diff options
author | Christian Grothoff <christian@grothoff.org> | 2011-08-07 14:19:27 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2011-08-07 14:19:27 +0000 |
commit | 4dca0c9b28d2115a936b05582618f2285022089a (patch) | |
tree | f420b7d11245d6f23b5eeb4b8fecb1f8758fa0b2 /src/transport/gnunet-service-transport_validation.c | |
parent | 7ba6e451d50e4a9388e80c4082ab79ce1ddefbf8 (diff) | |
download | gnunet-4dca0c9b28d2115a936b05582618f2285022089a.tar.gz gnunet-4dca0c9b28d2115a936b05582618f2285022089a.zip |
stuff
Diffstat (limited to 'src/transport/gnunet-service-transport_validation.c')
-rw-r--r-- | src/transport/gnunet-service-transport_validation.c | 190 |
1 files changed, 57 insertions, 133 deletions
diff --git a/src/transport/gnunet-service-transport_validation.c b/src/transport/gnunet-service-transport_validation.c index c77fe7a44..db6f03dc5 100644 --- a/src/transport/gnunet-service-transport_validation.c +++ b/src/transport/gnunet-service-transport_validation.c | |||
@@ -612,7 +612,8 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender, | |||
612 | const struct TransportPingMessage *ping; | 612 | const struct TransportPingMessage *ping; |
613 | struct TransportPongMessage *pong; | 613 | struct TransportPongMessage *pong; |
614 | struct GNUNET_TRANSPORT_PluginFunctions *papi; | 614 | struct GNUNET_TRANSPORT_PluginFunctions *papi; |
615 | struct SessionHeader *session_header; | 615 | struct GNUNET_CRYPTO_RsaSignature *sig_cache; |
616 | struct GNUNET_TIME_Absolute *sig_cache_exp; | ||
616 | const char *addr; | 617 | const char *addr; |
617 | const char *addrend; | 618 | const char *addrend; |
618 | size_t alen; | 619 | size_t alen; |
@@ -629,17 +630,7 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender, | |||
629 | &GST_my_identity, | 630 | &GST_my_identity, |
630 | sizeof (struct GNUNET_PeerIdentity))) | 631 | sizeof (struct GNUNET_PeerIdentity))) |
631 | { | 632 | { |
632 | #if DEBUG_TRANSPORT | 633 | GNUNET_break_op (0); |
633 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
634 | _("Received `%s' message from `%s' destined for `%s' which is not me!\n"), | ||
635 | "PING", | ||
636 | (sender_address != NULL) | ||
637 | ? GST_plugin_a2s (plugin_name, | ||
638 | sender_address, | ||
639 | sender_address_len) | ||
640 | : "<inbound>", | ||
641 | GNUNET_i2s (&ping->target)); | ||
642 | #endif | ||
643 | return; | 634 | return; |
644 | } | 635 | } |
645 | #if DEBUG_TRANSPORT | 636 | #if DEBUG_TRANSPORT |
@@ -658,133 +649,67 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender, | |||
658 | GNUNET_NO); | 649 | GNUNET_NO); |
659 | addr = (const char*) &ping[1]; | 650 | addr = (const char*) &ping[1]; |
660 | alen = ntohs (hdr->size) - sizeof (struct TransportPingMessage); | 651 | alen = ntohs (hdr->size) - sizeof (struct TransportPingMessage); |
661 | if (alen == 0) | 652 | /* peer wants to confirm that this is one of our addresses, this is what is |
653 | used for address validation */ | ||
654 | |||
655 | addrend = memchr (addr, '\0', alen); | ||
656 | if (NULL == addrend) | ||
662 | { | 657 | { |
663 | /* peer wants to confirm that we have an outbound connection to him; | 658 | GNUNET_break_op (0); |
664 | we handle this case here even though it has nothing to do with | 659 | return; |
665 | address validation (!) */ | 660 | } |
666 | if ( (sender_address == NULL) || (session == NULL) ) | 661 | addrend++; |
667 | { | 662 | slen = strlen(addr); |
668 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 663 | alen -= slen; |
669 | _("Refusing to create PONG since I do initiate the session with `%s'.\n"), | 664 | |
670 | GNUNET_i2s (sender)); | 665 | if (GNUNET_YES != |
671 | return; | 666 | GST_hello_test_address (addr, |
672 | } | 667 | addrend, |
