/*
This file is part of GNUnet.
- (C) 2010,2011 Christian Grothoff (and other contributing authors)
+ (C) 2010-2013 Christian Grothoff (and other contributing authors)
GNUnet is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published
#include "gnunet_peerinfo_service.h"
#include "gnunet_signatures.h"
-#define KEEP_093_COMPATIBILITY GNUNET_NO
/**
* How long is a PONG signature valid? We'll recycle a signature until
/**
* Signature.
*/
- struct GNUNET_CRYPTO_RsaSignature signature;
+ struct GNUNET_CRYPTO_EccSignature signature;
/**
* GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN to confirm that this is a
* plausible address for the signing peer.
*/
- struct GNUNET_CRYPTO_RsaSignaturePurpose purpose;
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* When does this signature expire?
/**
* Public key of the peer.
*/
- struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
+ struct GNUNET_CRYPTO_EccPublicKey public_key;
/**
* The identity of the peer. FIXME: duplicated (also in 'address')
*/
struct GNUNET_PeerIdentity pid;
+ /**
+ * Cached PONG signature
+ */
+ struct GNUNET_CRYPTO_EccSignature pong_sig_cache;
+
/**
* ID of task that will clean up this entry if nothing happens.
*/
*/
struct GNUNET_TIME_Absolute valid_until;
+ /**
+ * Until when is the cached PONG signature valid?
+ * ZERO if it is not currently considered valid.
+ */
+ struct GNUNET_TIME_Absolute pong_sig_valid_until;
+
/**
* How long until we can try to validate this address again?
* FOREVER if the address is for an unsupported plugin (from PEERINFO)
/* FIXME: DEBUGGING */
int last_line_set_to_no;
int last_line_set_to_yes;
+
+ enum GNUNET_ATS_Network_Type network;
};
static struct GNUNET_PEERINFO_NotifyContext *pnc;
+/**
+ * Minimum delay between to validations
+ */
+static struct GNUNET_TIME_Relative validation_delay;
+
+/**
+ * Number of validations running
+ */
+static unsigned int validations_running;
+
+/**
+ * Validition fast start threshold
+ */
+static unsigned int validations_fast_start_threshold;
+
+/**
+ * When is next validation allowed
+ */
+static struct GNUNET_TIME_Absolute validation_next;
+
/**
* Context for the validation entry match function.
*/
GNUNET_SCHEDULER_cancel (ve->revalidation_task);
ve->revalidation_task = GNUNET_SCHEDULER_NO_TASK;
}
+ if ((GNUNET_YES == ve->expecting_pong) &&
+ (validations_running > 0))
+ {
+ validations_running --;
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Validation finished, %u validation processes running\n",
+ validations_running);
+ }
GNUNET_free (ve);
return GNUNET_OK;
}
ve->timeout_task = GNUNET_SCHEDULER_NO_TASK;
max = GNUNET_TIME_absolute_max (ve->valid_until, ve->revalidation_block);
left = GNUNET_TIME_absolute_get_remaining (max);
- if (left.rel_value > 0)
+ if (left.rel_value_us > 0)
{
/* should wait a bit longer */
ve->timeout_task =
struct ValidationEntry *ve = cls;
struct TransportPingMessage ping;
struct GNUNET_TRANSPORT_PluginFunctions *papi;
+ struct GNUNET_TIME_Absolute next;
const struct GNUNET_MessageHeader *hello;
+ enum GNUNET_ATS_Network_Type network;
ssize_t ret;
size_t tsize;
size_t slen;
uint16_t hsize;
ve->bc = NULL;
+
+ if (GNUNET_NO == result)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Blacklist denies to send PING to `%s' %s %s\n",
+ GNUNET_i2s (pid), GST_plugins_a2s (ve->address), ve->address->transport_name);
+ return;
+ }
+
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Transmitting plain PING to `%s' %s %s\n",
GNUNET_i2s (pid), GST_plugins_a2s (ve->address), ve->address->transport_name);
+ next = GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get(), validation_delay);
+ if (next.abs_value_us > validation_next.abs_value_us)
