diff options
author | Christian Grothoff <christian@grothoff.org> | 2010-06-28 11:07:52 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2010-06-28 11:07:52 +0000 |
commit | 34c384edf42db39955b54a640dc37e7067217229 (patch) | |
tree | 8f9bd2ced347738489f42de665bd55dbb998808d | |
parent | 618779d80c15219b8d9504067f286b5ac1b9b194 (diff) | |
download | gnunet-34c384edf42db39955b54a640dc37e7067217229.tar.gz gnunet-34c384edf42db39955b54a640dc37e7067217229.zip |
fixes to plugin API for DV
-rw-r--r-- | src/transport/Makefile.am | 2 | ||||
-rw-r--r-- | src/transport/gnunet-service-transport.c | 47 | ||||
-rw-r--r-- | src/transport/plugin_transport.h | 22 | ||||
-rw-r--r-- | src/transport/plugin_transport_tcp.c | 40 | ||||
-rw-r--r-- | src/transport/plugin_transport_template.c | 3 | ||||
-rw-r--r-- | src/transport/plugin_transport_udp.c | 70 |
6 files changed, 121 insertions, 63 deletions
diff --git a/src/transport/Makefile.am b/src/transport/Makefile.am index e65c93286..58e02f995 100644 --- a/src/transport/Makefile.am +++ b/src/transport/Makefile.am | |||
@@ -6,7 +6,7 @@ if MINGW | |||
6 | WINFLAGS = -Wl,--no-undefined -Wl,--export-all-symbols | 6 | WINFLAGS = -Wl,--no-undefined -Wl,--export-all-symbols |
7 | endif | 7 | endif |
8 | 8 | ||
9 | if HAVE_MHD | 9 | if MINGW |
10 | GN_LIBMHD = -lmicrohttpd | 10 | GN_LIBMHD = -lmicrohttpd |
11 | HTTP_PLUGIN_LA = libgnunet_plugin_transport_http.la | 11 | HTTP_PLUGIN_LA = libgnunet_plugin_transport_http.la |
12 | HTTP_PLUGIN_CHECK = test_plugin_transport_http | 12 | HTTP_PLUGIN_CHECK = test_plugin_transport_http |
diff --git a/src/transport/gnunet-service-transport.c b/src/transport/gnunet-service-transport.c index 56480d020..4390377a6 100644 --- a/src/transport/gnunet-service-transport.c +++ b/src/transport/gnunet-service-transport.c | |||
@@ -4338,6 +4338,18 @@ handle_ping(void *cls, const struct GNUNET_MessageHeader *message, | |||
4338 | /* peer wants to confirm that this is one of our addresses */ | 4338 | /* peer wants to confirm that this is one of our addresses */ |
4339 | addr += slen; | 4339 | addr += slen; |
4340 | alen -= slen; | 4340 | alen -= slen; |
4341 | if (GNUNET_OK != | ||
4342 | plugin->api->check_address (plugin->api->cls, | ||
4343 | addr, | ||
4344 | alen)) | ||
4345 | { | ||
4346 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
4347 | _("Not confirming PING with address `%s' since I cannot confirm having this address.\n"), | ||
4348 | a2s (plugin->short_name, | ||
4349 | addr, | ||
4350 | alen)); | ||
4351 | return GNUNET_NO; | ||
4352 | } | ||
4341 | oal = plugin->addresses; | 4353 | oal = plugin->addresses; |
4342 | while (NULL != oal) | 4354 | while (NULL != oal) |
4343 | { | 4355 | { |
@@ -4348,15 +4360,6 @@ handle_ping(void *cls, const struct GNUNET_MessageHeader *message, | |||
4348 | break; | 4360 | break; |
4349 | oal = oal->next; | 4361 | oal = oal->next; |
4350 | } | 4362 | } |
4351 | if (oal == NULL) | ||
4352 | { | ||
4353 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
4354 | _("Not confirming PING with address `%s' since I cannot confirm having this address.\n"), | ||
4355 | a2s (plugin->short_name, | ||
4356 | addr, | ||
4357 | alen)); | ||
4358 | return GNUNET_NO; | ||
4359 | } | ||
4360 | pong = GNUNET_malloc (sizeof (struct TransportPongMessage) + alen + slen); | 4363 | pong = GNUNET_malloc (sizeof (struct TransportPongMessage) + alen + slen); |
4361 | pong->header.size = htons (sizeof (struct TransportPongMessage) + alen + slen); | 4364 | pong->header.size = htons (sizeof (struct TransportPongMessage) + alen + slen); |
4362 | pong->header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PONG); | 4365 | pong->header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PONG); |
@@ -4372,8 +4375,9 @@ handle_ping(void *cls, const struct GNUNET_MessageHeader *message, | |||
