towards fixing blacklisting APIs and implementation

5 files changed, 248 insertions, 334 deletions

diff --git a/src/transport/Makefile.am b/src/transport/Makefile.am
index 70c6c6c75..71e6470e3 100644
--- a/src/transport/Makefile.am
+++ b/src/transport/Makefile.am
@@ -57,8 +57,7 @@ gnunet_transport_LDADD = \
   $(GN_LIBINTL)
 
 gnunet_service_transport_SOURCES = \
- gnunet-service-transport.c plugin_transport.h \
- gnunet-service-transport_blacklist.c gnunet-service-transport_blacklist.h
+ gnunet-service-transport.c plugin_transport.h 
 gnunet_service_transport_LDADD = \
   $(top_builddir)/src/peerinfo/libgnunetpeerinfo.la \
   $(top_builddir)/src/statistics/libgnunetstatistics.la \
diff --git a/src/transport/gnunet-service-transport_blacklist.c b/src/transport/gnunet-service-transport_blacklist.c
index 8f78f498f..08ed2c9d2 100644
--- a/src/transport/gnunet-service-transport_blacklist.c
+++ b/src/transport/gnunet-service-transport_blacklist.c
@@ -43,32 +43,75 @@ struct BlacklistEntry
   struct GNUNET_PeerIdentity peer;
 
   /**
-   * How long until this entry times out?
+   * Client responsible for this entry.
    */
-  struct GNUNET_TIME_Absolute until;
+  struct GNUNET_SERVER_Client *client;
+
+};
+
+
+/**
+ * Information kept for each client registered to perform
+ * blacklisting.
+ */
+struct Blacklisters
+{
+  /**
+   * This is a linked list.
+   */
+  struct Blacklisters *next;
+
+  /**
+   * This is a linked list.
+   */
+  struct Blacklisters *prev;
 
   /**
-   * Task scheduled to run the moment the time does run out.
+   * Client responsible for this entry.
    */
-  GNUNET_SCHEDULER_TaskIdentifier timeout_task;
+  struct GNUNET_SERVER_Client *client;
+
 };
 
 
 /**
+ * State of blacklist check to be performed for each
+ * connecting peer.
+ */
+struct BlacklistCheck
+{
+
+  
+
+  /**
+   * Identity of the peer being checked.
+   */
+  struct GNUNET_PeerIdentity peer;
+
+  /**
+   * Clients we still need to ask.
+   */
+  struct GNUNET_SERVER_Client *pending;
+
+};
+
+
+
+/**
  * Map of blacklisted peers (maps from peer identities
  * to 'struct BlacklistEntry*' values).
  */
 static struct GNUNET_CONTAINER_MultiHashMap *blacklist;
 
 /**
- * Notifications for blacklisting.
+ * Head of DLL of blacklisting clients.
  */
-static struct GNUNET_SERVER_NotificationContext *blacklist_notifiers;
+static struct Blacklisters *bl_head;
 
 /**
- * Our scheduler.
+ * Tail of DLL of blacklisting clients.
  */
-static struct GNUNET_SCHEDULER_Handle *sched;
+static struct Blacklisters *bl_tail;
 
 
 /**
@@ -86,8 +129,6 @@ free_blacklist_entry (void *cls,
 {
   struct BlacklistEntry *be = value;
 
-  GNUNET_SCHEDULER_cancel (sched,
-                           be->timeout_task);
   GNUNET_free (be);
   return GNUNET_YES;
 }
@@ -108,37 +149,28 @@ shutdown_task (void *cls,
                                          NULL);
   GNUNET_CONTAINER_multihashmap_destroy (blacklist);
   blacklist = NULL;
-  GNUNET_SERVER_notification_context_destroy (blacklist_notifiers);
-  blacklist_notifiers = NULL;
 }
 
