#define REKEY_WAIT GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 5)
+#define CONNECTIONS_PER_TUNNEL 3
+
/******************************************************************************/
/******************************** STRUCTS **********************************/
/******************************************************************************/
struct MeshChannel *ch;
};
+
+/**
+ * Connection list and metadata.
+ */
struct MeshTConnection
{
+ /**
+ * Next in DLL.
+ */
struct MeshTConnection *next;
+
+ /**
+ * Prev in DLL.
+ */
struct MeshTConnection *prev;
+
+ /**
+ * Connection handle.
+ */
struct MeshConnection *c;
+
+ /**
+ * Creation time, to keep oldest connection alive.
+ */
+ struct GNUNET_TIME_Absolute created;
+
+ /**
+ * Connection throughput, to keep fastest connection alive.
+ */
+ uint32_t throughput;
};
/**
unsigned int qn;
unsigned int lowest_q;
- LOG (GNUNET_ERROR_TYPE_DEBUG, "tunnel_get_connection %s\n", GMP_2s (t->peer));
+ LOG (GNUNET_ERROR_TYPE_DEBUG, "tunnel_get_connection %s\n", GMT_2s (t));
best = NULL;
lowest_q = UINT_MAX;
for (iter = t->connection_head; NULL != iter; iter = iter->next)
}
+/**
+ * Calculate HMAC.
+ *
+ * @param t Tunnel to get keys from.
+ * @param plaintext Content to HMAC.
+ * @param size Size of @c plaintext.
+ * @param iv Initialization vector for the message.
+ * @param outgoing Is this an outgoing message that we encrypted?
+ * @param hmac Destination to store the HMAC.
+ */
+static void
+t_hmac (struct MeshTunnel3 *t, const void *plaintext, size_t size, uint32_t iv,
+ int outgoing, struct GNUNET_MeshHash *hmac)
+{
+ struct GNUNET_CRYPTO_AuthKey auth_key;
+ static const char ctx[] = "mesh authentication key";
+ struct GNUNET_CRYPTO_SymmetricSessionKey *key;
+ struct GNUNET_HashCode hash;
+
+ key = outgoing ? &t->e_key : &t->d_key;
+ GNUNET_CRYPTO_hmac_derive_key (&auth_key, key,
+ &iv, sizeof (iv),
+ key, sizeof (*key),
+ ctx, sizeof (ctx),
+ NULL);
+ GNUNET_CRYPTO_hmac (&auth_key, plaintext, size, &hash);
+ memcpy (hmac, &hash, sizeof (*hmac));
+}
+
/**
* Sends an already built message on a tunnel, encrypting it and
msg->header.type = htons (GNUNET_MESSAGE_TYPE_MESH_ENCRYPTED);
msg->iv = iv;
GNUNET_assert (t_encrypt (t, &msg[1], message, size, iv) == size);
+ t_hmac (t, &msg[1], size, iv, GNUNET_YES, &msg->hmac);
msg->header.size = htons (sizeof (struct GNUNET_MESH_Encrypted) + size);
+
if (NULL == c)
c = tunnel_get_connection (t);
if (NULL == c)
{
case GNUNET_MESSAGE_TYPE_MESH_KEEPALIVE:
/* Do nothing, connection aleady got updated. */
+ GNUNET_STATISTICS_update (stats, "# keepalives received", 1, GNUNET_NO);
break;
case GNUNET_MESSAGE_TYPE_MESH_DATA:
char cbuf [payload_size];
struct GNUNET_MessageHeader *msgh;
unsigned int off;
+ struct GNUNET_MeshHash hmac;
decrypted_size = t_decrypt (t, cbuf, &msg[1], payload_size, msg->iv);
+ t_hmac (t, &msg[1], payload_size, msg->iv, GNUNET_NO, &hmac);
+ if (0 != memcmp (&hmac, &msg->hmac, sizeof (hmac)))
+ {
+ /* checksum failed */
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "Failed checksum validation for a message on tunnel `%s'\n",
+ GMT_2s (t));