673 | session_header = (struct SessionHeader *)session; | 668 | alen, |
669 | &sig_cache, | ||
670 | &sig_cache_exp)) | ||
671 | { | ||
672 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
673 | _("Not confirming PING with address `%s' since I cannot confirm having this address.\n"), | ||
674 | GST_plugins_a2s (addr, | ||
675 | addrend, | ||
676 | alen)); | ||
677 | return; | ||
678 | } | ||
679 | |||
680 | pong = GNUNET_malloc (sizeof (struct TransportPongMessage) + alen + slen); | ||
681 | pong->header.size = htons (sizeof (struct TransportPongMessage) + alen + slen); | ||
682 | pong->header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PONG); | ||
683 | pong->purpose.size = | ||
684 | htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) + | ||
685 | sizeof (uint32_t) + | ||
686 | sizeof (struct GNUNET_TIME_AbsoluteNBO) + | ||
687 | sizeof (struct GNUNET_PeerIdentity) + alen + slen); | ||
688 | pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN); | ||
689 | pong->challenge = ping->challenge; | ||
690 | pong->addrlen = htonl(alen + slen); | ||
691 | pong->pid = GST_my_identity; | ||
692 | memcpy (&pong[1], addr, slen); | ||
693 | memcpy (&((char*)&pong[1])[slen], addrend, alen); | ||
694 | if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value < PONG_SIGNATURE_LIFETIME.rel_value / 4) | ||
695 | { | ||
696 | /* create / update cached sig */ | ||
674 | #if DEBUG_TRANSPORT | 697 | #if DEBUG_TRANSPORT |
675 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 698 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
676 | "Creating PONG indicating that we initiated a connection to peer `%s' using address `%s' \n", | 699 | "Creating PONG signature to indicate ownership.\n"); |
677 | GNUNET_i2s (peer), | ||
678 | GST_plugin_a2s (plugin_name, | ||
679 | sender_address, | ||
680 | sender_address_len)); | ||
681 | #endif | ||
682 | slen = strlen (plugin_name) + 1; | ||
683 | pong = GNUNET_malloc (sizeof (struct TransportPongMessage) + sender_address_len + slen); | ||
684 | pong->header.size = htons (sizeof (struct TransportPongMessage) + sender_address_len + slen); | ||
685 | pong->header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PONG); | ||
686 | pong->purpose.size = | ||
687 | htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) + | ||
688 | sizeof (uint32_t) + | ||
689 | sizeof (struct GNUNET_TIME_AbsoluteNBO) + | ||
690 | sizeof (struct GNUNET_PeerIdentity) + sender_address_len + slen); | ||
691 | pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_USING); | ||
692 | pong->challenge = ping->challenge; | ||
693 | pong->addrlen = htonl(sender_address_len + slen); | ||
694 | pong->pid = *sender; | ||
695 | memcpy (&pong[1], | ||
696 | plugin_name, | ||
697 | slen); | ||
698 | memcpy (&((char*)&pong[1])[slen], | ||
699 | sender_address, | ||
700 | sender_address_len); | ||
701 | if (GNUNET_TIME_absolute_get_remaining (session_header->pong_sig_expires).rel_value < | ||
702 | PONG_SIGNATURE_LIFETIME.rel_value / 4) | ||
703 | { | ||
704 | /* create / update cached sig */ | ||
705 | #if DEBUG_TRANSPORT | ||
706 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
707 | "Creating PONG signature to indicate active connection.\n"); | ||
708 | #endif | 700 | #endif |
709 | session_header->pong_sig_expires = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME); | 701 | *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME); |
710 | pong->expiration = GNUNET_TIME_absolute_hton (session_header->pong_sig_expires); | 702 | pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp); |
711 | GNUNET_assert (GNUNET_OK == | 703 | GNUNET_assert (GNUNET_OK == |
712 | GNUNET_CRYPTO_rsa_sign (GST_my_private_key, | 704 | GNUNET_CRYPTO_rsa_sign (GST_my_private_key, |
713 | &pong->purpose, | 705 | &pong->purpose, |
