diff options
| author | Nathan S. Evans <evans@in.tum.de> | 2011-01-09 16:49:49 +0000 |
|---|---|---|
| committer | Nathan S. Evans <evans@in.tum.de> | 2011-01-09 16:49:49 +0000 |
| commit | 55f511690ed6a383b2a5c8e22efafebc1c10fb55 (patch) | |
| tree | 1c22d90ba19f55b93e148a1ef2b5fed898d7c3c4 /src/dht/gnunet-dht-driver.c | |
| parent | 345005a7e50e9915da2619a2e7b619e04fdc6405 (diff) | |
| download | gnunet-55f511690ed6a383b2a5c8e22efafebc1c10fb55.tar.gz gnunet-55f511690ed6a383b2a5c8e22efafebc1c10fb55.zip | |
implement sybil attack for testing
Diffstat (limited to 'src/dht/gnunet-dht-driver.c')
| -rw-r--r-- | src/dht/gnunet-dht-driver.c | 122 |
1 files changed, 112 insertions, 10 deletions
diff --git a/src/dht/gnunet-dht-driver.c b/src/dht/gnunet-dht-driver.c index f5848486d..80b1507a6 100644 --- a/src/dht/gnunet-dht-driver.c +++ b/src/dht/gnunet-dht-driver.c | |||
| @@ -458,6 +458,21 @@ static unsigned long long round_delay; | |||
| 458 | static unsigned long long malicious_droppers; | 458 | static unsigned long long malicious_droppers; |
| 459 | 459 | ||
| 460 | /** | 460 | /** |
| 461 | * Bloom filter to restrict malicious nodes chosen. | ||
| 462 | */ | ||
| 463 | struct GNUNET_CONTAINER_BloomFilter *malicious_bloom; | ||
| 464 | |||
| 465 | /** | ||
| 466 | * Whether malicious droppers should be chosen based on proximity to a key. | ||
| 467 | */ | ||
| 468 | static int malicious_sybil; | ||
| 469 | |||
| 470 | /** | ||
| 471 | * Target for the malicious sybil nodes (choose the closest to this key). | ||
| 472 | */ | ||
| 473 | static GNUNET_HashCode sybil_target; | ||
| 474 | |||
| 475 | /** | ||
| 461 | * How often to send malicious GET messages. | 476 | * How often to send malicious GET messages. |
| 462 | */ | 477 | */ |
| 463 | static struct GNUNET_TIME_Relative malicious_get_frequency; | 478 | static struct GNUNET_TIME_Relative malicious_get_frequency; |
| @@ -1924,7 +1939,7 @@ do_put (void *cls, const struct GNUNET_SCHEDULER_TaskContext * tc) | |||
| 1924 | GNUNET_DHT_put(test_put->dht_handle, | 1939 | GNUNET_DHT_put(test_put->dht_handle, |
| 1925 | &known_keys[test_put->uid], | 1940 | &known_keys[test_put->uid], |
| 1926 | put_replication, | 1941 | put_replication, |
| 1927 | GNUNET_DHT_RO_NONE, | 1942 | GNUNET_DHT_RO_NONE, |
| 1928 | GNUNET_BLOCK_TYPE_TEST, | 1943 | GNUNET_BLOCK_TYPE_TEST, |
| 1929 | sizeof(data), data, | 1944 | sizeof(data), data, |
| 1930 | GNUNET_TIME_UNIT_FOREVER_ABS, | 1945 | GNUNET_TIME_UNIT_FOREVER_ABS, |
| @@ -2094,15 +2109,14 @@ schedule_find_peer_requests (void *cls, const struct GNUNET_SCHEDULER_TaskContex | |||
| 2094 | } | 2109 | } |
| 2095 | 2110 | ||
| 2096 | /** | 2111 | /** |
| 2097 | * Set up some all of the put and get operations we want | 2112 | * Set up all of the put and get operations we want to do |
| 2098 | * to do. Allocate data structure for each, add to list, | 2113 | * in the current round. Allocate data structure for each, |
| 2099 | * then call actual insert functions. | 2114 | * add to list, then schedule the actual PUT operations. |
| 2100 | */ | 2115 | */ |
| 2101 | static void | 2116 | static void |
| 2102 | setup_puts_and_gets (void *cls, const struct GNUNET_SCHEDULER_TaskContext * tc) | 2117 | setup_puts_and_gets (void *cls, const struct GNUNET_SCHEDULER_TaskContext * tc) |
| 2103 | { | 2118 | { |
| 2104 | int i; | 2119 | int i; |
| 2105 | uint32_t temp_daemon; | ||
| 2106 | struct TestPutContext *test_put; | 2120 | struct TestPutContext *test_put; |
| 2107 | struct TestGetContext *test_get; | 2121 | struct TestGetContext *test_get; |
