implement #4973

7 files changed, 237 insertions, 92 deletions

diff --git a/src/cadet/cadet_protocol.h b/src/cadet/cadet_protocol.h
index 560c186cd..de0cec5d0 100644
--- a/src/cadet/cadet_protocol.h
+++ b/src/cadet/cadet_protocol.h
@@ -350,9 +350,9 @@ struct GNUNET_CADET_ChannelOpenMessage
   uint32_t opt GNUNET_PACKED;
 
   /**
-   * Destination port.
+   * Hash of destination port and listener.
    */
-  struct GNUNET_HashCode port;
+  struct GNUNET_HashCode h_port;
 
   /**
    * ID of the channel within the tunnel.
@@ -362,15 +362,42 @@ struct GNUNET_CADET_ChannelOpenMessage
 
 
 /**
- * Message to manage a Channel
- * (#GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN_ACK,
- * #GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY).
+ * Message to acknowledge opening a channel of type
+ * #GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN_ACK.
+ */
+struct GNUNET_CADET_ChannelOpenAckMessage
+{
+  /**
+   * Type: #GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN_ACK
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * For alignment.
+   */
+  uint32_t reserved GNUNET_PACKED;
+
+  /**
+   * ID of the channel
+   */
+  struct GNUNET_CADET_ChannelTunnelNumber ctn;
+
+  /**
+   * Port number of the channel, used to prove to the
+   * initiator that the receiver knows the port.
+   */
+  struct GNUNET_HashCode port;
+};
+
+
+/**
+ * Message to destroy a channel of type
+ * #GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY.
  */
-struct GNUNET_CADET_ChannelManageMessage
+struct GNUNET_CADET_ChannelDestroyMessage
 {
   /**
-   * Type: #GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN_ACK or
-   * #GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY
+   * Type: #GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY
    */
   struct GNUNET_MessageHeader header;
 
diff --git a/src/cadet/gnunet-service-cadet.c b/src/cadet/gnunet-service-cadet.c
index a7e1fca47..af4cebfaa 100644
--- a/src/cadet/gnunet-service-cadet.c
+++ b/src/cadet/gnunet-service-cadet.c
@@ -75,7 +75,7 @@ struct CadetClient
    * Handle to communicate with the client
    */
   struct GNUNET_MQ_Handle *mq;
-
+  
   /**
    * Client handle.
    */
@@ -83,7 +83,7 @@ struct CadetClient
 
   /**
    * Ports that this client has declared interest in.
-   * Indexed by port, contains *Client.
+   * Indexed by port, contains `struct OpenPort`
    */
   struct GNUNET_CONTAINER_MultiHashMap *ports;
 
@@ -99,6 +99,7 @@ struct CadetClient
   unsigned int id;
 };
 
+
 /******************************************************************************/
 /***********************      GLOBAL VARIABLES     ****************************/
 /******************************************************************************/
@@ -151,14 +152,15 @@ static struct CadetClient *clients_tail;
 static unsigned int next_client_id;
 
 /**
- * All ports clients of this peer have opened.
+ * All ports clients of this peer have opened.  Maps from
+ * a hashed port to a `struct OpenPort`.
  */
 struct GNUNET_CONTAINER_MultiHashMap *open_ports;
 
 /**
  * Map from ports to channels where the ports were closed at the
  * time we got the inbound connection.
- * Indexed by port, contains `struct CadetChannel`.
+ * Indexed by h_port, contains `struct CadetChannel`.
  */
 struct GNUNET_CONTAINER_MultiHashMap *loose_channels;
 
@@ -436,11 +438,11 @@ shutdown_task (void *cls)
 
 
 /**
- * We had a remote connection @a value to port @a port before
+ * We had a remote connection @a value to port @a h_port before
  * client @a cls opened port @a port.  Bind them now.
  *
  * @param cls the `struct CadetClient`
- * @param port the port
+ * @param h_port the hashed port
  * @param value the `struct CadetChannel`
  * @return #GNUNET_YES (iterate over all such channels)
  */
@@ -449,15 +451,16 @@ bind_loose_channel (void *cls,
                     const struct GNUNET_HashCode *port,
                     void *value)
 {
-  struct CadetClient *c = cls;
+  struct OpenPort *op = cls;
   struct CadetChannel *ch = value;
 
