/**
* Signature.
*/
- struct GNUNET_CRYPTO_RsaSignature signature;
+ struct GNUNET_CRYPTO_EccSignature signature;
/**
* GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN to confirm that this is a
* plausible address for the signing peer.
*/
- struct GNUNET_CRYPTO_RsaSignaturePurpose purpose;
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* When does this signature expire?
/**
* Public key of the peer.
*/
- struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
+ struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded public_key;
/**
* The identity of the peer. FIXME: duplicated (also in 'address')
static struct GNUNET_PEERINFO_NotifyContext *pnc;
+/**
+ * Minimum delay between to validations
+ */
+static struct GNUNET_TIME_Relative validation_delay;
+
+/**
+ * When is next validation allowed
+ */
+static struct GNUNET_TIME_Absolute validation_next;
+
/**
* Context for the validation entry match function.
*/
struct ValidationEntry *ve = cls;
struct TransportPingMessage ping;
struct GNUNET_TRANSPORT_PluginFunctions *papi;
+ struct GNUNET_TIME_Absolute next;
const struct GNUNET_MessageHeader *hello;
ssize_t ret;
size_t tsize;
uint16_t hsize;
ve->bc = NULL;
+
+ if (GNUNET_NO == result)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Blacklist denies to send PING to `%s' %s %s\n",
+ GNUNET_i2s (pid), GST_plugins_a2s (ve->address), ve->address->transport_name);
+ return;
+ }
+
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Transmitting plain PING to `%s' %s %s\n",
GNUNET_i2s (pid), GST_plugins_a2s (ve->address), ve->address->transport_name);
+ next = GNUNET_TIME_absolute_add(GNUNET_TIME_absolute_get(), validation_delay);
+ if (next.abs_value > validation_next.abs_value)
+ validation_next = next; /* We're going to send a PING so delay next validation */
+
slen = strlen (ve->address->transport_name) + 1;
hello = GST_hello_get ();
hsize = ntohs (hello->size);
struct ValidationEntry *ve = cls;
struct GNUNET_TIME_Relative canonical_delay;
struct GNUNET_TIME_Relative delay;
+ struct GNUNET_TIME_Relative blocked_for;
struct GST_BlacklistCheck *bc;
uint32_t rdelay;
GNUNET_SCHEDULER_add_delayed (delay, &revalidate_address, ve);
return;
}
+ blocked_for = GNUNET_TIME_absolute_get_remaining(validation_next);
+ if ((blocked_for.rel_value) > 0)
+ {
+ /* Validations are blocked, have to wait for blocked_for ms */
+ ve->revalidation_task =
+ GNUNET_SCHEDULER_add_delayed (blocked_for, &revalidate_address, ve);
+ return;
+ }
ve->revalidation_block = GNUNET_TIME_relative_to_absolute (canonical_delay);
/* schedule next PINGing with some extra random delay to avoid synchronous re-validations */
rdelay =
GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
canonical_delay.rel_value);
- delay =
- GNUNET_TIME_relative_add (canonical_delay,
+
+ /* Debug code for mantis 0002726*/
+ if (GNUNET_TIME_UNIT_FOREVER_REL.rel_value ==
+ GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MILLISECONDS, rdelay).rel_value)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Revalidation interval for peer `%s' for is FOREVER (debug: rdelay: %llu, canonical delay %llu)\n",
+ GNUNET_i2s (&ve->pid),
+ (unsigned long long) delay.rel_value,
+ (unsigned long long) canonical_delay.rel_value);
+ delay = canonical_delay;
+ }
+ else
+ {
+ delay = GNUNET_TIME_relative_add (canonical_delay,
GNUNET_TIME_relative_multiply
(GNUNET_TIME_UNIT_MILLISECONDS, rdelay));
+ }
+ /* End debug code for mantis 0002726*/
ve->revalidation_task =
GNUNET_SCHEDULER_add_delayed (delay, &revalidate_address, ve);
* if we don't have an existing entry and no public key was given
*/
static struct ValidationEntry *
-find_validation_entry (const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded
+find_validation_entry (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded
*public_key, const struct GNUNET_HELLO_Address *address)
{
struct ValidationEntryMatchContext vemc;
const struct GNUNET_HELLO_Message *hello = cls;
struct ValidationEntry *ve;
struct GNUNET_PeerIdentity pid;
- struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
+ struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded public_key;
if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0)
return GNUNET_OK; /* expired */
/**
* Start the validation subsystem.
