 /* end of file gnunet-service-transport_validation.c */