   GCCH_bind (ch,
-             c);
+             op->c,
+             &op->port);
   GNUNET_assert (GNUNET_YES ==
                  GNUNET_CONTAINER_multihashmap_remove (loose_channels,
-                                                       port,
-                                                       value));
+                                                       &op->h_port,
+                                                       ch));
   return GNUNET_YES;
 }
 
@@ -476,6 +479,7 @@ handle_port_open (void *cls,
                   const struct GNUNET_CADET_PortMessage *pmsg)
 {
   struct CadetClient *c = cls;
+  struct OpenPort *op;
 
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        "Open port %s requested by %s\n",
@@ -483,11 +487,17 @@ handle_port_open (void *cls,
        GSC_2s (c));
   if (NULL == c->ports)
     c->ports = GNUNET_CONTAINER_multihashmap_create (4,
-                                                      GNUNET_NO);
+                                                     GNUNET_NO);
+  op = GNUNET_new (struct OpenPort);
+  op->c = c;
+  op->port = pmsg->port;
+  GCCH_hash_port (&op->h_port,
+                  &pmsg->port,
+                  &my_full_id);
   if (GNUNET_OK !=
       GNUNET_CONTAINER_multihashmap_put (c->ports,
-                                         &pmsg->port,
-                                         c,
+                                         &op->port,
+                                         op,
                                          GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
   {
     GNUNET_break (0);
@@ -495,13 +505,13 @@ handle_port_open (void *cls,
     return;
   }
   (void) GNUNET_CONTAINER_multihashmap_put (open_ports,
-                                            &pmsg->port,
-                                            c,
+                                            &op->h_port,
+                                            op,
                                             GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
   GNUNET_CONTAINER_multihashmap_get_multiple (loose_channels,
-                                              &pmsg->port,
+                                              &op->h_port,
                                               &bind_loose_channel,
-                                              c);
+                                              op);
   GNUNET_SERVICE_client_continue (c->client);
 }
 
@@ -520,24 +530,29 @@ handle_port_close (void *cls,
                    const struct GNUNET_CADET_PortMessage *pmsg)
 {
   struct CadetClient *c = cls;
+  struct OpenPort *op;
 
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        "Closing port %s as requested by %s\n",
        GNUNET_h2s (&pmsg->port),
        GSC_2s (c));
-  if (GNUNET_YES !=
-      GNUNET_CONTAINER_multihashmap_remove (c->ports,
-                                            &pmsg->port,
-                                            c))
+  op = GNUNET_CONTAINER_multihashmap_get (c->ports,
+                                          &pmsg->port);
+  if (NULL == op)
   {
     GNUNET_break (0);
     GNUNET_SERVICE_client_drop (c->client);
     return;
   }
   GNUNET_assert (GNUNET_YES ==
+                 GNUNET_CONTAINER_multihashmap_remove (c->ports,
+                                                       &op->port,
+                                                       op));
+  GNUNET_assert (GNUNET_YES ==
                  GNUNET_CONTAINER_multihashmap_remove (open_ports,
-                                                       &pmsg->port,
-                                                       c));
+                                                       &op->h_port,
+                                                       op));
+  GNUNET_free (op);
   GNUNET_SERVICE_client_continue (c->client);
 }
 
@@ -1214,16 +1229,16 @@ GSC_handle_remote_channel_destroy (struct CadetClient *c,
  * A client that created a loose channel that was not bound to a port
  * disconnected, drop it from the #loose_channels list.
  *
- * @param port the port the channel was trying to bind to
+ * @param h_port the hashed port the channel was trying to bind to
  * @param ch the channel that was lost
  */
 void
-GSC_drop_loose_channel (const struct GNUNET_HashCode *port,
+GSC_drop_loose_channel (const struct GNUNET_HashCode *h_port,
                         struct CadetChannel *ch)
 {
   GNUNET_assert (GNUNET_YES ==
                  GNUNET_CONTAINER_multihashmap_remove (loose_channels,
-                                                       port,
+                                                       h_port,
                                                        ch));
 }
 
