diff options
author | Sree Harsha Totakura <totakura@in.tum.de> | 2014-01-07 16:19:44 +0000 |
---|---|---|
committer | Sree Harsha Totakura <totakura@in.tum.de> | 2014-01-07 16:19:44 +0000 |
commit | 83d0beb52def13c8c5d162ace16a576338efbb15 (patch) | |
tree | f532d6540c5646cd50b0e6547b5eab304a328673 /src/testbed/gnunet-daemon-testbed-underlay.c | |
parent | cfa7d229b27b9c387351c9bf3c8a9eb7994de13a (diff) | |
download | gnunet-83d0beb52def13c8c5d162ace16a576338efbb15.tar.gz gnunet-83d0beb52def13c8c5d162ace16a576338efbb15.zip |
- restrict underlay based on whitelist for now
Diffstat (limited to 'src/testbed/gnunet-daemon-testbed-underlay.c')
-rw-r--r-- | src/testbed/gnunet-daemon-testbed-underlay.c | 226 |
1 files changed, 62 insertions, 164 deletions
diff --git a/src/testbed/gnunet-daemon-testbed-underlay.c b/src/testbed/gnunet-daemon-testbed-underlay.c index d430b7fd1..aa4c9685a 100644 --- a/src/testbed/gnunet-daemon-testbed-underlay.c +++ b/src/testbed/gnunet-daemon-testbed-underlay.c | |||
@@ -61,26 +61,10 @@ | |||
61 | 61 | ||
62 | 62 | ||
63 | /** | 63 | /** |
64 | * Allow access from the peers read from the whitelist | ||
65 | */ | ||
66 | #define ACCESS_ALLOW 1 | ||
67 | |||
68 | /** | ||
69 | * Deny access from the peers read from the blacklist | ||
70 | */ | ||
71 | #define ACCESS_DENY 0 | ||
72 | |||
73 | /** | ||
74 | * The map to store the peer identities to allow/deny | 64 | * The map to store the peer identities to allow/deny |
75 | */ | 65 | */ |
76 | static struct GNUNET_CONTAINER_MultiPeerMap *map; | 66 | static struct GNUNET_CONTAINER_MultiPeerMap *map; |
77 | 67 | ||
78 | |||
79 | /** | ||
80 | * The map to store the peer identities to allow/deny | ||
81 | */ | ||
82 | static struct GNUNET_CONTAINER_MultiPeerMap *blacklist_map; | ||
83 | |||
84 | /** | 68 | /** |
85 | * The database connection | 69 | * The database connection |
86 | */ | 70 | */ |
@@ -93,9 +77,14 @@ static struct sqlite3 *db; | |||
93 | struct GNUNET_TRANSPORT_Blacklist *bh; | 77 | struct GNUNET_TRANSPORT_Blacklist *bh; |
94 | 78 | ||
95 | /** | 79 | /** |
96 | * The peer ID map | 80 | * The hostkeys file |
81 | */ | ||
82 | struct GNUNET_DISK_FileHandle *hostkeys_fd; | ||
83 | |||
84 | /** | ||
85 | * The hostkeys map | ||
97 | */ | 86 | */ |
98 | static struct GNUNET_DISK_MapHandle *idmap; | 87 | static struct GNUNET_DISK_MapHandle *hostkeys_map; |
99 | 88 | ||
100 | /** | 89 | /** |
101 | * The hostkeys data | 90 | * The hostkeys data |
@@ -117,11 +106,6 @@ static unsigned int num_hostkeys; | |||
117 | */ | 106 | */ |
118 | static GNUNET_SCHEDULER_TaskIdentifier shutdown_task; | 107 | static GNUNET_SCHEDULER_TaskIdentifier shutdown_task; |
119 | 108 | ||
120 | /** | ||
121 | * Are we allowing or denying access from peers | ||
122 | */ | ||
123 | static int mode; | ||
124 | |||
125 | 109 | ||
126 | /** | 110 | /** |
127 | * @ingroup hashmap | 111 | * @ingroup hashmap |
@@ -161,21 +145,6 @@ cleanup_map () | |||
161 | 145 | ||
162 | 146 | ||
163 | /** | 147 | /** |
164 | * Shutdown task to cleanup our resources and exit. | ||
165 | * | ||
