towards fixing blacklisting APIs and implementation

3 files changed, 35 insertions, 81 deletions

diff --git a/src/include/gnunet_core_service.h b/src/include/gnunet_core_service.h
index 47b8d6f98..b7dc6f7da 100644
--- a/src/include/gnunet_core_service.h
+++ b/src/include/gnunet_core_service.h
@@ -51,7 +51,7 @@ struct GNUNET_CORE_Handle;
 
 
 /**
- * Method called whenever a given peer either connects.
+ * Method called whenever a given peer connects.
  *
  * @param cls closure
  * @param peer peer identity this notification is about
@@ -164,7 +164,6 @@ typedef void
  * @param cls closure for the various callbacks that follow (including handlers in the handlers array)
  * @param init callback to call on timeout or once we have successfully
  *        connected to the core service; note that timeout is only meaningful if init is not NULL
- * @param pre_connects function to call on peer pre-connect (no session key yet), can be NULL
  * @param connects function to call on peer connect, can be NULL
  * @param disconnects function to call on peer disconnect / timeout, can be NULL
  * @param inbound_notify function to call for all inbound messages, can be NULL
@@ -200,7 +199,6 @@ GNUNET_CORE_connect (struct GNUNET_SCHEDULER_Handle *sched,
                      struct GNUNET_TIME_Relative timeout,
                      void *cls,
                      GNUNET_CORE_StartupCallback init,
-                     GNUNET_CORE_ConnectEventHandler pre_connects,
                      GNUNET_CORE_ConnectEventHandler connects,
                      GNUNET_CORE_DisconnectEventHandler disconnects,
                      GNUNET_CORE_MessageCallback inbound_notify,
diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h
index 602137f98..d992c9fb7 100644
--- a/src/include/gnunet_protocols.h
+++ b/src/include/gnunet_protocols.h
@@ -174,16 +174,19 @@ extern "C"
 #define GNUNET_MESSAGE_TYPE_TRANSPORT_ADDRESS_REPLY 28
 
 /**
- * Change in blacklisting status of a peer.
+ * Register a client that wants to do blacklisting.
  */
-#define GNUNET_MESSAGE_TYPE_TRANSPORT_BLACKLIST 29
+#define GNUNET_MESSAGE_TYPE_TRANSPORT_BLACKLIST_INIT 29
 
 /**
- * Request to transport to notify us about any blacklisting status
- * changes on this connection (and to immediately send all
- * active blacklist entries).
+ * Query to a blacklisting client (is this peer blacklisted)?
  */
-#define GNUNET_MESSAGE_TYPE_TRANSPORT_BLACKLIST_NOTIFY 30
+#define GNUNET_MESSAGE_TYPE_TRANSPORT_BLACKLIST_QUERY 30
+
+/**
+ * Reply from blacklisting client (answer to blacklist query).
+ */
+#define GNUNET_MESSAGE_TYPE_TRANSPORT_BLACKLIST_REPLY 31
 
 /**
  * Transport PING message
diff --git a/src/include/gnunet_transport_service.h b/src/include/gnunet_transport_service.h
index 711ebb599..57bdecd17 100644
--- a/src/include/gnunet_transport_service.h
+++ b/src/include/gnunet_transport_service.h
@@ -299,99 +299,52 @@ GNUNET_TRANSPORT_address_lookup (struct GNUNET_SCHEDULER_Handle *sched,
 
 
 /**
- * Handle for blacklisting requests.
+ * Handle for blacklisting peers.
  */
-struct GNUNET_TRANSPORT_BlacklistRequest;
+struct GNUNET_TRANSPORT_Blacklist;
 