+ validation_next = next; /* We're going to send a PING so delay next validation */
+
slen = strlen (ve->address->transport_name) + 1;
hello = GST_hello_get ();
hsize = ntohs (hello->size);
message_buf, tsize,
PING_PRIORITY, ACCEPTABLE_PING_DELAY,
NULL, NULL);
+ network = papi->get_network (ve->address, session);
+ if (GNUNET_ATS_NET_UNSPECIFIED == network)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Could not obtain a valid network for `%s' %s\n",
+ GNUNET_i2s (pid), GST_plugins_a2s (ve->address));
+ GNUNET_break (0);
+ }
}
else
{
gettext_noop
("# PING without HELLO messages sent"), 1,
GNUNET_NO);
+
+ ve->network = network;
ve->expecting_pong = GNUNET_YES;
+ validations_running ++;
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Validation started, %u validation processes running\n",
+ validations_running);
}
}
struct ValidationEntry *ve = cls;
struct GNUNET_TIME_Relative canonical_delay;
struct GNUNET_TIME_Relative delay;
+ struct GNUNET_TIME_Relative blocked_for;
struct GST_BlacklistCheck *bc;
uint32_t rdelay;
canonical_delay =
(ve->in_use ==
GNUNET_YES) ? CONNECTED_PING_FREQUENCY
- : ((GNUNET_TIME_absolute_get_remaining (ve->valid_until).rel_value >
+ : ((GNUNET_TIME_absolute_get_remaining (ve->valid_until).rel_value_us >
0) ? VALIDATED_PING_FREQUENCY : UNVALIDATED_PING_KEEPALIVE);
- if (delay.rel_value > canonical_delay.rel_value * 2)
+ if (delay.rel_value_us > canonical_delay.rel_value_us * 2)
{
/* situation changed, recalculate delay */
delay = canonical_delay;
ve->revalidation_block = GNUNET_TIME_relative_to_absolute (delay);
}
- if (delay.rel_value > 0)
+ if (delay.rel_value_us > 0)
{
/* should wait a bit longer */
ve->revalidation_task =
GNUNET_SCHEDULER_add_delayed (delay, &revalidate_address, ve);
return;
}
+ blocked_for = GNUNET_TIME_absolute_get_remaining(validation_next);
+ if ((validations_running > validations_fast_start_threshold) &&
+ (blocked_for.rel_value_us > 0))
+ {
+ /* Validations are blocked, have to wait for blocked_for time */
+ ve->revalidation_task =
+ GNUNET_SCHEDULER_add_delayed (blocked_for, &revalidate_address, ve);
+ return;
+ }
ve->revalidation_block = GNUNET_TIME_relative_to_absolute (canonical_delay);
/* schedule next PINGing with some extra random delay to avoid synchronous re-validations */
rdelay =
GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
- canonical_delay.rel_value);
- delay =
- GNUNET_TIME_relative_add (canonical_delay,
- GNUNET_TIME_relative_multiply
- (GNUNET_TIME_UNIT_MILLISECONDS, rdelay));
+ canonical_delay.rel_value_us);
+
+ /* Debug code for mantis 0002726 */
+ if (GNUNET_TIME_UNIT_FOREVER_REL.rel_value_us ==
+ GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MICROSECONDS, rdelay).rel_value_us)
+ {
+ GNUNET_break (0);
+ delay = canonical_delay;
+ }
+ else
+ {
+ delay = GNUNET_TIME_relative_add (canonical_delay,
+ GNUNET_TIME_relative_multiply
+ (GNUNET_TIME_UNIT_MICROSECONDS, rdelay));
+ }
+ /* End debug code for mantis 0002726*/
ve->revalidation_task =
GNUNET_SCHEDULER_add_delayed (delay, &revalidate_address, ve);
* if we don't have an existing entry and no public key was given
*/
static struct ValidationEntry *
-find_validation_entry (const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded
- *public_key, const struct GNUNET_HELLO_Address *address)
+find_validation_entry (const struct GNUNET_CRYPTO_EccPublicKey *public_key,
+ const struct GNUNET_HELLO_Address *address)
{
struct ValidationEntryMatchContext vemc;
struct ValidationEntry *ve;
ve->address = GNUNET_HELLO_address_copy (address);
ve->public_key = *public_key;
ve->pid = address->peer;
+ ve->pong_sig_valid_until = GNUNET_TIME_absolute_get_zero_();
