Do blacklist checks on CONNECT before giving CONNECT to neighbours.

If peer is blacklisted we do not need to to anything, this simplifies the state machine: If peer is blacklisted: CONNECT is not given to neighbours If address is blacklisted: address is not given to ATS and will therefore not be suggested So neighbour can use this information without additional blacklist checks
author: Matthias Wachs <wachs@net.in.tum.de> 2014-03-25 16:40:41 +0000
committer: Matthias Wachs <wachs@net.in.tum.de> 2014-03-25 16:40:41 +0000
commit: f76eed6fcd00a1f693d9279a9ac14a200eaf87d2 (patch)
tree: c6f79c623185b6496de7f2e66eab0fda0bc68421 /src/transport/gnunet-service-transport_neighbours.c
parent: bf638cabbe348680e7132eafb1091dfca2c0b8a5 (diff)
download: gnunet-f76eed6fcd00a1f693d9279a9ac14a200eaf87d2.tar.gz
gnunet-f76eed6fcd00a1f693d9279a9ac14a200eaf87d2.zip
1 files changed, 96 insertions, 35 deletions
diff --git a/src/transport/gnunet-service-transport_neighbours.c b/src/transport/gnunet-service-transport_neighbours.c
index 5ce09223c..258967261 100644
--- a/src/transport/gnunet-service-transport_neighbours.c
+++ b/src/transport/gnunet-service-transport_neighbours.c
@@ -1673,7 +1673,6 @@ send_session_connect_cont (void *cls,
  set_state_and_timeout (n, GNUNET_TRANSPORT_PS_INIT_ATS,
      GNUNET_TIME_relative_to_absolute (ATS_RESPONSE_TIMEOUT));
  return;
 }
 /**
@@ -1750,6 +1749,55 @@ send_session_connect (struct NeighbourAddress *na)
 }
+static void
+send_session_connect_ack_cont (void *cls,
+                      const struct GNUNET_PeerIdentity *target,
+                      int result,
+                      size_t size_payload,
+                      size_t size_on_wire)
+{
+  struct NeighbourMapEntry *n;
+  n = lookup_neighbour (target);
+  if (NULL == n)
+  {
+    /* CONNECT_ACK continuation was called after neighbor was freed,
+     * for example due to a time out for the state or the session
+     * used was already terminated: nothing to do here... */
+    return;
+  }
+  if (GNUNET_TRANSPORT_PS_CONNECT_RECV_ACK != n->state)
+  {
+    /* CONNECT_ACK continuation was called after neighbor changed state,
+     * for example due to a time out for the state or the session
+     * used was already terminated: nothing to do here... */
+    return;
+  }
+  if (GNUNET_OK == result)
+    return;
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+            _("Failed to send CONNECT_ACK message to peer `%s' using address `%s' session %p\n"),
+            GNUNET_i2s (target),
+            GST_plugins_a2s (n->primary_address.address),
+            n->primary_address.session);
+  /* Failed to send CONNECT_ACK message with this address */
+  GNUNET_ATS_address_destroyed (GST_ats, n->primary_address.address,
+      n->primary_address.session);
+  GNUNET_ATS_address_destroyed (GST_ats, n->primary_address.address,
+      NULL);
+  /* Remove address and request and additional one */
+  unset_primary_address (n);
+  set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS,
+      GNUNET_TIME_relative_to_absolute (ATS_RESPONSE_TIMEOUT));
+  return;
+}
 /**
 * Send a CONNECT_ACK message via the given address.