4372 | &my_identity, | 4375 | &my_identity, |
4373 | sizeof(struct GNUNET_PeerIdentity)); | 4376 | sizeof(struct GNUNET_PeerIdentity)); |
4374 | memcpy (&pong[1], plugin->short_name, slen); | 4377 | memcpy (&pong[1], plugin->short_name, slen); |
4375 | memcpy (&((char*)&pong[1])[slen], &oal[1], alen); | 4378 | memcpy (&((char*)&pong[1])[slen], addr, alen); |
4376 | if (GNUNET_TIME_absolute_get_remaining (oal->pong_sig_expires).value < PONG_SIGNATURE_LIFETIME.value / 4) | 4379 | if ( (oal != NULL) && |
4380 | (GNUNET_TIME_absolute_get_remaining (oal->pong_sig_expires).value < PONG_SIGNATURE_LIFETIME.value / 4) ) | ||
4377 | { | 4381 | { |
4378 | /* create / update cached sig */ | 4382 | /* create / update cached sig */ |
4379 | #if DEBUG_TRANSPORT | 4383 | #if DEBUG_TRANSPORT |
@@ -4386,15 +4390,28 @@ handle_ping(void *cls, const struct GNUNET_MessageHeader *message, | |||
4386 | GNUNET_assert (GNUNET_OK == | 4390 | GNUNET_assert (GNUNET_OK == |
4387 | GNUNET_CRYPTO_rsa_sign (my_private_key, | 4391 | GNUNET_CRYPTO_rsa_sign (my_private_key, |
4388 | &pong->purpose, | 4392 | &pong->purpose, |
4389 | &oal->pong_signature)); | 4393 | &oal->pong_signature)); |
4394 | memcpy (&pong->signature, | ||
4395 | &oal->pong_signature, | ||
4396 | sizeof (struct GNUNET_CRYPTO_RsaSignature)); | ||
4397 | } | ||
4398 | else if (oal == NULL) | ||
4399 | { | ||
4400 | /* not using cache (typically DV-only) */ | ||
4401 | pong->expiration = GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME)); | ||
4402 | GNUNET_assert (GNUNET_OK == | ||
4403 | GNUNET_CRYPTO_rsa_sign (my_private_key, | ||
4404 | &pong->purpose, | ||
4405 | &pong->signature)); | ||
4390 | } | 4406 | } |
4391 | else | 4407 | else |
4392 | { | 4408 | { |
4409 | /* can used cached version */ | ||
4393 | pong->expiration = GNUNET_TIME_absolute_hton (oal->pong_sig_expires); | 4410 | pong->expiration = GNUNET_TIME_absolute_hton (oal->pong_sig_expires); |
4411 | memcpy (&pong->signature, | ||
4412 | &oal->pong_signature, | ||
4413 | sizeof (struct GNUNET_CRYPTO_RsaSignature)); | ||
4394 | } | 4414 | } |
4395 | memcpy (&pong->signature, | ||
4396 | &oal->pong_signature, | ||
4397 | sizeof (struct GNUNET_CRYPTO_RsaSignature)); | ||
4398 | } | 4415 | } |
4399 | n = find_neighbour(peer); | 4416 | n = find_neighbour(peer); |
4400 | GNUNET_assert (n != NULL); | 4417 | GNUNET_assert (n != NULL); |
diff --git a/src/transport/plugin_transport.h b/src/transport/plugin_transport.h index bb64a1bfc..ef5303df5 100644 --- a/src/transport/plugin_transport.h +++ b/src/transport/plugin_transport.h | |||
@@ -359,16 +359,18 @@ typedef void | |||
359 | * plugin. Check that this could be a valid address. This function | 359 | * plugin. Check that this could be a valid address. This function |
360 | * is not expected to 'validate' the address in the sense of trying to | 360 | * is not expected to 'validate' the address in the sense of trying to |
361 | * connect to it but simply to see if the binary format is technically | 361 | * connect to it but simply to see if the binary format is technically |
362 | * legal for establishing a connection. | 362 | * legal for establishing a connection to this peer (and make sure that |
363 | * the address really corresponds to our network connection/settings | ||
364 | * and not some potential man-in-the-middle). | ||
363 | * | 365 | * |
364 | * @param addr pointer to the address, may be modified (slightly) | 366 | * @param addr pointer to the address |
365 | * @param addrlen length of addr | 367 | * @param addrlen length of addr |
366 | * @return GNUNET_OK if this is a plausible address for this peer | 368 | * @return GNUNET_OK if this is a plausible address for this peer |
367 | * and transport, GNUNET_SYSERR if not | 369 | * and transport, GNUNET_SYSERR if not |