| 2108 | #if REMEMBER | 2122 | #if REMEMBER |
| @@ -2115,8 +2129,20 @@ setup_puts_and_gets (void *cls, const struct GNUNET_SCHEDULER_TaskContext * tc) | |||
| 2115 | test_put = GNUNET_malloc(sizeof(struct TestPutContext)); | 2129 | test_put = GNUNET_malloc(sizeof(struct TestPutContext)); |
| 2116 | test_put->uid = i; | 2130 | test_put->uid = i; |
| 2117 | GNUNET_CRYPTO_hash_create_random (GNUNET_CRYPTO_QUALITY_WEAK, &known_keys[i]); | 2131 | GNUNET_CRYPTO_hash_create_random (GNUNET_CRYPTO_QUALITY_WEAK, &known_keys[i]); |
| 2118 | temp_daemon = GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, num_peers); | 2132 | /* Set first X bits to match the chosen sybil location if we want to do the sybil attack! */ |
| 2119 | test_put->daemon = GNUNET_TESTING_daemon_get(pg, temp_daemon); | 2133 | if (GNUNET_YES == malicious_sybil) |
| 2134 | { | ||
| 2135 | memcpy(&known_keys[i], &sybil_target, sizeof(GNUNET_HashCode) / 2); | ||
| 2136 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Distance between sybil location and key is %d\n", GNUNET_CRYPTO_hash_matching_bits(&known_keys[i], &sybil_target)); | ||
| 2137 | } | ||
| 2138 | test_put->daemon = GNUNET_TESTING_daemon_get(pg, GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, num_peers)); | ||
| 2139 | /* Don't start PUTs at malicious peers! */ | ||
| 2140 | if (malicious_bloom != NULL) | ||
| 2141 | { | ||
| 2142 | while (GNUNET_YES == GNUNET_CONTAINER_bloomfilter_test(malicious_bloom, &test_put->daemon->id.hashPubKey)) | ||
| 2143 | test_put->daemon = GNUNET_TESTING_daemon_get(pg, GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, num_peers)); | ||
| 2144 | } | ||
| 2145 | |||
| 2120 | test_put->next = all_puts; | 2146 | test_put->next = all_puts; |
| 2121 | all_puts = test_put; | 2147 | all_puts = test_put; |
| 2122 | } | 2148 | } |
| @@ -2131,6 +2157,12 @@ setup_puts_and_gets (void *cls, const struct GNUNET_SCHEDULER_TaskContext * tc) | |||
| 2131 | remember[test_get->uid][temp_daemon] = 1; | 2157 | remember[test_get->uid][temp_daemon] = 1; |
| 2132 | #endif | 2158 | #endif |
| 2133 | test_get->daemon = GNUNET_TESTING_daemon_get(pg, GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, num_peers)); | 2159 | test_get->daemon = GNUNET_TESTING_daemon_get(pg, GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, num_peers)); |
| 2160 | /* Don't start GETs at malicious peers! */ | ||
| 2161 | if (malicious_bloom != NULL) | ||
| 2162 | { | ||
| 2163 | while (GNUNET_YES == GNUNET_CONTAINER_bloomfilter_test(malicious_bloom, &test_get->daemon->id.hashPubKey)) | ||
| 2164 | test_get->daemon = GNUNET_TESTING_daemon_get(pg, GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, num_peers)); | ||
| 2165 | } | ||
| 2134 | test_get->next = all_gets; | 2166 | test_get->next = all_gets; |
| 2135 | all_gets = test_get; | 2167 | all_gets = test_get; |
| 2136 | } | 2168 | } |
| @@ -2282,6 +2314,57 @@ set_malicious (void *cls, const struct GNUNET_SCHEDULER_TaskContext * tc) | |||
| 2282 | } | 2314 | } |
| 2283 | 2315 | ||
| 2284 | /** | 2316 | /** |
| 2317 | * Choose the next peer from the peer group to set as malicious. | ||
| 2318 | * If we are doing a sybil attack, find the nearest peer to the | ||
| 2319 | * sybil location that has not already been set malicious. Otherwise | ||
| 2320 | * just choose a random not already chosen peer. | ||
| 2321 | * | ||
| 2322 | * @param pg the peer group | ||
| 2323 | * @param bloom the bloomfilter which contains all peer already | ||
| 2324 | * chosen to be malicious | ||
| 2325 | */ | ||
| 2326 | static uint32_t | ||