 
 /**
- * Blacklist a peer for a given period of time.  All connections
- * (inbound and outbound) to a peer that is blacklisted will be
- * dropped (as soon as we learn who the connection is for).  A second
- * call to this function for the same peer overrides previous
- * blacklisting requests.
- *
- * @param sched scheduler to use
- * @param cfg configuration to use
- * @param peer identity of peer to blacklist
- * @param duration how long to blacklist, use GNUNET_TIME_UNIT_ZERO to
- *        re-enable connections
- * @param timeout when should this operation (trying to establish the
- *        blacklisting time out)
- * @param cont continuation to call once the request has been processed
- * @param cont_cls closure for cont
- * @return NULL on error, otherwise handle for cancellation
- */
-struct GNUNET_TRANSPORT_BlacklistRequest *
-GNUNET_TRANSPORT_blacklist (struct GNUNET_SCHEDULER_Handle *sched,
-                            const struct GNUNET_CONFIGURATION_Handle *cfg,
-                            const struct GNUNET_PeerIdentity *peer,
-                            struct GNUNET_TIME_Relative duration,
-                            struct GNUNET_TIME_Relative timeout,
-                            GNUNET_SCHEDULER_Task cont,
-                            void *cont_cls);
-
-
-/**
- * Abort transmitting the blacklist request.  Note that this function
- * is NOT for removing a peer from the blacklist (for that, call 
- * GNUNET_TRANSPORT_blacklist with a duration of zero).  This function
- * is only for aborting the transmission of a blacklist request
- * (i.e. because of shutdown).
- *
- * @param br handle of the request that is to be cancelled
- */
-void
-GNUNET_TRANSPORT_blacklist_cancel (struct GNUNET_TRANSPORT_BlacklistRequest * br);
-
-
-/**
- * Handle for blacklist notifications.
- */
-struct GNUNET_TRANSPORT_BlacklistNotification;
-
-
-/**
- * Signature of function called whenever the blacklist status of
- * a peer changes.  This includes changes to the duration of the
- * blacklist status as well as the expiration of an existing
- * blacklist status.
+ * Function that decides if a connection is acceptable or not.
  *
  * @param cls closure
- * @param peer identity of peer with the change
- * @param until GNUNET_TIME_UNIT_ZERO_ABS if the peer is no
- *              longer blacklisted, otherwise the time at
- *              which the current blacklisting will expire
+ * @param pid peer to approve or disapproave
+ * @return GNUNET_OK if the connection is allowed
  */
-typedef void (*GNUNET_TRANSPORT_BlacklistCallback)(void *cls,
-                                                   const struct GNUNET_PeerIdentity *peer,
-                                                   struct GNUNET_TIME_Absolute until);
+typedef int (*GNUNET_TRANSPORT_BlacklistCallback)(void *cls,
+                                                  const struct GNUNET_PeerIdentity *pid);
 
 
 /**
- * Call a function whenever a peer's blacklisting status changes.
+ * Install a blacklist callback.  The service will be queried for all
+ * existing connections as well as any fresh connections to check if
+ * they are permitted.  If the blacklisting callback is unregistered,
+ * all hosts that were denied in the past will automatically be
+ * whitelisted again.  Cancelling the blacklist handle is also the
+ * only way to re-enable connections from peers that were previously
+ * blacklisted.
  *
  * @param sched scheduler to use
  * @param cfg configuration to use
- * @param bc function to call on status changes
- * @param bc_cls closure for bc
+ * @param cb callback to invoke to check if connections are allowed
+ * @param cb_cls closure for cb
  * @return NULL on error, otherwise handle for cancellation
  */
-struct GNUNET_TRANSPORT_BlacklistNotification *
-GNUNET_TRANSPORT_blacklist_notify (struct GNUNET_SCHEDULER_Handle *sched,
-                                   const struct GNUNET_CONFIGURATION_Handle *cfg,
-                                   GNUNET_TRANSPORT_BlacklistCallback bc,
-                                   void *bc_cls);
+struct GNUNET_TRANSPORT_Blacklist *
+GNUNET_TRANSPORT_blacklist (struct GNUNET_SCHEDULER_Handle *sched,
+                            const struct GNUNET_CONFIGURATION_Handle *cfg,
+                            GNUNET_TRANSPORT_BlacklistCallback cb,
+                            void *cb_cls);
 
 
 /**
- * Stop calling the notification callback associated with
- * the given blacklist notification.
+ * Abort the blacklist.  Note that this function is the only way for
+ * removing a peer from the blacklist.
  *
- * @param bn handle of the request that is to be cancelled
+ * @param br handle of the request that is to be cancelled
  */
 void
-GNUNET_TRANSPORT_blacklist_notify_cancel (struct GNUNET_TRANSPORT_BlacklistNotification * bn);
+GNUNET_TRANSPORT_blacklist_cancel (struct GNUNET_TRANSPORT_Blacklist *br);