diff options
author | Christian Grothoff <christian@grothoff.org> | 2011-08-06 18:47:22 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2011-08-06 18:47:22 +0000 |
commit | aad2f0838ef0586366fe4e3921013b7af6a4ea65 (patch) | |
tree | f8adbdd912e93799caa6936df535e97f96761f95 /src/transport | |
parent | 10120fb0e995a8607898347ea48e12ca907e8840 (diff) | |
download | gnunet-aad2f0838ef0586366fe4e3921013b7af6a4ea65.tar.gz gnunet-aad2f0838ef0586366fe4e3921013b7af6a4ea65.zip |
send validation PING
Diffstat (limited to 'src/transport')
-rw-r--r-- | src/transport/gnunet-service-transport_clients.c | 8 | ||||
-rw-r--r-- | src/transport/gnunet-service-transport_validation.c | 150 | ||||
-rw-r--r-- | src/transport/gnunet-service-transport_validation.h | 7 |
3 files changed, 145 insertions, 20 deletions
diff --git a/src/transport/gnunet-service-transport_clients.c b/src/transport/gnunet-service-transport_clients.c index 3b42c7a79..454f544fd 100644 --- a/src/transport/gnunet-service-transport_clients.c +++ b/src/transport/gnunet-service-transport_clients.c | |||
@@ -592,9 +592,7 @@ GST_clients_handle_address_lookup (void *cls, | |||
592 | * | 592 | * |
593 | * @param cls our 'struct GNUNET_SERVER_TransmitContext' (for sending) | 593 | * @param cls our 'struct GNUNET_SERVER_TransmitContext' (for sending) |
594 | * @param target peer this change is about, never NULL | 594 | * @param target peer this change is about, never NULL |
595 | * @param last_validated_at is FOREVER if the address has not been validated (we're currently checking) | 595 | * @param valid_until until what time do we consider the address valid? |
596 | * is ZERO if the address was validated a long time ago (from PEERINFO) | ||
597 | * is a time in the past if this process validated the address | ||
598 | * @param validation_block is FOREVER if the address is for an unsupported plugin (from PEERINFO) | 596 | * @param validation_block is FOREVER if the address is for an unsupported plugin (from PEERINFO) |
599 | * is ZERO if the address is considered valid (no validation needed) | 597 | * is ZERO if the address is considered valid (no validation needed) |
600 | * is a time in the future if we're currently denying re-validation | 598 | * is a time in the future if we're currently denying re-validation |
@@ -605,7 +603,7 @@ GST_clients_handle_address_lookup (void *cls, | |||
605 | static void | 603 | static void |
606 | send_address_to_client (void *cls, | 604 | send_address_to_client (void *cls, |
607 | const struct GNUNET_PeerIdentity *target, | 605 | const struct GNUNET_PeerIdentity *target, |
608 | struct GNUNET_TIME_Absolute last_validated_at, | 606 | struct GNUNET_TIME_Absolute valid_until, |
609 | struct GNUNET_TIME_Absolute validation_block, | 607 | struct GNUNET_TIME_Absolute validation_block, |
610 | const char *plugin_name, | 608 | const char *plugin_name, |
611 | const void *plugin_address, | 609 | const void *plugin_address, |
@@ -622,7 +620,7 @@ send_address_to_client (void *cls, | |||
622 | (GNUNET_YES == GST_neighbours_test_connected (target)) | 620 | (GNUNET_YES == GST_neighbours_test_connected (target)) |
623 | ? "CONNECTED" | 621 | ? "CONNECTED" |
624 | : "DISCONNECTED", | 622 | : "DISCONNECTED", |
625 | (last_validated_at.abs_value < GNUNET_TIME_UNIT_FOREVER_ABS.abs_value) | 623 | (GNUNET_TIME_absolute_get_remaining (valid_until).rel_value > 0) |
626 | ? "VALIDATED" | 624 | ? "VALIDATED" |
627 | : "UNVALIDATED"); | 625 | : "UNVALIDATED"); |
628 | transmit_address_to_client (tc, addr_buf); | 626 | transmit_address_to_client (tc, addr_buf); |
diff --git a/src/transport/gnunet-service-transport_validation.c b/src/transport/gnunet-service-transport_validation.c index 23140b7c3..9a8bf0b47 100644 --- a/src/transport/gnunet-service-transport_validation.c +++ b/src/transport/gnunet-service-transport_validation.c | |||
@@ -25,10 +25,12 @@ | |||
25 | */ | 25 | */ |
26 | #include "platform.h" | 26 | #include "platform.h" |