| 2327 | choose_next_malicious (struct GNUNET_TESTING_PeerGroup *pg, struct GNUNET_CONTAINER_BloomFilter *bloom) | ||
| 2328 | { | ||
| 2329 | int i; | ||
| 2330 | int nearest; | ||
| 2331 | int bits_match; | ||
| 2332 | int curr_distance; | ||
| 2333 | struct GNUNET_TESTING_Daemon *temp_daemon; | ||
| 2334 | |||
| 2335 | curr_distance = 0; | ||
| 2336 | |||
| 2337 | if (GNUNET_YES == malicious_sybil) | ||
| 2338 | { | ||
| 2339 | for (i = 0; i < num_peers; i++) | ||
| 2340 | { | ||
| 2341 | temp_daemon = GNUNET_TESTING_daemon_get(pg, i); | ||
| 2342 | /* Check if this peer matches the bloomfilter */ | ||
| 2343 | if (GNUNET_YES == GNUNET_CONTAINER_bloomfilter_test (bloom, &temp_daemon->id.hashPubKey)) | ||
| 2344 | continue; | ||
| 2345 | |||
| 2346 | bits_match = GNUNET_CRYPTO_hash_matching_bits (&temp_daemon->id.hashPubKey, &sybil_target); | ||
| 2347 | if (bits_match >= curr_distance) | ||
| 2348 | { | ||
| 2349 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "Found nearer peer %s to %s, old matching bits %d, new %d\n", GNUNET_i2s(&temp_daemon->id), GNUNET_h2s(&sybil_target), curr_distance, bits_match); | ||
| 2350 | nearest = i; | ||
| 2351 | curr_distance = bits_match; | ||
| 2352 | } | ||
| 2353 | } | ||
| 2354 | } | ||
| 2355 | else | ||
| 2356 | { | ||
| 2357 | nearest = GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, num_peers); | ||
| 2358 | while (GNUNET_YES == GNUNET_CONTAINER_bloomfilter_test (bloom, &temp_daemon->id.hashPubKey)) | ||
| 2359 | { | ||
| 2360 | nearest = GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, num_peers); | ||
| 2361 | } | ||
| 2362 | } | ||
| 2363 | |||
| 2364 | return nearest; | ||
| 2365 | } | ||
| 2366 | |||
| 2367 | /** | ||
| 2285 | * Select randomly from set of known peers, | 2368 | * Select randomly from set of known peers, |
| 2286 | * set the desired number of peers to the | 2369 | * set the desired number of peers to the |
| 2287 | * proper malicious types. | 2370 | * proper malicious types. |
| @@ -2296,8 +2379,9 @@ setup_malicious_peers (void *cls, const struct GNUNET_SCHEDULER_TaskContext * tc | |||
| 2296 | for (i = 0; i < malicious_getters; i++) | 2379 | for (i = 0; i < malicious_getters; i++) |
| 2297 | { | 2380 | { |
| 2298 | ctx = GNUNET_malloc(sizeof(struct MaliciousContext)); | 2381 | ctx = GNUNET_malloc(sizeof(struct MaliciousContext)); |
| 2299 | temp_daemon = GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, num_peers); | 2382 | temp_daemon = choose_next_malicious(pg, malicious_bloom); |
| 2300 | ctx->daemon = GNUNET_TESTING_daemon_get(pg, temp_daemon); | 2383 | ctx->daemon = GNUNET_TESTING_daemon_get(pg, temp_daemon); |
| 2384 | GNUNET_CONTAINER_bloomfilter_add(malicious_bloom, &ctx->daemon->id.hashPubKey); | ||
| 2301 | ctx->malicious_type = GNUNET_MESSAGE_TYPE_DHT_MALICIOUS_GET; | 2385 | ctx->malicious_type = GNUNET_MESSAGE_TYPE_DHT_MALICIOUS_GET; |
| 2302 | GNUNET_SCHEDULER_add_now (&set_malicious, ctx); | 2386 | GNUNET_SCHEDULER_add_now (&set_malicious, ctx); |
| 2303 | 2387 | ||
| @@ -2306,8 +2390,9 @@ setup_malicious_peers (void *cls, const struct GNUNET_SCHEDULER_TaskContext * tc | |||
| 2306 | for (i = 0; i < malicious_putters; i++) | 2390 | for (i = 0; i < malicious_putters; i++) |
| 2307 | { | 2391 | { |
| 2308 | ctx = GNUNET_malloc(sizeof(struct MaliciousContext)); | 2392 | ctx = GNUNET_malloc(sizeof(struct MaliciousContext)); |
| 2309 | temp_daemon = GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, num_peers); | 2393 | temp_daemon = choose_next_malicious(pg, malicious_bloom); |