@@ -1264,30 +1279,33 @@ channel_destroy_iterator (void *cls,
 /**
  * Remove client's ports from the global hashmap on disconnect.
  *
- * @param cls Closure (unused).
- * @param key the port.
- * @param value the `struct CadetClient` to remove
+ * @param cls the `struct CadetClient`
+ * @param port the port.
+ * @param value the `struct OpenPort` to remove
  * @return #GNUNET_OK, keep iterating.
  */
 static int
 client_release_ports (void *cls,
-                      const struct GNUNET_HashCode *key,
+                      const struct GNUNET_HashCode *port,
                       void *value)
 {
-  struct CadetClient *c = value;
+  struct CadetClient *c = cls;
+  struct OpenPort *op = value;
 
+  GNUNET_assert (c == op->c);
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        "Closing port %s due to %s disconnect.\n",
-       GNUNET_h2s (key),
+       GNUNET_h2s (port),
        GSC_2s (c));
   GNUNET_assert (GNUNET_YES ==
                  GNUNET_CONTAINER_multihashmap_remove (open_ports,
-                                                       key,
-                                                       value));
+                                                       &op->h_port,
+                                                       op));
   GNUNET_assert (GNUNET_YES ==
                  GNUNET_CONTAINER_multihashmap_remove (c->ports,
-                                                       key,
-                                                       value));
+                                                       port,
+                                                       op));
+  GNUNET_free (op);
   return GNUNET_OK;
 }
 
diff --git a/src/cadet/gnunet-service-cadet.h b/src/cadet/gnunet-service-cadet.h
index 2f2d7baf3..162867823 100644
--- a/src/cadet/gnunet-service-cadet.h
+++ b/src/cadet/gnunet-service-cadet.h
@@ -29,7 +29,6 @@
 #define GNUNET_SERVICE_CADET_H
 
 #include "gnunet_util_lib.h"
-#define NEW_CADET 1
 #include "cadet_protocol.h"
 
 /**
@@ -146,6 +145,30 @@ struct CadetTConnection
 
 
 /**
+ * Port opened by a client.
+ */
+struct OpenPort
+{
+
+  /**
+   * Client that opened the port.
+   */
+  struct CadetClient *c;
+
+  /**
+   * Port number.
+   */
+  struct GNUNET_HashCode port;
+
+  /**
+   * Port hashed with our PID (matches incoming OPEN messages).
+   */
+  struct GNUNET_HashCode h_port;
+  
+};
+
+
+/**
  * Active path through the network (used by a tunnel).  There may
  * be at most one connection per path.
  */
@@ -193,7 +216,8 @@ extern struct GNUNET_PeerIdentity my_full_id;
 extern struct GNUNET_CRYPTO_EddsaPrivateKey *my_private_key;
 
 /**
- * All ports clients of this peer have opened.
+ * All ports clients of this peer have opened.  Maps from
+ * a hashed port to a `struct OpenPort`.
  */
 extern struct GNUNET_CONTAINER_MultiHashMap *open_ports;
 
@@ -206,7 +230,7 @@ extern struct GNUNET_CONTAINER_MultiShortmap *connections;
 /**
  * Map from ports to channels where the ports were closed at the
  * time we got the inbound connection.
- * Indexed by port, contains `struct CadetChannel`.
+ * Indexed by h_port, contains `struct CadetChannel`.
  */
 extern struct GNUNET_CONTAINER_MultiHashMap *loose_channels;
 
@@ -268,11 +292,11 @@ GSC_handle_remote_channel_destroy (struct CadetClient *c,
  * A client that created a loose channel that was not bound to a port
  * disconnected, drop it from the #loose_channels list.
  *
- * @param port the port the channel was trying to bind to
+ * @param h_port the hashed port the channel was trying to bind to
  * @param ch the channel that was lost
  */
 void
-GSC_drop_loose_channel (const struct GNUNET_HashCode *port,
+GSC_drop_loose_channel (const struct GNUNET_HashCode *h_port,
                         struct CadetChannel *ch);
 
 
diff --git a/src/cadet/gnunet-service-cadet_channel.c b/src/cadet/gnunet-service-cadet_channel.c
index 68e29b66b..739b68228 100644
--- a/src/cadet/gnunet-service-cadet_channel.c
+++ b/src/cadet/gnunet-service-cadet_channel.c
@@ -303,6 +303,11 @@ struct CadetChannel
   struct GNUNET_HashCode port;
 
   /**
+   * Hash'ed port of the channel with initiator and destination PID.
+   */
+  struct GNUNET_HashCode h_port;
+
+  /**
    * Counter for exponential backoff.
    */
   struct GNUNET_TIME_Relative retry_time;
@@ -406,6 +411,37 @@ GCCH_2s (const struct CadetChannel *ch)
 