+ memset (&ve->pong_sig_cache, '\0', sizeof (struct GNUNET_CRYPTO_EccSignature));
ve->latency = GNUNET_TIME_UNIT_FOREVER_REL;
ve->challenge =
GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX);
const struct GNUNET_HELLO_Message *hello = cls;
struct ValidationEntry *ve;
struct GNUNET_PeerIdentity pid;
- struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
+ struct GNUNET_ATS_Information ats;
+ struct GNUNET_CRYPTO_EccPublicKey public_key;
- if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0)
+ if (0 == GNUNET_TIME_absolute_get_remaining (expiration).rel_value_us)
return GNUNET_OK; /* expired */
if ((GNUNET_OK != GNUNET_HELLO_get_id (hello, &pid)) ||
(GNUNET_OK != GNUNET_HELLO_get_key (hello, &public_key)))
if (GNUNET_SCHEDULER_NO_TASK == ve->revalidation_task)
ve->revalidation_task = GNUNET_SCHEDULER_add_now (&revalidate_address, ve);
- GNUNET_ATS_address_add (GST_ats, address, NULL, NULL, 0);
+
+ ats.type = htonl (GNUNET_ATS_NETWORK_TYPE);
+ ats.value = htonl (ve->network);
+ GNUNET_ATS_address_add (GST_ats, address, NULL, &ats, 1);
+
return GNUNET_OK;
}
/**
* Start the validation subsystem.
+ *
+ * @param max_fds maximum number of fds to use
*/
void
-GST_validation_start ()
+GST_validation_start (unsigned int max_fds)
{
- validation_map = GNUNET_CONTAINER_multihashmap_create (VALIDATION_MAP_SIZE);
- pnc = GNUNET_PEERINFO_notify (GST_cfg, &process_peerinfo_hello, NULL);
+ /**
+ * Initialization for validation throttling
+ *
+ * We have a maximum number max_fds of connections we can use for validation
+ * We monitor the number of validations in parallel and start to throttle it
+ * when doing to many validations in parallel:
+ * if (running validations < (max_fds / 2))
+ * - "fast start": run validation immediately
+ * - have delay of (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT.rel_value_us) / (max_fds / 2)
+ * (300 sec / ~150 == ~2 sec.) between two validations
+ */
+
+ validation_next = GNUNET_TIME_absolute_get();
+ validation_delay.rel_value_us = (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT.rel_value_us) / (max_fds / 2);
+ validations_fast_start_threshold = (max_fds / 2);
+ validations_running = 0;
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Validation uses a fast start threshold of %u connections and a delay between of %s\n ",
+ validations_fast_start_threshold,
+ GNUNET_STRINGS_relative_time_to_string (validation_delay,
+ GNUNET_YES));
+ validation_map = GNUNET_CONTAINER_multihashmap_create (VALIDATION_MAP_SIZE,
+ GNUNET_NO);
+ pnc = GNUNET_PEERINFO_notify (GST_cfg, GNUNET_YES, &process_peerinfo_hello, NULL);
}
*/
static void
multicast_pong (void *cls,
- const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded
- *public_key, struct GNUNET_TIME_Absolute valid_until,
+ const struct GNUNET_CRYPTO_EccPublicKey *public_key,
+ struct GNUNET_TIME_Absolute valid_until,
struct GNUNET_TIME_Absolute validation_block,
const struct GNUNET_HELLO_Address *address)
{
const struct TransportPingMessage *ping;
struct TransportPongMessage *pong;
struct GNUNET_TRANSPORT_PluginFunctions *papi;
- struct GNUNET_CRYPTO_RsaSignature *sig_cache;
+ struct GNUNET_CRYPTO_EccSignature *sig_cache;
struct GNUNET_TIME_Absolute *sig_cache_exp;
const char *addr;
const char *addrend;
+ char *plugin_name;
+ char *pos;
size_t alen;
size_t slen;
ssize_t ret;
sig_cache = NULL;
sig_cache_exp = NULL;
-
- if (0 < alen)
+ papi = NULL;
+ if (alen > 0)
{
addrend = memchr (addr, '\0', alen);
if (NULL == addrend)
address.transport_name = addr;
address.peer = GST_my_identity;
+ if (NULL == address.transport_name)
+ {
+ GNUNET_break (0);
+ }
+
+ if (0 != strstr (address.transport_name, "_client"))
+ {
+ plugin_name = GNUNET_strdup (address.transport_name);