 *
@@ -1795,7 +1843,7 @@ send_connect_ack_message (const struct GNUNET_HELLO_Address *address,
                     (const char *) &connect_msg, sizeof (struct SessionConnectMessage),
                     UINT_MAX,
                     GNUNET_TIME_UNIT_FOREVER_REL,
-                     NULL, NULL))
+                     send_session_connect_ack_cont, NULL))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                _("Failed to transmit CONNECT_ACK message via plugin to %s\n"),
@@ -1816,13 +1864,11 @@ send_connect_ack_message (const struct GNUNET_HELLO_Address *address,
      GNUNET_ATS_address_destroyed (GST_ats, address, NULL);
    }
    else
-    {
      GNUNET_ATS_address_destroyed (GST_ats, address, session);
-    }
    /* Remove address and request and additional one */
    unset_primary_address (n);
-    set_state_and_timeout (n, GNUNET_TRANSPORT_PS_INIT_ATS,
+    set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS,
        GNUNET_TIME_relative_to_absolute (ATS_RESPONSE_TIMEOUT));
    return;
  }
@@ -2182,6 +2228,7 @@ GST_neighbours_try_connect (const struct GNUNET_PeerIdentity *target)
    case GNUNET_TRANSPORT_PS_DISCONNECT_FINISHED:
      /* should not be possible */
      GNUNET_assert (0);
+      return;
    default:
      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                  "Unhandled state `%s'\n",
@@ -2227,9 +2274,25 @@ handle_connect_blacklist_check_cont (void *cls,
              "Connection to new address of peer `%s' based on blacklist is `%s'\n",
              GNUNET_i2s (peer),
              (GNUNET_OK == result) ? "allowed" : "FORBIDDEN");
+  if (NULL == (n = lookup_neighbour (peer)))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "No neighbor entry for peer `%s', ignoring blacklist result\n",
+                GNUNET_i2s (peer));
+    goto cleanup; /* nobody left to care about new address */
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+              "Blacklist check after CONNECT for peer `%s' in state %s/%s: %s\n",
+              GNUNET_i2s (peer),
+              GNUNET_TRANSPORT_ps2s (n->state),
+              print_ack_state (n->ack_state),
+              (GNUNET_OK == result) ? "OK" : "FAIL");
  if (GNUNET_OK == result)
  {
-    /* Blacklist agreed on connecting to a peer with this address */
+    /* Blacklist agreed on connecting to a peer with this address, notify ATS */
    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
        "Notifying ATS peer's `%s' %s address `%s' session %p\n",
        GNUNET_i2s (peer),
@@ -2239,28 +2302,15 @@ handle_connect_blacklist_check_cont (void *cls,
    GST_ats_add_address (bcc->na.address, bcc->na.session, NULL, 0);
  }
-  if (NULL == (n = lookup_neighbour (peer)))
-  {
-    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "No neighbor entry for peer `%s', ignoring blacklist result\n",
-                GNUNET_i2s (peer));
-    goto cleanup; /* nobody left to care about new address */
-  }
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Received connect blacklist check result for peer `%s' in state %s/%s\n",
-              GNUNET_i2s (peer),
-              GNUNET_TRANSPORT_ps2s (n->state),
-              print_ack_state (n->ack_state));
  switch (n->state)
  {
  case GNUNET_TRANSPORT_PS_NOT_CONNECTED:
-    /* this should not be possible */
+    /* This should not be possible */
    GNUNET_break (0);
    free_neighbour (n, GNUNET_NO);
    break;
  case GNUNET_TRANSPORT_PS_INIT_ATS:
-    /* waiting on ATS suggestion; still, pass address to ATS as a
+    /* Waiting on ATS suggestion */
-       possibility */
    break;
  case GNUNET_TRANSPORT_PS_CONNECT_SENT:
 #if 0
@@ -2284,19 +2334,25 @@ handle_connect_blacklist_check_cont (void *cls,
       * with this peer, request an address from ATS*/
      set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS,
          GNUNET_TIME_relative_to_absolute (ATS_RESPONSE_TIMEOUT));