368 | */ | 370 | */ |
369 | typedef int | 371 | typedef int |
370 | (*GNUNET_TRANSPORT_CheckAddress) (void *cls, | 372 | (*GNUNET_TRANSPORT_CheckAddress) (void *cls, |
371 | void *addr, size_t addrlen); | 373 | const void *addr, size_t addrlen); |
372 | 374 | ||
373 | 375 | ||
374 | /** | 376 | /** |
@@ -426,15 +428,15 @@ struct GNUNET_TRANSPORT_PluginFunctions | |||
426 | 428 | ||
427 | /** | 429 | /** |
428 | * Function that will be called to check if a binary address | 430 | * Function that will be called to check if a binary address |
429 | * for this plugin is well-formed. If clearly needed, patch | 431 | * for this plugin is well-formed and corresponds to an |
430 | * up information such as port numbers. | 432 | * address for THIS peer (as per our configuration). Naturally, |
431 | * FIXME: this API will likely change in the near future since | 433 | * if absolutely necessary, plugins can be a bit conservative in |
432 | * it currently does not allow the size of the patched address | 434 | * their answer, but in general plugins should make sure that the |
433 | * to be different! | 435 | * address does not redirect traffic to a 3rd party that might |
436 | * try to man-in-the-middle our traffic. | ||
434 | */ | 437 | */ |
435 | GNUNET_TRANSPORT_CheckAddress check_address; | 438 | GNUNET_TRANSPORT_CheckAddress check_address; |
436 | 439 | ||
437 | |||
438 | /** | 440 | /** |
439 | * Function that will be called to convert a binary address | 441 | * Function that will be called to convert a binary address |
440 | * to a string (numeric conversion only). | 442 | * to a string (numeric conversion only). |
diff --git a/src/transport/plugin_transport_tcp.c b/src/transport/plugin_transport_tcp.c index 08bb00ff6..edf403ac6 100644 --- a/src/transport/plugin_transport_tcp.c +++ b/src/transport/plugin_transport_tcp.c | |||
@@ -1366,29 +1366,29 @@ tcp_plugin_address_pretty_printer (void *cls, | |||
1366 | /** | 1366 | /** |
1367 | * Check if the given port is plausible (must be either | 1367 | * Check if the given port is plausible (must be either |
1368 | * our listen port or our advertised port). If it is | 1368 | * our listen port or our advertised port). If it is |
1369 | * neither, we return one of these two ports at random. | 1369 | * neither, we return GNUNET_SYSERR. |
1370 | * | 1370 | * |
1371 | * @param plugin global variables | 1371 | * @param plugin global variables |
1372 | * @param in_port port number to check | 1372 | * @param in_port port number to check |
1373 | * @return either in_port or a more plausible port | 1373 | * @return GNUNET_OK if port is either open_port or adv_port |
1374 | */ | 1374 | */ |
1375 | static uint16_t | 1375 | static int |
1376 | check_port (struct Plugin *plugin, uint16_t in_port) | 1376 | check_port (struct Plugin *plugin, uint16_t in_port) |
1377 | { | 1377 | { |
1378 | if ((in_port == plugin->adv_port) || (in_port == plugin->open_port)) | 1378 | if ((in_port == plugin->adv_port) || (in_port == plugin->open_port)) |
1379 | return in_port; | 1379 | return GNUNET_OK; |
1380 | return (GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, | 1380 | return GNUNET_SYSERR; |
1381 | 2) == 0) | ||
1382 | ? plugin->open_port : plugin->adv_port; | ||
1383 | } | 1381 | } |
1384 | 1382 | ||
1385 | 1383 | ||
1386 | /** | 1384 | /** |
1387 | * Another peer has suggested an address for this peer and transport | 1385 | * Function that will be called to check if a binary address for this |
1388 | * plugin. Check that this could be a valid address. This function | 1386 | * plugin is well-formed and corresponds to an address for THIS peer |
1389 | * is not expected to 'validate' the address in the sense of trying to | 1387 | * (as per our configuration). Naturally, if absolutely necessary, |