+ *
+ * @param max_fds maximum number of fds to use
*/
void
-GST_validation_start ()
+GST_validation_start (unsigned int max_fds)
{
- validation_map = GNUNET_CONTAINER_multihashmap_create (VALIDATION_MAP_SIZE);
+ validation_next = GNUNET_TIME_absolute_get();
+ validation_delay.rel_value = (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT.rel_value) / max_fds;
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Delay between validations: %u ms\n ", validation_delay.rel_value);
+ validation_map = GNUNET_CONTAINER_multihashmap_create (VALIDATION_MAP_SIZE,
+ GNUNET_NO);
pnc = GNUNET_PEERINFO_notify (GST_cfg, &process_peerinfo_hello, NULL);
}
*/
static void
multicast_pong (void *cls,
- const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded
+ const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded
*public_key, struct GNUNET_TIME_Absolute valid_until,
struct GNUNET_TIME_Absolute validation_block,
const struct GNUNET_HELLO_Address *address)
const struct TransportPingMessage *ping;
struct TransportPongMessage *pong;
struct GNUNET_TRANSPORT_PluginFunctions *papi;
- struct GNUNET_CRYPTO_RsaSignature *sig_cache;
+ struct GNUNET_CRYPTO_EccSignature *sig_cache;
struct GNUNET_TIME_Absolute *sig_cache_exp;
const char *addr;
const char *addrend;
sig_cache = NULL;
sig_cache_exp = NULL;
- if (0 < alen)
+ if (alen > 0)
{
addrend = memchr (addr, '\0', alen);
if (NULL == addrend)
{
addrend = NULL; /* make gcc happy */
slen = 0;
- static struct GNUNET_CRYPTO_RsaSignature no_address_signature;
+ static struct GNUNET_CRYPTO_EccSignature no_address_signature;
static struct GNUNET_TIME_Absolute no_address_signature_expiration;
sig_cache = &no_address_signature;
sig_cache_exp = &no_address_signature_expiration;
}
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"I am `%s', sending PONG to peer `%s'\n",
GNUNET_h2s (&GST_my_identity.hashPubKey),
GNUNET_i2s (sender));
+ /* message with structure:
+ * [TransportPongMessage][Transport name][Address] */
+
pong = GNUNET_malloc (sizeof (struct TransportPongMessage) + alen + slen);
pong->header.size =
htons (sizeof (struct TransportPongMessage) + alen + slen);
pong->header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PONG);
pong->purpose.size =
- htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) +
+ htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
sizeof (uint32_t) + sizeof (struct GNUNET_TIME_AbsoluteNBO) +
alen + slen);
pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN);
- pong->challenge = ping->challenge;
+ memcpy (&pong->challenge, &ping->challenge, sizeof (ping->challenge));
pong->addrlen = htonl (alen + slen);
- memcpy (&pong[1], addr, slen);
+ memcpy (&pong[1], addr, slen); /* Copy transport plugin */
#if KEEP_093_COMPATIBILITY
if (GNUNET_YES == buggy)
{
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating buggy PONG signature to indicate ownership.\n");
pong->expiration = GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME));
GNUNET_assert (GNUNET_OK ==
- GNUNET_CRYPTO_rsa_sign (GST_my_private_key, &pong->purpose,
+ GNUNET_CRYPTO_ecc_sign (GST_my_private_key, &pong->purpose,
&pong->signature));
}
else
{
#endif
- memcpy (&((char *) &pong[1])[slen], addrend, alen);
+ if (alen > 0)
+ {
+ GNUNET_assert (NULL != addrend);
+ memcpy (&((char *) &pong[1])[slen], addrend, alen);
+ }
if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value <
PONG_SIGNATURE_LIFETIME.rel_value / 4)
{
*sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
GNUNET_assert (GNUNET_OK ==
- GNUNET_CRYPTO_rsa_sign (GST_my_private_key, &pong->purpose,
+ GNUNET_CRYPTO_ecc_sign (GST_my_private_key, &pong->purpose,
sig_cache));
}
else
/**
* Public key of the peer whose address is being validated.
*/
- struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key;
+ struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded public_key;
};
gettext_noop ("# PONG messages received"), 1,
GNUNET_NO);
+ /* message with structure:
+ * [TransportPongMessage][Transport name][Address] */
+
pong = (const struct TransportPongMessage *) hdr;
tname = (const char *) &pong[1];
size = ntohs (hdr->size) - sizeof (struct TransportPongMessage);
}
if (GNUNET_OK !=
- GNUNET_CRYPTO_rsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
+ GNUNET_CRYPTO_ecc_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
&pong->purpose, &pong->signature,
&ve->public_key))
{
- GNUNET_break_op (0);
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"Invalid signature on address %s:%s from peer `%s'\n",
tname, GST_plugins_a2s (ve->address),
GNUNET_i2s (sender));