diff options
Diffstat (limited to 'src/service/transport/gnunet-communicator-tcp.c')
-rw-r--r-- | src/service/transport/gnunet-communicator-tcp.c | 4182 |
1 files changed, 4182 insertions, 0 deletions
diff --git a/src/service/transport/gnunet-communicator-tcp.c b/src/service/transport/gnunet-communicator-tcp.c new file mode 100644 index 000000000..02a547335 --- /dev/null +++ b/src/service/transport/gnunet-communicator-tcp.c | |||
@@ -0,0 +1,4182 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2010-2014, 2018, 2019 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file transport/gnunet-communicator-tcp.c | ||
23 | * @brief Transport plugin using TCP. | ||
24 | * @author Christian Grothoff | ||
25 | * | ||
26 | * TODO: | ||
27 | * - support NAT connection reversal method (#5529) | ||
28 | * - support other TCP-specific NAT traversal methods (#5531) | ||
29 | */ | ||
30 | #include "gnunet_common.h" | ||
31 | #include "platform.h" | ||
32 | #include "gnunet_util_lib.h" | ||
33 | #include "gnunet_core_service.h" | ||
34 | #include "gnunet_peerstore_service.h" | ||
35 | #include "gnunet_protocols.h" | ||
36 | #include "gnunet_signatures.h" | ||
37 | #include "gnunet_constants.h" | ||
38 | #include "gnunet_nat_service.h" | ||
39 | #include "gnunet_statistics_service.h" | ||
40 | #include "gnunet_transport_communication_service.h" | ||
41 | #include "gnunet_resolver_service.h" | ||
42 | |||
43 | |||
44 | /** | ||
45 | * How long until we give up on establishing an NAT connection? | ||
46 | * Must be > 4 RTT | ||
47 | */ | ||
48 | #define NAT_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 10) | ||
49 | |||
50 | /** | ||
51 | * How long do we believe our addresses to remain up (before | ||
52 | * the other peer should revalidate). | ||
53 | */ | ||
54 | #define ADDRESS_VALIDITY_PERIOD \ | ||
55 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4) | ||
56 | |||
57 | /** | ||
58 | * How many messages do we keep at most in the queue to the | ||
59 | * transport service before we start to drop (default, | ||
60 | * can be changed via the configuration file). | ||
61 | * Should be _below_ the level of the communicator API, as | ||
62 | * otherwise we may read messages just to have them dropped | ||
63 | * by the communicator API. | ||
64 | */ | ||
65 | #define DEFAULT_MAX_QUEUE_LENGTH 8 | ||
66 | |||
67 | /** | ||
68 | * Size of our IO buffers for ciphertext data. Must be at | ||
69 | * least UINT_MAX + sizeof (struct TCPBox). | ||
70 | */ | ||
71 | #define BUF_SIZE (2 * 64 * 1024 + sizeof(struct TCPBox)) | ||
72 | |||
73 | /** | ||
74 | * How often do we rekey based on time (at least) | ||
75 | */ | ||
76 | #define DEFAULT_REKEY_INTERVAL GNUNET_TIME_UNIT_DAYS | ||
77 | |||
78 | /** | ||
79 | * How long do we wait until we must have received the initial KX? | ||
80 | */ | ||
81 | #define PROTO_QUEUE_TIMEOUT GNUNET_TIME_UNIT_MINUTES | ||
82 | |||
83 | /** | ||
84 | * How often do we rekey based on number of bytes transmitted? | ||
85 | * (additionally randomized). Currently 400 MB | ||
86 | */ | ||
87 | #define REKEY_MAX_BYTES (1024LLU * 1024 * 400) | ||
88 | |||
89 | /** | ||
90 | * Size of the initial key exchange message sent first in both | ||
91 | * directions. | ||
92 | */ | ||
93 | #define INITIAL_KX_SIZE \ | ||
94 | (sizeof(struct GNUNET_CRYPTO_EcdhePublicKey) \ | ||
95 | + sizeof(struct TCPConfirmation)) | ||
96 | |||
97 | /** | ||
98 | * Size of the initial core key exchange messages. | ||
99 | */ | ||
100 | #define INITIAL_CORE_KX_SIZE \ | ||
101 | (sizeof(struct EphemeralKeyMessage) \ | ||
102 | + sizeof(struct PingMessage) \ | ||
103 | + sizeof(struct PongMessage)) | ||
104 | |||
105 | /** | ||
106 | * Address prefix used by the communicator. | ||
107 | */ | ||
108 | #define COMMUNICATOR_ADDRESS_PREFIX "tcp" | ||
109 | |||
110 | /** | ||
111 | * Configuration section used by the communicator. | ||
112 | */ | ||
113 | #define COMMUNICATOR_CONFIG_SECTION "communicator-tcp" | ||
114 | |||
115 | GNUNET_NETWORK_STRUCT_BEGIN | ||
116 | |||
117 | |||
118 | /** | ||
119 | * Signature we use to verify that the ephemeral key was really chosen by | ||
120 | * the specified sender. | ||
121 | */ | ||
122 | struct TcpHandshakeSignature | ||
123 | { | ||
124 | /** | ||
125 | * Purpose must be #GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_TCP_HANDSHAKE | ||
126 | */ | ||
127 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; | ||
128 | |||
129 | /** | ||
130 | * Identity of the inititor of the TCP connection (TCP client). | ||
131 | */ | ||
132 | struct GNUNET_PeerIdentity sender; | ||
133 | |||
134 | /** | ||
135 | * Presumed identity of the target of the TCP connection (TCP server) | ||
136 | */ | ||
137 | struct GNUNET_PeerIdentity receiver; | ||
138 | |||
139 | /** | ||
140 | * Ephemeral key used by the @e sender. | ||
141 | */ | ||
142 | struct GNUNET_CRYPTO_EcdhePublicKey ephemeral; | ||
143 | |||
144 | /** | ||
145 | * Monotonic time of @e sender, to possibly help detect replay attacks | ||
146 | * (if receiver persists times by sender). | ||
147 | */ | ||
148 | struct GNUNET_TIME_AbsoluteNBO monotonic_time; | ||
149 | |||
150 | /** | ||
151 | * Challenge value used to protect against replay attack, if there is no stored monotonic time value. | ||
152 | */ | ||
153 | struct GNUNET_CRYPTO_ChallengeNonceP challenge; | ||
154 | }; | ||
155 | |||
156 | /** | ||
157 | * Signature we use to verify that the ack from the receiver of the ephemeral key was really send by | ||