166 | * @param cls NULL | ||
167 | * @param tc scheduler task context | ||
168 | */ | ||
169 | static void | ||
170 | do_shutdown (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) | ||
171 | { | ||
172 | cleanup_map (); | ||
173 | if (NULL != bh) | ||
174 | GNUNET_TRANSPORT_blacklist_cancel (bh); | ||
175 | } | ||
176 | |||
177 | |||
178 | /** | ||
179 | * Function that decides if a connection is acceptable or not. | 148 | * Function that decides if a connection is acceptable or not. |
180 | * | 149 | * |
181 | * @param cls closure | 150 | * @param cls closure |
@@ -187,12 +156,8 @@ check_access (void *cls, const struct GNUNET_PeerIdentity * pid) | |||
187 | { | 156 | { |
188 | int contains; | 157 | int contains; |
189 | 158 | ||
190 | if (NULL != map) | 159 | GNUNET_assert (NULL != map); |
191 | contains = GNUNET_CONTAINER_multipeermap_contains (map, pid); | 160 | contains = GNUNET_CONTAINER_multipeermap_contains (map, pid); |
192 | else | ||
193 | contains = GNUNET_NO; | ||
194 | if (ACCESS_DENY == mode) | ||
195 | return (contains) ? GNUNET_SYSERR : GNUNET_OK; | ||
196 | return (contains) ? GNUNET_OK : GNUNET_SYSERR; | 161 | return (contains) ? GNUNET_OK : GNUNET_SYSERR; |
197 | } | 162 | } |
198 | 163 | ||
@@ -213,41 +178,6 @@ get_identity (unsigned int offset, struct GNUNET_PeerIdentity *id) | |||
213 | 178 | ||
214 | 179 | ||
215 | /** | 180 | /** |
216 | * Function to blacklist a peer | ||
217 | * | ||
218 | * @param offset the offset where to find the peer's hostkey in the array of hostkeys | ||
219 | */ | ||
220 | static void | ||
221 | blacklist_peer (unsigned int offset) | ||
222 | { | ||
223 | struct GNUNET_PeerIdentity id; | ||
224 | |||
225 | GNUNET_assert (offset < num_hostkeys); | ||
226 | GNUNET_assert (GNUNET_OK == get_identity (offset, &id)); | ||
227 | GNUNET_break (GNUNET_OK == | ||
228 | GNUNET_CONTAINER_multipeermap_put (map, &id, &id, | ||
229 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); | ||
230 | |||
231 | } | ||
232 | |||
233 | /** | ||
234 | * Blacklist peer | ||
235 | */ | ||
236 | struct BlackListRow | ||
237 | { | ||
238 | /** | ||
239 | * Next ptr | ||
240 | */ | ||
241 | struct BlackListRow *next; | ||
242 | |||
243 | /** | ||
244 | * The offset where to find the hostkey for the peer | ||
245 | */ | ||
246 | unsigned int id; | ||
247 | }; | ||
248 | |||
249 | |||
250 | /** | ||
251 | * Whilelist entry | 181 | * Whilelist entry |
252 | */ | 182 | */ |
253 | struct WhiteListRow | 183 | struct WhiteListRow |
@@ -287,12 +217,10 @@ load_keys (const struct GNUNET_CONFIGURATION_Handle *c) | |||
287 | { | 217 | { |
288 | char *data_dir; | 218 | char *data_dir; |
289 | char *idfile; | 219 | char *idfile; |
290 | struct GNUNET_DISK_FileHandle *fd; | ||
291 | uint64_t fsize; | 220 | uint64_t fsize; |
292 | 221 | ||
293 | data_dir = NULL; | 222 | data_dir = NULL; |
294 | idfile = NULL; | 223 | idfile = NULL; |
295 | fd = NULL; | ||
296 | fsize = 0; | 224 | fsize = 0; |
297 | data_dir = GNUNET_OS_installation_get_path (GNUNET_OS_IPK_DATADIR); | 225 | data_dir = GNUNET_OS_installation_get_path (GNUNET_OS_IPK_DATADIR); |