-      GNUNET_ATS_reset_backoff (GST_ats, peer);
      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                  "Requesting address for peer %s to ATS\n",
                  GNUNET_i2s (peer));
      if (NULL == n->suggest_handle)
        n->suggest_handle = GNUNET_ATS_suggest_address (GST_ats, peer,
            &address_suggest_cont, n);
-      else
+      GNUNET_ATS_reset_backoff (GST_ats, peer);
-        GNUNET_ATS_reset_backoff (GST_ats, peer);
    }
    else
    {
-      /* FIXME: state handling required! */
+      /* We received a CONNECT message from a peer, but blacklist denies to
+       * communicate with this peer and this address
+       * - Previous state: NOT_CONNECTED:
+       * We can free the neighbour, since the CONNECT created it
+       * - Previous state INIT_ATS:
+       *
+       * */
+      free_neighbour (n, GNUNET_NO);
    }
    break;
  case GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS:
@@ -2343,6 +2399,9 @@ handle_connect_blacklist_check_cont (void *cls,
    if ( (GNUNET_OK == result) &&
         (ACK_SEND_CONNECT_ACK == n->ack_state) )
    {
+      /* TODO: Why should this happen? */
+      /* *Debug message: */ GNUNET_break (0);
      n->ack_state = ACK_SEND_SESSION_ACK;
      send_connect_ack_message (n->primary_address.address,
                                        n->primary_address.session,
@@ -2536,10 +2595,11 @@ GST_neighbours_handle_connect (const struct GNUNET_MessageHeader *message,
  n->connect_ack_timestamp = ts;
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Received SESSION_CONNECT for peer `%s' in state %s/%s\n",
+              "Received CONNECT for peer `%s' in state %s/%s\n",
              GNUNET_i2s (peer),
              GNUNET_TRANSPORT_ps2s (n->state),
              print_ack_state (n->ack_state));
  switch (n->state)
  {
  case GNUNET_TRANSPORT_PS_NOT_CONNECTED:
@@ -2552,7 +2612,8 @@ GST_neighbours_handle_connect (const struct GNUNET_MessageHeader *message,
    /* CONNECT message takes priority over us asking ATS for address */
    set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST_INBOUND,
        GNUNET_TIME_relative_to_absolute (BLACKLIST_RESPONSE_TIMEOUT));
-    /* fallthrough */
+    connect_check_blacklist (peer, ts, address, session);
+    break;
  case GNUNET_TRANSPORT_PS_CONNECT_SENT:
  case GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST_INBOUND:
  case GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS:
@@ -2732,24 +2793,24 @@ switch_address_bl_check_cont (void *cls,
        GNUNET_TIME_relative_to_absolute (SETUP_CONNECTION_TIMEOUT));
    send_session_connect (&n->primary_address);
    break;
+  case GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST_INBOUND:
+    /* We received an suggestion while waiting for a CONNECT blacklist check,
+     * this suggestion was permitted by a blacklist check, so send ACK*/
  case GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS:
+    /* We requested an address and ATS suggests one:
+     * set primary address and send CONNECT_ACK message*/
    set_primary_address (n, blc_ctx->address, blc_ctx->session,
        blc_ctx->bandwidth_in, blc_ctx->bandwidth_out, GNUNET_NO);
    /* Send an ACK message as a response to the CONNECT msg */
    set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_ACK,
        GNUNET_TIME_relative_to_absolute (SETUP_CONNECTION_TIMEOUT));
    send_connect_ack_message (n->primary_address.address,
-                                      n->primary_address.session,
+                              n->primary_address.session,
-                                      n->connect_ack_timestamp);
+                              n->connect_ack_timestamp);
    if (ACK_SEND_CONNECT_ACK == n->ack_state)
      n->ack_state = ACK_SEND_SESSION_ACK;
    break;
-  case GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST_INBOUND:
-    set_timeout (n, GNUNET_TIME_relative_to_absolute (BLACKLIST_RESPONSE_TIMEOUT));
-    /* REMOVE */ connect_check_blacklist (&n->id, n->connect_ack_timestamp,
-        blc_ctx->address, blc_ctx->session);
-    break;
  case GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST:
  case GNUNET_TRANSPORT_PS_CONNECT_RECV_ACK:
    /* ATS asks us to switch while we were trying to connect; switch to new
@@ -3161,7 +3222,7 @@ master_task (void *cls,
  case GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST_INBOUND:
    if (0 == delay.rel_value_us)
    {
-      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+      GNUNET_log (GNUNET_ERROR_TYPE_INFO,
                  "Connection to `%s' timed out waiting BLACKLIST to approve address to use for received CONNECT\n",
                  GNUNET_i2s (&n->id));
      free_neighbour (n, GNUNET_NO);
author	Matthias Wachs <wachs@net.in.tum.de>	2014-03-25 16:40:41 +0000
committer	Matthias Wachs <wachs@net.in.tum.de>	2014-03-25 16:40:41 +0000
commit	f76eed6fcd00a1f693d9279a9ac14a200eaf87d2 (patch)
tree	c6f79c623185b6496de7f2e66eab0fda0bc68421 /src/transport/gnunet-service-transport_neighbours.c
parent	bf638cabbe348680e7132eafb1091dfca2c0b8a5 (diff)
download	gnunet-f76eed6fcd00a1f693d9279a9ac14a200eaf87d2.tar.gz gnunet-f76eed6fcd00a1f693d9279a9ac14a200eaf87d2.zip

diff --git a/src/transport/gnunet-service-transport_neighbours.c b/src/transport/gnunet-service-transport_neighbours.c index 5ce09223c..258967261 100644 --- a/src/transport/gnunet-service-transport_neighbours.c +++ b/src/transport/gnunet-service-transport_neighbours.c
@@ -1673,7 +1673,6 @@ send_session_connect_cont (void *cls,
1673	set_state_and_timeout (n, GNUNET_TRANSPORT_PS_INIT_ATS,	1673	set_state_and_timeout (n, GNUNET_TRANSPORT_PS_INIT_ATS,
1674	GNUNET_TIME_relative_to_absolute (ATS_RESPONSE_TIMEOUT));	1674	GNUNET_TIME_relative_to_absolute (ATS_RESPONSE_TIMEOUT));
1675	return;	1675	return;
1676
1677	}	1676	}
1678		1677
1679	/**	1678	/**
@@ -1750,6 +1749,55 @@ send_session_connect (struct NeighbourAddress *na)
1750	}	1749	}
1751		1750
1752		1751
		1752	static void
		1753	send_session_connect_ack_cont (void *cls,
		1754	const struct GNUNET_PeerIdentity *target,
		1755	int result,
		1756	size_t size_payload,
		1757	size_t size_on_wire)
		1758	{
		1759	struct NeighbourMapEntry *n;
		1760
		1761	n = lookup_neighbour (target);
		1762	if (NULL == n)
		1763	{
		1764	/* CONNECT_ACK continuation was called after neighbor was freed,
		1765	* for example due to a time out for the state or the session
		1766	* used was already terminated: nothing to do here... */
		1767	return;
		1768	}
		1769
		1770	if (GNUNET_TRANSPORT_PS_CONNECT_RECV_ACK != n->state)
		1771	{
		1772	/* CONNECT_ACK continuation was called after neighbor changed state,
		1773	* for example due to a time out for the state or the session
		1774	* used was already terminated: nothing to do here... */
		1775	return;
		1776	}
		1777	if (GNUNET_OK == result)
		1778	return;
		1779
		1780	GNUNET_log (GNUNET_ERROR_TYPE_INFO,
		1781	_("Failed to send CONNECT_ACK message to peer `%s' using address `%s' session %p\n"),
		1782	GNUNET_i2s (target),
		1783	GST_plugins_a2s (n->primary_address.address),
		1784	n->primary_address.session);
		1785
		1786	/* Failed to send CONNECT_ACK message with this address */
		1787	GNUNET_ATS_address_destroyed (GST_ats, n->primary_address.address,
		1788	n->primary_address.session);
		1789	GNUNET_ATS_address_destroyed (GST_ats, n->primary_address.address,
		1790	NULL);
		1791
		1792	/* Remove address and request and additional one */
		1793	unset_primary_address (n);
		1794
		1795	set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS,
		1796	GNUNET_TIME_relative_to_absolute (ATS_RESPONSE_TIMEOUT));
		1797	return;
		1798	}
		1799
		1800
1753	/**	1801	/**
1754	* Send a CONNECT_ACK message via the given address.	1802	* Send a CONNECT_ACK message via the given address.