+ pos = strstr (plugin_name, "_client");
+ GNUNET_assert (NULL != pos);
+ GNUNET_snprintf (pos, strlen ("_server") + 1, "%s", "_server");
+ }
+ else
+ plugin_name = GNUNET_strdup (address.transport_name);
+
+ if (NULL == (papi = GST_plugins_find (plugin_name)))
+ {
+ /* we don't have the plugin for this address */
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Plugin `%s' not available, cannot confirm having this address \n",
+ plugin_name);
+ GNUNET_free (plugin_name);
+ return;
+ }
+ GNUNET_free (plugin_name);
+ if (GNUNET_OK != papi->check_address (papi->cls, addrend, alen))
+ {
+ GNUNET_STATISTICS_update (GST_stats,
+ gettext_noop
+ ("# failed address checks during validation"), 1,
+ GNUNET_NO);
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Address `%s' is not one of my addresses, not confirming PING\n",
+ GST_plugins_a2s (&address));
+ return;
+ }
+ else
+ {
+ GNUNET_STATISTICS_update (GST_stats,
+ gettext_noop
+ ("# successful address checks during validation"), 1,
+ GNUNET_NO);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Address `%s' is one of my addresses, confirming PING\n",
+ GST_plugins_a2s (&address));
+ }
if (GNUNET_YES != GST_hello_test_address (&address, &sig_cache, &sig_cache_exp))
{
-#if KEEP_093_COMPATIBILITY
- int idsize = sizeof (GST_my_identity);
- if (alen <= idsize)
- {
- if (0 == memcmp (address.address, &GST_my_identity, alen))
- buggy = GNUNET_YES;
- }
- else if (alen <= (idsize + strlen (address.transport_name)))
- {
- char *achar = (char *) &address.address;
- if ((0 == memcmp (address.address, &GST_my_identity, idsize)) &&
- (0 == memcmp (&achar[idsize], address.transport_name, alen - idsize)))
- buggy = GNUNET_YES;
- }
- else
- {
- /* Not predicatable */
- return;
- }
-#endif
if (GNUNET_NO == buggy)
{
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
{
addrend = NULL; /* make gcc happy */
slen = 0;
- static struct GNUNET_CRYPTO_RsaSignature no_address_signature;
+ static struct GNUNET_CRYPTO_EccSignature no_address_signature;
static struct GNUNET_TIME_Absolute no_address_signature_expiration;
sig_cache = &no_address_signature;
sig_cache_exp = &no_address_signature_expiration;
}
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"I am `%s', sending PONG to peer `%s'\n",
GNUNET_h2s (&GST_my_identity.hashPubKey),
GNUNET_i2s (sender));
+ /* message with structure:
+ * [TransportPongMessage][Transport name][Address] */
+
pong = GNUNET_malloc (sizeof (struct TransportPongMessage) + alen + slen);
pong->header.size =
htons (sizeof (struct TransportPongMessage) + alen + slen);
pong->header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PONG);
pong->purpose.size =
- htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) +
+ htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
sizeof (uint32_t) + sizeof (struct GNUNET_TIME_AbsoluteNBO) +
alen + slen);
pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN);
- pong->challenge = ping->challenge;
+ memcpy (&pong->challenge, &ping->challenge, sizeof (ping->challenge));
pong->addrlen = htonl (alen + slen);
- memcpy (&pong[1], addr, slen);
-#if KEEP_093_COMPATIBILITY
- if (GNUNET_YES == buggy)
+ memcpy (&pong[1], addr, slen); /* Copy transport plugin */
+ if (alen > 0)
{
- int idsize = sizeof (GST_my_identity);
- if (alen <= idsize)
- {
- memcpy (&((char *) &pong[1])[slen], &GST_my_identity, alen);
- }
- else if (alen <= (idsize + strlen (address.transport_name) + 1))
- {
- memcpy (&((char *) &pong[1])[slen], &GST_my_identity, alen);
- memcpy (&((char *) &pong[1])[slen + idsize], address.transport_name, alen-idsize);
- }
- else
+ GNUNET_assert (NULL != addrend);
+ memcpy (&((char *) &pong[1])[slen], addrend, alen);
+ }