 
 /**
+ * Hash the @a port and @a initiator and @a listener to 
+ * calculate the "challenge" @a h_port we send to the other
+ * peer on #GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN.
+ *
+ * @param[out] h_port set to the hash of @a port, @a initiator and @a listener
+ * @param port cadet port, as seen by CADET clients
+ * @param listener peer that is listining on @a port
+ */
+void
+GCCH_hash_port (struct GNUNET_HashCode *h_port,
+                const struct GNUNET_HashCode *port,
+                const struct GNUNET_PeerIdentity *listener)
+{
+  struct GNUNET_HashContext *hc;
+
+  hc = GNUNET_CRYPTO_hash_context_start ();
+  GNUNET_CRYPTO_hash_context_read (hc,
+                                   port,
+                                   sizeof (*port));
+  GNUNET_CRYPTO_hash_context_read (hc,
+                                   listener,
+                                   sizeof (*listener));
+  GNUNET_CRYPTO_hash_context_finish (hc,
+                                     h_port);
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "Calculated port hash %s\n",
+       GNUNET_h2s (h_port));
+}
+
+
+/**
  * Get the channel's public ID.
  *
  * @param ch Channel.
@@ -566,7 +602,7 @@ send_channel_open (void *cls)
   msgcc.header.size = htons (sizeof (msgcc));
   msgcc.header.type = htons (GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN);
   msgcc.opt = htonl (options);
-  msgcc.port = ch->port;
+  msgcc.h_port = ch->h_port;
   msgcc.ctn = ch->ctn;
   ch->state = CADET_CHANNEL_OPEN_SENT;
   if (NULL != ch->last_control_qe)
@@ -635,21 +671,24 @@ GCCH_channel_local_new (struct CadetClient *owner,
   ch->max_pending_messages = (ch->nobuffer) ? 1 : 4; /* FIXME: 4!? Do not hardcode! */
   ch->owner = ccco;
   ch->port = *port;
+  GCCH_hash_port (&ch->h_port,
+                  port,
+                  GCP_get_id (destination));
   if (0 == memcmp (&my_full_id,
                    GCP_get_id (destination),
                    sizeof (struct GNUNET_PeerIdentity)))
   {
-    struct CadetClient *c;
+    struct OpenPort *op;
 
     ch->is_loopback = GNUNET_YES;
-    c = GNUNET_CONTAINER_multihashmap_get (open_ports,
-                                           port);
-    if (NULL == c)
+    op = GNUNET_CONTAINER_multihashmap_get (open_ports,
+                                            &ch->h_port);
+    if (NULL == op)
     {
       /* port closed, wait for it to possibly open */
       ch->state = CADET_CHANNEL_LOOSE;
       (void) GNUNET_CONTAINER_multihashmap_put (loose_channels,
-                                                port,
+                                                &ch->h_port,
                                                 ch,
                                                 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
       LOG (GNUNET_ERROR_TYPE_DEBUG,
@@ -659,7 +698,8 @@ GCCH_channel_local_new (struct CadetClient *owner,
     else
     {
       GCCH_bind (ch,
-                 c);
+                 op->c,
+                 &op->port);
     }
   }
   else
@@ -709,21 +749,21 @@ timeout_closed_cb (void *cls)
  *
  * @param t tunnel to the remote peer
  * @param ctn identifier of this channel in the tunnel
- * @param port desired local port
+ * @param h_port desired hash of local port
  * @param options options for the channel
  * @return handle to the new channel
  */
 struct CadetChannel *
 GCCH_channel_incoming_new (struct CadetTunnel *t,
                            struct GNUNET_CADET_ChannelTunnelNumber ctn,
-                           const struct GNUNET_HashCode *port,
+                           const struct GNUNET_HashCode *h_port,
                            uint32_t options)
 {
   struct CadetChannel *ch;
-  struct CadetClient *c;
+  struct OpenPort *op;
 
   ch = GNUNET_new (struct CadetChannel);
-  ch->port = *port;
+  ch->h_port = *h_port;
   ch->t = t;
   ch->ctn = ctn;
   ch->retry_time = CADET_INITIAL_RETRANSMIT_TIME;
@@ -736,14 +776,14 @@ GCCH_channel_incoming_new (struct CadetTunnel *t,
                             1,
                             GNUNET_NO);
 