298 | GNUNET_asprintf (&idfile, "%s/testing_hostkeys.ecc", data_dir); | 226 | GNUNET_asprintf (&idfile, "%s/testing_hostkeys.ecc", data_dir); |
@@ -311,9 +239,9 @@ load_keys (const struct GNUNET_CONFIGURATION_Handle *c) | |||
311 | GNUNET_free (idfile); | 239 | GNUNET_free (idfile); |
312 | return GNUNET_SYSERR; | 240 | return GNUNET_SYSERR; |
313 | } | 241 | } |
314 | fd = GNUNET_DISK_file_open (idfile, GNUNET_DISK_OPEN_READ, | 242 | hostkeys_fd = GNUNET_DISK_file_open (idfile, GNUNET_DISK_OPEN_READ, |
315 | GNUNET_DISK_PERM_NONE); | 243 | GNUNET_DISK_PERM_NONE); |
316 | if (NULL == fd) | 244 | if (NULL == hostkeys_fd) |
317 | { | 245 | { |
318 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "open", idfile); | 246 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "open", idfile); |
319 | GNUNET_free (idfile); | 247 | GNUNET_free (idfile); |
@@ -321,61 +249,55 @@ load_keys (const struct GNUNET_CONFIGURATION_Handle *c) | |||
321 | } | 249 | } |
322 | GNUNET_free (idfile); | 250 | GNUNET_free (idfile); |
323 | idfile = NULL; | 251 | idfile = NULL; |
324 | hostkeys_data = GNUNET_DISK_file_map (fd, | 252 | hostkeys_data = GNUNET_DISK_file_map (hostkeys_fd, |
325 | &idmap, | 253 | &hostkeys_map, |
326 | GNUNET_DISK_MAP_TYPE_READ, | 254 | GNUNET_DISK_MAP_TYPE_READ, |
327 | fsize); | 255 | fsize); |
328 | if (NULL != hostkeys_data) | 256 | if (NULL == hostkeys_data) |
329 | num_hostkeys = fsize / GNUNET_TESTING_HOSTKEYFILESIZE; | 257 | { |
258 | |||
259 | GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "mmap"); | ||
260 | return GNUNET_SYSERR; | ||
261 | } | ||
262 | num_hostkeys = fsize / GNUNET_TESTING_HOSTKEYFILESIZE; | ||
330 | return GNUNET_OK; | 263 | return GNUNET_OK; |
331 | } | 264 | } |
332 | 265 | ||
333 | 266 | ||
334 | /** | 267 | /** |
335 | * Function to read blacklist rows from the database | 268 | * Function to unload keys |
336 | * | ||
337 | * @param db the database connection | ||
338 | * @param pid the identity of this peer | ||
339 | * @param bl_rows where to store the retrieved blacklist rows | ||
340 | * @return GNUNET_SYSERR upon error OR the number of rows retrieved | ||
341 | */ | 269 | */ |
342 | static int | 270 | static void |
343 | db_read_blacklist (struct sqlite3 *db, unsigned int pid, struct BlackListRow **bl_rows) | 271 | unload_keys () |
344 | { | 272 | { |
345 | static const char *query_bl = "SELECT (oid) FROM blacklist WHERE (id == ?);"; | 273 | if (NULL != hostkeys_map) |
346 | struct sqlite3_stmt *stmt_bl; | ||
347 | struct BlackListRow *lr; | ||
348 | int nrows; | ||
349 | int peer_id; | ||
350 | int ret; | ||
351 | |||
352 | if (SQLITE_OK != (ret = sqlite3_prepare_v2 (db, query_bl, -1, &stmt_bl, NULL))) | ||
353 | { | 274 | { |
354 | LOG_SQLITE (db, NULL, GNUNET_ERROR_TYPE_ERROR, "sqlite3_prepare_v2"); | 275 | GNUNET_assert (NULL != hostkeys_data); |
355 | return GNUNET_SYSERR; | 276 | GNUNET_DISK_file_unmap (hostkeys_map); |
277 | hostkeys_map = NULL; | ||
278 | hostkeys_data = NULL; | ||
356 | } | 279 | } |
357 | if (SQLITE_OK != (ret = sqlite3_bind_int (stmt_bl, 1, pid))) | 280 | if (NULL != hostkeys_fd) |
