diff options
author | Matthias Wachs <wachs@net.in.tum.de> | 2014-03-25 16:40:41 +0000 |
---|---|---|
committer | Matthias Wachs <wachs@net.in.tum.de> | 2014-03-25 16:40:41 +0000 |
commit | f76eed6fcd00a1f693d9279a9ac14a200eaf87d2 (patch) | |
tree | c6f79c623185b6496de7f2e66eab0fda0bc68421 /src/transport/gnunet-service-transport.c | |
parent | bf638cabbe348680e7132eafb1091dfca2c0b8a5 (diff) | |
download | gnunet-f76eed6fcd00a1f693d9279a9ac14a200eaf87d2.tar.gz gnunet-f76eed6fcd00a1f693d9279a9ac14a200eaf87d2.zip |
Do blacklist checks on CONNECT before giving CONNECT to neighbours.
If peer is blacklisted we do not need to to anything, this simplifies the state machine:
If peer is blacklisted: CONNECT is not given to neighbours
If address is blacklisted: address is not given to ATS and will therefore not be suggested
So neighbour can use this information without additional blacklist checks
Diffstat (limited to 'src/transport/gnunet-service-transport.c')
-rw-r--r-- | src/transport/gnunet-service-transport.c | 176 |
1 files changed, 169 insertions, 7 deletions
diff --git a/src/transport/gnunet-service-transport.c b/src/transport/gnunet-service-transport.c index 0be5b4391..f4878a54f 100644 --- a/src/transport/gnunet-service-transport.c +++ b/src/transport/gnunet-service-transport.c | |||
@@ -71,6 +71,21 @@ struct SessionKiller | |||
71 | GNUNET_SCHEDULER_TaskIdentifier task; | 71 | GNUNET_SCHEDULER_TaskIdentifier task; |
72 | }; | 72 | }; |
73 | 73 | ||
74 | struct BlacklistCheckContext | ||
75 | { | ||
76 | struct BlacklistCheckContext *prev; | ||
77 | struct BlacklistCheckContext *next; | ||
78 | |||
79 | |||
80 | struct GST_BlacklistCheck *blc; | ||
81 | |||
82 | struct GNUNET_HELLO_Address *address; | ||
83 | struct Session *session; | ||
84 | struct GNUNET_MessageHeader *msg; | ||
85 | struct GNUNET_ATS_Information *ats; | ||
86 | uint32_t ats_count; | ||
87 | }; | ||
88 | |||
74 | /* globals */ | 89 | /* globals */ |
75 | 90 | ||
76 | /** | 91 | /** |
@@ -128,6 +143,10 @@ static struct SessionKiller *sk_head; | |||
128 | */ | 143 | */ |
129 | static struct SessionKiller *sk_tail; | 144 | static struct SessionKiller *sk_tail; |
130 | 145 | ||
146 | struct BlacklistCheckContext *bc_head; | ||
147 | struct BlacklistCheckContext *bc_tail; | ||
148 | |||
149 | |||
131 | /** | 150 | /** |
132 | * Transmit our HELLO message to the given (connected) neighbour. | 151 | * Transmit our HELLO message to the given (connected) neighbour. |
133 | * | 152 | * |
@@ -264,6 +283,86 @@ kill_session (const char *plugin_name, struct Session *session) | |||
264 | } | 283 | } |
265 | 284 | ||
266 | /** | 285 | /** |
286 | * Black list check result for try_connect call | ||
287 | * If connection to the peer is allowed request adddress and | ||
288 | * | ||
289 | * @param cls blc_ctx bl context | ||
290 | * @param peer the peer | ||
291 | * @param result the result | ||
292 | */ | ||
293 | static void | ||
294 | connect_address_bl_check_cont (void *cls, | ||
295 | const struct GNUNET_PeerIdentity *peer, int result) | ||
296 | { | ||
297 | struct BlacklistCheckContext *blctx = cls; | ||
298 | |||
299 | if (GNUNET_OK == result) | ||
300 | { | ||
301 | GST_ats_add_address (blctx->address, blctx->session, NULL, 0); | ||
302 | } | ||
303 | else | ||
304 | { | ||
305 | kill_session (blctx->address->transport_name, blctx->session); | ||
306 | } | ||
307 | |||
308 | GNUNET_CONTAINER_DLL_remove (bc_head, bc_tail, blctx); | ||
309 | GNUNET_HELLO_address_free (blctx->address); | ||
310 | GNUNET_free (blctx); | ||
311 | } | ||
312 | |||
313 | /** | ||
314 | * Black list check result for try_connect call | ||
315 | * If connection to the peer is allowed request adddress and | ||
316 | * | ||
317 | * @param cls blc_ctx bl context | ||
318 | * @param peer the peer | ||
319 | * @param result the result | ||