1390 | * connect to it but simply to see if the binary format is technically | 1388 | * plugins can be a bit conservative in their answer, but in general |
1391 | * legal for establishing a connection. | 1389 | * plugins should make sure that the address does not redirect |
1390 | * traffic to a 3rd party that might try to man-in-the-middle our | ||
1391 | * traffic. | ||
1392 | * | 1392 | * |
1393 | * @param cls closure, our 'struct Plugin*' | 1393 | * @param cls closure, our 'struct Plugin*' |
1394 | * @param addr pointer to the address | 1394 | * @param addr pointer to the address |
@@ -1397,7 +1397,9 @@ check_port (struct Plugin *plugin, uint16_t in_port) | |||
1397 | * and transport, GNUNET_SYSERR if not | 1397 | * and transport, GNUNET_SYSERR if not |
1398 | */ | 1398 | */ |
1399 | static int | 1399 | static int |
1400 | tcp_plugin_check_address (void *cls, void *addr, size_t addrlen) | 1400 | tcp_plugin_check_address (void *cls, |
1401 | const void *addr, | ||
1402 | size_t addrlen) | ||
1401 | { | 1403 | { |
1402 | struct Plugin *plugin = cls; | 1404 | struct Plugin *plugin = cls; |
1403 | struct IPv4TcpAddress *v4; | 1405 | struct IPv4TcpAddress *v4; |
@@ -1412,7 +1414,10 @@ tcp_plugin_check_address (void *cls, void *addr, size_t addrlen) | |||
1412 | if (addrlen == sizeof (struct IPv4TcpAddress)) | 1414 | if (addrlen == sizeof (struct IPv4TcpAddress)) |
1413 | { | 1415 | { |
1414 | v4 = (struct IPv4TcpAddress *) addr; | 1416 | v4 = (struct IPv4TcpAddress *) addr; |
1415 | v4->t_port = htons (check_port (plugin, ntohs (v4->t_port))); | 1417 | if (GNUNET_OK != |
1418 | check_port (plugin, ntohs (v4->t_port))) | ||
1419 | return GNUNET_SYSERR; | ||
1420 | /* FIXME: check IP! */ | ||
1416 | } | 1421 | } |
1417 | else | 1422 | else |
1418 | { | 1423 | { |
@@ -1422,7 +1427,10 @@ tcp_plugin_check_address (void *cls, void *addr, size_t addrlen) | |||
1422 | GNUNET_break_op (0); | 1427 | GNUNET_break_op (0); |
1423 | return GNUNET_SYSERR; | 1428 | return GNUNET_SYSERR; |
1424 | } | 1429 | } |
1425 | v6->t6_port = htons (check_port (plugin, ntohs (v6->t6_port))); | 1430 | if (GNUNET_OK != |
1431 | check_port (plugin, ntohs (v6->t6_port))) | ||
1432 | return GNUNET_SYSERR; | ||
1433 | /* FIXME: check IP! */ | ||
1426 | } | 1434 | } |
1427 | return GNUNET_OK; | 1435 | return GNUNET_OK; |
1428 | } | 1436 | } |
diff --git a/src/transport/plugin_transport_template.c b/src/transport/plugin_transport_template.c index f5eec84d3..27cb9044e 100644 --- a/src/transport/plugin_transport_template.c +++ b/src/transport/plugin_transport_template.c | |||
@@ -232,7 +232,8 @@ template_plugin_address_pretty_printer (void *cls, | |||
232 | */ | 232 | */ |
233 | static int | 233 | static int |
234 | template_plugin_address_suggested (void *cls, | 234 | template_plugin_address_suggested (void *cls, |
235 | void *addr, size_t addrlen) | 235 | const void *addr, |
236 | size_t addrlen) | ||
236 | { | 237 | { |
237 | /* struct Plugin *plugin = cls; */ | 238 | /* struct Plugin *plugin = cls; */ |
238 | 239 | ||
diff --git a/src/transport/plugin_transport_udp.c b/src/transport/plugin_transport_udp.c index 52e598189..724dfe6b3 100644 --- a/src/transport/plugin_transport_udp.c +++ b/src/transport/plugin_transport_udp.c | |||
@@ -1586,47 +1586,77 @@ udp_transport_server_start (void *cls) | |||
1586 | } | 1586 | } |
1587 | 1587 | ||
1588 | 1588 | ||
1589 | |||
1590 | /** | ||
1591 | * Check if the given port is plausible (must be either | ||
1592 | * our listen port or our advertised port). If it is | ||
1593 | * neither, we return GNUNET_SYSERR. | ||
1594 | * | ||
1595 | * @param plugin global variables | ||
1596 | * @param in_port port number to check | ||
1597 | * @return GNUNET_OK if port is either open_port or adv_port | ||
1598 | */ | ||
1599 | static int | ||