 
 /**
- * Task run when a blacklist entry times out.
+ * Handle a request to start a blacklist.
  *
- * @param cls closure (the 'struct BlacklistEntry*')
- * @param tc scheduler context (unused)
+ * @param cls closure (always NULL)
+ * @param client identification of the client
+ * @param message the actual message
  */
-static void
-timeout_task (void *cls,
-              const struct GNUNET_SCHEDULER_TaskContext *tc)
+void
+GNUNET_TRANSPORT_handle_blacklist_init (void *cls,
+                                        struct GNUNET_SERVER_Client *client,
+                                        const struct GNUNET_MessageHeader *message)
 {
-  struct BlacklistEntry *be = cls;
-  struct BlacklistMessage msg;
-  
-  be->timeout_task = GNUNET_SCHEDULER_NO_TASK; 
-  msg.header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_BLACKLIST);
-  msg.header.size = htons (sizeof (struct BlacklistMessage));
-  msg.reserved = htonl (0);
-  msg.peer = be->peer;
-  msg.until = GNUNET_TIME_absolute_hton (GNUNET_TIME_UNIT_ZERO_ABS);
-  GNUNET_assert (GNUNET_YES == GNUNET_CONTAINER_multihashmap_remove (blacklist,
-                                                                     &be->peer.hashPubKey,
-                                                                     be));
-  GNUNET_free (be);
-  GNUNET_SERVER_notification_context_broadcast (blacklist_notifiers,
-                                                &msg.header,
-                                                GNUNET_NO);
+  struct Blacklisters *bl;
+
+  bl = GNUNET_malloc (sizeof (struct Blacklisters));
+  bl->client = client;
+  GNUNET_SERVER_client_keep (client);
+  GNUNET_CONTAINER_DLL_insert (bl_head, bl_tail, bl);
+  /* FIXME: confirm that all existing connections are OK! */
 }
 
 
@@ -150,38 +182,33 @@ timeout_task (void *cls,
  * @param message the actual message
  */
 void
-GNUNET_TRANSPORT_handle_blacklist (void *cls,
-                                   struct GNUNET_SERVER_Client *client,
-                                   const struct GNUNET_MessageHeader *message)
+GNUNET_TRANSPORT_handle_blacklist_reply (void *cls,
+                                         struct GNUNET_SERVER_Client *client,
+                                         const struct GNUNET_MessageHeader *message)
 {
-  struct BlacklistEntry *be;
+  struct Blacklisters *bl;
   const struct BlacklistMessage *msg = (const struct BlacklistMessage*) message;
 
-  be = GNUNET_CONTAINER_multihashmap_get (blacklist,
-                                          &msg->peer.hashPubKey);
-  if (be != NULL)
+  bl = bl_head;
+  while ( (bl != NULL) &&
+          (bl->client != client) )
+    bl = bl->next;
+  if (bl == NULL)
     {
-      GNUNET_SCHEDULER_cancel (sched,
-                               be->timeout_task);
+      GNUNET_SERVER_client_done (client, GNUNET_SYSERR);
+      return;
     }
-  else
-    {
+  if (ntohl (msg->is_allowed) == GNUNET_SYSERR)
+    {    
       be = GNUNET_malloc (sizeof (struct BlacklistEntry));
       be->peer = msg->peer;
+      be->client = client;
       GNUNET_CONTAINER_multihashmap_put (blacklist,
                                          &msg->peer.hashPubKey,
                                          be,
-                                         GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
+                                         GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
     }
-  be->until = GNUNET_TIME_absolute_ntoh (msg->until);
-  be->timeout_task = GNUNET_SCHEDULER_add_delayed (sched,
-                                                   GNUNET_TIME_absolute_get_remaining (be->until),
-                                                   &timeout_task,
-                                                   be);
-  GNUNET_SERVER_notification_context_broadcast (blacklist_notifiers,
-                                                &msg->header,
-                                                GNUNET_NO);
-  GNUNET_SERVER_receive_done (client, GNUNET_OK);
+  /* FIXME: trigger continuation... */
 }
 
 
@@ -243,7 +270,9 @@ GNUNET_TRANSPORT_handle_blacklist_notify (void *cls,
 int
 GNUNET_TRANSPORT_blacklist_check (const struct GNUNET_PeerIdentity *id)
 {
-  return GNUNET_CONTAINER_multihashmap_contains (blacklist, &id->hashPubKey);
+  if (GNUNET_CONTAINER_multihashmap_contains (blacklist, &id->hashPubKey))    
+    return GNUNET_YES;
+  
 }
 
 
@@ -263,7 +292,6 @@ GNUNET_TRANSPORT_blacklist_init (struct GNUNET_SERVER_Handle *server,
                                 GNUNET_TIME_UNIT_FOREVER_REL,
                                 &shutdown_task,
                                 NULL);
-  blacklist_notifiers = GNUNET_SERVER_notification_context_create (server, 0);
 }
 
 
diff --git a/src/transport/gnunet-service-transport_blacklist.h b/src/transport/gnunet-service-transport_blacklist.h
index 92f81a2e9..32e26431e 100644
--- a/src/transport/gnunet-service-transport_blacklist.h
+++ b/src/transport/gnunet-service-transport_blacklist.h
@@ -31,16 +31,16 @@
 #include "transport.h"
 
