diff options
author | Matthias Wachs <wachs@net.in.tum.de> | 2014-03-25 16:40:41 +0000 |
---|---|---|
committer | Matthias Wachs <wachs@net.in.tum.de> | 2014-03-25 16:40:41 +0000 |
commit | f76eed6fcd00a1f693d9279a9ac14a200eaf87d2 (patch) | |
tree | c6f79c623185b6496de7f2e66eab0fda0bc68421 /src/transport/gnunet-service-transport_neighbours.c | |
parent | bf638cabbe348680e7132eafb1091dfca2c0b8a5 (diff) | |
download | gnunet-f76eed6fcd00a1f693d9279a9ac14a200eaf87d2.tar.gz gnunet-f76eed6fcd00a1f693d9279a9ac14a200eaf87d2.zip |
Do blacklist checks on CONNECT before giving CONNECT to neighbours.
If peer is blacklisted we do not need to to anything, this simplifies the state machine:
If peer is blacklisted: CONNECT is not given to neighbours
If address is blacklisted: address is not given to ATS and will therefore not be suggested
So neighbour can use this information without additional blacklist checks
Diffstat (limited to 'src/transport/gnunet-service-transport_neighbours.c')
-rw-r--r-- | src/transport/gnunet-service-transport_neighbours.c | 131 |
1 files changed, 96 insertions, 35 deletions
diff --git a/src/transport/gnunet-service-transport_neighbours.c b/src/transport/gnunet-service-transport_neighbours.c index 5ce09223c..258967261 100644 --- a/src/transport/gnunet-service-transport_neighbours.c +++ b/src/transport/gnunet-service-transport_neighbours.c | |||
@@ -1673,7 +1673,6 @@ send_session_connect_cont (void *cls, | |||
1673 | set_state_and_timeout (n, GNUNET_TRANSPORT_PS_INIT_ATS, | 1673 | set_state_and_timeout (n, GNUNET_TRANSPORT_PS_INIT_ATS, |
1674 | GNUNET_TIME_relative_to_absolute (ATS_RESPONSE_TIMEOUT)); | 1674 | GNUNET_TIME_relative_to_absolute (ATS_RESPONSE_TIMEOUT)); |
1675 | return; | 1675 | return; |
1676 | |||
1677 | } | 1676 | } |
1678 | 1677 | ||
1679 | /** | 1678 | /** |
@@ -1750,6 +1749,55 @@ send_session_connect (struct NeighbourAddress *na) | |||
1750 | } | 1749 | } |
1751 | 1750 | ||
1752 | 1751 | ||
1752 | static void | ||
1753 | send_session_connect_ack_cont (void *cls, | ||
1754 | const struct GNUNET_PeerIdentity *target, | ||
1755 | int result, | ||
1756 | size_t size_payload, | ||
1757 | size_t size_on_wire) | ||
1758 | { | ||
1759 | struct NeighbourMapEntry *n; | ||
1760 | |||
1761 | n = lookup_neighbour (target); | ||
1762 | if (NULL == n) | ||
1763 | { | ||
1764 | /* CONNECT_ACK continuation was called after neighbor was freed, | ||
1765 | * for example due to a time out for the state or the session | ||
1766 | * used was already terminated: nothing to do here... */ | ||
1767 | return; | ||
1768 | } | ||
1769 | |||
1770 | if (GNUNET_TRANSPORT_PS_CONNECT_RECV_ACK != n->state) | ||
1771 | { | ||
1772 | /* CONNECT_ACK continuation was called after neighbor changed state, | ||
1773 | * for example due to a time out for the state or the session | ||
1774 | * used was already terminated: nothing to do here... */ | ||
1775 | return; | ||
1776 | } | ||
1777 | if (GNUNET_OK == result) | ||
1778 | return; | ||
1779 | |||
1780 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
1781 | _("Failed to send CONNECT_ACK message to peer `%s' using address `%s' session %p\n"), | ||
1782 | GNUNET_i2s (target), | ||
1783 | GST_plugins_a2s (n->primary_address.address), | ||
1784 | n->primary_address.session); | ||
1785 | |||
1786 | /* Failed to send CONNECT_ACK message with this address */ | ||
1787 | GNUNET_ATS_address_destroyed (GST_ats, n->primary_address.address, | ||
1788 | n->primary_address.session); | ||
1789 | GNUNET_ATS_address_destroyed (GST_ats, n->primary_address.address, | ||
