diff options
author | Matthias Wachs <wachs@net.in.tum.de> | 2014-03-27 10:20:43 +0000 |
---|---|---|
committer | Matthias Wachs <wachs@net.in.tum.de> | 2014-03-27 10:20:43 +0000 |
commit | 88809f6c07d0ba65b175e03d7486aa85b513e162 (patch) | |
tree | c44cfa8ea082eb36a13b694d9326de28fc10f022 /src/transport/gnunet-service-transport_neighbours.c | |
parent | 7fe7d0149b760e5876dc1abdedc8affc8d7fbab3 (diff) | |
download | gnunet-88809f6c07d0ba65b175e03d7486aa85b513e162.tar.gz gnunet-88809f6c07d0ba65b175e03d7486aa85b513e162.zip |
remove blacklist check in neighbours on CONNECT
Diffstat (limited to 'src/transport/gnunet-service-transport_neighbours.c')
-rw-r--r-- | src/transport/gnunet-service-transport_neighbours.c | 190 |
1 files changed, 14 insertions, 176 deletions
diff --git a/src/transport/gnunet-service-transport_neighbours.c b/src/transport/gnunet-service-transport_neighbours.c index 7775c6afa..7202ba899 100644 --- a/src/transport/gnunet-service-transport_neighbours.c +++ b/src/transport/gnunet-service-transport_neighbours.c | |||
@@ -2270,174 +2270,6 @@ GST_neighbours_try_connect (const struct GNUNET_PeerIdentity *target) | |||
2270 | 2270 | ||
2271 | 2271 | ||
2272 | /** | 2272 | /** |
2273 | * Function called with the result of a blacklist check. | ||
2274 | * | ||
2275 | * @param cls closure with the `struct BlackListCheckContext` | ||
2276 | * @param peer peer this check affects | ||
2277 | * @param result #GNUNET_OK if the address is allowed | ||
2278 | */ | ||
2279 | static void | ||
2280 | handle_connect_blacklist_check_cont (void *cls, | ||
2281 | const struct GNUNET_PeerIdentity *peer, | ||
2282 | int result) | ||
2283 | { | ||
2284 | struct BlackListCheckContext *bcc = cls; | ||
2285 | struct NeighbourMapEntry *n; | ||
2286 | |||
2287 | bcc->bc = NULL; | ||
2288 | GNUNET_CONTAINER_DLL_remove (bc_head, | ||
2289 | bc_tail, | ||
2290 | bcc); | ||
2291 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2292 | "Connection to new address of peer `%s' based on blacklist is `%s'\n", | ||
2293 | GNUNET_i2s (peer), | ||
2294 | (GNUNET_OK == result) ? "allowed" : "FORBIDDEN"); | ||
2295 | |||
2296 | if (NULL == (n = lookup_neighbour (peer))) | ||
2297 | { | ||
2298 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2299 | "No neighbor entry for peer `%s', ignoring blacklist result\n", | ||
2300 | GNUNET_i2s (peer)); | ||
2301 | goto cleanup; /* nobody left to care about new address */ | ||
2302 | } | ||
2303 | |||
2304 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
2305 | "Blacklist check after CONNECT for peer `%s' in state %s/%s: %s\n", | ||
2306 | GNUNET_i2s (peer), | ||
2307 | GNUNET_TRANSPORT_ps2s (n->state), | ||
2308 | print_ack_state (n->ack_state), | ||
2309 | (GNUNET_OK == result) ? "OK" : "FAIL"); | ||
2310 | |||
2311 | switch (n->state) | ||
2312 | { | ||
2313 | case GNUNET_TRANSPORT_PS_NOT_CONNECTED: | ||
2314 | /* This should not be possible */ | ||
2315 | GNUNET_break (0); | ||
2316 | free_neighbour (n, GNUNET_NO); | ||
2317 | break; | ||
2318 | case GNUNET_TRANSPORT_PS_INIT_ATS: | ||
2319 | /* Waiting on ATS suggestion */ | ||
2320 | break; | ||
2321 | case GNUNET_TRANSPORT_PS_CONNECT_SENT: | ||
2322 | #if 0 | ||
2323 | /* TODO Why should I send an connect ACK message */ | ||
2324 | /* waiting on CONNECT_ACK, send ACK if one is pending */ | ||
2325 | |||
2326 | if ( (GNUNET_OK == result) && | ||
2327 | (ACK_SEND_CONNECT_ACK == n->ack_state) ) | ||
2328 | { | ||
2329 | n->ack_state = ACK_SEND_SESSION_ACK; | ||
2330 | send_connect_ack_message (n->primary_address.address, | ||
2331 | n->primary_address.session, | ||
2332 | n->connect_ack_timestamp); | ||
2333 | } | ||
2334 | #endif | ||
2335 | break; | ||
2336 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS: | ||
2337 | /* waiting on ATS suggestion, don't care about blacklist */ | ||
2338 | break; | ||
2339 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_ACK: | ||
2340 | /* waiting on SESSION_ACK, send ACK if one is pending */ | ||
2341 | if ( (GNUNET_OK == result) && | ||