358 | { | 281 | { |
359 | LOG_SQLITE (db, NULL, GNUNET_ERROR_TYPE_ERROR, "sqlite3_bind_int"); | 282 | GNUNET_DISK_file_close (hostkeys_fd); |
360 | sqlite3_finalize (stmt_bl); | 283 | hostkeys_fd = NULL; |
361 | return GNUNET_SYSERR; | ||
362 | } | 284 | } |
363 | nrows = 0; | 285 | } |
364 | do | 286 | |
365 | { | 287 | |
366 | ret = sqlite3_step (stmt_bl); | 288 | /** |
367 | if (SQLITE_ROW != ret) | 289 | * Shutdown task to cleanup our resources and exit. |
368 | break; | 290 | * |
369 | peer_id = sqlite3_column_int (stmt_bl, 1); | 291 | * @param cls NULL |
370 | lr = GNUNET_new (struct BlackListRow); | 292 | * @param tc scheduler task context |
371 | lr->id = peer_id; | 293 | */ |
372 | lr->next = *bl_rows; | 294 | static void |
373 | *bl_rows = lr; | 295 | do_shutdown (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) |
374 | nrows++; | 296 | { |
375 | } while (1); | 297 | cleanup_map (); |
376 | sqlite3_finalize (stmt_bl); | 298 | unload_keys (); |
377 | stmt_bl = NULL; | 299 | if (NULL != bh) |
378 | return nrows; | 300 | GNUNET_TRANSPORT_blacklist_cancel (bh); |
379 | } | 301 | } |
380 | 302 | ||
381 | 303 | ||
@@ -440,12 +362,10 @@ run (void *cls, char *const *args, const char *cfgfile, | |||
440 | const struct GNUNET_CONFIGURATION_Handle *c) | 362 | const struct GNUNET_CONFIGURATION_Handle *c) |
441 | { | 363 | { |
442 | char *dbfile; | 364 | char *dbfile; |
443 | struct BlackListRow *bl_head; | ||
444 | struct BlackListRow *bl_entry; | ||
445 | struct WhiteListRow *wl_head; | 365 | struct WhiteListRow *wl_head; |
446 | struct WhiteListRow *wl_entry; | 366 | struct WhiteListRow *wl_entry; |
447 | struct GNUNET_PeerIdentity identity; | 367 | struct GNUNET_PeerIdentity identity; |
448 | struct GNUNET_ATS_Information triplet[3]; | 368 | struct GNUNET_ATS_Information params[1]; |
449 | unsigned long long pid; | 369 | unsigned long long pid; |
450 | unsigned int nrows; | 370 | unsigned int nrows; |
451 | int ret; | 371 | int ret; |
@@ -462,8 +382,8 @@ run (void *cls, char *const *args, const char *cfgfile, | |||
462 | GNUNET_break (0); | 382 | GNUNET_break (0); |
463 | return; | 383 | return; |
464 | } | 384 | } |
465 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (c, "TESTBED", | 385 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (c, "TESTBED-UNDERLAY", |
466 | "UNDERLAY_DB", | 386 | "DBFILE", |
467 | &dbfile)) | 387 | &dbfile)) |
468 | { | 388 | { |
469 | GNUNET_break (0); | 389 | GNUNET_break (0); |
@@ -484,59 +404,37 @@ run (void *cls, char *const *args, const char *cfgfile, | |||
484 | DEBUG ("Opened database %s\n", dbfile); | 404 | DEBUG ("Opened database %s\n", dbfile); |
485 | GNUNET_free (dbfile); | 405 | GNUNET_free (dbfile); |
486 | dbfile = NULL; | 406 | dbfile = NULL; |
487 | bl_head = NULL; | ||
488 | wl_head = NULL; | 407 | wl_head = NULL; |
489 | nrows = db_read_blacklist (db, pid, &bl_head); | 408 | if (GNUNET_OK != load_keys (c)) |
490 | if (GNUNET_SYSERR == nrows) | ||
491 | goto close_db; | ||
492 | if (nrows > 0) | ||
493 | { | ||