1790 | NULL); | ||
1791 | |||
1792 | /* Remove address and request and additional one */ | ||
1793 | unset_primary_address (n); | ||
1794 | |||
1795 | set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS, | ||
1796 | GNUNET_TIME_relative_to_absolute (ATS_RESPONSE_TIMEOUT)); | ||
1797 | return; | ||
1798 | } | ||
1799 | |||
1800 | |||
1753 | /** | 1801 | /** |
1754 | * Send a CONNECT_ACK message via the given address. | 1802 | * Send a CONNECT_ACK message via the given address. |
1755 | * | 1803 | * |
@@ -1795,7 +1843,7 @@ send_connect_ack_message (const struct GNUNET_HELLO_Address *address, | |||
1795 | (const char *) &connect_msg, sizeof (struct SessionConnectMessage), | 1843 | (const char *) &connect_msg, sizeof (struct SessionConnectMessage), |
1796 | UINT_MAX, | 1844 | UINT_MAX, |
1797 | GNUNET_TIME_UNIT_FOREVER_REL, | 1845 | GNUNET_TIME_UNIT_FOREVER_REL, |
1798 | NULL, NULL)) | 1846 | send_session_connect_ack_cont, NULL)) |
1799 | { | 1847 | { |
1800 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 1848 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
1801 | _("Failed to transmit CONNECT_ACK message via plugin to %s\n"), | 1849 | _("Failed to transmit CONNECT_ACK message via plugin to %s\n"), |
@@ -1816,13 +1864,11 @@ send_connect_ack_message (const struct GNUNET_HELLO_Address *address, | |||
1816 | GNUNET_ATS_address_destroyed (GST_ats, address, NULL); | 1864 | GNUNET_ATS_address_destroyed (GST_ats, address, NULL); |
1817 | } | 1865 | } |
1818 | else | 1866 | else |
1819 | { | ||
1820 | GNUNET_ATS_address_destroyed (GST_ats, address, session); | 1867 | GNUNET_ATS_address_destroyed (GST_ats, address, session); |
1821 | } | ||
1822 | 1868 | ||
1823 | /* Remove address and request and additional one */ | 1869 | /* Remove address and request and additional one */ |
1824 | unset_primary_address (n); | 1870 | unset_primary_address (n); |
1825 | set_state_and_timeout (n, GNUNET_TRANSPORT_PS_INIT_ATS, | 1871 | set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS, |
1826 | GNUNET_TIME_relative_to_absolute (ATS_RESPONSE_TIMEOUT)); | 1872 | GNUNET_TIME_relative_to_absolute (ATS_RESPONSE_TIMEOUT)); |
1827 | return; | 1873 | return; |
1828 | } | 1874 | } |
@@ -2182,6 +2228,7 @@ GST_neighbours_try_connect (const struct GNUNET_PeerIdentity *target) | |||
2182 | case GNUNET_TRANSPORT_PS_DISCONNECT_FINISHED: | 2228 | case GNUNET_TRANSPORT_PS_DISCONNECT_FINISHED: |
2183 | /* should not be possible */ | 2229 | /* should not be possible */ |
2184 | GNUNET_assert (0); | 2230 | GNUNET_assert (0); |
2231 | return; | ||
2185 | default: | 2232 | default: |
2186 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 2233 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
2187 | "Unhandled state `%s'\n", | 2234 | "Unhandled state `%s'\n", |
@@ -2227,9 +2274,25 @@ handle_connect_blacklist_check_cont (void *cls, | |||
2227 | "Connection to new address of peer `%s' based on blacklist is `%s'\n", | 2274 | "Connection to new address of peer `%s' based on blacklist is `%s'\n", |
2228 | GNUNET_i2s (peer), | 2275 | GNUNET_i2s (peer), |
2229 | (GNUNET_OK == result) ? "allowed" : "FORBIDDEN"); | 2276 | (GNUNET_OK == result) ? "allowed" : "FORBIDDEN"); |
2277 | |||
2278 | if (NULL == (n = lookup_neighbour (peer))) | ||
2279 | { | ||
2280 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2281 | "No neighbor entry for peer `%s', ignoring blacklist result\n", | ||
2282 | GNUNET_i2s (peer)); | ||
2283 | goto cleanup; /* nobody left to care about new address */ | ||