1755	*	1803	*
@@ -1795,7 +1843,7 @@ send_connect_ack_message (const struct GNUNET_HELLO_Address *address,
1795	(const char *) &connect_msg, sizeof (struct SessionConnectMessage),	1843	(const char *) &connect_msg, sizeof (struct SessionConnectMessage),
1796	UINT_MAX,	1844	UINT_MAX,
1797	GNUNET_TIME_UNIT_FOREVER_REL,	1845	GNUNET_TIME_UNIT_FOREVER_REL,
1798	NULL, NULL))	1846	send_session_connect_ack_cont, NULL))
1799	{	1847	{
1800	GNUNET_log (GNUNET_ERROR_TYPE_WARNING,	1848	GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1801	_("Failed to transmit CONNECT_ACK message via plugin to %s\n"),	1849	_("Failed to transmit CONNECT_ACK message via plugin to %s\n"),
@@ -1816,13 +1864,11 @@ send_connect_ack_message (const struct GNUNET_HELLO_Address *address,
1816	GNUNET_ATS_address_destroyed (GST_ats, address, NULL);	1864	GNUNET_ATS_address_destroyed (GST_ats, address, NULL);
1817	}	1865	}
1818	else	1866	else
1819	{
1820	GNUNET_ATS_address_destroyed (GST_ats, address, session);	1867	GNUNET_ATS_address_destroyed (GST_ats, address, session);
1821	}
1822		1868
1823	/* Remove address and request and additional one */	1869	/* Remove address and request and additional one */
1824	unset_primary_address (n);	1870	unset_primary_address (n);
1825	set_state_and_timeout (n, GNUNET_TRANSPORT_PS_INIT_ATS,	1871	set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS,
1826	GNUNET_TIME_relative_to_absolute (ATS_RESPONSE_TIMEOUT));	1872	GNUNET_TIME_relative_to_absolute (ATS_RESPONSE_TIMEOUT));
1827	return;	1873	return;
1828	}	1874	}
@@ -2182,6 +2228,7 @@ GST_neighbours_try_connect (const struct GNUNET_PeerIdentity *target)
2182	case GNUNET_TRANSPORT_PS_DISCONNECT_FINISHED:	2228	case GNUNET_TRANSPORT_PS_DISCONNECT_FINISHED:
2183	/* should not be possible */	2229	/* should not be possible */
2184	GNUNET_assert (0);	2230	GNUNET_assert (0);
		2231	return;
2185	default:	2232	default:
2186	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,	2233	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2187	"Unhandled state `%s'\n",	2234	"Unhandled state `%s'\n",
@@ -2227,9 +2274,25 @@ handle_connect_blacklist_check_cont (void *cls,
2227	"Connection to new address of peer `%s' based on blacklist is `%s'\n",	2274	"Connection to new address of peer `%s' based on blacklist is `%s'\n",
2228	GNUNET_i2s (peer),	2275	GNUNET_i2s (peer),
2229	(GNUNET_OK == result) ? "allowed" : "FORBIDDEN");	2276	(GNUNET_OK == result) ? "allowed" : "FORBIDDEN");
		2277
		2278	if (NULL == (n = lookup_neighbour (peer)))
		2279	{
		2280	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
		2281	"No neighbor entry for peer `%s', ignoring blacklist result\n",
		2282	GNUNET_i2s (peer));
		2283	goto cleanup; /* nobody left to care about new address */
		2284	}
		2285
		2286	GNUNET_log (GNUNET_ERROR_TYPE_INFO,
		2287	"Blacklist check after CONNECT for peer `%s' in state %s/%s: %s\n",
		2288	GNUNET_i2s (peer),
		2289	GNUNET_TRANSPORT_ps2s (n->state),
		2290	print_ack_state (n->ack_state),
		2291	(GNUNET_OK == result) ? "OK" : "FAIL");
		2292
2230	if (GNUNET_OK == result)	2293	if (GNUNET_OK == result)