-  c = GNUNET_CONTAINER_multihashmap_get (open_ports,
-                                         port);
-  if (NULL == c)
+  op = GNUNET_CONTAINER_multihashmap_get (open_ports,
+                                          h_port);
+  if (NULL == op)
   {
     /* port closed, wait for it to possibly open */
     ch->state = CADET_CHANNEL_LOOSE;
     (void) GNUNET_CONTAINER_multihashmap_put (loose_channels,
-                                              port,
+                                              &ch->h_port,
                                               ch,
                                               GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
     GNUNET_assert (NULL == ch->retry_control_task);
@@ -759,7 +799,8 @@ GCCH_channel_incoming_new (struct CadetTunnel *t,
   else
   {
     GCCH_bind (ch,
-               c);
+               op->c,
+               &op->port);
   }
   GNUNET_STATISTICS_update (stats,
                             "# channels",
@@ -830,7 +871,7 @@ static void
 send_open_ack (void *cls)
 {
   struct CadetChannel *ch = cls;
-  struct GNUNET_CADET_ChannelManageMessage msg;
+  struct GNUNET_CADET_ChannelOpenAckMessage msg;
 
   ch->retry_control_task = NULL;
   LOG (GNUNET_ERROR_TYPE_DEBUG,
@@ -840,6 +881,7 @@ send_open_ack (void *cls)
   msg.header.size = htons (sizeof (msg));
   msg.reserved = htonl (0);
   msg.ctn = ch->ctn;
+  msg.port = ch->port;
   if (NULL != ch->last_control_qe)
     GCT_send_cancel (ch->last_control_qe);
   ch->last_control_qe = GCT_send (ch->t,
@@ -928,11 +970,13 @@ send_ack_to_client (struct CadetChannel *ch,
  * request and establish the link with the client.
  *
  * @param ch open incoming channel
- * @param c client listening on the respective port
+ * @param c client listening on the respective @a port
+ * @param port the port @a is listening on
  */
 void
 GCCH_bind (struct CadetChannel *ch,
-           struct CadetClient *c)
+           struct CadetClient *c,
+           const struct GNUNET_HashCode *port)
 {
   uint32_t options;
   struct CadetChannelClient *cccd;
@@ -959,6 +1003,7 @@ GCCH_bind (struct CadetChannel *ch,
   cccd = GNUNET_new (struct CadetChannelClient);
   GNUNET_assert (NULL == ch->dest);
   ch->dest = cccd;
+  ch->port = *port;
   cccd->c = c;
   cccd->client_ready = GNUNET_YES;
   cccd->ccn = GSC_bind (c,
@@ -967,7 +1012,7 @@ GCCH_bind (struct CadetChannel *ch,
                         ? GCP_get (&my_full_id,
                                    GNUNET_YES)
                         : GCT_get_destination (ch->t),
-                        &ch->port,
+                        port,
                         options);
   GNUNET_assert (ntohl (cccd->ccn.channel_of_client) <
                  GNUNET_CADET_LOCAL_CHANNEL_ID_CLI);
@@ -976,7 +1021,8 @@ GCCH_bind (struct CadetChannel *ch,
   {
     ch->state = CADET_CHANNEL_OPEN_SENT;
     GCCH_handle_channel_open_ack (ch,
-                                  NULL);
+                                  NULL,
+                                  port);
   }
   else
   {
@@ -1092,7 +1138,7 @@ GCCH_channel_local_destroy (struct CadetChannel *ch,
          target, but that never went anywhere. Nothing to do here. */
       break;
     case CADET_CHANNEL_LOOSE:
-      GSC_drop_loose_channel (&ch->port,
+      GSC_drop_loose_channel (&ch->h_port,
                               ch);
       break;
     default:
@@ -1107,14 +1153,17 @@ GCCH_channel_local_destroy (struct CadetChannel *ch,
 