1600 | check_port (struct Plugin *plugin, uint16_t in_port) | ||
1601 | { | ||
1602 | if (in_port == plugin->port) | ||
1603 | return GNUNET_OK; | ||
1604 | return GNUNET_SYSERR; | ||
1605 | } | ||
1606 | |||
1607 | |||
1589 | /** | 1608 | /** |
1590 | * Another peer has suggested an address for this peer and transport | 1609 | * Function that will be called to check if a binary address for this |
1591 | * plugin. Check that this could be a valid address. This function | 1610 | * plugin is well-formed and corresponds to an address for THIS peer |
1592 | * is not expected to 'validate' the address in the sense of trying to | 1611 | * (as per our configuration). Naturally, if absolutely necessary, |
1593 | * connect to it but simply to see if the binary format is technically | 1612 | * plugins can be a bit conservative in their answer, but in general |
1594 | * legal for establishing a connection. | 1613 | * plugins should make sure that the address does not redirect |
1614 | * traffic to a 3rd party that might try to man-in-the-middle our | ||
1615 | * traffic. | ||
1595 | * | 1616 | * |
1596 | * @param cls closure, should be our handle to the Plugin | 1617 | * @param cls closure, should be our handle to the Plugin |
1597 | * @param addr pointer to the address, may be modified (slightly) | 1618 | * @param addr pointer to the address |
1598 | * @param addrlen length of addr | 1619 | * @param addrlen length of addr |
1599 | * @return GNUNET_OK if this is a plausible address for this peer | 1620 | * @return GNUNET_OK if this is a plausible address for this peer |
1600 | * and transport, GNUNET_SYSERR if not | 1621 | * and transport, GNUNET_SYSERR if not |
1601 | * | 1622 | * |
1602 | */ | 1623 | */ |
1603 | static int | 1624 | static int |
1604 | udp_check_address (void *cls, void *addr, size_t addrlen) | 1625 | udp_check_address (void *cls, |
1626 | const void *addr, | ||
1627 | size_t addrlen) | ||
1605 | { | 1628 | { |
1606 | struct Plugin *plugin = cls; | 1629 | struct Plugin *plugin = cls; |
1607 | char buf[sizeof (struct sockaddr_in6)]; | 1630 | struct IPv4UdpAddress *v4; |
1631 | struct IPv6UdpAddress *v6; | ||
1608 | 1632 | ||
1609 | struct sockaddr_in *v4; | 1633 | if ((addrlen != sizeof (struct IPv4UdpAddress)) && |
1610 | struct sockaddr_in6 *v6; | 1634 | (addrlen != sizeof (struct IPv6UdpAddress))) |
1611 | |||
1612 | if ((addrlen != sizeof (struct sockaddr_in)) && | ||
1613 | (addrlen != sizeof (struct sockaddr_in6))) | ||
1614 | { | 1635 | { |
1615 | GNUNET_break_op (0); | 1636 | GNUNET_break_op (0); |
1616 | return GNUNET_SYSERR; | 1637 | return GNUNET_SYSERR; |
1617 | } | 1638 | } |
1618 | memcpy (buf, addr, sizeof (struct sockaddr_in6)); | 1639 | if (addrlen == sizeof (struct IPv4UdpAddress)) |
1619 | if (addrlen == sizeof (struct sockaddr_in)) | ||
1620 | { | 1640 | { |
1621 | v4 = (struct sockaddr_in *) buf; | 1641 | v4 = (struct IPv4UdpAddress *) addr; |
1622 | v4->sin_port = htons (plugin->port); | 1642 | if (GNUNET_OK != |
1643 | check_port (plugin, ntohs (v4->u_port))) | ||
1644 | return GNUNET_SYSERR; | ||
1645 | /* FIXME: check IP! */ | ||
1623 | } | 1646 | } |
1624 | else | 1647 | else |
1625 | { | 1648 | { |
1626 | v6 = (struct sockaddr_in6 *) buf; | 1649 | v6 = (struct IPv6UdpAddress *) addr; |
1627 | v6->sin6_port = htons (plugin->port); | 1650 | if (IN6_IS_ADDR_LINKLOCAL (&v6->ipv6_addr)) |
1651 | { | ||
1652 | GNUNET_break_op (0); | ||
1653 | return GNUNET_SYSERR; | ||
1654 | } | ||
1655 | if (GNUNET_OK != | ||
1656 | check_port (plugin, ntohs (v6->u6_port))) | ||
1657 | return GNUNET_SYSERR; | ||
1658 | /* FIXME: check IP! */ | ||
1628 | } | 1659 | } |
1629 | |||
1630 | #if DEBUG_UDP | 1660 | #if DEBUG_UDP |
1631 | GNUNET_log_from (GNUNET_ERROR_TYPE_DEBUG, | 1661 | GNUNET_log_from (GNUNET_ERROR_TYPE_DEBUG, |
1632 | "udp", | 1662 | "udp", |