 /**
- * Handle a request to blacklist a peer.
+ * Handle a request to start a blacklist.
  *
  * @param cls closure (always NULL)
  * @param client identification of the client
  * @param message the actual message
  */
 void
-GNUNET_TRANSPORT_handle_blacklist (void *cls,
-                                   struct GNUNET_SERVER_Client *client,
-                                   const struct GNUNET_MessageHeader *message);
+GNUNET_TRANSPORT_handle_blacklist_init (void *cls,
+                                        struct GNUNET_SERVER_Client *client,
+                                        const struct GNUNET_MessageHeader *message);
 
 
 /**
@@ -51,30 +51,9 @@ GNUNET_TRANSPORT_handle_blacklist (void *cls,
  * @param message the actual message
  */
 void
-GNUNET_TRANSPORT_handle_blacklist_notify (void *cls,
-                                          struct GNUNET_SERVER_Client *client,
-                                          const struct GNUNET_MessageHeader *message);
-
-
-/**
- * Is the given peer currently blacklisted?
- *
- * @param id identity of the peer
- * @return GNUNET_YES if the peer is blacklisted, GNUNET_NO if not
- */
-int
-GNUNET_TRANSPORT_blacklist_check (const struct GNUNET_PeerIdentity *id);
-
-
-/**
- * Initialize the blacklisting subsystem.
- *
- * @param server server we handle requests from (transport service server)
- * @param s scheduler to use
- */
-void 
-GNUNET_TRANSPORT_blacklist_init (struct GNUNET_SERVER_Handle *server,
-                                 struct GNUNET_SCHEDULER_Handle *s);
+GNUNET_TRANSPORT_handle_blacklist_reply (void *cls,
+                                         struct GNUNET_SERVER_Client *client,
+                                         const struct GNUNET_MessageHeader *message);
 
 
 #endif
diff --git a/src/transport/transport.h b/src/transport/transport.h
index d66b87b35..b2ef01bb5 100644
--- a/src/transport/transport.h
+++ b/src/transport/transport.h
@@ -268,27 +268,22 @@ struct BlacklistMessage
 {
 
   /**
-   * Type will be GNUNET_MESSAGE_TYPE_TRANSPORT_BLACKLIST
+   * Type will be GNUNET_MESSAGE_TYPE_TRANSPORT_BLACKLIST_QUERY or
+   * GNUNET_MESSAGE_TYPE_TRANSPORT_BLACKLIST_REPLY.
    */
   struct GNUNET_MessageHeader header;
 
   /**
-   * Reserved (for alignment).
+   * 0 for the query, GNUNET_OK (allowed) or GNUNET_SYSERR (disallowed)
+   * for the response.
    */
-  uint32_t reserved GNUNET_PACKED;
+  uint32_t is_allowed GNUNET_PACKED;
 
   /**
-   * Which peer is being blacklisted (or has seen its
-   * blacklisting expire)?
+   * Which peer is being blacklisted or queried?
    */
   struct GNUNET_PeerIdentity peer;
 
-  /**
-   * Until what time is this peer blacklisted (zero for
-   * no longer blacklisted).
-   */
-  struct GNUNET_TIME_AbsoluteNBO until;
-
 };
 
 
diff --git a/src/transport/transport_api_blacklist.c b/src/transport/transport_api_blacklist.c
index c8838f1b6..5d2d616e8 100644
--- a/src/transport/transport_api_blacklist.c
+++ b/src/transport/transport_api_blacklist.c
@@ -36,7 +36,7 @@
 /**
  * Handle for blacklisting requests.
  */
-struct GNUNET_TRANSPORT_BlacklistRequest
+struct GNUNET_TRANSPORT_Blacklist
 {
 
   /**
@@ -45,342 +45,255 @@ struct GNUNET_TRANSPORT_BlacklistRequest
   struct GNUNET_CLIENT_Connection * client;
 
   /**
-   * Function to call when done.
-   */
-  GNUNET_SCHEDULER_Task cont;
-
-  /**
-   * Clsoure for 'cont'.
+   * Scheduler to use.
    */
-  void *cont_cls;
+  struct GNUNET_SCHEDULER_Handle *sched;
 