158 | * the specified sender. | ||
159 | */ | ||
160 | struct TcpHandshakeAckSignature | ||
161 | { | ||
162 | /** | ||
163 | * Purpose must be #GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_TCP_HANDSHAKE_ACK | ||
164 | */ | ||
165 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; | ||
166 | |||
167 | /** | ||
168 | * Identity of the inititor of the TCP connection (TCP client). | ||
169 | */ | ||
170 | struct GNUNET_PeerIdentity sender; | ||
171 | |||
172 | /** | ||
173 | * Presumed identity of the target of the TCP connection (TCP server) | ||
174 | */ | ||
175 | struct GNUNET_PeerIdentity receiver; | ||
176 | |||
177 | /** | ||
178 | * Monotonic time of @e sender, to possibly help detect replay attacks | ||
179 | * (if receiver persists times by sender). | ||
180 | */ | ||
181 | struct GNUNET_TIME_AbsoluteNBO monotonic_time; | ||
182 | |||
183 | /** | ||
184 | * Challenge value used to protect against replay attack, if there is no stored monotonic time value. | ||
185 | */ | ||
186 | struct GNUNET_CRYPTO_ChallengeNonceP challenge; | ||
187 | }; | ||
188 | |||
189 | /** | ||
190 | * Encrypted continuation of TCP initial handshake. | ||
191 | */ | ||
192 | struct TCPConfirmation | ||
193 | { | ||
194 | /** | ||
195 | * Sender's identity | ||
196 | */ | ||
197 | struct GNUNET_PeerIdentity sender; | ||
198 | |||
199 | /** | ||
200 | * Sender's signature of type #GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_TCP_HANDSHAKE | ||
201 | */ | ||
202 | struct GNUNET_CRYPTO_EddsaSignature sender_sig; | ||
203 | |||
204 | /** | ||
205 | * Monotonic time of @e sender, to possibly help detect replay attacks | ||
206 | * (if receiver persists times by sender). | ||
207 | */ | ||
208 | struct GNUNET_TIME_AbsoluteNBO monotonic_time; | ||
209 | |||
210 | /** | ||
211 | * Challenge value used to protect against replay attack, if there is no stored monotonic time value. | ||
212 | */ | ||
213 | struct GNUNET_CRYPTO_ChallengeNonceP challenge; | ||
214 | |||
215 | }; | ||
216 | |||
217 | /** | ||
218 | * Ack for the encrypted continuation of TCP initial handshake. | ||
219 | */ | ||
220 | struct TCPConfirmationAck | ||
221 | { | ||
222 | |||
223 | |||
224 | /** | ||
225 | * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_CONFIRMATION_ACK. | ||
226 | */ | ||
227 | struct GNUNET_MessageHeader header; | ||
228 | |||
229 | /** | ||
230 | * Sender's identity | ||
231 | */ | ||
232 | struct GNUNET_PeerIdentity sender; | ||
233 | |||
234 | /** | ||
235 | * Sender's signature of type #GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_TCP_HANDSHAKE_ACK | ||
236 | */ | ||
237 | struct GNUNET_CRYPTO_EddsaSignature sender_sig; | ||
238 | |||
239 | /** | ||
240 | * Monotonic time of @e sender, to possibly help detect replay attacks | ||
241 | * (if receiver persists times by sender). | ||
242 | */ | ||
243 | struct GNUNET_TIME_AbsoluteNBO monotonic_time; | ||
244 | |||
245 | /** | ||
246 | * Challenge value used to protect against replay attack, if there is no stored monotonic time value. | ||
247 | */ | ||
248 | struct GNUNET_CRYPTO_ChallengeNonceP challenge; | ||
249 | |||
250 | }; | ||
251 | |||
252 | /** | ||
253 | * TCP message box. Always sent encrypted! | ||
254 | */ | ||
255 | struct TCPBox | ||
256 | { | ||
257 | /** | ||
258 | * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_BOX. Warning: the | ||
259 | * header size EXCLUDES the size of the `struct TCPBox`. We usually | ||
260 | * never do this, but here the payload may truly be 64k *after* the | ||
261 | * TCPBox (as we have no MTU)!! | ||
262 | */ | ||
263 | struct GNUNET_MessageHeader header; | ||
264 | |||
265 | /** | ||
266 | * HMAC for the following encrypted message. Yes, we MUST use | ||
267 | * mac-then-encrypt here, as we want to hide the message sizes on | ||
268 | * the wire (zero plaintext design!). Using CTR mode, padding oracle | ||
269 | * attacks do not apply. Besides, due to the use of ephemeral keys | ||
270 | * (hopefully with effective replay protection from monotonic time!) | ||
271 | * the attacker is limited in using the oracle. | ||
272 | */ | ||
273 | struct GNUNET_ShortHashCode hmac; | ||
274 | |||
275 | /* followed by as may bytes of payload as indicated in @e header, | ||
276 | excluding the TCPBox itself! */ | ||
277 | }; | ||
278 | |||
279 | |||
280 | /** | ||
281 | * TCP rekey message box. Always sent encrypted! Data after | ||
282 | * this message will use the new key. | ||
283 | */ | ||
284 | struct TCPRekey | ||
285 | { | ||
286 | /** | ||
287 | * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY. | ||
288 | */ | ||
289 | struct GNUNET_MessageHeader header; | ||
290 | |||
291 | /** | ||
292 | * HMAC for the following encrypted message. Yes, we MUST use | ||
293 | * mac-then-encrypt here, as we want to hide the message sizes on | ||
294 | * the wire (zero plaintext design!). Using CTR mode padding oracle | ||
295 | * attacks do not apply. Besides, due to the use of ephemeral keys | ||
296 | * (hopefully with effective replay protection from monotonic time!) | ||
297 | * the attacker is limited in using the oracle. | ||
298 | */ | ||
299 | struct GNUNET_ShortHashCode hmac; | ||
300 | |||
301 | /** | ||
302 | * New ephemeral key. | ||
303 | */ | ||
304 | struct GNUNET_CRYPTO_EcdhePublicKey ephemeral; | ||
305 | |||
306 | /** | ||
307 | * Sender's signature of type #GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_TCP_REKEY | ||
308 | */ | ||
309 | struct GNUNET_CRYPTO_EddsaSignature sender_sig; | ||
