diff options
-rw-r--r-- | TODO | 43 | ||||
-rw-r--r-- | src/include/gnunet_protocols.h | 32 | ||||
-rw-r--r-- | src/include/gnunet_signatures.h | 4 |
3 files changed, 39 insertions, 40 deletions
@@ -4,30 +4,9 @@ core: | |||
4 | - test fails with fresh /tmp directory (but passes when run a second time) | 4 | - test fails with fresh /tmp directory (but passes when run a second time) |
5 | problem seems to be caused by HELLO validation (unvalidated | 5 | problem seems to be caused by HELLO validation (unvalidated |
6 | HELLO not used to connect for good, then somehow SETKEY never happens); | 6 | HELLO not used to connect for good, then somehow SETKEY never happens); |
7 | * double-check crypto involved in HELLO validation (PONG signature check; | 7 | I suspect the code simply drops messages that happen while no validated |
8 | what about MiM? Might be trivial right now; adding source IP-address | 8 | HELLO is available; this maybe OK, but I need to find the spot and |
9 | to PONG signature might help? How would we validate that (given that | 9 | add at least an INFO-log message; also should then fix testcase to retry. |
10 | we may be learning our source IP address(es) the same way...)) | ||
11 | + if we add address to transport-level PONG, we may be able to simplify | ||
12 | WELCOME messages (no need to add addresses there anymore, right?); | ||
13 | + we probably want some kind of voting/counting for learning IP addresses | ||
14 | (maybe including IP addresses in ads proportional to how often others | ||
15 | report them? we at least need some protection against >64k HELLOs!), | ||
16 | + provide a way to give the user a list of "learned" IP addresses and | ||
17 | a way to easily "veto" addresses off the list! | ||
18 | => If MiM attacker uses vetoed address, blacklist the specific IP for | ||
19 | the presumed neighbour! | ||
20 | * Use special, non-WELCOMEing TCP-connection for HELLO/address validation; | ||
21 | that way, we can avoid confusion between a dozen parallel validating connections | ||
22 | and the real one, avoid queueing messages on validating connections and | ||
23 | shut those down immediately after sending/receiving the PONG | ||
24 | (and maybe avoid some signalling about connections to the other layers) | ||
25 | * core notifies clients about "encrypted" connections being up well before | ||
26 | we get the encrypted PONG; sometimes this may be OK (for topology killing | ||
27 | unwanted connnections), but of course not in general. I suspect we want | ||
28 | to signal on PONG and have topology hook directly into transport to | ||
29 | kill plaintext connections before they have a chance to become encrypted | ||
30 | (may require minor hack in transport API) | ||
31 | 10 | ||
32 | Util: | 11 | Util: |
33 | * improve disk API [Nils] (Nils, is this done? -Christian) | 12 | * improve disk API [Nils] (Nils, is this done? -Christian) |
@@ -153,6 +132,15 @@ Minor TODO items: | |||
153 | should possibly try to confirm that the given address works for | 132 | should possibly try to confirm that the given address works for |
154 | us ourselves (loopback-style) before adding it to the list | 133 | us ourselves (loopback-style) before adding it to the list |
155 | [SECURITY issue] | 134 | [SECURITY issue] |
135 | + we may be able to simplify WELCOME messages (no need to add | ||
136 | addresses there anymore, but may help to learn them there anyway...). | ||
137 | + we probably want some kind of voting/counting for learning IP addresses | ||
138 | (maybe including IP addresses in ads proportional to how often others | ||
139 | report them? we at least need some protection against >64k HELLOs!), | ||
140 | + provide a way to give the user a list of "learned" IP addresses and | ||
141 | a way to easily "veto" addresses off the list! | ||
142 | => If MiM attacker uses vetoed address, blacklist the specific IP for | ||
143 | the presumed neighbour! | ||
156 | - not sure current way of doing ACKs works well-enough | 144 | - not sure current way of doing ACKs works well-enough |
157 | with unreliable transports where the ACK maybe lost; | 145 | with unreliable transports where the ACK maybe lost; |