 /**
  * We got an acknowledgement for the creation of the channel
- * (the port is open on the other side). Begin transmissions.
+ * (the port is open on the other side).  Verify that the
+ * other end really has the right port, and begin transmissions.
  *
  * @param ch channel to destroy
  * @param cti identifier of the connection that delivered the message
+ * @param port port number (needed to verify receiver knows the port)
  */
 void
 GCCH_handle_channel_open_ack (struct CadetChannel *ch,
-                              const struct GNUNET_CADET_ConnectionTunnelIdentifier *cti)
+                              const struct GNUNET_CADET_ConnectionTunnelIdentifier *cti,
+                              const struct GNUNET_HashCode *port)
 {
   switch (ch->state)
   {
@@ -1133,6 +1182,15 @@ GCCH_handle_channel_open_ack (struct CadetChannel *ch,
       GNUNET_break_op (0);
       return;
     }
+    if (0 != memcmp (&ch->port,
+                     port,
+                     sizeof (struct GNUNET_HashCode)))
+    {
+      /* Other peer failed to provide the right port, 
+         refuse connection. */
+      GNUNET_break_op (0);
+      return;
+    }
     LOG (GNUNET_ERROR_TYPE_DEBUG,
          "Received CHANNEL_OPEN_ACK for waiting %s, entering READY state\n",
          GCCH_2s (ch));
diff --git a/src/cadet/gnunet-service-cadet_channel.h b/src/cadet/gnunet-service-cadet_channel.h
index a3ef9a06d..16517c457 100644
--- a/src/cadet/gnunet-service-cadet_channel.h
+++ b/src/cadet/gnunet-service-cadet_channel.h
@@ -1,4 +1,3 @@
-
 /*
      This file is part of GNUnet.
      Copyright (C) 2001-2017 GNUnet e.V.
@@ -45,6 +44,21 @@ struct CadetChannel;
 
 
 /**
+ * Hash the @a port and @a initiator and @a listener to 
+ * calculate the "challenge" @a h_port we send to the other
+ * peer on #GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN.
+ *
+ * @param[out] h_port set to the hash of @a port, @a initiator and @a listener
+ * @param port cadet port, as seen by CADET clients
+ * @param listener peer that is listining on @a port
+ */
+void
+GCCH_hash_port (struct GNUNET_HashCode *h_port,
+                const struct GNUNET_HashCode *port,
+                const struct GNUNET_PeerIdentity *listener);
+
+
+/**
  * Get the static string for identification of the channel.
  *
  * @param ch Channel.
@@ -101,11 +115,13 @@ GCCH_channel_local_new (struct CadetClient *owner,
  * request and establish the link with the client.
  *
  * @param ch open incoming channel
- * @param c client listening on the respective port
+ * @param c client listening on the respective @a port
+ * @param port port number @a c is listening on
  */
 void
 GCCH_bind (struct CadetChannel *ch,
-           struct CadetClient *c);
+           struct CadetClient *c,
+           const struct GNUNET_HashCode *port);
 
 
 /**
@@ -142,14 +158,14 @@ GCCH_tunnel_up (struct CadetChannel *ch);
  * @param t tunnel to the remote peer
  * @param chid identifier of this channel in the tunnel
  * @param origin peer to who initiated the channel
- * @param port desired local port
+ * @param h_port hash of desired local port
  * @param options options for the channel
  * @return handle to the new channel
  */
 struct CadetChannel *
 GCCH_channel_incoming_new (struct CadetTunnel *t,
                            struct GNUNET_CADET_ChannelTunnelNumber chid,
-                           const struct GNUNET_HashCode *port,
+                           const struct GNUNET_HashCode *h_port,
                            uint32_t options);
 
 
@@ -201,10 +217,12 @@ GCCH_handle_channel_plaintext_data_ack (struct CadetChannel *ch,
  * @param ch channel to destroy
  * @param cti identifier of the connection that delivered the message,
  *        NULL if the ACK was inferred because we got payload or are on loopback
+ * @param port port number (needed to verify receiver knows the port)
  */
 void
 GCCH_handle_channel_open_ack (struct CadetChannel *ch,
-                              const struct GNUNET_CADET_ConnectionTunnelIdentifier *cti);
+                              const struct GNUNET_CADET_ConnectionTunnelIdentifier *cti,
+                              const struct GNUNET_HashCode *port);
 
 
 /**
diff --git a/src/cadet/gnunet-service-cadet_peer.h b/src/cadet/gnunet-service-cadet_peer.h
index a2a6c6a92..baa87ea87 100644
--- a/src/cadet/gnunet-service-cadet_peer.h
+++ b/src/cadet/gnunet-service-cadet_peer.h
@@ -1,4 +1,3 @@
-
 /*
      This file is part of GNUnet.
      Copyright (C) 2001-2017 GNUnet e.V.
@@ -20,7 +19,7 @@
 */
 