2284 | } | ||
2285 | |||
2286 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
2287 | "Blacklist check after CONNECT for peer `%s' in state %s/%s: %s\n", | ||
2288 | GNUNET_i2s (peer), | ||
2289 | GNUNET_TRANSPORT_ps2s (n->state), | ||
2290 | print_ack_state (n->ack_state), | ||
2291 | (GNUNET_OK == result) ? "OK" : "FAIL"); | ||
2292 | |||
2230 | if (GNUNET_OK == result) | 2293 | if (GNUNET_OK == result) |
2231 | { | 2294 | { |
2232 | /* Blacklist agreed on connecting to a peer with this address */ | 2295 | /* Blacklist agreed on connecting to a peer with this address, notify ATS */ |
2233 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 2296 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
2234 | "Notifying ATS peer's `%s' %s address `%s' session %p\n", | 2297 | "Notifying ATS peer's `%s' %s address `%s' session %p\n", |
2235 | GNUNET_i2s (peer), | 2298 | GNUNET_i2s (peer), |
@@ -2239,28 +2302,15 @@ handle_connect_blacklist_check_cont (void *cls, | |||
2239 | GST_ats_add_address (bcc->na.address, bcc->na.session, NULL, 0); | 2302 | GST_ats_add_address (bcc->na.address, bcc->na.session, NULL, 0); |
2240 | } | 2303 | } |
2241 | 2304 | ||
2242 | if (NULL == (n = lookup_neighbour (peer))) | ||
2243 | { | ||
2244 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2245 | "No neighbor entry for peer `%s', ignoring blacklist result\n", | ||
2246 | GNUNET_i2s (peer)); | ||
2247 | goto cleanup; /* nobody left to care about new address */ | ||
2248 | } | ||
2249 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2250 | "Received connect blacklist check result for peer `%s' in state %s/%s\n", | ||
2251 | GNUNET_i2s (peer), | ||
2252 | GNUNET_TRANSPORT_ps2s (n->state), | ||
2253 | print_ack_state (n->ack_state)); | ||
2254 | switch (n->state) | 2305 | switch (n->state) |
2255 | { | 2306 | { |
2256 | case GNUNET_TRANSPORT_PS_NOT_CONNECTED: | 2307 | case GNUNET_TRANSPORT_PS_NOT_CONNECTED: |
2257 | /* this should not be possible */ | 2308 | /* This should not be possible */ |
2258 | GNUNET_break (0); | 2309 | GNUNET_break (0); |
2259 | free_neighbour (n, GNUNET_NO); | 2310 | free_neighbour (n, GNUNET_NO); |
2260 | break; | 2311 | break; |
2261 | case GNUNET_TRANSPORT_PS_INIT_ATS: | 2312 | case GNUNET_TRANSPORT_PS_INIT_ATS: |
2262 | /* waiting on ATS suggestion; still, pass address to ATS as a | 2313 | /* Waiting on ATS suggestion */ |
2263 | possibility */ | ||
2264 | break; | 2314 | break; |
2265 | case GNUNET_TRANSPORT_PS_CONNECT_SENT: | 2315 | case GNUNET_TRANSPORT_PS_CONNECT_SENT: |
2266 | #if 0 | 2316 | #if 0 |
@@ -2284,19 +2334,25 @@ handle_connect_blacklist_check_cont (void *cls, | |||
2284 | * with this peer, request an address from ATS*/ | 2334 | * with this peer, request an address from ATS*/ |
2285 | set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS, | 2335 | set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS, |
2286 | GNUNET_TIME_relative_to_absolute (ATS_RESPONSE_TIMEOUT)); | 2336 | GNUNET_TIME_relative_to_absolute (ATS_RESPONSE_TIMEOUT)); |
2287 | GNUNET_ATS_reset_backoff (GST_ats, peer); | 2337 | |
2288 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 2338 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
2289 | "Requesting address for peer %s to ATS\n", | 2339 | "Requesting address for peer %s to ATS\n", |
2290 | GNUNET_i2s (peer)); | 2340 | GNUNET_i2s (peer)); |
2291 | if (NULL == n->suggest_handle) | 2341 | if (NULL == n->suggest_handle) |
2292 | n->suggest_handle = GNUNET_ATS_suggest_address (GST_ats, peer, | 2342 | n->suggest_handle = GNUNET_ATS_suggest_address (GST_ats, peer, |
