diff options
| author | Matthias Wachs <wachs@net.in.tum.de> | 2014-03-27 10:20:43 +0000 |
|---|---|---|
| committer | Matthias Wachs <wachs@net.in.tum.de> | 2014-03-27 10:20:43 +0000 |
| commit | 88809f6c07d0ba65b175e03d7486aa85b513e162 (patch) | |
| tree | c44cfa8ea082eb36a13b694d9326de28fc10f022 /src/transport/gnunet-service-transport_neighbours.c | |
| parent | 7fe7d0149b760e5876dc1abdedc8affc8d7fbab3 (diff) | |
| download | gnunet-88809f6c07d0ba65b175e03d7486aa85b513e162.tar.gz gnunet-88809f6c07d0ba65b175e03d7486aa85b513e162.zip | |
remove blacklist check in neighbours on CONNECT
Diffstat (limited to 'src/transport/gnunet-service-transport_neighbours.c')
| -rw-r--r-- | src/transport/gnunet-service-transport_neighbours.c | 190 |
1 files changed, 14 insertions, 176 deletions
diff --git a/src/transport/gnunet-service-transport_neighbours.c b/src/transport/gnunet-service-transport_neighbours.c index 7775c6afa..7202ba899 100644 --- a/src/transport/gnunet-service-transport_neighbours.c +++ b/src/transport/gnunet-service-transport_neighbours.c | |||
| @@ -2270,174 +2270,6 @@ GST_neighbours_try_connect (const struct GNUNET_PeerIdentity *target) | |||
| 2270 | 2270 | ||
| 2271 | 2271 | ||
| 2272 | /** | 2272 | /** |
| 2273 | * Function called with the result of a blacklist check. | ||
| 2274 | * | ||
| 2275 | * @param cls closure with the `struct BlackListCheckContext` | ||
| 2276 | * @param peer peer this check affects | ||
| 2277 | * @param result #GNUNET_OK if the address is allowed | ||
| 2278 | */ | ||
| 2279 | static void | ||
| 2280 | handle_connect_blacklist_check_cont (void *cls, | ||
| 2281 | const struct GNUNET_PeerIdentity *peer, | ||
| 2282 | int result) | ||
| 2283 | { | ||
| 2284 | struct BlackListCheckContext *bcc = cls; | ||
| 2285 | struct NeighbourMapEntry *n; | ||
| 2286 | |||
| 2287 | bcc->bc = NULL; | ||
| 2288 | GNUNET_CONTAINER_DLL_remove (bc_head, | ||
| 2289 | bc_tail, | ||
| 2290 | bcc); | ||
| 2291 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
| 2292 | "Connection to new address of peer `%s' based on blacklist is `%s'\n", | ||
| 2293 | GNUNET_i2s (peer), | ||
| 2294 | (GNUNET_OK == result) ? "allowed" : "FORBIDDEN"); | ||
| 2295 | |||
| 2296 | if (NULL == (n = lookup_neighbour (peer))) | ||
| 2297 | { | ||
| 2298 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
| 2299 | "No neighbor entry for peer `%s', ignoring blacklist result\n", | ||
| 2300 | GNUNET_i2s (peer)); | ||
| 2301 | goto cleanup; /* nobody left to care about new address */ | ||
| 2302 | } | ||
| 2303 | |||
| 2304 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
| 2305 | "Blacklist check after CONNECT for peer `%s' in state %s/%s: %s\n", | ||
| 2306 | GNUNET_i2s (peer), | ||
| 2307 | GNUNET_TRANSPORT_ps2s (n->state), | ||
| 2308 | print_ack_state (n->ack_state), | ||
| 2309 | (GNUNET_OK == result) ? "OK" : "FAIL"); | ||
| 2310 | |||
| 2311 | switch (n->state) | ||
| 2312 | { | ||
| 2313 | case GNUNET_TRANSPORT_PS_NOT_CONNECTED: | ||
| 2314 | /* This should not be possible */ | ||
| 2315 | GNUNET_break (0); | ||
| 2316 | free_neighbour (n, GNUNET_NO); | ||
| 2317 | break; | ||