27 | #include "gnunet-service-transport_validation.h" | 27 | #include "gnunet-service-transport_validation.h" |
28 | #include "gnunet-service-transport_plugins.h" | ||
28 | #include "gnunet-service-transport.h" | 29 | #include "gnunet-service-transport.h" |
29 | #include "gnunet_hello_lib.h" | 30 | #include "gnunet_hello_lib.h" |
30 | #include "gnunet_peerinfo_service.h" | 31 | #include "gnunet_peerinfo_service.h" |
31 | 32 | ||
33 | |||
32 | /** | 34 | /** |
33 | * How long until a HELLO verification attempt should time out? | 35 | * How long until a HELLO verification attempt should time out? |
34 | * Must be rather small, otherwise a partially successful HELLO | 36 | * Must be rather small, otherwise a partially successful HELLO |
@@ -55,7 +57,6 @@ | |||
55 | */ | 57 | */ |
56 | #define HELLO_ADDRESS_EXPIRATION GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12) | 58 | #define HELLO_ADDRESS_EXPIRATION GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12) |
57 | 59 | ||
58 | |||
59 | /** | 60 | /** |
60 | * How long before an existing address expires should we again try to | 61 | * How long before an existing address expires should we again try to |
61 | * validate it? Must be (significantly) smaller than | 62 | * validate it? Must be (significantly) smaller than |
@@ -64,10 +65,106 @@ | |||
64 | #define HELLO_REVALIDATION_START_TIME GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 1) | 65 | #define HELLO_REVALIDATION_START_TIME GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 1) |
65 | 66 | ||
66 | /** | 67 | /** |
68 | * How long before we try to check an address again (if it turned out to | ||
69 | * be invalid the first time)? | ||
70 | */ | ||
71 | #define MAX_REVALIDATION_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 1) | ||
72 | |||
73 | /** | ||
67 | * Size of the validation map hashmap. | 74 | * Size of the validation map hashmap. |
68 | */ | 75 | */ |
69 | #define VALIDATION_MAP_SIZE 256 | 76 | #define VALIDATION_MAP_SIZE 256 |
70 | 77 | ||
78 | /** | ||
79 | * Priority to use for PINGs and PONGs | ||
80 | */ | ||
81 | #define PING_PRIORITY 1 | ||
82 | |||
83 | /** | ||
84 | * Message used to ask a peer to validate receipt (to check an address | ||
85 | * from a HELLO). Followed by the address we are trying to validate, | ||
86 | * or an empty address if we are just sending a PING to confirm that a | ||
87 | * connection which the receiver (of the PING) initiated is still valid. | ||
88 | */ | ||
89 | struct TransportPingMessage | ||
90 | { | ||
91 | |||
92 | /** | ||
93 | * Type will be GNUNET_MESSAGE_TYPE_TRANSPORT_PING | ||
94 | */ | ||
95 | struct GNUNET_MessageHeader header; | ||
96 | |||
97 | /** | ||
98 | * Challenge code (to ensure fresh reply). | ||
99 | */ | ||
100 | uint32_t challenge GNUNET_PACKED; | ||
101 | |||
102 | /** | ||
103 | * Who is the intended recipient? | ||
104 | */ | ||
105 | struct GNUNET_PeerIdentity target; | ||
106 | |||
107 | }; | ||
108 | |||
109 | |||
110 | /** | ||
111 | * Message used to validate a HELLO. The challenge is included in the | ||
112 | * confirmation to make matching of replies to requests possible. The | ||
113 | * signature signs our public key, an expiration time and our address.<p> | ||
114 | * | ||
115 | * This message is followed by our transport address that the PING tried | ||
116 | * to confirm (if we liked it). The address can be empty (zero bytes) | ||
117 | * if the PING had not address either (and we received the request via | ||
118 | * a connection that we initiated). | ||
119 | */ | ||
120 | struct TransportPongMessage | ||
121 | { | ||
122 | |||
123 | /** | ||
124 | * Type will be GNUNET_MESSAGE_TYPE_TRANSPORT_PONG | ||
125 | */ | ||
126 | struct GNUNET_MessageHeader header; | ||
127 | |||
128 | /** | ||
129 | * Challenge code from PING (showing freshness). Not part of what | ||
130 | * is signed so that we can re-use signatures. | ||
131 | */ | ||
132 | uint32_t challenge GNUNET_PACKED; | ||
133 | |||