320 | */ | ||
321 | static void | ||
322 | connect_bl_check_cont (void *cls, | ||
323 | const struct GNUNET_PeerIdentity *peer, int result) | ||
324 | { | ||
325 | struct BlacklistCheckContext *blctx = cls; | ||
326 | struct BlacklistCheckContext *blctx_address; | ||
327 | struct GST_BlacklistCheck *blc; | ||
328 | if (GNUNET_OK == result) | ||
329 | { | ||
330 | /* Check if incoming address can be used to communicate */ | ||
331 | blctx_address = GNUNET_new (struct BlacklistCheckContext); | ||
332 | blctx_address->address = GNUNET_HELLO_address_copy (blctx->address); | ||
333 | blctx_address->session = blctx->session; | ||
334 | |||
335 | GNUNET_CONTAINER_DLL_insert (bc_head, bc_tail, blctx_address); | ||
336 | if (NULL != (blc = GST_blacklist_test_allowed (&blctx_address->address->peer, | ||
337 | blctx_address->address->transport_name, | ||
338 | &connect_address_bl_check_cont, blctx_address))) | ||
339 | { | ||
340 | blctx_address->blc = blc; | ||
341 | } | ||
342 | |||
343 | /* Blacklist allows to speak to this peer, forward CONNECT to neighbours */ | ||
344 | if (GNUNET_OK != GST_neighbours_handle_connect (blctx->msg, | ||
345 | &blctx->address->peer, blctx->address, blctx->session)) | ||
346 | { | ||
347 | kill_session (blctx->address->transport_name, blctx->session); | ||
348 | } | ||
349 | } | ||
350 | else | ||
351 | { | ||
352 | /* Blacklist denies to speak to this peer */ | ||
353 | GNUNET_break (0); | ||
354 | kill_session (blctx->address->transport_name, blctx->session); | ||
355 | GNUNET_break (0); | ||
356 | } | ||
357 | |||
358 | GNUNET_CONTAINER_DLL_remove (bc_head, bc_tail, blctx); | ||
359 | if (NULL != blctx->address) | ||
360 | GNUNET_HELLO_address_free (blctx->address); | ||
361 | GNUNET_free (blctx->msg); | ||
362 | GNUNET_free (blctx); | ||
363 | } | ||
364 | |||
365 | /** | ||
267 | * Function called by the transport for each received message. | 366 | * Function called by the transport for each received message. |
268 | * | 367 | * |
269 | * @param cls closure, const char* with the name of the plugin we received the message from | 368 | * @param cls closure, const char* with the name of the plugin we received the message from |
@@ -284,6 +383,8 @@ GST_receive_callback (void *cls, | |||
284 | { | 383 | { |
285 | const char *plugin_name = cls; | 384 | const char *plugin_name = cls; |
286 | struct GNUNET_TIME_Relative ret; | 385 | struct GNUNET_TIME_Relative ret; |
386 | struct BlacklistCheckContext *blctx; | ||
387 | struct GST_BlacklistCheck *blc; | ||
287 | uint16_t type; | 388 | uint16_t type; |
288 | 389 | ||
289 | ret = GNUNET_TIME_UNIT_ZERO; | 390 | ret = GNUNET_TIME_UNIT_ZERO; |
@@ -328,16 +429,22 @@ GST_receive_callback (void *cls, | |||
328 | } | 429 | } |
329 | break; | 430 | break; |
330 | case GNUNET_MESSAGE_TYPE_TRANSPORT_SESSION_CONNECT: | 431 | case GNUNET_MESSAGE_TYPE_TRANSPORT_SESSION_CONNECT: |
331 | if (GNUNET_OK | 432 | /* Do blacklist check if communication with this peer is allowed */ |
332 | != GST_neighbours_handle_connect (message, &address->peer, address, session)) | 433 | blctx = GNUNET_new (struct BlacklistCheckContext); |
434 | blctx->address = GNUNET_HELLO_address_copy (address); | ||
435 | blctx->session = session; | ||
436 | blctx->msg = GNUNET_malloc (ntohs(message->size)); | ||
437 | memcpy (blctx->msg, message, ntohs(message->size)); | ||
438 | GNUNET_CONTAINER_DLL_insert (bc_head, bc_tail, blctx); | ||
439 | if (NULL != (blc = GST_blacklist_test_allowed (&address->peer, NULL, | ||
440 | &connect_bl_check_cont, blctx))) | ||
333 | { | 441 | { |
334 | GNUNET_break_op(0); | 442 | blctx->blc = blc; |
335 | kill_session (plugin_name, session); | ||
336 | } | 443 | } |
337 | break; | 444 | break; |
338 | case GNUNET_MESSAGE_TYPE_TRANSPORT_SESSION_CONNECT_ACK: | 445 | case GNUNET_MESSAGE_TYPE_TRANSPORT_SESSION_CONNECT_ACK: |