   /**
-   * Scheduler to use.
+   * Configuration to use.
    */
-  struct GNUNET_SCHEDULER_Handle *sched;
+  const struct GNUNET_CONFIGURATION_Handle *cfg;
 
   /**
-   * Pending handle for the blacklisting request.
+   * Pending handle for the current request.
    */ 
   struct GNUNET_CLIENT_TransmitHandle *th;
-  
+
   /**
-   * How long should 'peer' be blacklisted?
+   * Function to call for determining if a peer is allowed
+   * to communicate with us.
    */
-  struct GNUNET_TIME_Absolute duration;
-  
+  GNUNET_TRANSPORT_BlacklistCallback cb;
+
   /**
-   * Which peer is being blacklisted?
+   * Closure for 'cb'.
+   */
+  void *cb_cls;  
+
+  /**
+   * Peer currently under consideration.
    */
   struct GNUNET_PeerIdentity peer;
-  
+
 };
 
 
 /**
- * Function called to notify a client about the socket
- * begin ready to queue more data.  "buf" will be
- * NULL and "size" zero if the socket was closed for
- * writing in the meantime.
+ * Establish blacklist connection to transport service.
  *
- * @param cls closure
- * @param size number of bytes available in buf
- * @param buf where the callee should write the message
- * @return number of bytes written to buf
+ * @param br overall handle
  */
-static size_t
-transmit_blacklist_request (void *cls,
-                            size_t size, void *buf)
-{
-  struct GNUNET_TRANSPORT_BlacklistRequest *br = cls;
-  struct BlacklistMessage req;
-
-  if (buf == NULL)
-    {
-      GNUNET_SCHEDULER_add_continuation (br->sched,
-                                         br->cont,
-                                         br->cont_cls,
-                                         GNUNET_SCHEDULER_REASON_TIMEOUT);
-      GNUNET_free (br);
-      return 0;
-    }
-  req.header.size = htons (sizeof (req));
-  req.header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_BLACKLIST);
-  req.reserved = htonl (0);
-  req.peer = br->peer;
-  req.until = GNUNET_TIME_absolute_hton (br->duration);
-  memcpy (buf, &req, sizeof (req));
-  GNUNET_SCHEDULER_add_continuation (br->sched,
-                                     br->cont,
-                                     br->cont_cls,
-                                     GNUNET_SCHEDULER_REASON_PREREQ_DONE);
-  GNUNET_free (br);
-  return sizeof (req);
-}
+static void
+reconnect (struct GNUNET_TRANSPORT_Blacklist *br);
 
 
 /**
- * Blacklist a peer for a given period of time.  All connections
- * (inbound and outbound) to a peer that is blacklisted will be
- * dropped (as soon as we learn who the connection is for).  A second
- * call to this function for the same peer overrides previous
- * blacklisting requests.
+ * Send our reply to a blacklisting request.
  *
- * @param sched scheduler to use
- * @param cfg configuration to use
- * @param peer identity of peer to blacklist
- * @param duration how long to blacklist, use GNUNET_TIME_UNIT_ZERO to
- *        re-enable connections
- * @param timeout when should this operation (trying to establish the
- *        blacklisting time out)
- * @param cont continuation to call once the request has been processed
- * @param cont_cls closure for cont
- * @return NULL on error, otherwise handle for cancellation
+ * @param br our overall context
  */
-struct GNUNET_TRANSPORT_BlacklistRequest *
-GNUNET_TRANSPORT_blacklist (struct GNUNET_SCHEDULER_Handle *sched,
-                            const struct GNUNET_CONFIGURATION_Handle *cfg,
-                            const struct GNUNET_PeerIdentity *peer,
-                            struct GNUNET_TIME_Relative duration,
-                            struct GNUNET_TIME_Relative timeout,
-                            GNUNET_SCHEDULER_Task cont,
-                            void *cont_cls)
-{
-  struct GNUNET_CLIENT_Connection * client;
-  struct GNUNET_TRANSPORT_BlacklistRequest *ret;
-
-  client = GNUNET_CLIENT_connect (sched, "transport", cfg);
-  if (NULL == client)
-    return NULL;
-  ret = GNUNET_malloc (sizeof (struct GNUNET_TRANSPORT_BlacklistRequest));
-  ret->client = client;
-  ret->peer = *peer;
-  ret->duration = GNUNET_TIME_relative_to_absolute (duration);
-  ret->sched = sched;
-  ret->cont = cont;
-  ret->cont_cls = cont_cls;
-  ret->th = GNUNET_CLIENT_notify_transmit_ready (client,
-                                                 sizeof (struct BlacklistMessage),
-                                                 timeout,
-                                                 GNUNET_YES,
-                                                 &transmit_blacklist_request,
-                                                 ret);
-  GNUNET_assert (NULL != ret->th);
-  return ret;
-}
+static void
+reply (struct GNUNET_TRANSPORT_Blacklist *br);
 