134 | /** | ||
135 | * Signature. | ||
136 | */ | ||
137 | struct GNUNET_CRYPTO_RsaSignature signature; | ||
138 | |||
139 | /** | ||
140 | * What are we signing and why? Two possible reason codes can be here: | ||
141 | * GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN to confirm that this is a | ||
142 | * plausible address for this peer (pid is set to identity of signer); or | ||
143 | * GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_USING to confirm that this is | ||
144 | * an address we used to connect to the peer with the given pid. | ||
145 | */ | ||
146 | struct GNUNET_CRYPTO_RsaSignaturePurpose purpose; | ||
147 | |||
148 | /** | ||
149 | * When does this signature expire? | ||
150 | */ | ||
151 | struct GNUNET_TIME_AbsoluteNBO expiration; | ||
152 | |||
153 | /** | ||
154 | * Either the identity of the peer Who signed this message, or the | ||
155 | * identity of the peer that we're connected to using the given | ||
156 | * address (depending on purpose.type). | ||
157 | */ | ||
158 | struct GNUNET_PeerIdentity pid; | ||
159 | |||
160 | /** | ||
161 | * Size of address appended to this message (part of what is | ||
162 | * being signed, hence not redundant). | ||
163 | */ | ||
164 | uint32_t addrlen; | ||
165 | |||
166 | }; | ||
167 | |||
71 | 168 | ||
72 | /** | 169 | /** |
73 | * Information about an address under validation | 170 | * Information about an address under validation |
@@ -102,12 +199,10 @@ struct ValidationEntry | |||
102 | struct GNUNET_TIME_Absolute send_time; | 199 | struct GNUNET_TIME_Absolute send_time; |
103 | 200 | ||
104 | /** | 201 | /** |
105 | * When did we last succeed with validating this address? | 202 | * Until when is this address valid? |
106 | * FOREVER if the address has not been validated (we're currently checking) | 203 | * ZERO if it is not currently considered valid. |
107 | * ZERO if the address was validated a long time ago (from PEERINFO) | ||
108 | * otherwise a time in the past if this process validated the address | ||
109 | */ | 204 | */ |
110 | struct GNUNET_TIME_Absolute last_validated_at; | 205 | struct GNUNET_TIME_Absolute valid_until; |
111 | 206 | ||
112 | /** | 207 | /** |
113 | * How long until we can try to validate this address again? | 208 | * How long until we can try to validate this address again? |
@@ -367,9 +462,10 @@ find_validation_entry (struct GNUNET_PeerIdentity *neighbour, | |||
367 | ve->transport_name = GNUNET_strdup (tname); | 462 | ve->transport_name = GNUNET_strdup (tname); |
368 | ve->addr = (void*) &ve[1]; | 463 | ve->addr = (void*) &ve[1]; |
369 | ve->pid = *neighbour; | 464 | ve->pid = *neighbour; |
465 | ve->challenge = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, | ||
466 | UINT32_MAX); | ||
370 | memcpy (&ve[1], addr, addrlen); | 467 | memcpy (&ve[1], addr, addrlen); |
371 | ve->addrlen = addrlen; | 468 | ve->addrlen = addrlen; |
372 | ve->last_validated_at = GNUNET_TIME_UNIT_FOREVER_ABS; | ||
373 | GNUNET_CONTAINER_multihashmap_put (validation_map, | 469 | GNUNET_CONTAINER_multihashmap_put (validation_map, |
374 | &neighbour->hashPubKey, | 470 | &neighbour->hashPubKey, |
375 | ve, | 471 | ve, |
@@ -439,12 +535,44 @@ validate_address (void *cls, | |||
439 | { | 535 | { |
440 | struct GNUNET_PeerIdentity *pid = cls; | 536 | struct GNUNET_PeerIdentity *pid = cls; |
441 | struct ValidationEntry *ve; | 537 | struct ValidationEntry *ve; |
442 | 538 | struct TransportPingMessage ping; | |
539 | struct GNUNET_TRANSPORT_PluginFunctions *papi; | ||
540 | ssize_t ret; | ||
541 | |||
443 | if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0) | 542 | if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0) |
444 | return GNUNET_OK; /* expired */ | 543 | return GNUNET_OK; /* expired */ |
445 | ve = find_validation_entry (pid, tname, addr, addrlen); | 544 | ve = find_validation_entry (pid, tname, addr, addrlen); |
446 | // FIXME: check if validated/blocked, if not start validation... | 545 | if (GNUNET_TIME_absolute_get_remaining (ve->validation_block).rel_value > 0) |