+ if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value_us <
+ PONG_SIGNATURE_LIFETIME.rel_value_us / 4)
+ {
+ /* create / update cached sig */
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Creating PONG signature to indicate ownership.\n");
+ *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
+ pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
+ if (GNUNET_OK !=
+ GNUNET_CRYPTO_ecc_sign (GST_my_private_key, &pong->purpose,
+ sig_cache))
{
- /* If this would happen, we would have a inconsistent PING we cannot reproduce */
- GNUNET_free (pong);
- return;
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ _("Failed to create PONG signature for peer `%s'\n"), GNUNET_i2s (sender));
}
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating buggy PONG signature to indicate ownership.\n");
- pong->expiration = GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME));
- GNUNET_assert (GNUNET_OK ==
- GNUNET_CRYPTO_rsa_sign (GST_my_private_key, &pong->purpose,
- &pong->signature));
}
else
{
-#endif
- memcpy (&((char *) &pong[1])[slen], addrend, alen);
- if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value <
- PONG_SIGNATURE_LIFETIME.rel_value / 4)
- {
- /* create / update cached sig */
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Creating PONG signature to indicate ownership.\n");
- *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
- pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
- GNUNET_assert (GNUNET_OK ==
- GNUNET_CRYPTO_rsa_sign (GST_my_private_key, &pong->purpose,
- sig_cache));
- }
- else
- {
- pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
- }
- pong->signature = *sig_cache;
-
-#if KEEP_093_COMPATIBILITY
+ pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
}
-#endif
-
+ pong->signature = *sig_cache;
+
GNUNET_assert (sender_address != NULL);
/* first see if the session we got this PING from can be used to transmit
* a response reliably */
- papi = GST_plugins_find (sender_address->transport_name);
if (papi == NULL)
ret = -1;
else
/**
* Public key of the peer whose address is being validated.
*/
- struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
+ struct GNUNET_CRYPTO_EccPublicKey public_key;
};
const struct ValidateAddressContext *vac = cls;
struct ValidationEntry *ve;
- if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0)
+ if (0 == GNUNET_TIME_absolute_get_remaining (expiration).rel_value_us)
return GNUNET_OK; /* expired */
ve = find_validation_entry (&vac->public_key, address);
if (GNUNET_SCHEDULER_NO_TASK == ve->revalidation_task)
size_t size;
struct GNUNET_HELLO_Message *hello;
struct GNUNET_HELLO_Address address;
+ int sig_res;
+ int do_verify;
if (ntohs (hdr->size) < sizeof (struct TransportPongMessage))
{
gettext_noop ("# PONG messages received"), 1,
GNUNET_NO);
+ /* message with structure:
+ * [TransportPongMessage][Transport name][Address] */
+
pong = (const struct TransportPongMessage *) hdr;
tname = (const char *) &pong[1];
size = ntohs (hdr->size) - sizeof (struct TransportPongMessage);
address.address_length = addrlen;
address.transport_name = tname;
ve = find_validation_entry (NULL, &address);
- if ((NULL == ve) || (ve->expecting_pong == GNUNET_NO))
+ if ((NULL == ve) || (GNUNET_NO == ve->expecting_pong))
{
GNUNET_STATISTICS_update (GST_stats,
gettext_noop
GNUNET_break_op (0);
return;
}
-
- if (GNUNET_OK !=
- GNUNET_CRYPTO_rsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
- &pong->purpose, &pong->signature,
- &ve->public_key))
- {
- GNUNET_break_op (0);
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Invalid signature on address %s:%s from peer `%s'\n",
- tname, GST_plugins_a2s (ve->address),
- GNUNET_i2s (sender));
- return;
- }
-