 
 /**
- * Abort transmitting the blacklist request.  Note that this function
- * is NOT for removing a peer from the blacklist (for that, call 
- * GNUNET_TRANSPORT_blacklist with a duration of zero).  This function
- * is only for aborting the transmission of a blacklist request
- * (i.e. because of shutdown).
+ * Handle blacklist queries.
  *
- * @param br handle of the request that is to be cancelled
+ * @param cls our overall handle
+ * @param msg query
  */
-void
-GNUNET_TRANSPORT_blacklist_cancel (struct GNUNET_TRANSPORT_BlacklistRequest * br)
-{
-  GNUNET_CLIENT_notify_transmit_ready_cancel (br->th);
-  GNUNET_free (br);
-}
-
-
-/**
- * Handle for blacklist notifications.
- */
-struct GNUNET_TRANSPORT_BlacklistNotification
+static void
+query_handler (void *cls,
+               const struct GNUNET_MessageHeader *msg)
 {
-
-  /**
-   * Function to call whenever there is a change.
-   */
-  GNUNET_TRANSPORT_BlacklistCallback notify;
-
-  /**
-   * Closure for notify.
-   */
-  void *notify_cls;
-
-  /**
-   * Scheduler to use.
-   */
-  struct GNUNET_SCHEDULER_Handle *sched;
-
-  /**
-   * Configuration to use.
-   */
-  const struct GNUNET_CONFIGURATION_Handle *cfg;
+  struct GNUNET_TRANSPORT_Blacklist *br = cls;
+  const struct BlacklistMessage *bm;
   
-  /**
-   * Connection to transport service.
-   */
-  struct GNUNET_CLIENT_Connection * client;
-
-  /**
-   * Pending handle for the notification request.
-   */ 
-  struct GNUNET_CLIENT_TransmitHandle *th;
-};
+  if ( (ntohs(msg->size) != sizeof (struct BlacklistMessage)) ||
+       (ntohs(msg->type) != GNUNET_MESSAGE_TYPE_TRANSPORT_BLACKLIST_QUERY) )
+    {
+      reconnect (br);
+      return;
+    }
+  bm = (const struct BlacklistMessage *)msg;
+  GNUNET_break (0 == ntohl (bm->is_allowed));
+  br->peer = bm->peer;
+  reply (br);  
+}
 
 
 /**
- * Send a request to receive blacklisting notifications
+ * Receive blacklist queries from transport service.
  *
- * @param bn context to initialize
+ * @param br overall handle
  */
 static void
-request_notifications (struct GNUNET_TRANSPORT_BlacklistNotification *bn);
+receive (struct GNUNET_TRANSPORT_Blacklist *br)
+{
+  GNUNET_CLIENT_receive (br->client,
+                         &query_handler,
+                         br,
+                         GNUNET_TIME_UNIT_FOREVER_REL);
+}
 
 
 /**
- * Destroy the existing connection to the transport service and
- * setup a new one (the existing one had serious problems).
- * 
- * @param bn context to re-initialize
+ * Transmit the blacklist initialization request to the service.
+ *
+ * @param cls closure (struct GNUNET_TRANSPORT_Blacklist*)
+ * @param size number of bytes available in buf
+ * @param buf where the callee should write the message
+ * @return number of bytes written to buf
  */
-static void
-retry_get_notifications (struct GNUNET_TRANSPORT_BlacklistNotification *bn)
+static size_t
+transmit_blacklist_init (void *cls,
+                         size_t size, void *buf)
 {
-  GNUNET_CLIENT_disconnect (bn->client, GNUNET_NO);
-  bn->client = GNUNET_CLIENT_connect (bn->sched, "transport", bn->cfg);
-  request_notifications (bn);
+  struct GNUNET_TRANSPORT_Blacklist *br = cls;
+  struct GNUNET_MessageHeader req;
+
+  if (buf == NULL)
+    {
+      reconnect (br);
+      return 0;
+    }
+  req.size = htons (sizeof (struct GNUNET_MessageHeader));
+  req.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_BLACKLIST_INIT);
+  memcpy (buf, &req, sizeof (req));
+  receive (br);
+  return sizeof (req);
 }
 