2342 | (ACK_SEND_CONNECT_ACK == n->ack_state) ) | ||
2343 | { | ||
2344 | /* TODO: Why should this happen? */ | ||
2345 | /* *Debug message: */ GNUNET_break (0); | ||
2346 | |||
2347 | n->ack_state = ACK_SEND_SESSION_ACK; | ||
2348 | send_connect_ack_message (n->primary_address.address, | ||
2349 | n->primary_address.session, | ||
2350 | n->connect_ack_timestamp); | ||
2351 | } | ||
2352 | break; | ||
2353 | case GNUNET_TRANSPORT_PS_CONNECTED: | ||
2354 | /* already connected, don't care about blacklist */ | ||
2355 | break; | ||
2356 | case GNUNET_TRANSPORT_PS_RECONNECT_ATS: | ||
2357 | /* still waiting on ATS suggestion, don't care about blacklist */ | ||
2358 | break; | ||
2359 | case GNUNET_TRANSPORT_PS_RECONNECT_SENT: | ||
2360 | /* waiting on CONNECT_ACK, don't care about blacklist */ | ||
2361 | if ( (GNUNET_OK == result) && | ||
2362 | (ACK_SEND_CONNECT_ACK == n->ack_state) ) | ||
2363 | { | ||
2364 | n->ack_state = ACK_SEND_SESSION_ACK; | ||
2365 | send_connect_ack_message (n->primary_address.address, | ||
2366 | n->primary_address.session, | ||
2367 | n->connect_ack_timestamp); | ||
2368 | } | ||
2369 | break; | ||
2370 | case GNUNET_TRANSPORT_PS_CONNECTED_SWITCHING_CONNECT_SENT: | ||
2371 | /* waiting on CONNECT_ACK, don't care about blacklist */ | ||
2372 | if ( (GNUNET_OK == result) && | ||
2373 | (ACK_SEND_CONNECT_ACK == n->ack_state) ) | ||
2374 | { | ||
2375 | n->ack_state = ACK_SEND_SESSION_ACK; | ||
2376 | send_connect_ack_message (n->primary_address.address, | ||
2377 | n->primary_address.session, | ||
2378 | n->connect_ack_timestamp); | ||
2379 | } | ||
2380 | break; | ||
2381 | case GNUNET_TRANSPORT_PS_DISCONNECT: | ||
2382 | /* Nothing to do here, ATS will already do what can be done */ | ||
2383 | break; | ||
2384 | case GNUNET_TRANSPORT_PS_DISCONNECT_FINISHED: | ||
2385 | /* should not be possible */ | ||
2386 | GNUNET_assert (0); | ||
2387 | break; | ||
2388 | default: | ||
2389 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2390 | "Unhandled state `%s'\n", | ||
2391 | GNUNET_TRANSPORT_ps2s (n->state)); | ||
2392 | GNUNET_break (0); | ||
2393 | free_neighbour (n, GNUNET_NO); | ||
2394 | break; | ||
2395 | } | ||
2396 | cleanup: | ||
2397 | GNUNET_HELLO_address_free (bcc->na.address); | ||
2398 | GNUNET_free (bcc); | ||
2399 | } | ||
2400 | |||
2401 | |||
2402 | /** | ||
2403 | * We received a CONNECT message and want to know if connecting to a particular | ||
2404 | * peer via a particular address is allowed. Check it! | ||
2405 | * | ||
2406 | * @param peer identity of the peer to switch the address for | ||
2407 | * @param ts time at which the check was initiated | ||
2408 | * @param address address of the other peer, NULL if other peer | ||
2409 | * connected to us | ||
2410 | * @param session session to use (or NULL) | ||
2411 | */ | ||
2412 | static void | ||
2413 | connect_check_blacklist (const struct GNUNET_PeerIdentity *peer, | ||
2414 | struct GNUNET_TIME_Absolute ts, | ||
2415 | const struct GNUNET_HELLO_Address *address, | ||
2416 | struct Session *session) | ||
2417 | { | ||
2418 | struct BlackListCheckContext *bcc; | ||
2419 | struct GST_BlacklistCheck *bc; | ||
2420 | |||
2421 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2422 | "Checking peer `%s' against blacklist\n", | ||
2423 | GNUNET_i2s (peer)); | ||
2424 | bcc = GNUNET_new (struct BlackListCheckContext); | ||
2425 | bcc->na.address = GNUNET_HELLO_address_copy (address); | ||
2426 | bcc->na.session = session; | ||
2427 | bcc->na.connect_timestamp = ts; | ||
2428 | GNUNET_CONTAINER_DLL_insert (bc_head, | ||
2429 | bc_tail, | ||
2430 | bcc); | ||
2431 | if (NULL != (bc = GST_blacklist_test_allowed (peer, | ||
2432 | (NULL != address) ? address->transport_name : NULL, | ||
2433 | &handle_connect_blacklist_check_cont, bcc))) | ||
2434 | bcc->bc = bc; | ||
2435 | /* if NULL == bc, 'cont' was already called and 'bcc' already free'd, so | ||
2436 | we must only store 'bc' if 'bc' is non-NULL... */ | ||
2437 | } | ||
2438 | |||
2439 | |||
2440 | /** | ||