310 | |||
311 | /** | ||
312 | * Monotonic time of @e sender, to possibly help detect replay attacks | ||
313 | * (if receiver persists times by sender). | ||
314 | */ | ||
315 | struct GNUNET_TIME_AbsoluteNBO monotonic_time; | ||
316 | }; | ||
317 | |||
318 | /** | ||
319 | * Signature we use to verify that the ephemeral key was really chosen by | ||
320 | * the specified sender. | ||
321 | */ | ||
322 | struct TcpRekeySignature | ||
323 | { | ||
324 | /** | ||
325 | * Purpose must be #GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_TCP_REKEY | ||
326 | */ | ||
327 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; | ||
328 | |||
329 | /** | ||
330 | * Identity of the inititor of the TCP connection (TCP client). | ||
331 | */ | ||
332 | struct GNUNET_PeerIdentity sender; | ||
333 | |||
334 | /** | ||
335 | * Presumed identity of the target of the TCP connection (TCP server) | ||
336 | */ | ||
337 | struct GNUNET_PeerIdentity receiver; | ||
338 | |||
339 | /** | ||
340 | * Ephemeral key used by the @e sender. | ||
341 | */ | ||
342 | struct GNUNET_CRYPTO_EcdhePublicKey ephemeral; | ||
343 | |||
344 | /** | ||
345 | * Monotonic time of @e sender, to possibly help detect replay attacks | ||
346 | * (if receiver persists times by sender). | ||
347 | */ | ||
348 | struct GNUNET_TIME_AbsoluteNBO monotonic_time; | ||
349 | }; | ||
350 | |||
351 | /** | ||
352 | * TCP finish. Sender asks for the connection to be closed. | ||
353 | * Needed/useful in case we drop RST/FIN packets on the GNUnet | ||
354 | * port due to the possibility of malicious RST/FIN injection. | ||
355 | */ | ||
356 | struct TCPFinish | ||
357 | { | ||
358 | /** | ||
359 | * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH. | ||
360 | */ | ||
361 | struct GNUNET_MessageHeader header; | ||
362 | |||
363 | /** | ||
364 | * HMAC for the following encrypted message. Yes, we MUST use | ||
365 | * mac-then-encrypt here, as we want to hide the message sizes on | ||
366 | * the wire (zero plaintext design!). Using CTR mode padding oracle | ||
367 | * attacks do not apply. Besides, due to the use of ephemeral keys | ||
368 | * (hopefully with effective replay protection from monotonic time!) | ||
369 | * the attacker is limited in using the oracle. | ||
370 | */ | ||
371 | struct GNUNET_ShortHashCode hmac; | ||
372 | }; | ||
373 | |||
374 | /** | ||
375 | * Basically a WELCOME message, but with the purpose | ||
376 | * of giving the waiting peer a client handle to use | ||
377 | */ | ||
378 | struct TCPNATProbeMessage | ||
379 | { | ||
380 | /** | ||
381 | * Type is #GNUNET_MESSAGE_TYPE_TRANSPORT_TCP_NAT_PROBE. | ||
382 | */ | ||
383 | struct GNUNET_MessageHeader header; | ||
384 | |||
385 | /** | ||
386 | * Identity of the sender of the message. | ||
387 | */ | ||
388 | struct GNUNET_PeerIdentity clientIdentity; | ||
389 | }; | ||
390 | |||
391 | GNUNET_NETWORK_STRUCT_END | ||
392 | |||
393 | /** | ||
394 | * Struct for pending nat reversals. | ||
395 | */ | ||
396 | struct PendingReversal | ||
397 | { | ||
398 | /* | ||
399 | * Timeout task. | ||
400 | */ | ||
401 | struct GNUNET_SCHEDULER_Task *timeout_task; | ||
402 | |||
403 | /** | ||
404 | * To whom are we like to talk to. | ||
405 | */ | ||
406 | struct GNUNET_PeerIdentity target; | ||
407 | |||
408 | /** | ||
409 | * Address the reversal was send to. | ||
410 | */ | ||
411 | struct sockaddr *in; | ||
412 | }; | ||
413 | |||
414 | /** | ||
415 | * Struct to use as closure. | ||
416 | */ | ||
417 | struct ListenTask | ||
418 | { | ||
419 | /** | ||
420 | * ID of listen task | ||
421 | */ | ||
422 | struct GNUNET_SCHEDULER_Task *listen_task; | ||
423 | |||
424 | /** | ||
425 | * Listen socket. | ||
426 | */ | ||
427 | struct GNUNET_NETWORK_Handle *listen_sock; | ||
428 | }; | ||
429 | |||
430 | /** | ||
431 | * Handle for a queue. | ||
432 | */ | ||
433 | struct Queue | ||
434 | { | ||
435 | /** | ||
436 | * To whom are we talking to. | ||
437 | */ | ||
438 | struct GNUNET_PeerIdentity target; | ||
439 | |||
440 | /** | ||
441 | * Listen socket. | ||
442 | */ | ||
443 | struct GNUNET_NETWORK_Handle *listen_sock; | ||
444 | |||
445 | /** | ||
446 | * socket that we transmit all data with on this queue | ||
447 | */ | ||
448 | struct GNUNET_NETWORK_Handle *sock; | ||
449 | |||
450 | /** | ||
451 | * cipher for decryption of incoming data. | ||
452 | */ | ||
453 | gcry_cipher_hd_t in_cipher; | ||
454 | |||
455 | /** | ||
456 | * cipher for encryption of outgoing data. | ||
457 | */ | ||
458 | gcry_cipher_hd_t out_cipher; | ||
459 | |||
460 | /** | ||
461 | * Key in hash map | ||
462 | */ | ||
463 | struct GNUNET_HashCode key; | ||
464 | |||
465 | /** | ||
466 | * Shared secret for HMAC verification on incoming data. | ||
467 | */ | ||
468 | struct GNUNET_HashCode in_hmac; | ||
469 | |||
470 | /** | ||
471 | * Shared secret for HMAC generation on outgoing data, ratcheted after | ||
472 | * each operation. | ||
473 | */ | ||
474 | struct GNUNET_HashCode out_hmac; | ||
475 | |||
476 | /** | ||
477 | * ID of read task for this connection. | ||
478 | */ | ||
479 | struct GNUNET_SCHEDULER_Task *read_task; | ||
480 | |||
481 | /** | ||
482 | * ID of write task for this connection. | ||
483 | */ | ||
484 | struct GNUNET_SCHEDULER_Task *write_task; | ||
485 | |||
486 | /** | ||
487 | * Address of the other peer. | ||
488 | */ | ||
489 | struct sockaddr *address; | ||
490 | |||
491 | /** | ||
492 | * How many more bytes may we sent with the current @e out_cipher | ||
493 | * before we should rekey? | ||