 
 /**
- * Function called whenever we get a blacklisting notification.
- * Pass it on to the callback and wait for more.
+ * Establish blacklist connection to transport service.
  *
- * @param cls our 'struct GNUNET_TRANSPORT_BlacklistNotification *'
- * @param msg the blacklisting notification, NULL on error
+ * @param br overall handle
  */
 static void
-recv_blacklist_info (void *cls,
-                     const struct GNUNET_MessageHeader *msg)
+reconnect (struct GNUNET_TRANSPORT_Blacklist *br)
 {
-  struct GNUNET_TRANSPORT_BlacklistNotification *bn = cls;
-  const struct BlacklistMessage *req;
-
-  if ( (msg == NULL) ||
-       (sizeof(struct BlacklistMessage) != ntohs(msg->size)) ||
-       (GNUNET_MESSAGE_TYPE_TRANSPORT_BLACKLIST != ntohs(msg->type)) )
-    {
-      retry_get_notifications (bn);
-      return;
-    }
-  req = (const struct BlacklistMessage*) msg;
-  bn->notify (bn->notify_cls,
-              &req->peer,
-              GNUNET_TIME_absolute_ntoh (req->until));
-  GNUNET_CLIENT_receive (bn->client,
-                         &recv_blacklist_info,
-                         bn,
-                         GNUNET_TIME_UNIT_FOREVER_REL);  
+  if (br->client != NULL)
+    GNUNET_CLIENT_disconnect (br->client, GNUNET_NO);
+  br->client = GNUNET_CLIENT_connect (br->sched,
+                                      "transport",
+                                      br->cfg);
+  br->th = GNUNET_CLIENT_notify_transmit_ready (br->client,
+                                                sizeof (struct GNUNET_MessageHeader),
+                                                GNUNET_TIME_UNIT_FOREVER_REL,
+                                                GNUNET_YES,
+                                                &transmit_blacklist_init,
+                                                br);
 }
 
 
 /**
- * Function called to notify a client about the socket
- * begin ready to queue more data.  "buf" will be
- * NULL and "size" zero if the socket was closed for
- * writing in the meantime.
+ * Transmit the blacklist response to the service.
  *
- * @param cls closure
+ * @param cls closure (struct GNUNET_TRANSPORT_Blacklist*)
  * @param size number of bytes available in buf
  * @param buf where the callee should write the message
  * @return number of bytes written to buf
  */
-static size_t 
-transmit_notify_request (void *cls,
-                         size_t size, void *buf)
+static size_t
+transmit_blacklist_reply (void *cls,
+                          size_t size, void *buf)
 {
-  struct GNUNET_TRANSPORT_BlacklistNotification *bn = cls;
-  struct GNUNET_MessageHeader hdr;
+  struct GNUNET_TRANSPORT_Blacklist *br = cls;
+  struct BlacklistMessage req;
 
-  bn->th = NULL;
   if (buf == NULL)
     {
-      retry_get_notifications (bn);
+      reconnect (br);
       return 0;
     }
-  GNUNET_assert (size >= sizeof(hdr));
-  hdr.size = htons (sizeof (hdr));
-  hdr.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_BLACKLIST_NOTIFY);
-  memcpy (buf, &hdr, sizeof(hdr));
-  return sizeof(hdr);  
+  req.header.size = htons (sizeof (req));
+  req.header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_BLACKLIST_REPLY);
+  req.is_allowed = htonl (br->cb (br->cb_cls, &br->peer));
+  req.peer = br->peer;
+  memcpy (buf, &req, sizeof (req));
+  receive (br);
+  return sizeof (req);
 }
 