2231	{	2294	{
2232	/* Blacklist agreed on connecting to a peer with this address */	2295	/* Blacklist agreed on connecting to a peer with this address, notify ATS */
2233	GNUNET_log (GNUNET_ERROR_TYPE_INFO,	2296	GNUNET_log (GNUNET_ERROR_TYPE_INFO,
2234	"Notifying ATS peer's `%s' %s address `%s' session %p\n",	2297	"Notifying ATS peer's `%s' %s address `%s' session %p\n",
2235	GNUNET_i2s (peer),	2298	GNUNET_i2s (peer),
@@ -2239,28 +2302,15 @@ handle_connect_blacklist_check_cont (void *cls,
2239	GST_ats_add_address (bcc->na.address, bcc->na.session, NULL, 0);	2302	GST_ats_add_address (bcc->na.address, bcc->na.session, NULL, 0);
2240	}	2303	}
2241		2304
2242	if (NULL == (n = lookup_neighbour (peer)))
2243	{
2244	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2245	"No neighbor entry for peer `%s', ignoring blacklist result\n",
2246	GNUNET_i2s (peer));
2247	goto cleanup; /* nobody left to care about new address */
2248	}
2249	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2250	"Received connect blacklist check result for peer `%s' in state %s/%s\n",
2251	GNUNET_i2s (peer),
2252	GNUNET_TRANSPORT_ps2s (n->state),
2253	print_ack_state (n->ack_state));
2254	switch (n->state)	2305	switch (n->state)
2255	{	2306	{
2256	case GNUNET_TRANSPORT_PS_NOT_CONNECTED:	2307	case GNUNET_TRANSPORT_PS_NOT_CONNECTED:
2257	/* this should not be possible */	2308	/* This should not be possible */
2258	GNUNET_break (0);	2309	GNUNET_break (0);
2259	free_neighbour (n, GNUNET_NO);	2310	free_neighbour (n, GNUNET_NO);
2260	break;	2311	break;
2261	case GNUNET_TRANSPORT_PS_INIT_ATS:	2312	case GNUNET_TRANSPORT_PS_INIT_ATS:
2262	/* waiting on ATS suggestion; still, pass address to ATS as a	2313	/* Waiting on ATS suggestion */
2263	possibility */
2264	break;	2314	break;
2265	case GNUNET_TRANSPORT_PS_CONNECT_SENT:	2315	case GNUNET_TRANSPORT_PS_CONNECT_SENT:
2266	#if 0	2316	#if 0
@@ -2284,19 +2334,25 @@ handle_connect_blacklist_check_cont (void *cls,
2284	* with this peer, request an address from ATS*/	2334	* with this peer, request an address from ATS*/
2285	set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS,	2335	set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS,
2286	GNUNET_TIME_relative_to_absolute (ATS_RESPONSE_TIMEOUT));	2336	GNUNET_TIME_relative_to_absolute (ATS_RESPONSE_TIMEOUT));
2287	GNUNET_ATS_reset_backoff (GST_ats, peer);	2337
2288	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	2338	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2289	"Requesting address for peer %s to ATS\n",	2339	"Requesting address for peer %s to ATS\n",
2290	GNUNET_i2s (peer));	2340	GNUNET_i2s (peer));
2291	if (NULL == n->suggest_handle)	2341	if (NULL == n->suggest_handle)
2292	n->suggest_handle = GNUNET_ATS_suggest_address (GST_ats, peer,	2342	n->suggest_handle = GNUNET_ATS_suggest_address (GST_ats, peer,
2293	&address_suggest_cont, n);	2343	&address_suggest_cont, n);
2294	else	2344	GNUNET_ATS_reset_backoff (GST_ats, peer);
2295	GNUNET_ATS_reset_backoff (GST_ats, peer);
2296	}	2345	}
2297	else	2346	else
2298	{	2347	{