| 2318 | case GNUNET_TRANSPORT_PS_INIT_ATS: | ||
| 2319 | /* Waiting on ATS suggestion */ | ||
| 2320 | break; | ||
| 2321 | case GNUNET_TRANSPORT_PS_CONNECT_SENT: | ||
| 2322 | #if 0 | ||
| 2323 | /* TODO Why should I send an connect ACK message */ | ||
| 2324 | /* waiting on CONNECT_ACK, send ACK if one is pending */ | ||
| 2325 | |||
| 2326 | if ( (GNUNET_OK == result) && | ||
| 2327 | (ACK_SEND_CONNECT_ACK == n->ack_state) ) | ||
| 2328 | { | ||
| 2329 | n->ack_state = ACK_SEND_SESSION_ACK; | ||
| 2330 | send_connect_ack_message (n->primary_address.address, | ||
| 2331 | n->primary_address.session, | ||
| 2332 | n->connect_ack_timestamp); | ||
| 2333 | } | ||
| 2334 | #endif | ||
| 2335 | break; | ||
| 2336 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS: | ||
| 2337 | /* waiting on ATS suggestion, don't care about blacklist */ | ||
| 2338 | break; | ||
| 2339 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_ACK: | ||
| 2340 | /* waiting on SESSION_ACK, send ACK if one is pending */ | ||
| 2341 | if ( (GNUNET_OK == result) && | ||
| 2342 | (ACK_SEND_CONNECT_ACK == n->ack_state) ) | ||
| 2343 | { | ||
| 2344 | /* TODO: Why should this happen? */ | ||
| 2345 | /* *Debug message: */ GNUNET_break (0); | ||
| 2346 | |||
| 2347 | n->ack_state = ACK_SEND_SESSION_ACK; | ||
| 2348 | send_connect_ack_message (n->primary_address.address, | ||
| 2349 | n->primary_address.session, | ||
| 2350 | n->connect_ack_timestamp); | ||
| 2351 | } | ||
| 2352 | break; | ||
| 2353 | case GNUNET_TRANSPORT_PS_CONNECTED: | ||
| 2354 | /* already connected, don't care about blacklist */ | ||
| 2355 | break; | ||
| 2356 | case GNUNET_TRANSPORT_PS_RECONNECT_ATS: | ||
| 2357 | /* still waiting on ATS suggestion, don't care about blacklist */ | ||
| 2358 | break; | ||
| 2359 | case GNUNET_TRANSPORT_PS_RECONNECT_SENT: | ||
| 2360 | /* waiting on CONNECT_ACK, don't care about blacklist */ | ||
| 2361 | if ( (GNUNET_OK == result) && | ||
| 2362 | (ACK_SEND_CONNECT_ACK == n->ack_state) ) | ||
| 2363 | { | ||
| 2364 | n->ack_state = ACK_SEND_SESSION_ACK; | ||
| 2365 | send_connect_ack_message (n->primary_address.address, | ||
| 2366 | n->primary_address.session, | ||
| 2367 | n->connect_ack_timestamp); | ||
| 2368 | } | ||
| 2369 | break; | ||
| 2370 | case GNUNET_TRANSPORT_PS_CONNECTED_SWITCHING_CONNECT_SENT: | ||
| 2371 | /* waiting on CONNECT_ACK, don't care about blacklist */ | ||
| 2372 | if ( (GNUNET_OK == result) && | ||
| 2373 | (ACK_SEND_CONNECT_ACK == n->ack_state) ) | ||
| 2374 | { | ||
| 2375 | n->ack_state = ACK_SEND_SESSION_ACK; | ||
| 2376 | send_connect_ack_message (n->primary_address.address, | ||
| 2377 | n->primary_address.session, | ||
| 2378 | n->connect_ack_timestamp); | ||
| 2379 | } | ||
| 2380 | break; | ||
| 2381 | case GNUNET_TRANSPORT_PS_DISCONNECT: | ||
| 2382 | /* Nothing to do here, ATS will already do what can be done */ | ||
| 2383 | break; | ||
| 2384 | case GNUNET_TRANSPORT_PS_DISCONNECT_FINISHED: | ||
| 2385 | /* should not be possible */ | ||
| 2386 | GNUNET_assert (0); | ||
| 2387 | break; | ||
| 2388 | default: | ||
| 2389 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
| 2390 | "Unhandled state `%s'\n", | ||