 /**
- * @file cadet/gnunet-service-cadet-new_peer.h
+ * @file cadet/gnunet-service-cadet_peer.h
  * @brief Information we track per peer.
  * @author Bartlomiej Polot
  * @author Christian Grothoff
diff --git a/src/cadet/gnunet-service-cadet_tunnels.c b/src/cadet/gnunet-service-cadet_tunnels.c
index bcdeeb4da..28004debc 100644
--- a/src/cadet/gnunet-service-cadet_tunnels.c
+++ b/src/cadet/gnunet-service-cadet_tunnels.c
@@ -2723,8 +2723,8 @@ handle_plaintext_channel_open (void *cls,
   if (NULL != ch)
   {
     LOG (GNUNET_ERROR_TYPE_DEBUG,
-         "Received duplicate channel CHANNEL_OPEN on port %s from %s (%s), resending ACK\n",
-         GNUNET_h2s (&copen->port),
+         "Received duplicate channel CHANNEL_OPEN on h_port %s from %s (%s), resending ACK\n",
+         GNUNET_h2s (&copen->h_port),
          GCT_2s (t),
          GCCH_2s (ch));
     GCCH_handle_duplicate_open (ch,
@@ -2732,12 +2732,12 @@ handle_plaintext_channel_open (void *cls,
     return;
   }
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "Received CHANNEL_OPEN on port %s from %s\n",
-       GNUNET_h2s (&copen->port),
+       "Received CHANNEL_OPEN on h_port %s from %s\n",
+       GNUNET_h2s (&copen->h_port),
        GCT_2s (t));
   ch = GCCH_channel_incoming_new (t,
                                   copen->ctn,
-                                  &copen->port,
+                                  &copen->h_port,
                                   ntohl (copen->opt));
   if (NULL != t->destroy_task)
   {
@@ -2762,7 +2762,7 @@ void
 GCT_send_channel_destroy (struct CadetTunnel *t,
                           struct GNUNET_CADET_ChannelTunnelNumber ctn)
 {
-  struct GNUNET_CADET_ChannelManageMessage msg;
+  struct GNUNET_CADET_ChannelDestroyMessage msg;
 
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        "Sending DESTORY message for channel ID %u\n",
@@ -2788,7 +2788,7 @@ GCT_send_channel_destroy (struct CadetTunnel *t,
  */
 static void
 handle_plaintext_channel_open_ack (void *cls,
-                                   const struct GNUNET_CADET_ChannelManageMessage *cm)
+                                   const struct GNUNET_CADET_ChannelOpenAckMessage *cm)
 {
   struct CadetTunnel *t = cls;
   struct CadetChannel *ch;
@@ -2811,7 +2811,8 @@ handle_plaintext_channel_open_ack (void *cls,
        GCCH_2s (ch),
        GCT_2s (t));
   GCCH_handle_channel_open_ack (ch,
-                                GCC_get_id (t->current_ct->cc));
+                                GCC_get_id (t->current_ct->cc),
+                                &cm->port);
 }
 
 
@@ -2824,7 +2825,7 @@ handle_plaintext_channel_open_ack (void *cls,
  */
 static void
 handle_plaintext_channel_destroy (void *cls,
-                                  const struct GNUNET_CADET_ChannelManageMessage *cm)
+                                  const struct GNUNET_CADET_ChannelDestroyMessage *cm)
 {
   struct CadetTunnel *t = cls;
   struct CadetChannel *ch;
@@ -2915,11 +2916,11 @@ GCT_create_tunnel (struct CadetPeer *destination)
                              t),
     GNUNET_MQ_hd_fixed_size (plaintext_channel_open_ack,
                              GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN_ACK,
-                             struct GNUNET_CADET_ChannelManageMessage,
+                             struct GNUNET_CADET_ChannelOpenAckMessage,
                              t),
     GNUNET_MQ_hd_fixed_size (plaintext_channel_destroy,
                              GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY,
-                             struct GNUNET_CADET_ChannelManageMessage,
+                             struct GNUNET_CADET_ChannelDestroyMessage,
                              t),
     GNUNET_MQ_handler_end ()
   };