2299	/* FIXME: state handling required! */	2348	/* We received a CONNECT message from a peer, but blacklist denies to
		2349	* communicate with this peer and this address
		2350	* - Previous state: NOT_CONNECTED:
		2351	* We can free the neighbour, since the CONNECT created it
		2352	* - Previous state INIT_ATS:
		2353	*
		2354	* */
		2355	free_neighbour (n, GNUNET_NO);
2300	}	2356	}
2301	break;	2357	break;
2302	case GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS:	2358	case GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS:
@@ -2343,6 +2399,9 @@ handle_connect_blacklist_check_cont (void *cls,
2343	if ( (GNUNET_OK == result) &&	2399	if ( (GNUNET_OK == result) &&
2344	(ACK_SEND_CONNECT_ACK == n->ack_state) )	2400	(ACK_SEND_CONNECT_ACK == n->ack_state) )
2345	{	2401	{
		2402	/* TODO: Why should this happen? */
		2403	/* Debug message: / GNUNET_break (0);
		2404
2346	n->ack_state = ACK_SEND_SESSION_ACK;	2405	n->ack_state = ACK_SEND_SESSION_ACK;
2347	send_connect_ack_message (n->primary_address.address,	2406	send_connect_ack_message (n->primary_address.address,
2348	n->primary_address.session,	2407	n->primary_address.session,
@@ -2536,10 +2595,11 @@ GST_neighbours_handle_connect (const struct GNUNET_MessageHeader *message,
2536	n->connect_ack_timestamp = ts;	2595	n->connect_ack_timestamp = ts;
2537		2596
2538	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	2597	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2539	"Received SESSION_CONNECT for peer `%s' in state %s/%s\n",	2598	"Received CONNECT for peer `%s' in state %s/%s\n",
2540	GNUNET_i2s (peer),	2599	GNUNET_i2s (peer),
2541	GNUNET_TRANSPORT_ps2s (n->state),	2600	GNUNET_TRANSPORT_ps2s (n->state),
2542	print_ack_state (n->ack_state));	2601	print_ack_state (n->ack_state));
		2602
2543	switch (n->state)	2603	switch (n->state)
2544	{	2604	{
2545	case GNUNET_TRANSPORT_PS_NOT_CONNECTED:	2605	case GNUNET_TRANSPORT_PS_NOT_CONNECTED:
@@ -2552,7 +2612,8 @@ GST_neighbours_handle_connect (const struct GNUNET_MessageHeader *message,
2552	/* CONNECT message takes priority over us asking ATS for address */	2612	/* CONNECT message takes priority over us asking ATS for address */
2553	set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST_INBOUND,	2613	set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST_INBOUND,
2554	GNUNET_TIME_relative_to_absolute (BLACKLIST_RESPONSE_TIMEOUT));	2614	GNUNET_TIME_relative_to_absolute (BLACKLIST_RESPONSE_TIMEOUT));
2555	/* fallthrough */	2615	connect_check_blacklist (peer, ts, address, session);
		2616	break;
2556	case GNUNET_TRANSPORT_PS_CONNECT_SENT:	2617	case GNUNET_TRANSPORT_PS_CONNECT_SENT:
2557	case GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST_INBOUND:	2618	case GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST_INBOUND:
2558	case GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS:	2619	case GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS:
@@ -2732,24 +2793,24 @@ switch_address_bl_check_cont (void *cls,
2732	GNUNET_TIME_relative_to_absolute (SETUP_CONNECTION_TIMEOUT));	2793	GNUNET_TIME_relative_to_absolute (SETUP_CONNECTION_TIMEOUT));