158 | the "is_new" check would then possibly prevent future | 146 | the "is_new" check would then possibly prevent future |
@@ -179,6 +167,13 @@ Minor TODO items: | |||
179 | - have way to specify dependencies between services (to manage ARM restarts better) | 167 | - have way to specify dependencies between services (to manage ARM restarts better) |
180 | - client-API is inefficient since it opens a TCP connection per service that is started | 168 | - client-API is inefficient since it opens a TCP connection per service that is started |
181 | (instead of re-using connections). | 169 | (instead of re-using connections). |
170 | * CORE: | ||
171 | - code currently notifies clients about "encrypted" connections being up well before | ||
172 | we get the encrypted PONG; sometimes this may be OK (for topology killing | ||
173 | unwanted connnections), but of course not in general. I suspect we want | ||
174 | to signal on PONG and have topology hook directly into transport to | ||
175 | kill plaintext connections before they have a chance to become encrypted | ||
176 | (may require minor hack in transport API) | ||
182 | * PEERINFO: | 177 | * PEERINFO: |
183 | - have gnunet-peerinfo print actual host addresses again | 178 | - have gnunet-peerinfo print actual host addresses again |
184 | - add option to gnunet-peerinfo to modify trust value | 179 | - add option to gnunet-peerinfo to modify trust value |
diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index f78464593..419bbe28d 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h | |||
@@ -170,20 +170,10 @@ extern "C" | |||
170 | #define GNUNET_MESSAGE_TYPE_TRANSPORT_TRY_CONNECT 27 | 170 | #define GNUNET_MESSAGE_TYPE_TRANSPORT_TRY_CONNECT 27 |
171 | 171 | ||
172 | /** | 172 | /** |
173 | * Request to other peer to confirm receipt. | ||
174 | */ | ||
175 | #define GNUNET_MESSAGE_TYPE_TRANSPORT_PING 28 | ||
176 | |||
177 | /** | ||
178 | * Message from other peer confirming receipt. | ||
179 | */ | ||
180 | #define GNUNET_MESSAGE_TYPE_TRANSPORT_PONG 29 | ||
181 | |||
182 | /** | ||
183 | * Response to another peer confirming that communication was | 173 | * Response to another peer confirming that communication was |
184 | * established. | 174 | * established. |
185 | */ | 175 | */ |
186 | #define GNUNET_MESSAGE_TYPE_TRANSPORT_ACK 30 | 176 | #define GNUNET_MESSAGE_TYPE_TRANSPORT_ACK 28 |
187 | 177 | ||
188 | 178 | ||
189 | /** | 179 | /** |
@@ -213,14 +203,28 @@ extern "C" | |||
213 | 203 | ||
214 | 204 | ||
215 | /** | 205 | /** |
216 | * Welcome message between TCP transports. | 206 | * Message by which a TCP transport notifies |
207 | * the other that it wants to check an address | ||
208 | * (and not initiate a persistent connection). | ||
209 | */ | ||
210 | #define GNUNET_MESSAGE_TYPE_TRANSPORT_TCP_PING 40 | ||
211 | |||
212 | /** | ||
213 | * Message by which a TCP transport confirms | ||
214 | * the other that the address used worked. | ||
215 | */ | ||
216 | #define GNUNET_MESSAGE_TYPE_TRANSPORT_TCP_PONG 41 | ||
217 | |||
218 | /** | ||
219 | * Welcome message between TCP transports | ||
220 | * (for a persistent connection). | ||
217 | */ | 221 | */ |
218 | #define GNUNET_MESSAGE_TYPE_TRANSPORT_TCP_WELCOME 40 | 222 | #define GNUNET_MESSAGE_TYPE_TRANSPORT_TCP_WELCOME 42 |
219 | 223 | ||
220 | /** | 224 | /** |
221 | * Data message between TCP transports. | 225 | * Data message between TCP transports. |
222 | */ | 226 | */ |
223 | #define GNUNET_MESSAGE_TYPE_TRANSPORT_TCP_DATA 41 | 227 | #define GNUNET_MESSAGE_TYPE_TRANSPORT_TCP_DATA 43 |
224 | 228 | ||
225 | 229 | ||
226 | /** | 230 | /** |
diff --git a/src/include/gnunet_signatures.h b/src/include/gnunet_signatures.h index adb00c1ac..90b04edb1 100644 --- a/src/include/gnunet_signatures.h +++ b/src/include/gnunet_signatures.h | |||
@@ -43,9 +43,9 @@ extern "C" | |||
43 | #define GNUNET_SIGNATURE_PURPOSE_TEST 0 | 43 | #define GNUNET_SIGNATURE_PURPOSE_TEST 0 |
44 | 44 | ||
45 | /** | 45 | /** |
46 | * Signature for confirming HELLOs. | 46 | * Signature for confirming HELLOs for TCP plugins. |
47 | */ | 47 | */ |
48 | #define GNUNET_SIGNATURE_PURPOSE_TRANSPORT_HELLO 1 | 48 | #define GNUNET_SIGNATURE_PURPOSE_TRANSPORT_TCP_PING 1 |
49 | 49 | ||
50 | 50 | ||
51 | /** | 51 | /** |