494 | */ | ||
495 | uint64_t rekey_left_bytes; | ||
496 | |||
497 | /** | ||
498 | * Until what time may we sent with the current @e out_cipher | ||
499 | * before we should rekey? | ||
500 | */ | ||
501 | struct GNUNET_TIME_Absolute rekey_time; | ||
502 | |||
503 | /** | ||
504 | * Length of the address. | ||
505 | */ | ||
506 | socklen_t address_len; | ||
507 | |||
508 | /** | ||
509 | * Message queue we are providing for the #ch. | ||
510 | */ | ||
511 | struct GNUNET_MQ_Handle *mq; | ||
512 | |||
513 | /** | ||
514 | * handle for this queue with the #ch. | ||
515 | */ | ||
516 | struct GNUNET_TRANSPORT_QueueHandle *qh; | ||
517 | |||
518 | /** | ||
519 | * Number of bytes we currently have in our write queue. | ||
520 | */ | ||
521 | unsigned long long bytes_in_queue; | ||
522 | |||
523 | /** | ||
524 | * Buffer for reading ciphertext from network into. | ||
525 | */ | ||
526 | char cread_buf[BUF_SIZE]; | ||
527 | |||
528 | /** | ||
529 | * buffer for writing ciphertext to network. | ||
530 | */ | ||
531 | char cwrite_buf[BUF_SIZE]; | ||
532 | |||
533 | /** | ||
534 | * Plaintext buffer for decrypted plaintext. | ||
535 | */ | ||
536 | char pread_buf[UINT16_MAX + 1 + sizeof(struct TCPBox)]; | ||
537 | |||
538 | /** | ||
539 | * Plaintext buffer for messages to be encrypted. | ||
540 | */ | ||
541 | char pwrite_buf[UINT16_MAX + 1 + sizeof(struct TCPBox)]; | ||
542 | |||
543 | /** | ||
544 | * At which offset in the ciphertext read buffer should we | ||
545 | * append more ciphertext for transmission next? | ||
546 | */ | ||
547 | size_t cread_off; | ||
548 | |||
549 | /** | ||
550 | * At which offset in the ciphertext write buffer should we | ||
551 | * append more ciphertext from reading next? | ||
552 | */ | ||
553 | size_t cwrite_off; | ||
554 | |||
555 | /** | ||
556 | * At which offset in the plaintext input buffer should we | ||
557 | * append more plaintext from decryption next? | ||
558 | */ | ||
559 | size_t pread_off; | ||
560 | |||
561 | /** | ||
562 | * At which offset in the plaintext output buffer should we | ||
563 | * append more plaintext for encryption next? | ||
564 | */ | ||
565 | size_t pwrite_off; | ||
566 | |||
567 | /** | ||
568 | * Timeout for this queue. | ||
569 | */ | ||
570 | struct GNUNET_TIME_Absolute timeout; | ||
571 | |||
572 | /** | ||
573 | * How may messages did we pass from this queue to CORE for which we | ||
574 | * have yet to receive an acknoweldgement that CORE is done with | ||
575 | * them? If "large" (or even just non-zero), we should throttle | ||
576 | * reading to provide flow control. See also #DEFAULT_MAX_QUEUE_LENGTH | ||
577 | * and #max_queue_length. | ||
578 | */ | ||
579 | unsigned int backpressure; | ||
580 | |||
581 | /** | ||
582 | * Which network type does this queue use? | ||
583 | */ | ||
584 | enum GNUNET_NetworkType nt; | ||
585 | |||
586 | /** | ||
587 | * The connection status of this queue. | ||
588 | */ | ||
589 | enum GNUNET_TRANSPORT_ConnectionStatus cs; | ||
590 | |||
591 | /** | ||
592 | * Is MQ awaiting a #GNUNET_MQ_impl_send_continue() call? | ||
593 | */ | ||
594 | int mq_awaits_continue; | ||
595 | |||
596 | /** | ||
597 | * Did we enqueue a finish message and are closing down the queue? | ||
598 | */ | ||
599 | int finishing; | ||
600 | |||
601 | /** | ||
602 | * Did we technically destroy this queue, but kept the allocation | ||
603 | * around because of @e backpressure not being zero yet? Used | ||
604 | * simply to delay the final #GNUNET_free() operation until | ||
605 | * #core_read_finished_cb() has been called. | ||
606 | */ | ||
607 | int destroyed; | ||
608 | |||
609 | /** | ||
610 | * #GNUNET_YES if we just rekeyed and must thus possibly | ||
611 | * re-decrypt ciphertext. | ||
612 | */ | ||
613 | int rekeyed; | ||
614 | |||
615 | /** | ||
616 | * Monotonic time value for rekey message. | ||
617 | */ | ||
618 | struct GNUNET_TIME_AbsoluteNBO rekey_monotonic_time; | ||
619 | |||
620 | /** | ||
621 | * Monotonic time value for handshake message. | ||
622 | */ | ||
623 | struct GNUNET_TIME_AbsoluteNBO handshake_monotonic_time; | ||
624 | |||
625 | /** | ||
626 | * Monotonic time value for handshake ack message. | ||
627 | */ | ||
628 | struct GNUNET_TIME_AbsoluteNBO handshake_ack_monotonic_time; | ||
629 | |||
630 | /** | ||
631 | * Challenge value used to protect against replay attack, if there is no stored monotonic time value. | ||
632 | */ | ||
633 | struct GNUNET_CRYPTO_ChallengeNonceP challenge; | ||
634 | |||
635 | /** | ||
636 | * Challenge value received. In case of inbound connection we have to remember the value, because we send the challenge back later after we received the GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_CONFIRMATION_ACK. | ||
637 | */ | ||
638 | struct GNUNET_CRYPTO_ChallengeNonceP challenge_received; | ||
639 | |||
640 | /** | ||
641 | * Iteration Context for retrieving the monotonic time send with key for rekeying. | ||
642 | */ | ||
643 | struct GNUNET_PEERSTORE_IterateContext *rekey_monotime_get; | ||
644 | |||
645 | /** | ||
646 | * Iteration Context for retrieving the monotonic time send with the handshake. | ||
647 | */ | ||
648 | struct GNUNET_PEERSTORE_IterateContext *handshake_monotime_get; | ||
649 | |||
650 | /** | ||
651 | * Iteration Context for retrieving the monotonic time send with the handshake ack. | ||
652 | */ | ||
653 | struct GNUNET_PEERSTORE_IterateContext *handshake_ack_monotime_get; | ||
654 | |||
655 | /** | ||