+ GNUNET_STATISTICS_update (stats, "# wrong HMAC", 1, GNUNET_NO);
+ return;
+ }
off = 0;
while (off < decrypted_size)
{
{
if (NULL == t)
return;
- LOG (GNUNET_ERROR_TYPE_DEBUG,
- "Tunnel %s cstate was %s\n",
- GMP_2s (t->peer), cstate2s (t->cstate));
- LOG (GNUNET_ERROR_TYPE_DEBUG,
- "Tunnel %s cstate is now %s\n",
- GMP_2s (t->peer), cstate2s (cstate));
+ LOG (GNUNET_ERROR_TYPE_DEBUG, "Tunnel %s cstate %s => %s\n",
+ GMP_2s (t->peer), cstate2s (t->cstate), cstate2s (cstate));
if (myid != GMP_get_short_id (t->peer) &&
MESH_TUNNEL3_READY != t->cstate &&
MESH_TUNNEL3_READY == cstate)
t->cstate = cstate;
if (MESH_TUNNEL3_KEY_OK == t->estate)
{
- LOG (GNUNET_ERROR_TYPE_DEBUG, " triggered send queued data\n");
+ LOG (GNUNET_ERROR_TYPE_DEBUG, " cstate triggered send queued data\n");
send_queued_data (t);
}
else if (MESH_TUNNEL3_KEY_UNINITIALIZED == t->estate)
{
- LOG (GNUNET_ERROR_TYPE_DEBUG, " triggered rekey\n");
+ LOG (GNUNET_ERROR_TYPE_DEBUG, " cstate triggered rekey\n");
rekey_tunnel (t, NULL);
}
}
t->cstate = cstate;
- if (MESH_TUNNEL3_READY == cstate && 3 <= GMT_count_connections (t))
+ if (MESH_TUNNEL3_READY == cstate
+ && CONNECTIONS_PER_TUNNEL <= GMT_count_connections (t))
{
+ LOG (GNUNET_ERROR_TYPE_DEBUG, " cstate triggered stop dht\n");
GMP_stop_search (t->peer);
}
}
}
+/**
+ * Check that the tunnel doesn't have too many connections,
+ * remove one if necessary.
+ *
+ * For the time being, this means the newest connection.
+ *
+ * @param t Tunnel to check.
+ */
+static void
+check_connection_count (struct MeshTunnel3 *t)
+{
+ if (GMT_count_connections (t) > CONNECTIONS_PER_TUNNEL)
+ {
+ struct MeshTConnection *iter;
+ struct MeshTConnection *c;
+
+ for (iter = t->connection_head; NULL != iter; iter = iter->next)
+ {
+ if (NULL == c || iter->created.abs_value_us > c->created.abs_value_us)
+ {
+ c = iter;
+ }
+ }
+ if (NULL != c)
+ GMC_destroy (c->c);
+ else
+ GNUNET_break (0);
+ }
+}
+
/**
* Add a connection to a tunnel.
*
aux = GNUNET_new (struct MeshTConnection);
aux->c = c;
- GNUNET_CONTAINER_DLL_insert_tail (t->connection_head, t->connection_tail, aux);
+ aux->created = GNUNET_TIME_absolute_get ();
+
+ GNUNET_CONTAINER_DLL_insert (t->connection_head, t->connection_tail, aux);
+
+ check_connection_count (t);
}
&& GNUNET_NO == shutting_down)
{
LOG (GNUNET_ERROR_TYPE_DEBUG, " no more connections, getting new ones\n");
- GMP_connect (t->peer);
t->cstate = MESH_TUNNEL3_SEARCHING;
+ GMP_connect (t->peer);
return;
}
GMT_use_path (struct MeshTunnel3 *t, struct MeshPeerPath *p)
{
struct MeshConnection *c;
- struct GNUNET_HashCode cid;
+ struct GNUNET_MeshHash cid;
unsigned int own_pos;
if (NULL == t || NULL == p)
if (p->peers[own_pos] == myid)
break;
}
- if (own_pos > p->length - 1)
+ if (own_pos >= p->length)
{
GNUNET_break_op (0);
return NULL;
}
- GNUNET_CRYPTO_hash_create_random (GNUNET_CRYPTO_QUALITY_NONCE, &cid);
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, &cid, sizeof (cid));
c = GMC_new (&cid, t, p, own_pos);
if (NULL == c)
{
}
}
}
- return (path->length + overlap) * (path->score * -1);
+ return path->length + overlap;
}
projects / oweals / gnunet.git / blobdiff