2293 | &address_suggest_cont, n); | 2343 | &address_suggest_cont, n); |
2294 | else | 2344 | GNUNET_ATS_reset_backoff (GST_ats, peer); |
2295 | GNUNET_ATS_reset_backoff (GST_ats, peer); | ||
2296 | } | 2345 | } |
2297 | else | 2346 | else |
2298 | { | 2347 | { |
2299 | /* FIXME: state handling required! */ | 2348 | /* We received a CONNECT message from a peer, but blacklist denies to |
2349 | * communicate with this peer and this address | ||
2350 | * - Previous state: NOT_CONNECTED: | ||
2351 | * We can free the neighbour, since the CONNECT created it | ||
2352 | * - Previous state INIT_ATS: | ||
2353 | * | ||
2354 | * */ | ||
2355 | free_neighbour (n, GNUNET_NO); | ||
2300 | } | 2356 | } |
2301 | break; | 2357 | break; |
2302 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS: | 2358 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS: |
@@ -2343,6 +2399,9 @@ handle_connect_blacklist_check_cont (void *cls, | |||
2343 | if ( (GNUNET_OK == result) && | 2399 | if ( (GNUNET_OK == result) && |
2344 | (ACK_SEND_CONNECT_ACK == n->ack_state) ) | 2400 | (ACK_SEND_CONNECT_ACK == n->ack_state) ) |
2345 | { | 2401 | { |
2402 | /* TODO: Why should this happen? */ | ||
2403 | /* *Debug message: */ GNUNET_break (0); | ||
2404 | |||
2346 | n->ack_state = ACK_SEND_SESSION_ACK; | 2405 | n->ack_state = ACK_SEND_SESSION_ACK; |
2347 | send_connect_ack_message (n->primary_address.address, | 2406 | send_connect_ack_message (n->primary_address.address, |
2348 | n->primary_address.session, | 2407 | n->primary_address.session, |
@@ -2536,10 +2595,11 @@ GST_neighbours_handle_connect (const struct GNUNET_MessageHeader *message, | |||
2536 | n->connect_ack_timestamp = ts; | 2595 | n->connect_ack_timestamp = ts; |
2537 | 2596 | ||
2538 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 2597 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
2539 | "Received SESSION_CONNECT for peer `%s' in state %s/%s\n", | 2598 | "Received CONNECT for peer `%s' in state %s/%s\n", |
2540 | GNUNET_i2s (peer), | 2599 | GNUNET_i2s (peer), |
2541 | GNUNET_TRANSPORT_ps2s (n->state), | 2600 | GNUNET_TRANSPORT_ps2s (n->state), |
2542 | print_ack_state (n->ack_state)); | 2601 | print_ack_state (n->ack_state)); |
2602 | |||
2543 | switch (n->state) | 2603 | switch (n->state) |
2544 | { | 2604 | { |
2545 | case GNUNET_TRANSPORT_PS_NOT_CONNECTED: | 2605 | case GNUNET_TRANSPORT_PS_NOT_CONNECTED: |
@@ -2552,7 +2612,8 @@ GST_neighbours_handle_connect (const struct GNUNET_MessageHeader *message, | |||
2552 | /* CONNECT message takes priority over us asking ATS for address */ | 2612 | /* CONNECT message takes priority over us asking ATS for address */ |
2553 | set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST_INBOUND, | 2613 | set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST_INBOUND, |
2554 | GNUNET_TIME_relative_to_absolute (BLACKLIST_RESPONSE_TIMEOUT)); | 2614 | GNUNET_TIME_relative_to_absolute (BLACKLIST_RESPONSE_TIMEOUT)); |
2555 | /* fallthrough */ | 2615 | connect_check_blacklist (peer, ts, address, session); |
2616 | break; | ||
2556 | case GNUNET_TRANSPORT_PS_CONNECT_SENT: | 2617 | case GNUNET_TRANSPORT_PS_CONNECT_SENT: |
2557 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST_INBOUND: | 2618 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST_INBOUND: |
2558 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS: | 2619 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS: |
@@ -2732,24 +2793,24 @@ switch_address_bl_check_cont (void *cls, | |||