if (GNUNET_TIME_absolute_get_remaining
- (GNUNET_TIME_absolute_ntoh (pong->expiration)).rel_value == 0)
+ (GNUNET_TIME_absolute_ntoh (pong->expiration)).rel_value_us == 0)
{
GNUNET_STATISTICS_update (GST_stats,
gettext_noop
GNUNET_NO);
return;
}
+
+ sig_res = GNUNET_SYSERR;
+ do_verify = GNUNET_YES;
+ if (0 != GNUNET_TIME_absolute_get_remaining(ve->pong_sig_valid_until).rel_value_us)
+ {
+ /* We have a cached and valid signature for this peer,
+ * try to compare instead of verify */
+ if (0 == memcmp (&ve->pong_sig_cache, &pong->signature, sizeof (struct GNUNET_CRYPTO_EccSignature)))
+ {
+ /* signatures are identical, we can skip verification */
+ sig_res = GNUNET_OK;
+ do_verify = GNUNET_NO;
+ }
+ else
+ {
+ sig_res = GNUNET_SYSERR;
+ /* signatures do not match, we have to verify */
+ }
+ }
+
+ if (GNUNET_YES == do_verify)
+ {
+ /* Do expensive verification */
+ sig_res = GNUNET_CRYPTO_ecc_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
+ &pong->purpose, &pong->signature,
+ &ve->public_key);
+ if (sig_res == GNUNET_SYSERR)
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "Failed to verify: invalid signature on address %s:%s from peer `%s'\n",
+ tname, GST_plugins_a2s (ve->address),GNUNET_i2s (sender));
+ }
+
+ if (sig_res == GNUNET_SYSERR)
+ return;
+
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Address validated for peer `%s' with plugin `%s': `%s'\n",
GNUNET_i2s (sender), tname, GST_plugins_a2s (ve->address));
/* validity achieved, remember it! */
ve->expecting_pong = GNUNET_NO;
ve->valid_until = GNUNET_TIME_relative_to_absolute (HELLO_ADDRESS_EXPIRATION);
+ ve->pong_sig_cache = pong->signature;
+ ve->pong_sig_valid_until = GNUNET_TIME_absolute_ntoh (pong->expiration);
ve->latency = GNUNET_TIME_absolute_get_duration (ve->send_time);
{
- struct GNUNET_ATS_Information ats;
- ats.type = htonl (GNUNET_ATS_QUALITY_NET_DELAY);
- ats.value = htonl ((uint32_t) ve->latency.rel_value);
- GNUNET_ATS_address_add (GST_ats, ve->address, NULL, &ats, 1);
+ struct GNUNET_ATS_Information ats[2];
+ ats[0].type = htonl (GNUNET_ATS_QUALITY_NET_DELAY);
+ ats[0].value = htonl ((uint32_t) ve->latency.rel_value_us);
+ ats[1].type = htonl (GNUNET_ATS_NETWORK_TYPE);
+ ats[1].value = htonl ((uint32_t) ve->network);
+ GNUNET_ATS_address_add (GST_ats, ve->address, NULL, ats, 2);
+ }
+ if (validations_running > 0)
+ {
+ validations_running --;
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Validation finished, %u validation processes running\n",
+ validations_running);
}
+ else
+ GNUNET_break (0);
+
/* build HELLO to store in PEERINFO */
ve->copied = GNUNET_NO;
- hello = GNUNET_HELLO_create (&ve->public_key, &add_valid_peer_address, ve);
+ hello = GNUNET_HELLO_create (&ve->public_key, &add_valid_peer_address, ve, GNUNET_NO);
GNUNET_PEERINFO_add_peer (GST_peerinfo, hello, NULL, NULL);
GNUNET_free (hello);
}
(const struct GNUNET_HELLO_Message *) hello;
struct ValidateAddressContext vac;
struct GNUNET_HELLO_Message *h;
+ int friend;
- if ((GNUNET_OK != GNUNET_HELLO_get_id (hm, &vac.pid)) ||
+ friend = GNUNET_HELLO_is_friend_only (hm);
+ if (((GNUNET_YES != friend) && (GNUNET_NO != friend)) ||
+ (GNUNET_OK != GNUNET_HELLO_get_id (hm, &vac.pid)) ||
(GNUNET_OK != GNUNET_HELLO_get_key (hm, &vac.public_key)))
{
/* malformed HELLO */
memcmp (&GST_my_identity, &vac.pid, sizeof (struct GNUNET_PeerIdentity)))
return;
/* Add peer identity without addresses to peerinfo service */
- h = GNUNET_HELLO_create (&vac.public_key, NULL, NULL);
+ h = GNUNET_HELLO_create (&vac.public_key, NULL, NULL, friend);
GNUNET_PEERINFO_add_peer (GST_peerinfo, h, NULL, NULL);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
projects / oweals / gnunet.git / blobdiff