447 | ve++; // make compiler happy | 546 | return GNUNET_OK; /* blocked */ |
547 | if (GNUNET_TIME_absolute_get_remaining (ve->valid_until).rel_value > 0) | ||
548 | return GNUNET_OK; /* valid */ | ||
549 | ve->validation_block = GNUNET_TIME_relative_to_absolute (MAX_REVALIDATION_FREQUENCY); | ||
550 | |||
551 | ping.header.size = htons(sizeof(struct TransportPingMessage)); | ||
552 | ping.header.type = htons(GNUNET_MESSAGE_TYPE_TRANSPORT_PING); | ||
553 | ping.challenge = htonl(ve->challenge); | ||
554 | ping.target = *pid; | ||
555 | GNUNET_STATISTICS_update (GST_stats, | ||
556 | gettext_noop ("# PING without HELLO messages sent"), | ||
557 | 1, | ||
558 | GNUNET_NO); | ||
559 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
560 | "Transmitting plain PING to `%s'\n", | ||
561 | GNUNET_i2s (pid)); | ||
562 | papi = GST_plugins_find (ve->transport_name); | ||
563 | ret = papi->send (papi->cls, | ||
564 | pid, | ||
565 | (const char*) &ping, | ||
566 | sizeof (struct TransportPingMessage), | ||
567 | PING_PRIORITY, | ||
568 | HELLO_VERIFICATION_TIMEOUT, | ||
569 | NULL /* no session */, | ||
570 | ve->addr, | ||
571 | ve->addrlen, | ||
572 | GNUNET_YES, | ||
573 | NULL, NULL); | ||
574 | if (-1 != ret) | ||
575 | ve->send_time = GNUNET_TIME_absolute_get (); | ||
448 | return GNUNET_OK; | 576 | return GNUNET_OK; |
449 | } | 577 | } |
450 | 578 | ||
@@ -517,7 +645,7 @@ iterate_addresses (void *cls, | |||
517 | 645 | ||
518 | vic->cb (vic->cb_cls, | 646 | vic->cb (vic->cb_cls, |
519 | &ve->pid, | 647 | &ve->pid, |
520 | ve->last_validated_at, | 648 | ve->valid_until, |
521 | ve->validation_block, | 649 | ve->validation_block, |
522 | ve->transport_name, | 650 | ve->transport_name, |
523 | ve->addr, | 651 | ve->addr, |
diff --git a/src/transport/gnunet-service-transport_validation.h b/src/transport/gnunet-service-transport_validation.h index 17f4a1cd7..218b45457 100644 --- a/src/transport/gnunet-service-transport_validation.h +++ b/src/transport/gnunet-service-transport_validation.h | |||
@@ -103,9 +103,8 @@ struct GST_ValidationIteratorContext; | |||
103 | * | 103 | * |
104 | * @param cls closure | 104 | * @param cls closure |
105 | * @param target peer this change is about, never NULL | 105 | * @param target peer this change is about, never NULL |
106 | * @param last_validated_at is FOREVER if the address has not been validated (we're currently checking) | 106 | * @param valid_until is ZERO if we never validated the address, |
107 | * is ZERO if the address was validated a long time ago (from PEERINFO) | 107 | * otherwise a time up to when we consider it (or was) valid |
108 | * otherwise a time in the past if this process validated the address | ||
109 | * @param validation_block is FOREVER if the address is for an unsupported plugin (from PEERINFO) | 108 | * @param validation_block is FOREVER if the address is for an unsupported plugin (from PEERINFO) |
110 | * is ZERO if the address is considered valid (no validation needed) | 109 | * is ZERO if the address is considered valid (no validation needed) |
111 | * otherwise a time in the future if we're currently denying re-validation | 110 | * otherwise a time in the future if we're currently denying re-validation |
@@ -115,7 +114,7 @@ struct GST_ValidationIteratorContext; | |||
115 | */ | 114 | */ |
116 | typedef void (*GST_ValidationAddressCallback)(void *cls, | 115 | typedef void (*GST_ValidationAddressCallback)(void *cls, |
117 | const struct GNUNET_PeerIdentity *target, | 116 | const struct GNUNET_PeerIdentity *target, |
118 | struct GNUNET_TIME_Absolute last_validated_at, | 117 | struct GNUNET_TIME_Absolute valid_until, |
119 | struct GNUNET_TIME_Absolute validation_block, | 118 | struct GNUNET_TIME_Absolute validation_block, |
120 | const char *plugin_name, | 119 | const char *plugin_name, |
121 | const void *plugin_address, | 120 | const void *plugin_address, |