656 | * Store Context for retrieving the monotonic time send with key for rekeying. | ||
657 | */ | ||
658 | struct GNUNET_PEERSTORE_StoreContext *rekey_monotime_sc; | ||
659 | |||
660 | /** | ||
661 | * Store Context for retrieving the monotonic time send with the handshake. | ||
662 | */ | ||
663 | struct GNUNET_PEERSTORE_StoreContext *handshake_monotime_sc; | ||
664 | |||
665 | /** | ||
666 | * Store Context for retrieving the monotonic time send with the handshake ack. | ||
667 | */ | ||
668 | struct GNUNET_PEERSTORE_StoreContext *handshake_ack_monotime_sc; | ||
669 | |||
670 | /** | ||
671 | * Size of data received without KX challenge played back. | ||
672 | */ | ||
673 | // TODO remove? | ||
674 | size_t unverified_size; | ||
675 | |||
676 | /** | ||
677 | * Has the initial (core) handshake already happened? | ||
678 | */ | ||
679 | int initial_core_kx_done; | ||
680 | }; | ||
681 | |||
682 | |||
683 | /** | ||
684 | * Handle for an incoming connection where we do not yet have enough | ||
685 | * information to setup a full queue. | ||
686 | */ | ||
687 | struct ProtoQueue | ||
688 | { | ||
689 | /** | ||
690 | * Kept in a DLL. | ||
691 | */ | ||
692 | struct ProtoQueue *next; | ||
693 | |||
694 | /** | ||
695 | * Kept in a DLL. | ||
696 | */ | ||
697 | struct ProtoQueue *prev; | ||
698 | |||
699 | /** | ||
700 | * Listen socket. | ||
701 | */ | ||
702 | struct GNUNET_NETWORK_Handle *listen_sock; | ||
703 | |||
704 | /** | ||
705 | * socket that we transmit all data with on this queue | ||
706 | */ | ||
707 | struct GNUNET_NETWORK_Handle *sock; | ||
708 | |||
709 | /** | ||
710 | * ID of write task for this connection. | ||
711 | */ | ||
712 | struct GNUNET_SCHEDULER_Task *write_task; | ||
713 | |||
714 | /** | ||
715 | * buffer for writing struct TCPNATProbeMessage to network. | ||
716 | */ | ||
717 | char write_buf[sizeof (struct TCPNATProbeMessage)]; | ||
718 | |||
719 | /** | ||
720 | * Offset of the buffer? | ||
721 | */ | ||
722 | size_t write_off; | ||
723 | |||
724 | /** | ||
725 | * ID of read task for this connection. | ||
726 | */ | ||
727 | struct GNUNET_SCHEDULER_Task *read_task; | ||
728 | |||
729 | /** | ||
730 | * Address of the other peer. | ||
731 | */ | ||
732 | struct sockaddr *address; | ||
733 | |||
734 | /** | ||
735 | * Length of the address. | ||
736 | */ | ||
737 | socklen_t address_len; | ||
738 | |||
739 | /** | ||
740 | * Timeout for this protoqueue. | ||
741 | */ | ||
742 | struct GNUNET_TIME_Absolute timeout; | ||
743 | |||
744 | /** | ||
745 | * Buffer for reading all the information we need to upgrade from | ||
746 | * protoqueue to queue. | ||
747 | */ | ||
748 | char ibuf[INITIAL_KX_SIZE]; | ||
749 | |||
750 | /** | ||
751 | * Current offset for reading into @e ibuf. | ||
752 | */ | ||
753 | size_t ibuf_off; | ||
754 | }; | ||
755 | |||
756 | /** | ||
757 | * In case of port only configuration we like to bind to ipv4 and ipv6 addresses. | ||
758 | */ | ||
759 | struct PortOnlyIpv4Ipv6 | ||
760 | { | ||
761 | /** | ||
762 | * Ipv4 address we like to bind to. | ||
763 | */ | ||
764 | struct sockaddr *addr_ipv4; | ||
765 | |||
766 | /** | ||
767 | * Length of ipv4 address. | ||
768 | */ | ||
769 | socklen_t addr_len_ipv4; | ||
770 | |||
771 | /** | ||
772 | * Ipv6 address we like to bind to. | ||
773 | */ | ||
774 | struct sockaddr *addr_ipv6; | ||
775 | |||
776 | /** | ||
777 | * Length of ipv6 address. | ||
778 | */ | ||
779 | socklen_t addr_len_ipv6; | ||
780 | |||
781 | }; | ||
782 | |||
783 | /** | ||
784 | * DLL to store the addresses we like to register at NAT service. | ||
785 | */ | ||
786 | struct Addresses | ||
787 | { | ||
788 | /** | ||
789 | * Kept in a DLL. | ||
790 | */ | ||
791 | struct Addresses *next; | ||
792 | |||
793 | /** | ||
794 | * Kept in a DLL. | ||
795 | */ | ||
796 | struct Addresses *prev; | ||
797 | |||
798 | /** | ||
799 | * Address we like to register at NAT service. | ||
800 | */ | ||
801 | struct sockaddr *addr; | ||
802 | |||
803 | /** | ||
804 | * Length of address we like to register at NAT service. | ||
805 | */ | ||
806 | socklen_t addr_len; | ||
807 | |||
808 | }; | ||
809 | |||
810 | |||
811 | /** | ||
812 | * Maximum queue length before we stop reading towards the transport service. | ||
813 | */ | ||
814 | static unsigned long long max_queue_length; | ||
815 | |||
816 | /** | ||
817 | * For logging statistics. | ||
818 | */ | ||
819 | static struct GNUNET_STATISTICS_Handle *stats; | ||
820 | |||
821 | /** | ||
822 | * Our environment. | ||
823 | */ | ||
824 | static struct GNUNET_TRANSPORT_CommunicatorHandle *ch; | ||
825 | |||
826 | /** | ||
827 | * Queues (map from peer identity to `struct Queue`) | ||
828 | */ | ||
829 | static struct GNUNET_CONTAINER_MultiHashMap *queue_map; | ||
830 | |||
831 | /** | ||
832 | * ListenTasks (map from socket to `struct ListenTask`) | ||
833 | */ | ||
834 | static struct GNUNET_CONTAINER_MultiHashMap *lt_map; | ||
835 | |||
836 | /** | ||
837 | * Our public key. | ||
838 | */ | ||
839 | static struct GNUNET_PeerIdentity my_identity; | ||
840 | |||
841 | /** | ||
842 | * The rekey byte maximum | ||
843 | */ | ||
844 | static unsigned long long rekey_max_bytes; | ||
845 | |||
846 | /** | ||
847 | * The rekey interval | ||
848 | */ | ||
849 | static struct GNUNET_TIME_Relative rekey_interval; | ||
850 | |||
851 | /** | ||
852 | * Our private key. | ||
853 | */ | ||
854 | static struct GNUNET_CRYPTO_EddsaPrivateKey *my_private_key; | ||
855 | |||
856 | /** | ||
857 | * Our configuration. | ||
858 | */ | ||
