diff options
author | Christian Grothoff <christian@grothoff.org> | 2010-04-12 20:36:38 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2010-04-12 20:36:38 +0000 |
commit | 6696043580dc03990461938f77fec27ca256914d (patch) | |
tree | ed37cb9cfa2758db8c51213aca924e06e8dd523c /src/transport | |
parent | 3b47d436220169672b22f39532f817161d858dda (diff) | |
download | gnunet-6696043580dc03990461938f77fec27ca256914d.tar.gz gnunet-6696043580dc03990461938f77fec27ca256914d.zip |
proper PONG validation
Diffstat (limited to 'src/transport')
-rw-r--r-- | src/transport/gnunet-service-transport.c | 26 | ||||
-rw-r--r-- | src/transport/transport_api.c | 12 |
2 files changed, 31 insertions, 7 deletions
diff --git a/src/transport/gnunet-service-transport.c b/src/transport/gnunet-service-transport.c index c2ca8bdb7..d05e88824 100644 --- a/src/transport/gnunet-service-transport.c +++ b/src/transport/gnunet-service-transport.c | |||
@@ -23,6 +23,15 @@ | |||
23 | * @brief low-level P2P messaging | 23 | * @brief low-level P2P messaging |
24 | * @author Christian Grothoff | 24 | * @author Christian Grothoff |
25 | * | 25 | * |
26 | * TODO: | ||
27 | * - Need to validate *inbound* bi-directional transports (i.e., TCP) | ||
28 | * using PING-PONG and then SIGNAL 'connected' to core/etc.! | ||
29 | * (currently we neither validate those nor do we signal the | ||
30 | * connection); only after those, we should transmit data | ||
31 | * (we currently send and receive arbitrary data on inbound TCP | ||
32 | * connections even if they have not been validated and hand it | ||
33 | * to our clients!) | ||
34 | * | ||
26 | * NOTE: | 35 | * NOTE: |
27 | * - This code uses 'GNUNET_a2s' for debug printing in many places, | 36 | * - This code uses 'GNUNET_a2s' for debug printing in many places, |
28 | * which is technically wrong since it assumes we have IP+Port | 37 | * which is technically wrong since it assumes we have IP+Port |
@@ -2341,6 +2350,15 @@ check_pending_validation (void *cls, | |||
2341 | 2350 | ||
2342 | if (ve->challenge != challenge) | 2351 | if (ve->challenge != challenge) |
2343 | return GNUNET_YES; | 2352 | return GNUNET_YES; |
2353 | if (GNUNET_OK != | ||
2354 | GNUNET_CRYPTO_rsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PING, | ||
2355 | &pong->purpose, | ||
2356 | &pong->signature, | ||
2357 | &ve->publicKey)) | ||
2358 | { | ||
2359 | GNUNET_break_op (0); | ||
2360 | return GNUNET_YES; | ||
2361 | } | ||
2344 | 2362 | ||
2345 | #if DEBUG_TRANSPORT | 2363 | #if DEBUG_TRANSPORT |
2346 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 2364 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
@@ -2392,8 +2410,8 @@ check_pending_validation (void *cls, | |||
2392 | n->distance = fal->distance; | 2410 | n->distance = fal->distance; |
2393 | if (GNUNET_NO == n->received_pong) | 2411 | if (GNUNET_NO == n->received_pong) |
2394 | { | 2412 | { |
2395 | notify_clients_connect (&target, n->latency, n->distance); | ||
2396 | n->received_pong = GNUNET_YES; | 2413 | n->received_pong = GNUNET_YES; |
2414 | notify_clients_connect (&target, n->latency, n->distance); | ||
2397 | } | 2415 | } |
2398 | if (n->retry_task != GNUNET_SCHEDULER_NO_TASK) | 2416 | if (n->retry_task != GNUNET_SCHEDULER_NO_TASK) |
2399 | { | 2417 | { |
@@ -2989,7 +3007,7 @@ handle_ping(void *cls, const struct GNUNET_MessageHeader *message, | |||
2989 | htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) + | 3007 | htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) + |
2990 | sizeof (uint32_t) + | 3008 | sizeof (uint32_t) + |
2991 | sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded) + sender_address_len); | 3009 | sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded) + sender_address_len); |
2992 | pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_TCP_PING); | 3010 | pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PING); |
2993 | pong->challenge = ping->challenge; | 3011 | pong->challenge = ping->challenge; |
2994 | pong->addrlen = htons(sender_address_len); | 3012 | pong->addrlen = htons(sender_address_len); |
2995 | memcpy(&pong->signer, | 3013 | memcpy(&pong->signer, |
@@ -3163,10 +3181,10 @@ plugin_env_receive (void *cls, const struct GNUNET_PeerIdentity *peer, | |||
3163 | process_hello (plugin, message); | 3181 | process_hello (plugin, message); |
3164 | break; | 3182 | break; |
3165 | case GNUNET_MESSAGE_TYPE_TRANSPORT_PING: | 3183 | case GNUNET_MESSAGE_TYPE_TRANSPORT_PING: |
3166 | handle_ping(plugin, message, peer, sender_address, sender_address_len); | 3184 | handle_ping (plugin, message, peer, sender_address, sender_address_len); |
3167 | break; | 3185 | break; |
3168 | case GNUNET_MESSAGE_TYPE_TRANSPORT_PONG: | 3186 | case GNUNET_MESSAGE_TYPE_TRANSPORT_PONG: |
3169 | handle_pong(plugin, message, peer, sender_address, sender_address_len); | 3187 | handle_pong (plugin, message, peer, sender_address, sender_address_len); |
3170 | break; | 3188 | break; |
3171 | default: | 3189 | default: |
3172 | #if DEBUG_TRANSPORT | 3190 | #if DEBUG_TRANSPORT |
diff --git a/src/transport/transport_api.c b/src/transport/transport_api.c index ef2538baf..c7e711472 100644 --- a/src/transport/transport_api.c +++ b/src/transport/transport_api.c | |||
@@ -1577,9 +1577,15 @@ demultiplexer (void *cls, const struct GNUNET_MessageHeader *msg) | |||
1577 | #endif | 1577 | #endif |
1578 | n = neighbour_find (h, &im->peer); | 1578 | n = neighbour_find (h, &im->peer); |
1579 | if (n == NULL) | 1579 | if (n == NULL) |
1580 | n = neighbour_add (h, &im->peer); | 1580 | { |
1581 | if (n == NULL) | 1581 | GNUNET_break (0); |
1582 | break; | 1582 | break; |
1583 | } | ||
1584 | if (n->is_connected != GNUNET_YES) | ||
1585 | { | ||
1586 | GNUNET_break (0); | ||
1587 | break; | ||
1588 | } | ||
1583 | if (h->rec != NULL) | 1589 | if (h->rec != NULL) |
1584 | h->rec (h->cls, &im->peer, imm, | 1590 | h->rec (h->cls, &im->peer, imm, |
1585 | GNUNET_TIME_relative_ntoh (im->latency), ntohs(im->distance)); | 1591 | GNUNET_TIME_relative_ntoh (im->latency), ntohs(im->distance)); |