339 | if (GNUNET_OK | 446 | if (GNUNET_OK != GST_neighbours_handle_connect_ack (message, |
340 | != GST_neighbours_handle_connect_ack (message, &address->peer, address, session)) | 447 | &address->peer, address, session)) |
341 | { | 448 | { |
342 | kill_session (plugin_name, session); | 449 | kill_session (plugin_name, session); |
343 | } | 450 | } |
@@ -611,6 +718,37 @@ plugin_env_update_metrics (void *cls, | |||
611 | } | 718 | } |
612 | 719 | ||
613 | /** | 720 | /** |
721 | * Black list check result for try_connect call | ||
722 | * If connection to the peer is allowed request adddress and | ||
723 | * | ||
724 | * @param cls blc_ctx bl context | ||
725 | * @param peer the peer | ||
726 | * @param result the result | ||
727 | */ | ||
728 | static void | ||
729 | plugin_env_session_start_bl_check_cont (void *cls, | ||
730 | const struct GNUNET_PeerIdentity *peer, int result) | ||
731 | { | ||
732 | struct BlacklistCheckContext *blctx = cls; | ||
733 | |||
734 | if (GNUNET_OK == result) | ||
735 | { | ||
736 | GST_ats_add_address (blctx->address, blctx->session, | ||
737 | blctx->ats, blctx->ats_count); | ||
738 | } | ||
739 | else | ||
740 | { | ||
741 | kill_session (blctx->address->transport_name, blctx->session); | ||
742 | } | ||
743 | |||
744 | GNUNET_CONTAINER_DLL_remove (bc_head, bc_tail, blctx); | ||
745 | GNUNET_HELLO_address_free (blctx->address); | ||
746 | GNUNET_free_non_null (blctx->ats); | ||
747 | GNUNET_free (blctx); | ||
748 | } | ||
749 | |||
750 | |||
751 | /** | ||
614 | * Plugin tells transport service about a new inbound session | 752 | * Plugin tells transport service about a new inbound session |
615 | * | 753 | * |
616 | * @param cls unused | 754 | * @param cls unused |
@@ -624,6 +762,10 @@ plugin_env_session_start (void *cls, struct GNUNET_HELLO_Address *address, | |||
624 | struct Session *session, const struct GNUNET_ATS_Information *ats, | 762 | struct Session *session, const struct GNUNET_ATS_Information *ats, |
625 | uint32_t ats_count) | 763 | uint32_t ats_count) |
626 | { | 764 | { |
765 | struct BlacklistCheckContext *blctx; | ||
766 | struct GST_BlacklistCheck *blc; | ||
767 | int c; | ||
768 | |||
627 | if (NULL == address) | 769 | if (NULL == address) |
628 | { | 770 | { |
629 | GNUNET_break(0); | 771 | GNUNET_break(0); |
@@ -640,7 +782,27 @@ plugin_env_session_start (void *cls, struct GNUNET_HELLO_Address *address, | |||
640 | GNUNET_HELLO_address_check_option (address, | 782 | GNUNET_HELLO_address_check_option (address, |
641 | GNUNET_HELLO_ADDRESS_INFO_INBOUND) ? "inbound" : "outbound", | 783 | GNUNET_HELLO_ADDRESS_INFO_INBOUND) ? "inbound" : "outbound", |
642 | session, GNUNET_i2s (&address->peer), GST_plugins_a2s (address)); | 784 | session, GNUNET_i2s (&address->peer), GST_plugins_a2s (address)); |
643 | GST_ats_add_address (address, session, ats, ats_count); | 785 | |
786 | /* Do blacklist check if communication with this peer is allowed */ | ||
787 | blctx = GNUNET_new (struct BlacklistCheckContext); | ||
788 | blctx->address = GNUNET_HELLO_address_copy (address); | ||
789 | blctx->session = session; | ||
790 | if (ats_count > 0) | ||
791 | { | ||
792 | blctx->ats = GNUNET_malloc (ats_count * sizeof (struct GNUNET_ATS_Information)); | ||
793 | for (c = 0; c < ats_count; c++) | ||
794 | { | ||
795 | blctx->ats[c].type = ats[c].type; | ||
796 | blctx->ats[c].value = ats[c].value; | ||
797 | } | ||
798 | } | ||
799 | |||
800 | GNUNET_CONTAINER_DLL_insert (bc_head, bc_tail, blctx); | ||
801 | if (NULL != (blc = GST_blacklist_test_allowed (&address->peer, address->transport_name, | ||
802 | &plugin_env_session_start_bl_check_cont, blctx))) | ||
803 | { | ||
804 | blctx->blc = blc; | ||
805 | } | ||
644 | } | 806 | } |
645 | 807 | ||
646 | /** | 808 | /** |