| 2310 | ctx->daemon = GNUNET_TESTING_daemon_get(pg, temp_daemon); | 2394 | ctx->daemon = GNUNET_TESTING_daemon_get(pg, temp_daemon); |
| 2395 | GNUNET_CONTAINER_bloomfilter_add(malicious_bloom, &ctx->daemon->id.hashPubKey); | ||
| 2311 | ctx->malicious_type = GNUNET_MESSAGE_TYPE_DHT_MALICIOUS_PUT; | 2396 | ctx->malicious_type = GNUNET_MESSAGE_TYPE_DHT_MALICIOUS_PUT; |
| 2312 | GNUNET_SCHEDULER_add_now (&set_malicious, ctx); | 2397 | GNUNET_SCHEDULER_add_now (&set_malicious, ctx); |
| 2313 | 2398 | ||
| @@ -2316,8 +2401,9 @@ setup_malicious_peers (void *cls, const struct GNUNET_SCHEDULER_TaskContext * tc | |||
| 2316 | for (i = 0; i < malicious_droppers; i++) | 2401 | for (i = 0; i < malicious_droppers; i++) |
| 2317 | { | 2402 | { |
| 2318 | ctx = GNUNET_malloc(sizeof(struct MaliciousContext)); | 2403 | ctx = GNUNET_malloc(sizeof(struct MaliciousContext)); |
| 2319 | temp_daemon = GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, num_peers); | 2404 | temp_daemon = choose_next_malicious(pg, malicious_bloom); |
| 2320 | ctx->daemon = GNUNET_TESTING_daemon_get(pg, temp_daemon); | 2405 | ctx->daemon = GNUNET_TESTING_daemon_get(pg, temp_daemon); |
| 2406 | GNUNET_CONTAINER_bloomfilter_add(malicious_bloom, &ctx->daemon->id.hashPubKey); | ||
| 2321 | ctx->malicious_type = GNUNET_MESSAGE_TYPE_DHT_MALICIOUS_DROP; | 2407 | ctx->malicious_type = GNUNET_MESSAGE_TYPE_DHT_MALICIOUS_DROP; |
| 2322 | GNUNET_SCHEDULER_add_now (&set_malicious, ctx); | 2408 | GNUNET_SCHEDULER_add_now (&set_malicious, ctx); |
| 2323 | } | 2409 | } |
| @@ -2910,6 +2996,19 @@ run (void *cls, | |||
| 2910 | if (GNUNET_YES == GNUNET_CONFIGURATION_get_value_yesno(cfg, "DHT_TESTING", "MALICIOUS_AFTER_SETTLE")) | 2996 | if (GNUNET_YES == GNUNET_CONFIGURATION_get_value_yesno(cfg, "DHT_TESTING", "MALICIOUS_AFTER_SETTLE")) |
| 2911 | malicious_after_settle = GNUNET_YES; | 2997 | malicious_after_settle = GNUNET_YES; |
| 2912 | 2998 | ||
| 2999 | if (GNUNET_YES == GNUNET_CONFIGURATION_get_value_yesno(cfg, "DHT_TESTING", "MALICIOUS_SYBIL")) | ||
| 3000 | { | ||
| 3001 | /* Set up the malicious target at random for this round */ | ||
| 3002 | GNUNET_CRYPTO_hash_create_random (GNUNET_CRYPTO_QUALITY_WEAK, &sybil_target); | ||
| 3003 | malicious_sybil = GNUNET_YES; | ||
| 3004 | } | ||
| 3005 | |||
| 3006 | if ((malicious_droppers > 0) || (malicious_getters > 0) || (malicious_putters > 0)) | ||
| 3007 | { | ||
| 3008 | /* Create the bloomfilter for choosing which peers to set malicious */ | ||
| 3009 | malicious_bloom = GNUNET_CONTAINER_bloomfilter_init (NULL, DHT_BLOOM_SIZE, DHT_BLOOM_K); | ||
| 3010 | } | ||
| 3011 | |||
| 2913 | /* The normal behavior of the DHT is to do find peer requests | 3012 | /* The normal behavior of the DHT is to do find peer requests |
| 2914 | * on its own. Only if this is explicitly turned off should | 3013 | * on its own. Only if this is explicitly turned off should |
| 2915 | * the testing driver issue find peer requests (even though | 3014 | * the testing driver issue find peer requests (even though |
| @@ -3133,6 +3232,9 @@ main (int argc, char *argv[]) | |||
| 3133 | options, &run, &ok); | 3232 | options, &run, &ok); |
| 3134 | 3233 | ||
| 3135 | 3234 | ||
| 3235 | if (malicious_bloom != NULL) | ||
| 3236 | GNUNET_CONTAINER_bloomfilter_free (malicious_bloom); | ||
| 3237 | |||
| 3136 | if (ret != GNUNET_OK) | 3238 | if (ret != GNUNET_OK) |
| 3137 | { | 3239 | { |
| 3138 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "`gnunet-dht-driver': Failed with error code %d\n", ret); | 3240 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "`gnunet-dht-driver': Failed with error code %d\n", ret); |