/**
* Signature.
*/
- struct GNUNET_CRYPTO_RsaSignature signature;
+ struct GNUNET_CRYPTO_EccSignature signature;
/**
* GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN to confirm that this is a
* plausible address for the signing peer.
*/
- struct GNUNET_CRYPTO_RsaSignaturePurpose purpose;
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* When does this signature expire?
/**
* Public key of the peer.
*/
- struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
+ struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded public_key;
/**
* The identity of the peer. FIXME: duplicated (also in 'address')
static struct GNUNET_PEERINFO_NotifyContext *pnc;
+/**
+ * Minimum delay between to validations
+ */
+static struct GNUNET_TIME_Relative validation_delay;
+
+/**
+ * When is next validation allowed
+ */
+static struct GNUNET_TIME_Absolute validation_next;
+
/**
* Context for the validation entry match function.
*/
struct ValidationEntry *ve = cls;
struct TransportPingMessage ping;
struct GNUNET_TRANSPORT_PluginFunctions *papi;
+ struct GNUNET_TIME_Absolute next;
const struct GNUNET_MessageHeader *hello;
ssize_t ret;
size_t tsize;
uint16_t hsize;
ve->bc = NULL;
+
+ if (GNUNET_NO == result)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Blacklist denies to send PING to `%s' %s %s\n",
+ GNUNET_i2s (pid), GST_plugins_a2s (ve->address), ve->address->transport_name);
+ return;
+ }
+
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Transmitting plain PING to `%s' %s %s\n",
GNUNET_i2s (pid), GST_plugins_a2s (ve->address), ve->address->transport_name);
+ next = GNUNET_TIME_absolute_add(GNUNET_TIME_absolute_get(), validation_delay);
+ if (next.abs_value > validation_next.abs_value)
+ validation_next = next; /* We're going to send a PING so delay next validation */
+
slen = strlen (ve->address->transport_name) + 1;
hello = GST_hello_get ();
hsize = ntohs (hello->size);
struct ValidationEntry *ve = cls;
struct GNUNET_TIME_Relative canonical_delay;
struct GNUNET_TIME_Relative delay;
+ struct GNUNET_TIME_Relative blocked_for;
struct GST_BlacklistCheck *bc;
uint32_t rdelay;
GNUNET_SCHEDULER_add_delayed (delay, &revalidate_address, ve);
return;
}
+ blocked_for = GNUNET_TIME_absolute_get_remaining(validation_next);
+ if ((blocked_for.rel_value) > 0)
+ {
+ /* Validations are blocked, have to wait for blocked_for ms */
+ ve->revalidation_task =
+ GNUNET_SCHEDULER_add_delayed (blocked_for, &revalidate_address, ve);
+ return;
+ }
ve->revalidation_block = GNUNET_TIME_relative_to_absolute (canonical_delay);
/* schedule next PINGing with some extra random delay to avoid synchronous re-validations */
* if we don't have an existing entry and no public key was given
*/
static struct ValidationEntry *
-find_validation_entry (const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded
+find_validation_entry (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded
*public_key, const struct GNUNET_HELLO_Address *address)
{
struct ValidationEntryMatchContext vemc;
const struct GNUNET_HELLO_Message *hello = cls;
struct ValidationEntry *ve;
struct GNUNET_PeerIdentity pid;
- struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
+ struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded public_key;
if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0)
return GNUNET_OK; /* expired */
/**
* Start the validation subsystem.
+ *
+ * @param max_fds maximum number of fds to use
*/
void
-GST_validation_start ()
+GST_validation_start (unsigned int max_fds)
{
+ validation_next = GNUNET_TIME_absolute_get();
+ validation_delay.rel_value = (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT.rel_value) / max_fds;
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Delay between validations: %u ms\n ", validation_delay.rel_value);
validation_map = GNUNET_CONTAINER_multihashmap_create (VALIDATION_MAP_SIZE,
GNUNET_NO);
pnc = GNUNET_PEERINFO_notify (GST_cfg, &process_peerinfo_hello, NULL);
*/
static void
multicast_pong (void *cls,
- const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded
+ const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded
*public_key, struct GNUNET_TIME_Absolute valid_until,
struct GNUNET_TIME_Absolute validation_block,
const struct GNUNET_HELLO_Address *address)
const struct TransportPingMessage *ping;
struct TransportPongMessage *pong;
struct GNUNET_TRANSPORT_PluginFunctions *papi;
- struct GNUNET_CRYPTO_RsaSignature *sig_cache;
+ struct GNUNET_CRYPTO_EccSignature *sig_cache;
struct GNUNET_TIME_Absolute *sig_cache_exp;
const char *addr;
const char *addrend;
{
addrend = NULL; /* make gcc happy */
slen = 0;
- static struct GNUNET_CRYPTO_RsaSignature no_address_signature;
+ static struct GNUNET_CRYPTO_EccSignature no_address_signature;
static struct GNUNET_TIME_Absolute no_address_signature_expiration;
sig_cache = &no_address_signature;
htons (sizeof (struct TransportPongMessage) + alen + slen);
pong->header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PONG);
pong->purpose.size =
- htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) +
+ htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
sizeof (uint32_t) + sizeof (struct GNUNET_TIME_AbsoluteNBO) +
alen + slen);
pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating buggy PONG signature to indicate ownership.\n");
pong->expiration = GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME));
GNUNET_assert (GNUNET_OK ==
- GNUNET_CRYPTO_rsa_sign (GST_my_private_key, &pong->purpose,
+ GNUNET_CRYPTO_ecc_sign (GST_my_private_key, &pong->purpose,
&pong->signature));
}
else
*sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
GNUNET_assert (GNUNET_OK ==
- GNUNET_CRYPTO_rsa_sign (GST_my_private_key, &pong->purpose,
+ GNUNET_CRYPTO_ecc_sign (GST_my_private_key, &pong->purpose,
sig_cache));
}
else
/**
* Public key of the peer whose address is being validated.
*/
- struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
+ struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded public_key;
};
}
if (GNUNET_OK !=
- GNUNET_CRYPTO_rsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
+ GNUNET_CRYPTO_ecc_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
&pong->purpose, &pong->signature,
&ve->public_key))
{
- GNUNET_break_op (0);
- /*
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"Invalid signature on address %s:%s from peer `%s'\n",
tname, GST_plugins_a2s (ve->address),
- GNUNET_i2s (sender));*/
+ GNUNET_i2s (sender));
return;
}
projects / oweals / gnunet.git / blobdiff