From: Matthias Wachs Date: Thu, 28 Mar 2013 12:15:08 +0000 (+0000) Subject: fixes to blacklisting X-Git-Tag: initial-import-from-subversion-38251~9453 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=03daaebff579d25715c3db30e5076f5ae87bca9e;p=oweals%2Fgnunet.git fixes to blacklisting --- diff --git a/src/transport/Makefile.am b/src/transport/Makefile.am index a7032e283..aad49299c 100644 --- a/src/transport/Makefile.am +++ b/src/transport/Makefile.am @@ -323,7 +323,11 @@ check_PROGRAMS = \ $(HTTP_SERVER_PLUGIN_TEST) \ $(HTTPS_SERVER_PLUGIN_TEST) \ test_transport_api_blacklisting \ - test_transport_blacklisting_cfg \ + test_transport_blacklisting_no_bl \ + test_transport_blacklisting_outbound_bl_full \ + test_transport_blacklisting_outbound_bl_plugin \ + test_transport_blacklisting_inbound_bl_plugin \ + test_transport_blacklisting_inbound_bl_full \ test_transport_api_disconnect_tcp \ test_transport_api_bidirectional_connect \ test_transport_api_tcp \ @@ -374,7 +378,11 @@ TESTS = \ $(UNIX_TEST) \ $(WLAN_PLUGIN_TEST) \ test_transport_api_blacklisting \ - test_transport_blacklisting_cfg \ + test_transport_blacklisting_no_bl \ + test_transport_blacklisting_outbound_bl_full \ + test_transport_blacklisting_outbound_bl_plugin \ + test_transport_blacklisting_inbound_bl_plugin \ + test_transport_blacklisting_inbound_bl_full \ test_transport_api_disconnect_tcp \ test_transport_api_bidirectional_connect \ test_transport_api_tcp \ @@ -445,16 +453,51 @@ test_transport_api_blacklisting_LDADD = \ $(top_builddir)/src/statistics/libgnunetstatistics.la \ $(top_builddir)/src/util/libgnunetutil.la \ $(top_builddir)/src/transport/libgnunettransporttesting.la - -test_transport_blacklisting_cfg_SOURCES = \ - test_transport_blacklisting_cfg.c -test_transport_blacklisting_cfg_LDADD = \ + +test_transport_blacklisting_no_bl_SOURCES = \ + test_transport_blacklisting.c +test_transport_blacklisting_no_bl_LDADD = \ $(top_builddir)/src/transport/libgnunettransport.la \ $(top_builddir)/src/hello/libgnunethello.la \ $(top_builddir)/src/statistics/libgnunetstatistics.la \ $(top_builddir)/src/util/libgnunetutil.la \ $(top_builddir)/src/transport/libgnunettransporttesting.la +test_transport_blacklisting_outbound_bl_full_SOURCES = \ + test_transport_blacklisting.c +test_transport_blacklisting_outbound_bl_full_LDADD = \ + $(top_builddir)/src/transport/libgnunettransport.la \ + $(top_builddir)/src/hello/libgnunethello.la \ + $(top_builddir)/src/statistics/libgnunetstatistics.la \ + $(top_builddir)/src/util/libgnunetutil.la \ + $(top_builddir)/src/transport/libgnunettransporttesting.la + +test_transport_blacklisting_outbound_bl_plugin_SOURCES = \ + test_transport_blacklisting.c +test_transport_blacklisting_outbound_bl_plugin_LDADD = \ + $(top_builddir)/src/transport/libgnunettransport.la \ + $(top_builddir)/src/hello/libgnunethello.la \ + $(top_builddir)/src/statistics/libgnunetstatistics.la \ + $(top_builddir)/src/util/libgnunetutil.la \ + $(top_builddir)/src/transport/libgnunettransporttesting.la + +test_transport_blacklisting_inbound_bl_full_SOURCES = \ + test_transport_blacklisting.c +test_transport_blacklisting_inbound_bl_full_LDADD = \ + $(top_builddir)/src/transport/libgnunettransport.la \ + $(top_builddir)/src/hello/libgnunethello.la \ + $(top_builddir)/src/statistics/libgnunetstatistics.la \ + $(top_builddir)/src/util/libgnunetutil.la \ + $(top_builddir)/src/transport/libgnunettransporttesting.la + +test_transport_blacklisting_inbound_bl_plugin_SOURCES = \ + test_transport_blacklisting.c +test_transport_blacklisting_inbound_bl_plugin_LDADD = \ + $(top_builddir)/src/transport/libgnunettransport.la \ + $(top_builddir)/src/hello/libgnunethello.la \ + $(top_builddir)/src/statistics/libgnunetstatistics.la \ + $(top_builddir)/src/util/libgnunetutil.la \ + $(top_builddir)/src/transport/libgnunettransporttesting.la test_transport_api_disconnect_tcp_SOURCES = \ test_transport_api_disconnect.c @@ -984,7 +1027,9 @@ test_transport_api_unreliability_constant_udp_peer1.conf\ test_transport_api_unreliability_constant_udp_peer2.conf\ test_transport_blacklisting_cfg_peer1.conf \ test_transport_blacklisting_cfg_peer2.conf \ -test_transport_blacklisting_cfg_blp_peer1.conf \ -test_transport_blacklisting_cfg_blp_peer2.conf\ +test_transport_blacklisting_cfg_blp_peer1_full.conf\ +test_transport_blacklisting_cfg_blp_peer1_plugin.conf \ +test_transport_blacklisting_cfg_blp_peer2_full.conf\ +test_transport_blacklisting_cfg_blp_peer2_plugin.conf \ test_transport_api_http_reverse_peer1.conf \ test_transport_api_http_reverse_peer2.conf diff --git a/src/transport/gnunet-service-transport_blacklist.c b/src/transport/gnunet-service-transport_blacklist.c index 3f9616e91..b1a0047f7 100644 --- a/src/transport/gnunet-service-transport_blacklist.c +++ b/src/transport/gnunet-service-transport_blacklist.c @@ -589,16 +589,21 @@ GST_blacklist_add_peer (const struct GNUNET_PeerIdentity *peer, const char *transport_name) { char * transport = NULL; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + if (NULL != transport_name) + { + GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Adding peer `%s' with plugin `%s' to blacklist\n", GNUNET_i2s (peer), transport_name); + transport = GNUNET_strdup (transport_name); + } + else + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Adding peer `%s' with all plugins to blacklist\n", + GNUNET_i2s (peer)); if (blacklist == NULL) blacklist = GNUNET_CONTAINER_multihashmap_create (TRANSPORT_BLACKLIST_HT_SIZE, GNUNET_NO); - if (NULL != transport_name) - transport = GNUNET_strdup (""); GNUNET_CONTAINER_multihashmap_put (blacklist, &peer->hashPubKey, transport, @@ -621,16 +626,30 @@ test_blacklisted (void *cls, const struct GNUNET_HashCode * key, void *value) const char *transport_name = cls; char *be = value; - /* blacklist check for specific no specific transport*/ - if (transport_name == NULL) - return GNUNET_NO; - /* all plugins for this peer were blacklisted */ + /* Blacklist entry be: + * (NULL == be): peer is blacklisted with all plugins + * (NULL != be): peer is blacklisted for a specific plugin + * + * If (NULL != transport_name) we look for a transport specific entry: + * if (transport_name == be) forbidden + * + */ + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Comparing BL request for peer `%4s':`%s' with BL entry: `%s'\n", + GNUNET_h2s (key), + (NULL == transport_name) ? "unspecified" : transport_name, + (NULL == be) ? "all plugins" : be); + /* all plugins for this peer were blacklisted: disallow */ if (NULL == value) - return GNUNET_NO; + return GNUNET_NO; /* blacklist check for specific transport */ - if (0 == strcmp (transport_name, be)) - return GNUNET_NO; /* abort iteration! */ + if ((NULL != transport_name) && (NULL != value)) + { + if (0 == strcmp (transport_name, be)) + return GNUNET_NO; /* plugin is blacklisted! */ + } return GNUNET_OK; } @@ -653,17 +672,23 @@ GST_blacklist_test_allowed (const struct GNUNET_PeerIdentity *peer, struct GST_BlacklistCheck *bc; GNUNET_assert (peer != NULL); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Blacklist check for peer `%s':%s\n", + GNUNET_i2s (peer), (NULL != transport_name) ? transport_name : "unspecified"); + /* Check local blacklist by iterating over hashmap + * If iteration is aborted, we found a matching blacklist entry */ if ((blacklist != NULL) && (GNUNET_SYSERR == GNUNET_CONTAINER_multihashmap_get_multiple (blacklist, &peer->hashPubKey, &test_blacklisted, (void *) transport_name))) { - /* disallowed by config, disapprove instantly */ + /* Disallowed by config, disapprove instantly */ GNUNET_STATISTICS_update (GST_stats, gettext_noop ("# disconnects due to blacklist"), 1, GNUNET_NO); + GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Disallowing connection to peer `%s' on transport %s\n", + GNUNET_i2s (peer), (NULL != transport_name) ? transport_name : "unspecified"); if (cont != NULL) cont (cont_cls, peer, GNUNET_NO); return NULL; @@ -674,6 +699,8 @@ GST_blacklist_test_allowed (const struct GNUNET_PeerIdentity *peer, /* no blacklist clients, approve instantly */ if (cont != NULL) cont (cont_cls, peer, GNUNET_OK); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Allowing connection to peer `%s' %s\n", + GNUNET_i2s (peer), (NULL != transport_name) ? transport_name : ""); return NULL; } diff --git a/src/transport/test_transport_blacklisting_cfg.c b/src/transport/test_transport_blacklisting_cfg.c deleted file mode 100644 index e2b949a57..000000000 --- a/src/transport/test_transport_blacklisting_cfg.c +++ /dev/null @@ -1,323 +0,0 @@ -/* - This file is part of GNUnet. - (C) 2009, 2010, 2011 Christian Grothoff (and other contributing authors) - - GNUnet is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published - by the Free Software Foundation; either version 3, or (at your - option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GNUnet; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ - -/** - * @file transport/transport_api_blacklisting.c - * @brief test for the blacklisting API - * stage 0: init - * stage 1: connect peers and stop - * stage 2: blacklist whole peer and connect - * stage 3: blacklist tcp and try connect - * - * @author Matthias Wachs - * - */ -#include "platform.h" -#include "gnunet_transport_service.h" -#include "transport-testing.h" - -struct PeerContext *p1; - -struct PeerContext *p2; - -static GNUNET_TRANSPORT_TESTING_ConnectRequest cc; - -struct GNUNET_TRANSPORT_TESTING_handle *tth; - -/** - * How long until we give up on transmitting the message? - */ -#define TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 20) - -#define CONNECT_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 10) - - -static int stage; -static int ok; -static int connected; - -static GNUNET_SCHEDULER_TaskIdentifier die_task; - -static GNUNET_SCHEDULER_TaskIdentifier timeout_task; - -static GNUNET_SCHEDULER_TaskIdentifier stage_task; - -#if VERBOSE -#define OKPP do { ok++; FPRINTF (stderr, "Now at stage %u at %s:%u\n", ok, __FILE__, __LINE__); } while (0) -#else -#define OKPP do { ok++; } while (0) -#endif - -static void -run_stage (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc); - -static void -end (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) -{ - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Stopping\n"); - - if (die_task != GNUNET_SCHEDULER_NO_TASK) - { - GNUNET_SCHEDULER_cancel (die_task); - die_task = GNUNET_SCHEDULER_NO_TASK; - } - - if (timeout_task != GNUNET_SCHEDULER_NO_TASK) - { - GNUNET_SCHEDULER_cancel (timeout_task); - timeout_task = GNUNET_SCHEDULER_NO_TASK; - } - - if (stage_task != GNUNET_SCHEDULER_NO_TASK) - { - GNUNET_SCHEDULER_cancel (stage_task); - stage_task = GNUNET_SCHEDULER_NO_TASK; - } - - if (cc != NULL) - { - GNUNET_TRANSPORT_TESTING_connect_peers_cancel(tth, cc); - cc = NULL; - } - - if (p1 != NULL) - { - GNUNET_TRANSPORT_TESTING_stop_peer (tth, p1); - p1 = NULL; - } - if (p2 != NULL) - { - GNUNET_TRANSPORT_TESTING_stop_peer (tth, p2); - p2 = NULL; - } -} - -static void -end_badly (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) -{ - die_task = GNUNET_SCHEDULER_NO_TASK; - - if (timeout_task != GNUNET_SCHEDULER_NO_TASK) - { - GNUNET_SCHEDULER_cancel (timeout_task); - timeout_task = GNUNET_SCHEDULER_NO_TASK; - } - - if (stage_task != GNUNET_SCHEDULER_NO_TASK) - { - GNUNET_SCHEDULER_cancel (stage_task); - stage_task = GNUNET_SCHEDULER_NO_TASK; - } - - - if (cc != NULL) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, _("Fail! Could not connect peers\n")); - GNUNET_TRANSPORT_TESTING_connect_peers_cancel (tth, cc); - cc = NULL; - } - - if (p1 != NULL) - GNUNET_TRANSPORT_TESTING_stop_peer (tth, p1); - if (p2 != NULL) - GNUNET_TRANSPORT_TESTING_stop_peer (tth, p2); - - ok = GNUNET_SYSERR; -} - -static void -testing_connect_cb (struct PeerContext *p1, struct PeerContext *p2, void *cls) -{ - cc = NULL; - char *p1_c = GNUNET_strdup (GNUNET_i2s (&p1->id)); - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Peers connected: %u (%s) <-> %u (%s)\n", - p1->no, p1_c, p2->no, GNUNET_i2s (&p2->id)); - GNUNET_free (p1_c); - - if (1 == stage) - { - stage_task = GNUNET_SCHEDULER_add_now (&run_stage, NULL); - } - else - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Peers connected, but they were blacklisted\n"); - stage_task = GNUNET_SCHEDULER_add_now (&end_badly, NULL); - } - -} - -static void -connect_timeout (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) -{ - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Peers not connected, next stage\n"); - timeout_task = GNUNET_SCHEDULER_NO_TASK; - stage_task = GNUNET_SCHEDULER_add_now (&run_stage, NULL); -} - -static int started; - -void -start_cb (struct PeerContext *p, void *cls) -{ - - started++; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Peer %u (`%s') started\n", p->no, - GNUNET_i2s (&p->id)); - - if (started != 2) - return; - - char *sender_c = GNUNET_strdup (GNUNET_i2s (&p1->id)); - - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Test tries to connect peer %u (`%s') -> peer %u (`%s')\n", - p1->no, sender_c, p2->no, GNUNET_i2s (&p2->id)); - GNUNET_free (sender_c); - - cc = GNUNET_TRANSPORT_TESTING_connect_peers (tth, p1, p2, &testing_connect_cb, - NULL); - -} - -static void -run_stage (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) -{ - stage_task = GNUNET_SCHEDULER_NO_TASK; - if (GNUNET_SCHEDULER_NO_TASK != die_task) - GNUNET_SCHEDULER_cancel (die_task); - die_task = GNUNET_SCHEDULER_add_delayed (TIMEOUT, &end_badly, NULL); - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Running stage %u\n", stage); - if (0 == stage) - { - /* Try to connect peers successfully */ - started = 0; - p1 = GNUNET_TRANSPORT_TESTING_start_peer (tth, "test_transport_blacklisting_cfg_peer1.conf", 1, - NULL, NULL, NULL, &start_cb, NULL); - - p2 = GNUNET_TRANSPORT_TESTING_start_peer (tth, "test_transport_blacklisting_cfg_peer2.conf", 2, - NULL, NULL, NULL, &start_cb, NULL); - stage ++; - return; - } - - if (1 == stage) - { - /* Try to connect peers successfully with 2nd peer fully blacklisted*/ - if (p1 != NULL) - { - GNUNET_TRANSPORT_TESTING_stop_peer (tth, p1); - p1 = NULL; - } - if (p2 != NULL) - { - GNUNET_TRANSPORT_TESTING_stop_peer (tth, p2); - p2 = NULL; - } - started = 0; - p1 = GNUNET_TRANSPORT_TESTING_start_peer (tth, "test_transport_blacklisting_cfg_peer1.conf", 1, - NULL, NULL, NULL, &start_cb, NULL); - - p2 = GNUNET_TRANSPORT_TESTING_start_peer (tth, "test_transport_blacklisting_cfg_blp_peer2.conf", 2, - NULL, NULL, NULL, &start_cb, NULL); - - timeout_task = GNUNET_SCHEDULER_add_delayed (CONNECT_TIMEOUT, &connect_timeout, NULL); - stage ++; - return; - } - if (2 == stage) - { - /* Try to connect peers successfully with 1st peer blacklisted on tcp */ - if (p1 != NULL) - { - GNUNET_TRANSPORT_TESTING_stop_peer (tth, p1); - p1 = NULL; - } - if (p2 != NULL) - { - GNUNET_TRANSPORT_TESTING_stop_peer (tth, p2); - p2 = NULL; - } - started = 0; - p1 = GNUNET_TRANSPORT_TESTING_start_peer (tth, "test_transport_blacklisting_cfg_blp_peer1.conf", 1, - NULL, NULL, NULL, &start_cb, NULL); - - p2 = GNUNET_TRANSPORT_TESTING_start_peer (tth, "test_transport_blacklisting_cfg_peer2.conf", 2, - NULL, NULL, NULL, &start_cb, NULL); - - timeout_task = GNUNET_SCHEDULER_add_delayed (CONNECT_TIMEOUT, &connect_timeout, NULL); - stage ++; - return; - } - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Done!\n", stage); - - - ok = 0; - GNUNET_SCHEDULER_add_now (&end, NULL); -} - -static void -run (void *cls, char *const *args, const char *cfgfile, - const struct GNUNET_CONFIGURATION_Handle *cfg) -{ - connected = GNUNET_NO; - stage = 0; - stage_task = GNUNET_SCHEDULER_add_now (&run_stage, NULL); -} - - -static int -check () -{ - static char *const argv[] = { "test-transport-api-blacklisting", - "-c", - "test_transport_api_data.conf", - NULL - }; - static struct GNUNET_GETOPT_CommandLineOption options[] = { - GNUNET_GETOPT_OPTION_END - }; - - ok = 1; - GNUNET_PROGRAM_run ((sizeof (argv) / sizeof (char *)) - 1, argv, "test-transport-api-blacklisting", - "nohelp", options, &run, &ok); - - return ok; -} - -int -main (int argc, char *argv[]) -{ - int ret; - - GNUNET_log_setup ("test-transport-api-blacklisting", - "WARNING", - NULL); - - tth = GNUNET_TRANSPORT_TESTING_init (); - - ret = check (); - - GNUNET_TRANSPORT_TESTING_done (tth); - - return ret; -} - -/* end of transport_api_blacklisting.c */ diff --git a/src/transport/test_transport_blacklisting_cfg_blp_peer1.conf b/src/transport/test_transport_blacklisting_cfg_blp_peer1.conf deleted file mode 100644 index d244265aa..000000000 --- a/src/transport/test_transport_blacklisting_cfg_blp_peer1.conf +++ /dev/null @@ -1,37 +0,0 @@ -@INLINE@ template_cfg_peer1.conf -[PATHS] -SERVICEHOME = /tmp/test-transport/api-tcp-p1/ - -[transport-tcp] -PORT = 12000 -TIMEOUT = 5 s - -[arm] -PORT = 12005 -DEFAULTSERVICES = transport -UNIXPATH = /tmp/gnunet-p1-service-arm.sock - -[statistics] -PORT = 12004 -UNIXPATH = /tmp/gnunet-p1-service-statistics.sock - -[resolver] -PORT = 12003 -UNIXPATH = /tmp/gnunet-p1-service-resolver.sock - -[peerinfo] -PORT = 12002 -UNIXPATH = /tmp/gnunet-p1-service-peerinfo.sock - -[transport] -#PREFIX = valgrind --leak-check=full -PORT = 12001 -UNIXPATH = /tmp/gnunet-p1-service-transport.sock -PLUGINS = tcp - -[transport-blacklist-AG2PHES1BARB9IJCPAMJTFPVJ5V3A72S3F2A8SBUB8DAQ2V0O3V8G6G2JU56FHGFOHMQVKBSQFV98TCGTC3RJ1NINP82G0RC00N1520] -P565723JO1C2HSN6J29TAQ22MN6CI8HTMUU55T0FUQG4CMDGGEQ8UCNBKUMB94GC8R9G4FB2SF9LDOBAJ6AMINBP4JHHDD6L7VD801G = tcp - -[transport-blacklist-P565723JO1C2HSN6J29TAQ22MN6CI8HTMUU55T0FUQG4CMDGGEQ8UCNBKUMB94GC8R9G4FB2SF9LDOBAJ6AMINBP4JHHDD6L7VD801G] -AG2PHES1BARB9IJCPAMJTFPVJ5V3A72S3F2A8SBUB8DAQ2V0O3V8G6G2JU56FHGFOHMQVKBSQFV98TCGTC3RJ1NINP82G0RC00N1520 = tcp - \ No newline at end of file