714 | &session_header->pong_signature)); | 706 | sig_cache)); |
715 | } | ||
716 | else | ||
717 | { | ||
718 | pong->expiration = GNUNET_TIME_absolute_hton (session_header->pong_sig_expires); | ||
719 | } | ||
720 | pong->signature = session_header->pong_signature; | ||
721 | } | 707 | } |
722 | else | 708 | else |
723 | { | 709 | { |
724 | /* peer wants to confirm that this is one of our addresses, this is what is | 710 | pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp); |
725 | used for address validation */ | ||
726 | struct GNUNET_CRYPTO_RsaSignature *sig_cache; | ||
727 | struct GNUNET_TIME_Absolute *sig_cache_exp; | ||
728 | |||
729 | addrend = memchr (addr, '\0', alen); | ||
730 | if (NULL == addrend) | ||
731 | { | ||
732 | GNUNET_break_op (0); | ||
733 | return; | ||
734 | } | ||
735 | addrend++; | ||
736 | slen = strlen(addr); | ||
737 | alen -= slen; | ||
738 | |||
739 | if (GNUNET_YES != | ||
740 | GST_hello_test_address (addr, | ||
741 | addrend, | ||
742 | alen, | ||
743 | &sig_cache, | ||
744 | &sig_cache_exp)) | ||
745 | { | ||
746 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
747 | _("Not confirming PING with address `%s' since I cannot confirm having this address.\n"), | ||
748 | GST_plugins_a2s (addr, | ||
749 | addrend, | ||
750 | alen)); | ||
751 | return; | ||
752 | } | ||
753 | |||
754 | pong = GNUNET_malloc (sizeof (struct TransportPongMessage) + alen + slen); | ||
755 | pong->header.size = htons (sizeof (struct TransportPongMessage) + alen + slen); | ||
756 | pong->header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PONG); | ||
757 | pong->purpose.size = | ||
758 | htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) + | ||
759 | sizeof (uint32_t) + | ||
760 | sizeof (struct GNUNET_TIME_AbsoluteNBO) + | ||
761 | sizeof (struct GNUNET_PeerIdentity) + alen + slen); | ||
762 | pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN); | ||
763 | pong->challenge = ping->challenge; | ||
764 | pong->addrlen = htonl(alen + slen); | ||
765 | pong->pid = GST_my_identity; | ||
766 | memcpy (&pong[1], addr, slen); | ||
767 | memcpy (&((char*)&pong[1])[slen], addrend, alen); | ||
768 | if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value < PONG_SIGNATURE_LIFETIME.rel_value / 4) | ||
769 | { | ||
770 | /* create / update cached sig */ | ||
771 | #if DEBUG_TRANSPORT | ||
772 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
773 | "Creating PONG signature to indicate ownership.\n"); | ||
774 | #endif | ||
775 | *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME); | ||
776 | pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp); | ||
777 | GNUNET_assert (GNUNET_OK == | ||
778 | GNUNET_CRYPTO_rsa_sign (GST_my_private_key, | ||
779 | &pong->purpose, | ||
780 | sig_cache)); | ||
781 | } | ||
782 | else | ||
783 | { | ||
784 | pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp); | ||
785 | } | ||
786 | pong->signature = *sig_cache; | ||
787 | } | 711 | } |
712 | pong->signature = *sig_cache; | ||
788 | 713 | ||
789 | /* first see if the session we got this PING from can be used to transmit | 714 | /* first see if the session we got this PING from can be used to transmit |
790 | a response reliably */ | 715 | a response reliably */ |
@@ -1039,8 +964,7 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender, | |||
1039 | sender, | 964 | sender, |
1040 | sizeof (struct GNUNET_PeerIdentity))) | 965 | sizeof (struct GNUNET_PeerIdentity))) |
1041 | { | 966 | { |
1042 | /* PONG is validating inbound session, not an address, not the case | 967 | GNUNET_break_op (0); |
1043 | used for address validation, ignore here! */ | ||
1044 | return; | 968 | return; |
1045 | } | 969 | } |
1046 | #if DEBUG_TRANSPORT | 970 | #if DEBUG_TRANSPORT |