859 | static const struct GNUNET_CONFIGURATION_Handle *cfg; | ||
860 | |||
861 | /** | ||
862 | * Network scanner to determine network types. | ||
863 | */ | ||
864 | static struct GNUNET_NT_InterfaceScanner *is; | ||
865 | |||
866 | /** | ||
867 | * Connection to NAT service. | ||
868 | */ | ||
869 | static struct GNUNET_NAT_Handle *nat; | ||
870 | |||
871 | /** | ||
872 | * Protoqueues DLL head. | ||
873 | */ | ||
874 | static struct ProtoQueue *proto_head; | ||
875 | |||
876 | /** | ||
877 | * Protoqueues DLL tail. | ||
878 | */ | ||
879 | static struct ProtoQueue *proto_tail; | ||
880 | |||
881 | /** | ||
882 | * Handle for DNS lookup of bindto address | ||
883 | */ | ||
884 | struct GNUNET_RESOLVER_RequestHandle *resolve_request_handle; | ||
885 | |||
886 | /** | ||
887 | * Head of DLL with addresses we like to register at NAT servcie. | ||
888 | */ | ||
889 | static struct Addresses *addrs_head; | ||
890 | |||
891 | /** | ||
892 | * Head of DLL with addresses we like to register at NAT servcie. | ||
893 | */ | ||
894 | static struct Addresses *addrs_tail; | ||
895 | |||
896 | /** | ||
897 | * Number of addresses in the DLL for register at NAT service. | ||
898 | */ | ||
899 | static int addrs_lens; | ||
900 | |||
901 | /** | ||
902 | * Database for peer's HELLOs. | ||
903 | */ | ||
904 | static struct GNUNET_PEERSTORE_Handle *peerstore; | ||
905 | |||
906 | /** | ||
907 | * A flag indicating we are already doing a shutdown. | ||
908 | */ | ||
909 | static int shutdown_running = GNUNET_NO; | ||
910 | |||
911 | /** | ||
912 | * IPv6 disabled. | ||
913 | */ | ||
914 | static int disable_v6; | ||
915 | |||
916 | /** | ||
917 | * The port the communicator should be assigned to. | ||
918 | */ | ||
919 | static unsigned int bind_port; | ||
920 | |||
921 | /** | ||
922 | * Map of pending reversals. | ||
923 | */ | ||
924 | static struct GNUNET_CONTAINER_MultiHashMap *pending_reversals; | ||
925 | |||
926 | /** | ||
927 | * We have been notified that our listen socket has something to | ||
928 | * read. Do the read and reschedule this function to be called again | ||
929 | * once more is available. | ||
930 | * | ||
931 | * @param cls NULL | ||
932 | */ | ||
933 | static void | ||
934 | listen_cb (void *cls); | ||
935 | |||
936 | /** | ||
937 | * Functions with this signature are called whenever we need | ||
938 | * to close a queue due to a disconnect or failure to | ||
939 | * establish a connection. | ||
940 | * | ||
941 | * @param queue queue to close down | ||
942 | */ | ||
943 | static void | ||
944 | queue_destroy (struct Queue *queue) | ||
945 | { | ||
946 | struct ListenTask *lt = NULL; | ||
947 | struct GNUNET_HashCode h_sock; | ||
948 | int sockfd; | ||
949 | |||
950 | if (NULL != queue->listen_sock) | ||
951 | { | ||
952 | sockfd = GNUNET_NETWORK_get_fd (queue->listen_sock); | ||
953 | GNUNET_CRYPTO_hash (&sockfd, | ||
954 | sizeof(int), | ||
955 | &h_sock); | ||
956 | |||
957 | lt = GNUNET_CONTAINER_multihashmap_get (lt_map, &h_sock); | ||
958 | } | ||
959 | |||
960 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
961 | "Disconnecting queue for peer `%s'\n", | ||
962 | GNUNET_i2s (&queue->target)); | ||
963 | if (NULL != queue->rekey_monotime_sc) | ||
964 | { | ||
965 | GNUNET_PEERSTORE_store_cancel (queue->rekey_monotime_sc); | ||
966 | queue->rekey_monotime_sc = NULL; | ||
967 | } | ||
968 | if (NULL != queue->handshake_monotime_sc) | ||
969 | { | ||
970 | GNUNET_PEERSTORE_store_cancel (queue->handshake_monotime_sc); | ||
971 | queue->handshake_monotime_sc = NULL; | ||
972 | } | ||
973 | if (NULL != queue->handshake_ack_monotime_sc) | ||
974 | { | ||
975 | GNUNET_PEERSTORE_store_cancel (queue->handshake_ack_monotime_sc); | ||
976 | queue->handshake_ack_monotime_sc = NULL; | ||
977 | } | ||
978 | if (NULL != queue->rekey_monotime_get) | ||
979 | { | ||
980 | GNUNET_PEERSTORE_iteration_stop (queue->rekey_monotime_get); | ||
981 | queue->rekey_monotime_get = NULL; | ||
982 | } | ||
983 | if (NULL != queue->handshake_monotime_get) | ||
984 | { | ||
985 | GNUNET_PEERSTORE_iteration_stop (queue->handshake_monotime_get); | ||
986 | queue->handshake_monotime_get = NULL; | ||
987 | } | ||
988 | if (NULL != queue->handshake_ack_monotime_get) | ||
989 | { | ||
990 | GNUNET_PEERSTORE_iteration_stop (queue->handshake_ack_monotime_get); | ||
991 | queue->handshake_ack_monotime_get = NULL; | ||
992 | } | ||
993 | if (NULL != queue->qh) | ||
994 | { | ||
995 | GNUNET_TRANSPORT_communicator_mq_del (queue->qh); | ||
996 | queue->qh = NULL; | ||
997 | } | ||
998 | GNUNET_assert ( | ||
999 | GNUNET_YES == | ||
1000 | GNUNET_CONTAINER_multihashmap_remove (queue_map, &queue->key, queue)); | ||
1001 | GNUNET_STATISTICS_set (stats, | ||
1002 | "# queues active", | ||
1003 | GNUNET_CONTAINER_multihashmap_size (queue_map), | ||
1004 | GNUNET_NO); | ||
1005 | if (NULL != queue->read_task) | ||
1006 | { | ||
1007 | GNUNET_SCHEDULER_cancel (queue->read_task); | ||
1008 | queue->read_task = NULL; | ||
1009 | } | ||
1010 | if (NULL != queue->write_task) | ||
1011 | { | ||
1012 | GNUNET_SCHEDULER_cancel (queue->write_task); | ||
1013 | queue->write_task = NULL; | ||
1014 | } | ||
1015 | if (GNUNET_SYSERR == GNUNET_NETWORK_socket_close (queue->sock)) | ||
1016 | { | ||
1017 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1018 | "closing socket failed\n"); | ||
1019 | } | ||
1020 | gcry_cipher_close (queue->in_cipher); | ||
1021 | gcry_cipher_close (queue->out_cipher); | ||
1022 | GNUNET_free (queue->address); | ||