| 2391 | GNUNET_TRANSPORT_ps2s (n->state)); | ||
| 2392 | GNUNET_break (0); | ||
| 2393 | free_neighbour (n, GNUNET_NO); | ||
| 2394 | break; | ||
| 2395 | } | ||
| 2396 | cleanup: | ||
| 2397 | GNUNET_HELLO_address_free (bcc->na.address); | ||
| 2398 | GNUNET_free (bcc); | ||
| 2399 | } | ||
| 2400 | |||
| 2401 | |||
| 2402 | /** | ||
| 2403 | * We received a CONNECT message and want to know if connecting to a particular | ||
| 2404 | * peer via a particular address is allowed. Check it! | ||
| 2405 | * | ||
| 2406 | * @param peer identity of the peer to switch the address for | ||
| 2407 | * @param ts time at which the check was initiated | ||
| 2408 | * @param address address of the other peer, NULL if other peer | ||
| 2409 | * connected to us | ||
| 2410 | * @param session session to use (or NULL) | ||
| 2411 | */ | ||
| 2412 | static void | ||
| 2413 | connect_check_blacklist (const struct GNUNET_PeerIdentity *peer, | ||
| 2414 | struct GNUNET_TIME_Absolute ts, | ||
| 2415 | const struct GNUNET_HELLO_Address *address, | ||
| 2416 | struct Session *session) | ||
| 2417 | { | ||
| 2418 | struct BlackListCheckContext *bcc; | ||
| 2419 | struct GST_BlacklistCheck *bc; | ||
| 2420 | |||
| 2421 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
| 2422 | "Checking peer `%s' against blacklist\n", | ||
| 2423 | GNUNET_i2s (peer)); | ||
| 2424 | bcc = GNUNET_new (struct BlackListCheckContext); | ||
| 2425 | bcc->na.address = GNUNET_HELLO_address_copy (address); | ||
| 2426 | bcc->na.session = session; | ||
| 2427 | bcc->na.connect_timestamp = ts; | ||
| 2428 | GNUNET_CONTAINER_DLL_insert (bc_head, | ||
| 2429 | bc_tail, | ||
| 2430 | bcc); | ||
| 2431 | if (NULL != (bc = GST_blacklist_test_allowed (peer, | ||
| 2432 | (NULL != address) ? address->transport_name : NULL, | ||
| 2433 | &handle_connect_blacklist_check_cont, bcc))) | ||
| 2434 | bcc->bc = bc; | ||
| 2435 | /* if NULL == bc, 'cont' was already called and 'bcc' already free'd, so | ||
| 2436 | we must only store 'bc' if 'bc' is non-NULL... */ | ||
| 2437 | } | ||
| 2438 | |||
| 2439 | |||
| 2440 | /** | ||
| 2441 | * We received a 'SESSION_CONNECT' message from the other peer. | 2273 | * We received a 'SESSION_CONNECT' message from the other peer. |
| 2442 | * Consider switching to it. | 2274 | * Consider switching to it. |
| 2443 | * | 2275 | * |
| @@ -2512,12 +2344,13 @@ GST_neighbours_handle_connect (const struct GNUNET_MessageHeader *message, | |||
| 2512 | set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS, | 2344 | set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS, |
| 2513 | GNUNET_TIME_relative_to_absolute (ATS_RESPONSE_TIMEOUT)); | 2345 | GNUNET_TIME_relative_to_absolute (ATS_RESPONSE_TIMEOUT)); |
| 2514 | break; | 2346 | break; |
| 2515 | case GNUNET_TRANSPORT_PS_CONNECT_SENT: | ||
| 2516 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS: | 2347 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS: |
| 2348 | break; | ||
| 2349 | case GNUNET_TRANSPORT_PS_CONNECT_SENT: | ||
| 2517 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_ACK: | 2350 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_ACK: |