2733	send_session_connect (&n->primary_address);	2794	send_session_connect (&n->primary_address);
2734	break;	2795	break;
		2796	case GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST_INBOUND:
		2797	/* We received an suggestion while waiting for a CONNECT blacklist check,
		2798	* this suggestion was permitted by a blacklist check, so send ACK*/
2735	case GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS:	2799	case GNUNET_TRANSPORT_PS_CONNECT_RECV_ATS:
		2800	/* We requested an address and ATS suggests one:
		2801	* set primary address and send CONNECT_ACK message*/
2736	set_primary_address (n, blc_ctx->address, blc_ctx->session,	2802	set_primary_address (n, blc_ctx->address, blc_ctx->session,
2737	blc_ctx->bandwidth_in, blc_ctx->bandwidth_out, GNUNET_NO);	2803	blc_ctx->bandwidth_in, blc_ctx->bandwidth_out, GNUNET_NO);
2738	/* Send an ACK message as a response to the CONNECT msg */	2804	/* Send an ACK message as a response to the CONNECT msg */
2739	set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_ACK,	2805	set_state_and_timeout (n, GNUNET_TRANSPORT_PS_CONNECT_RECV_ACK,
2740	GNUNET_TIME_relative_to_absolute (SETUP_CONNECTION_TIMEOUT));	2806	GNUNET_TIME_relative_to_absolute (SETUP_CONNECTION_TIMEOUT));
2741	send_connect_ack_message (n->primary_address.address,	2807	send_connect_ack_message (n->primary_address.address,
2742	n->primary_address.session,	2808	n->primary_address.session,
2743	n->connect_ack_timestamp);	2809	n->connect_ack_timestamp);
2744	if (ACK_SEND_CONNECT_ACK == n->ack_state)	2810	if (ACK_SEND_CONNECT_ACK == n->ack_state)
2745	n->ack_state = ACK_SEND_SESSION_ACK;	2811	n->ack_state = ACK_SEND_SESSION_ACK;
2746		2812
2747	break;	2813	break;
2748	case GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST_INBOUND:
2749	set_timeout (n, GNUNET_TIME_relative_to_absolute (BLACKLIST_RESPONSE_TIMEOUT));
2750	/* REMOVE */ connect_check_blacklist (&n->id, n->connect_ack_timestamp,
2751	blc_ctx->address, blc_ctx->session);
2752	break;
2753	case GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST:	2814	case GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST:
2754	case GNUNET_TRANSPORT_PS_CONNECT_RECV_ACK:	2815	case GNUNET_TRANSPORT_PS_CONNECT_RECV_ACK:
2755	/* ATS asks us to switch while we were trying to connect; switch to new	2816	/* ATS asks us to switch while we were trying to connect; switch to new
@@ -3161,7 +3222,7 @@ master_task (void *cls,
3161	case GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST_INBOUND:	3222	case GNUNET_TRANSPORT_PS_CONNECT_RECV_BLACKLIST_INBOUND:
3162	if (0 == delay.rel_value_us)	3223	if (0 == delay.rel_value_us)
3163	{	3224	{
3164	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	3225	GNUNET_log (GNUNET_ERROR_TYPE_INFO,
3165	"Connection to `%s' timed out waiting BLACKLIST to approve address to use for received CONNECT\n",	3226	"Connection to `%s' timed out waiting BLACKLIST to approve address to use for received CONNECT\n",
3166	GNUNET_i2s (&n->id));	3227	GNUNET_i2s (&n->id));
3167	free_neighbour (n, GNUNET_NO);	3228	free_neighbour (n, GNUNET_NO);