 
 /**
- * Send a request to receive blacklisting notifications
+ * Send our reply to a blacklisting request.
  *
- * @param bn context to initialize
+ * @param br our overall context
  */
 static void
-request_notifications (struct GNUNET_TRANSPORT_BlacklistNotification *bn)
+reply (struct GNUNET_TRANSPORT_Blacklist *br)
 {
-  GNUNET_assert (bn->client != NULL);
-  bn->th = GNUNET_CLIENT_notify_transmit_ready (bn->client,
-                                                sizeof (struct GNUNET_MessageHeader),
+  br->th = GNUNET_CLIENT_notify_transmit_ready (br->client,
+                                                sizeof (struct BlacklistMessage),
                                                 GNUNET_TIME_UNIT_FOREVER_REL,
-                                                GNUNET_YES,
-                                                &transmit_notify_request,
-                                                bn);
-  GNUNET_assert (bn->th != NULL);
-  GNUNET_CLIENT_receive (bn->client,
-                         &recv_blacklist_info,
-                         bn,
-                         GNUNET_TIME_UNIT_FOREVER_REL);
+                                                GNUNET_NO,
+                                                &transmit_blacklist_reply,
+                                                br);
+  if (br->th == NULL)
+    {
+      reconnect (br);
+      return;
+    }
 }
 
 
 /**
- * Call a function whenever a peer's blacklisting status changes.
+ * Install a blacklist callback.  The service will be queried for all
+ * existing connections as well as any fresh connections to check if
+ * they are permitted.  If the blacklisting callback is unregistered,
+ * all hosts that were denied in the past will automatically be
+ * whitelisted again.  Cancelling the blacklist handle is also the
+ * only way to re-enable connections from peers that were previously
+ * blacklisted.
  *
  * @param sched scheduler to use
  * @param cfg configuration to use
- * @param bc function to call on status changes
- * @param bc_cls closure for bc
+ * @param cb callback to invoke to check if connections are allowed
+ * @param cb_cls closure for cb
  * @return NULL on error, otherwise handle for cancellation
  */
-struct GNUNET_TRANSPORT_BlacklistNotification *
-GNUNET_TRANSPORT_blacklist_notify (struct GNUNET_SCHEDULER_Handle *sched,
-                                   const struct GNUNET_CONFIGURATION_Handle *cfg,
-                                   GNUNET_TRANSPORT_BlacklistCallback bc,
-                                   void *bc_cls)
+struct GNUNET_TRANSPORT_Blacklist *
+GNUNET_TRANSPORT_blacklist (struct GNUNET_SCHEDULER_Handle *sched,
+                            const struct GNUNET_CONFIGURATION_Handle *cfg,
+                            GNUNET_TRANSPORT_BlacklistCallback cb,
+                            void *cb_cls)
 {
-  struct GNUNET_TRANSPORT_BlacklistNotification *ret;
   struct GNUNET_CLIENT_Connection * client;
+  struct GNUNET_TRANSPORT_Blacklist *ret;
 
   client = GNUNET_CLIENT_connect (sched, "transport", cfg);
   if (NULL == client)
     return NULL;
-  ret = GNUNET_malloc (sizeof (struct GNUNET_TRANSPORT_BlacklistNotification));
+  ret = GNUNET_malloc (sizeof (struct GNUNET_TRANSPORT_Blacklist));
   ret->client = client;
   ret->sched = sched;
   ret->cfg = cfg;
-  ret->notify = bc;
-  ret->notify_cls = bc_cls;
-  request_notifications (ret);
+  ret->th = GNUNET_CLIENT_notify_transmit_ready (client,
+                                                 sizeof (struct GNUNET_MessageHeader),
+                                                 GNUNET_TIME_UNIT_FOREVER_REL,
+                                                 GNUNET_YES,
+                                                 &transmit_blacklist_init,
+                                                 ret);  
   return ret;
 }
 
 
 /**
- * Stop calling the notification callback associated with
- * the given blacklist notification.
+ * Abort the blacklist.  Note that this function is the only way for
+ * removing a peer from the blacklist.
  *
- * @param bn handle of the request that is to be cancelled
+ * @param br handle of the request that is to be cancelled
  */
 void
-GNUNET_TRANSPORT_blacklist_notify_cancel (struct GNUNET_TRANSPORT_BlacklistNotification * bn)
+GNUNET_TRANSPORT_blacklist_cancel (struct GNUNET_TRANSPORT_Blacklist *br)
 {
-  if (bn->th != NULL)
-    GNUNET_CLIENT_notify_transmit_ready_cancel (bn->th);
-  GNUNET_CLIENT_disconnect (bn->client, GNUNET_NO);
-  GNUNET_free (bn);
+  if (br->th != NULL)
+    GNUNET_CLIENT_notify_transmit_ready_cancel (br->th);
+  GNUNET_CLIENT_disconnect (br->client, GNUNET_NO);
+  GNUNET_free (br);
 }
 
+
 /* end of transport_api_blacklist.c */