1023 | if (0 != queue->backpressure) | ||
1024 | queue->destroyed = GNUNET_YES; | ||
1025 | else | ||
1026 | GNUNET_free (queue); | ||
1027 | |||
1028 | if (NULL == lt) | ||
1029 | return; | ||
1030 | |||
1031 | if ((! shutdown_running) && (NULL == lt->listen_task)) | ||
1032 | { | ||
1033 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1034 | "add read net listen\n"); | ||
1035 | lt->listen_task = GNUNET_SCHEDULER_add_read_net ( | ||
1036 | GNUNET_TIME_UNIT_FOREVER_REL, | ||
1037 | lt->listen_sock, | ||
1038 | &listen_cb, | ||
1039 | lt); | ||
1040 | } | ||
1041 | else | ||
1042 | GNUNET_free (lt); | ||
1043 | } | ||
1044 | |||
1045 | |||
1046 | /** | ||
1047 | * Compute @a mac over @a buf, and ratched the @a hmac_secret. | ||
1048 | * | ||
1049 | * @param[in,out] hmac_secret secret for HMAC calculation | ||
1050 | * @param buf buffer to MAC | ||
1051 | * @param buf_size number of bytes in @a buf | ||
1052 | * @param[out] smac where to write the HMAC | ||
1053 | */ | ||
1054 | static void | ||
1055 | calculate_hmac (struct GNUNET_HashCode *hmac_secret, | ||
1056 | const void *buf, | ||
1057 | size_t buf_size, | ||
1058 | struct GNUNET_ShortHashCode *smac) | ||
1059 | { | ||
1060 | struct GNUNET_HashCode mac; | ||
1061 | |||
1062 | GNUNET_CRYPTO_hmac_raw (hmac_secret, | ||
1063 | sizeof(struct GNUNET_HashCode), | ||
1064 | buf, | ||
1065 | buf_size, | ||
1066 | &mac); | ||
1067 | /* truncate to `struct GNUNET_ShortHashCode` */ | ||
1068 | memcpy (smac, &mac, sizeof(struct GNUNET_ShortHashCode)); | ||
1069 | /* ratchet hmac key */ | ||
1070 | GNUNET_CRYPTO_hash (hmac_secret, | ||
1071 | sizeof(struct GNUNET_HashCode), | ||
1072 | hmac_secret); | ||
1073 | } | ||
1074 | |||
1075 | |||
1076 | /** | ||
1077 | * Append a 'finish' message to the outgoing transmission. Once the | ||
1078 | * finish has been transmitted, destroy the queue. | ||
1079 | * | ||
1080 | * @param queue queue to shut down nicely | ||
1081 | */ | ||
1082 | static void | ||
1083 | queue_finish (struct Queue *queue) | ||
1084 | { | ||
1085 | struct TCPFinish fin; | ||
1086 | |||
1087 | memset (&fin, 0, sizeof(fin)); | ||
1088 | fin.header.size = htons (sizeof(fin)); | ||
1089 | fin.header.type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH); | ||
1090 | calculate_hmac (&queue->out_hmac, &fin, sizeof(fin), &fin.hmac); | ||
1091 | /* if there is any message left in pwrite_buf, we | ||
1092 | overwrite it (possibly dropping the last message | ||
1093 | from CORE hard here) */ | ||
1094 | memcpy (queue->pwrite_buf, &fin, sizeof(fin)); | ||
1095 | queue->pwrite_off = sizeof(fin); | ||
1096 | /* This flag will ensure that #queue_write() no longer | ||
1097 | notifies CORE about the possibility of sending | ||
1098 | more data, and that #queue_write() will call | ||
1099 | #queue_destroy() once the @c fin was fully written. */ | ||
1100 | queue->finishing = GNUNET_YES; | ||
1101 | } | ||
1102 | |||
1103 | |||
1104 | /** | ||
1105 | * Queue read task. If we hit the timeout, disconnect it | ||
1106 | * | ||
1107 | * @param cls the `struct Queue *` to disconnect | ||
1108 | */ | ||
1109 | static void | ||
1110 | queue_read (void *cls); | ||
1111 | |||
1112 | |||
1113 | /** | ||
1114 | * Core tells us it is done processing a message that transport | ||
1115 | * received on a queue with status @a success. | ||
1116 | * | ||
1117 | * @param cls a `struct Queue *` where the message originally came from | ||
1118 | * @param success #GNUNET_OK on success | ||
1119 | */ | ||
1120 | static void | ||
1121 | core_read_finished_cb (void *cls, int success) | ||
1122 | { | ||
1123 | struct Queue *queue = cls; | ||
1124 | if (GNUNET_OK != success) | ||
1125 | GNUNET_STATISTICS_update (stats, | ||
1126 | "# messages lost in communicator API towards CORE", | ||
1127 | 1, | ||
1128 | GNUNET_NO); | ||
1129 | if (NULL == queue) | ||
1130 | return; | ||
1131 | |||
1132 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1133 | "backpressure %u\n", | ||
1134 | queue->backpressure); | ||
1135 | |||
1136 | queue->backpressure--; | ||
1137 | /* handle deferred queue destruction */ | ||
1138 | if ((queue->destroyed) && (0 == queue->backpressure)) | ||
1139 | { | ||
1140 | GNUNET_free (queue); | ||
1141 | return; | ||
1142 | } | ||
1143 | else if (GNUNET_YES != queue->destroyed) | ||
1144 | { | ||
1145 | queue->timeout = | ||
1146 | GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT | ||
1147 | ); | ||
1148 | /* possibly unchoke reading, now that CORE made progress */ | ||
1149 | if (NULL == queue->read_task) | ||
1150 | queue->read_task = | ||
1151 | GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_absolute_get_remaining ( | ||
1152 | queue->timeout), | ||
1153 | queue->sock, | ||
1154 | &queue_read, | ||
1155 | queue); | ||
1156 | } | ||
1157 | } | ||
1158 | |||
1159 | |||
1160 | /** | ||
1161 | * We received @a plaintext_len bytes of @a plaintext on @a queue. | ||
1162 | * Pass it on to CORE. If transmission is actually happening, | ||
1163 | * increase backpressure counter. | ||
1164 | * | ||
1165 | * @param queue the queue that received the plaintext | ||
1166 | * @param plaintext the plaintext that was received | ||
1167 | * @param plaintext_len number of bytes of plaintext received | ||
1168 | */ | ||
1169 | static void | ||
1170 | pass_plaintext_to_core (struct Queue *queue, | ||
1171 | const void *plaintext, | ||
1172 | size_t plaintext_len) | ||
1173 | { | ||
1174 | const struct GNUNET_MessageHeader *hdr = plaintext; | ||