494 | blacklist_map = GNUNET_CONTAINER_multipeermap_create (nrows, GNUNET_YES); | ||
495 | if (GNUNET_OK != load_keys (c)) | ||
496 | goto close_db; | 409 | goto close_db; |
497 | } | ||
498 | while (NULL != (bl_entry = bl_head)) | ||
499 | { | ||
500 | bl_head = bl_entry->next; | ||
501 | blacklist_peer (bl_entry->id); | ||
502 | GNUNET_free (bl_entry); | ||
503 | } | ||
504 | if (NULL != blacklist_map) | ||
505 | { | ||
506 | bh = GNUNET_TRANSPORT_blacklist (c, &check_access, NULL); | ||
507 | shutdown_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, | ||
508 | &do_shutdown, NULL); | ||
509 | } | ||
510 | /* read and process whitelist */ | 410 | /* read and process whitelist */ |
511 | nrows = 0; | 411 | nrows = 0; |
512 | wl_head = NULL; | 412 | wl_head = NULL; |
513 | nrows = db_read_whitelist (db, pid, &wl_head); | 413 | nrows = db_read_whitelist (db, pid, &wl_head); |
514 | if ((GNUNET_SYSERR == nrows) || (0 == nrows)) | 414 | if ((GNUNET_SYSERR == nrows) || (0 == nrows)) |
515 | goto close_db; | 415 | goto close_db; |
516 | triplet[0].type = 0; //FIXME: not implemented: GNUNET_ATS_QUALITY_NET_THROUGHPUT | 416 | map = GNUNET_CONTAINER_multipeermap_create (nrows, GNUNET_YES); |
517 | triplet[1].type = GNUNET_ATS_QUALITY_NET_DELAY; | 417 | params[0].type = GNUNET_ATS_QUALITY_NET_DELAY; |
518 | triplet[2].type = 0; //FIXME: not implemented: GNUNET_ATS_QUALITY_NET_LOSSRATE; | ||
519 | while (NULL != (wl_entry = wl_head)) | 418 | while (NULL != (wl_entry = wl_head)) |
520 | { | 419 | { |
521 | wl_head = wl_entry->next; | 420 | wl_head = wl_entry->next; |
522 | triplet[0].value = wl_entry->bandwidth; //FIXME: bandwidth != throughput !! | 421 | params[0].value = wl_entry->latency; |
523 | triplet[1].value = wl_entry->latency; | ||
524 | triplet[2].value = wl_entry->loss; | ||
525 | GNUNET_assert (GNUNET_OK == get_identity (wl_entry->id, &identity)); | 422 | GNUNET_assert (GNUNET_OK == get_identity (wl_entry->id, &identity)); |
423 | GNUNET_break (GNUNET_OK == | ||
424 | GNUNET_CONTAINER_multipeermap_put (map, &identity, &identity, | ||
425 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_FAST)); | ||
526 | GNUNET_TRANSPORT_set_traffic_metric (transport, | 426 | GNUNET_TRANSPORT_set_traffic_metric (transport, |
527 | &identity, | 427 | &identity, |
528 | GNUNET_YES, | 428 | GNUNET_YES, |
529 | GNUNET_YES, /* FIXME: Separate inbound, outboud metrics */ | 429 | GNUNET_YES, /* FIXME: Separate inbound, outboud metrics */ |
530 | triplet, 3); | 430 | params, 3); |
531 | GNUNET_free (wl_entry); | 431 | GNUNET_free (wl_entry); |
532 | } | 432 | } |
433 | bh = GNUNET_TRANSPORT_blacklist (c, &check_access, NULL); | ||
434 | shutdown_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, | ||
435 | &do_shutdown, NULL); | ||
533 | 436 | ||
534 | close_db: | 437 | close_db: |
535 | while (NULL != (bl_entry = bl_head)) | ||
536 | { | ||
537 | bl_head = bl_entry->next; | ||
538 | GNUNET_free (bl_entry); | ||
539 | } | ||
540 | GNUNET_break (GNUNET_OK == sqlite3_close (db)); | 438 | GNUNET_break (GNUNET_OK == sqlite3_close (db)); |
541 | return; | 439 | return; |
542 | } | 440 | } |