2441 | * We received a 'SESSION_CONNECT' message from the other peer. | 2273 | * We received a 'SESSION_CONNECT' message from the other peer. |
2442 | * Consider switching to it. | 2274 | * Consider switching to it. |
2443 | * | 2275 | * |
@@ -2512,12 +2344,13 @@ GST_neighbours_handle_connect (const struct GNUNET_MessageHeader *message, | |||
2512 | set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS, | 2344 | set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS, |
2513 | GNUNET_TIME_relative_to_absolute (ATS_RESPONSE_TIMEOUT)); | 2345 | GNUNET_TIME_relative_to_absolute (ATS_RESPONSE_TIMEOUT)); |
2514 | break; | 2346 | break; |
2515 | case GNUNET_TRANSPORT_PS_CONNECT_SENT: | ||
2516 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS: | 2347 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS: |
2348 | break; | ||
2349 | case GNUNET_TRANSPORT_PS_CONNECT_SENT: | ||
2517 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_ACK: | 2350 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_ACK: |
2518 | /* It can never hurt to have an alternative address in the above cases, | 2351 | /* Send ACK immediately */ |
2519 | see if it is allowed */ | 2352 | send_connect_ack_message (n->primary_address.address, |
2520 | connect_check_blacklist (peer, ts, address, session); | 2353 | n->primary_address.session, ts); |
2521 | break; | 2354 | break; |
2522 | case GNUNET_TRANSPORT_PS_CONNECTED: | 2355 | case GNUNET_TRANSPORT_PS_CONNECTED: |
2523 | /* we are already connected and can thus send the ACK immediately */ | 2356 | /* we are already connected and can thus send the ACK immediately */ |
@@ -2526,13 +2359,19 @@ GST_neighbours_handle_connect (const struct GNUNET_MessageHeader *message, | |||
2526 | n->ack_state = ACK_UNDEFINED; | 2359 | n->ack_state = ACK_UNDEFINED; |
2527 | send_connect_ack_message (n->primary_address.address, | 2360 | send_connect_ack_message (n->primary_address.address, |
2528 | n->primary_address.session, ts); | 2361 | n->primary_address.session, ts); |
2529 | connect_check_blacklist (peer, ts, address, session); | ||
2530 | break; | 2362 | break; |
2531 | case GNUNET_TRANSPORT_PS_RECONNECT_ATS: | 2363 | case GNUNET_TRANSPORT_PS_RECONNECT_ATS: |
2364 | /* We wait for ATS address suggestion */ | ||
2365 | break; | ||
2532 | case GNUNET_TRANSPORT_PS_RECONNECT_SENT: | 2366 | case GNUNET_TRANSPORT_PS_RECONNECT_SENT: |
2533 | /* It can never hurt to have an alternative address in the above cases, | 2367 | /* It can never hurt to have an alternative address in the above cases, |
2534 | see if it is allowed */ | 2368 | see if it is allowed */ |
2535 | connect_check_blacklist (peer, ts, address, session); | 2369 | if (ACK_SEND_CONNECT_ACK == n->ack_state) |
2370 | { | ||
2371 | n->ack_state = ACK_SEND_SESSION_ACK; | ||
2372 | send_connect_ack_message (n->primary_address.address, | ||
2373 | n->primary_address.session, n->connect_ack_timestamp); | ||
2374 | } | ||
2536 | break; | 2375 | break; |
2537 | case GNUNET_TRANSPORT_PS_CONNECTED_SWITCHING_CONNECT_SENT: | 2376 | case GNUNET_TRANSPORT_PS_CONNECTED_SWITCHING_CONNECT_SENT: |
2538 | /* we are already connected and can thus send the ACK immediately; | 2377 | /* we are already connected and can thus send the ACK immediately; |
@@ -2542,8 +2381,7 @@ GST_neighbours_handle_connect (const struct GNUNET_MessageHeader *message, | |||
2542 | GNUNET_assert (NULL != n->primary_address.session); | 2381 | GNUNET_assert (NULL != n->primary_address.session); |
2543 | n->ack_state = ACK_UNDEFINED; | 2382 | n->ack_state = ACK_UNDEFINED; |
2544 | send_connect_ack_message (n->primary_address.address, | 2383 | send_connect_ack_message (n->primary_address.address, |
2545 | n->primary_address.session, ts); | 2384 | n->primary_address.session, ts); |
2546 | connect_check_blacklist (peer, ts, address, session); | ||
2547 | break; | 2385 | break; |
2548 | case GNUNET_TRANSPORT_PS_DISCONNECT: | 2386 | case GNUNET_TRANSPORT_PS_DISCONNECT: |
2549 | /* get rid of remains without terminating sessions, ready to re-try */ | 2387 | /* get rid of remains without terminating sessions, ready to re-try */ |