| 2518 | /* It can never hurt to have an alternative address in the above cases, | 2351 | /* Send ACK immediately */ |
| 2519 | see if it is allowed */ | 2352 | send_connect_ack_message (n->primary_address.address, |
| 2520 | connect_check_blacklist (peer, ts, address, session); | 2353 | n->primary_address.session, ts); |
| 2521 | break; | 2354 | break; |
| 2522 | case GNUNET_TRANSPORT_PS_CONNECTED: | 2355 | case GNUNET_TRANSPORT_PS_CONNECTED: |
| 2523 | /* we are already connected and can thus send the ACK immediately */ | 2356 | /* we are already connected and can thus send the ACK immediately */ |
| @@ -2526,13 +2359,19 @@ GST_neighbours_handle_connect (const struct GNUNET_MessageHeader *message, | |||
| 2526 | n->ack_state = ACK_UNDEFINED; | 2359 | n->ack_state = ACK_UNDEFINED; |
| 2527 | send_connect_ack_message (n->primary_address.address, | 2360 | send_connect_ack_message (n->primary_address.address, |
| 2528 | n->primary_address.session, ts); | 2361 | n->primary_address.session, ts); |
| 2529 | connect_check_blacklist (peer, ts, address, session); | ||
| 2530 | break; | 2362 | break; |
| 2531 | case GNUNET_TRANSPORT_PS_RECONNECT_ATS: | 2363 | case GNUNET_TRANSPORT_PS_RECONNECT_ATS: |
| 2364 | /* We wait for ATS address suggestion */ | ||
| 2365 | break; | ||
| 2532 | case GNUNET_TRANSPORT_PS_RECONNECT_SENT: | 2366 | case GNUNET_TRANSPORT_PS_RECONNECT_SENT: |
| 2533 | /* It can never hurt to have an alternative address in the above cases, | 2367 | /* It can never hurt to have an alternative address in the above cases, |
| 2534 | see if it is allowed */ | 2368 | see if it is allowed */ |
| 2535 | connect_check_blacklist (peer, ts, address, session); | 2369 | if (ACK_SEND_CONNECT_ACK == n->ack_state) |
| 2370 | { | ||
| 2371 | n->ack_state = ACK_SEND_SESSION_ACK; | ||
| 2372 | send_connect_ack_message (n->primary_address.address, | ||
| 2373 | n->primary_address.session, n->connect_ack_timestamp); | ||
| 2374 | } | ||
| 2536 | break; | 2375 | break; |
| 2537 | case GNUNET_TRANSPORT_PS_CONNECTED_SWITCHING_CONNECT_SENT: | 2376 | case GNUNET_TRANSPORT_PS_CONNECTED_SWITCHING_CONNECT_SENT: |
| 2538 | /* we are already connected and can thus send the ACK immediately; | 2377 | /* we are already connected and can thus send the ACK immediately; |
| @@ -2542,8 +2381,7 @@ GST_neighbours_handle_connect (const struct GNUNET_MessageHeader *message, | |||
| 2542 | GNUNET_assert (NULL != n->primary_address.session); | 2381 | GNUNET_assert (NULL != n->primary_address.session); |
| 2543 | n->ack_state = ACK_UNDEFINED; | 2382 | n->ack_state = ACK_UNDEFINED; |
| 2544 | send_connect_ack_message (n->primary_address.address, | 2383 | send_connect_ack_message (n->primary_address.address, |
| 2545 | n->primary_address.session, ts); | 2384 | n->primary_address.session, ts); |
| 2546 | connect_check_blacklist (peer, ts, address, session); | ||
| 2547 | break; | 2385 | break; |
| 2548 | case GNUNET_TRANSPORT_PS_DISCONNECT: | 2386 | case GNUNET_TRANSPORT_PS_DISCONNECT: |
| 2549 | /* get rid of remains without terminating sessions, ready to re-try */ | 2387 | /* get rid of remains without terminating sessions, ready to re-try */ |