2732 | GNUNET_TIME_relative_to_absolute (SETUP_CONNECTION_TIMEOUT)); | 2793 | GNUNET_TIME_relative_to_absolute (SETUP_CONNECTION_TIMEOUT)); |
2733 | send_session_connect (&n->primary_address); | 2794 | send_session_connect (&n->primary_address); |
2734 | break; | 2795 | break; |
2796 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST_INBOUND: | ||
2797 | /* We received an suggestion while waiting for a CONNECT blacklist check, | ||
2798 | * this suggestion was permitted by a blacklist check, so send ACK*/ | ||
2735 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS: | 2799 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS: |
2800 | /* We requested an address and ATS suggests one: | ||
2801 | * set primary address and send CONNECT_ACK message*/ | ||
2736 | set_primary_address (n, blc_ctx->address, blc_ctx->session, | 2802 | set_primary_address (n, blc_ctx->address, blc_ctx->session, |
2737 | blc_ctx->bandwidth_in, blc_ctx->bandwidth_out, GNUNET_NO); | 2803 | blc_ctx->bandwidth_in, blc_ctx->bandwidth_out, GNUNET_NO); |
2738 | /* Send an ACK message as a response to the CONNECT msg */ | 2804 | /* Send an ACK message as a response to the CONNECT msg */ |
2739 | set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_ACK, | 2805 | set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_ACK, |
2740 | GNUNET_TIME_relative_to_absolute (SETUP_CONNECTION_TIMEOUT)); | 2806 | GNUNET_TIME_relative_to_absolute (SETUP_CONNECTION_TIMEOUT)); |
2741 | send_connect_ack_message (n->primary_address.address, | 2807 | send_connect_ack_message (n->primary_address.address, |
2742 | n->primary_address.session, | 2808 | n->primary_address.session, |
2743 | n->connect_ack_timestamp); | 2809 | n->connect_ack_timestamp); |
2744 | if (ACK_SEND_CONNECT_ACK == n->ack_state) | 2810 | if (ACK_SEND_CONNECT_ACK == n->ack_state) |
2745 | n->ack_state = ACK_SEND_SESSION_ACK; | 2811 | n->ack_state = ACK_SEND_SESSION_ACK; |
2746 | 2812 | ||
2747 | break; | 2813 | break; |
2748 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST_INBOUND: | ||
2749 | set_timeout (n, GNUNET_TIME_relative_to_absolute (BLACKLIST_RESPONSE_TIMEOUT)); | ||
2750 | /* REMOVE */ connect_check_blacklist (&n->id, n->connect_ack_timestamp, | ||
2751 | blc_ctx->address, blc_ctx->session); | ||
2752 | break; | ||
2753 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST: | 2814 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST: |
2754 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_ACK: | 2815 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_ACK: |
2755 | /* ATS asks us to switch while we were trying to connect; switch to new | 2816 | /* ATS asks us to switch while we were trying to connect; switch to new |
@@ -3161,7 +3222,7 @@ master_task (void *cls, | |||
3161 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST_INBOUND: | 3222 | case GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST_INBOUND: |
3162 | if (0 == delay.rel_value_us) | 3223 | if (0 == delay.rel_value_us) |
3163 | { | 3224 | { |
3164 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 3225 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
3165 | "Connection to `%s' timed out waiting BLACKLIST to approve address to use for received CONNECT\n", | 3226 | "Connection to `%s' timed out waiting BLACKLIST to approve address to use for received CONNECT\n", |
3166 | GNUNET_i2s (&n->id)); | 3227 | GNUNET_i2s (&n->id)); |
3167 | free_neighbour (n, GNUNET_NO); | 3228 | free_neighbour (n, GNUNET_NO); |