1175 | int ret; | ||
1176 | |||
1177 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1178 | "pass message from %s to core\n", | ||
1179 | GNUNET_i2s (&queue->target)); | ||
1180 | |||
1181 | if (ntohs (hdr->size) != plaintext_len) | ||
1182 | { | ||
1183 | /* NOTE: If we ever allow multiple CORE messages in one | ||
1184 | BOX, this will have to change! */ | ||
1185 | GNUNET_break (0); | ||
1186 | return; | ||
1187 | } | ||
1188 | ret = GNUNET_TRANSPORT_communicator_receive (ch, | ||
1189 | &queue->target, | ||
1190 | hdr, | ||
1191 | ADDRESS_VALIDITY_PERIOD, | ||
1192 | &core_read_finished_cb, | ||
1193 | queue); | ||
1194 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1195 | "passed to core\n"); | ||
1196 | if (GNUNET_OK == ret) | ||
1197 | queue->backpressure++; | ||
1198 | GNUNET_break (GNUNET_NO != ret); /* backpressure not working!? */ | ||
1199 | if (GNUNET_SYSERR == ret) | ||
1200 | GNUNET_STATISTICS_update (stats, | ||
1201 | "# bytes lost due to CORE not running", | ||
1202 | plaintext_len, | ||
1203 | GNUNET_NO); | ||
1204 | } | ||
1205 | |||
1206 | |||
1207 | /** | ||
1208 | * Setup @a cipher based on shared secret @a dh and decrypting | ||
1209 | * peer @a pid. | ||
1210 | * | ||
1211 | * @param dh shared secret | ||
1212 | * @param pid decrypting peer's identity | ||
1213 | * @param[out] cipher cipher to initialize | ||
1214 | * @param[out] hmac_key HMAC key to initialize | ||
1215 | */ | ||
1216 | static void | ||
1217 | setup_cipher (const struct GNUNET_HashCode *dh, | ||
1218 | const struct GNUNET_PeerIdentity *pid, | ||
1219 | gcry_cipher_hd_t *cipher, | ||
1220 | struct GNUNET_HashCode *hmac_key) | ||
1221 | { | ||
1222 | char key[256 / 8]; | ||
1223 | char ctr[128 / 8]; | ||
1224 | |||
1225 | GNUNET_assert (0 == gcry_cipher_open (cipher, | ||
1226 | GCRY_CIPHER_AES256 /* low level: go for speed */ | ||
1227 | , | ||
1228 | GCRY_CIPHER_MODE_CTR, | ||
1229 | 0 /* flags */)); | ||
1230 | GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_kdf (key, | ||
1231 | sizeof(key), | ||
1232 | "TCP-key", | ||
1233 | strlen ("TCP-key"), | ||
1234 | dh, | ||
1235 | sizeof(*dh), | ||
1236 | pid, | ||
1237 | sizeof(*pid), | ||
1238 | NULL, | ||
1239 | 0)); | ||
1240 | GNUNET_assert (0 == gcry_cipher_setkey (*cipher, key, sizeof(key))); | ||
1241 | GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_kdf (ctr, | ||
1242 | sizeof(ctr), | ||
1243 | "TCP-ctr", | ||
1244 | strlen ("TCP-ctr"), | ||
1245 | dh, | ||
1246 | sizeof(*dh), | ||
1247 | pid, | ||
1248 | sizeof(*pid), | ||
1249 | NULL, | ||
1250 | 0)); | ||
1251 | gcry_cipher_setctr (*cipher, ctr, sizeof(ctr)); | ||
1252 | GNUNET_assert (GNUNET_YES == | ||
1253 | GNUNET_CRYPTO_kdf (hmac_key, | ||
1254 | sizeof(struct GNUNET_HashCode), | ||
1255 | "TCP-hmac", | ||
1256 | strlen ("TCP-hmac"), | ||
1257 | dh, | ||
1258 | sizeof(*dh), | ||
1259 | pid, | ||
1260 | sizeof(*pid), | ||
1261 | NULL, | ||
1262 | 0)); | ||
1263 | } | ||
1264 | |||
1265 | |||
1266 | /** | ||
1267 | * Callback called when peerstore store operation for rekey monotime value is finished. | ||
1268 | * @param cls Queue context the store operation was executed. | ||
1269 | * @param success Store operation was successful (GNUNET_OK) or not. | ||
1270 | */ | ||
1271 | static void | ||
1272 | rekey_monotime_store_cb (void *cls, int success) | ||
1273 | { | ||
1274 | struct Queue *queue = cls; | ||
1275 | if (GNUNET_OK != success) | ||
1276 | { | ||
1277 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1278 | "Failed to store rekey monotonic time in PEERSTORE!\n"); | ||
1279 | } | ||
1280 | queue->rekey_monotime_sc = NULL; | ||
1281 | GNUNET_PEERSTORE_iteration_next (queue->rekey_monotime_get, 1); | ||
1282 | } | ||
1283 | |||
1284 | |||
1285 | /** | ||
1286 | * Callback called by peerstore when records for GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_REKEY | ||
1287 | * where found. | ||
1288 | * @param cls Queue context the store operation was executed. | ||
1289 | * @param record The record found or NULL if there is no record left. | ||
1290 | * @param emsg Message from peerstore. | ||
1291 | */ | ||
1292 | static void | ||
1293 | rekey_monotime_cb (void *cls, | ||
1294 | const struct GNUNET_PEERSTORE_Record *record, | ||
1295 | const char *emsg) | ||
1296 | { | ||
1297 | struct Queue *queue = cls; | ||
1298 | struct GNUNET_TIME_AbsoluteNBO *mtbe; | ||
1299 | struct GNUNET_TIME_Absolute mt; | ||
1300 | const struct GNUNET_PeerIdentity *pid; | ||
1301 | struct GNUNET_TIME_AbsoluteNBO *rekey_monotonic_time; | ||
1302 | |||
1303 | (void) emsg; | ||
1304 | |||
1305 | rekey_monotonic_time = &queue->rekey_monotonic_time; | ||
1306 | pid = &queue->target; | ||
1307 | if (NULL == record) | ||
1308 | { | ||
1309 | queue->rekey_monotime_get = NULL; | ||
1310 | return; | ||
1311 | } | ||
1312 | if (sizeof(*mtbe) != record->value_size) | ||
1313 | { | ||
1314 | GNUNET_PEERSTORE_iteration_next (queue->rekey_monotime_get, 1); | ||
1315 | GNUNET_break (0); | ||
1316 | return; | ||
1317 | } | ||
1318 | mtbe = record->value; | ||
1319 | mt = GNUNET_TIME_absolute_ntoh (*mtbe); | ||
1320 | if (mt.abs_value_us > GNUNET_TIME_absolute_ntoh ( | ||
1321 | queue->rekey_monotonic_time).abs_value_us) | ||
1322 | { | ||
1323 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1324 | "Queue from %s dropped, rekey monotime in the past\n", | ||
1325 | GNUNET_i2s (&queue->target)); | ||
1326 | GNUNET_break (0); | ||
1327 | GNUNET_PEERSTORE_iteration_stop (queue->rekey_monotime_get); | ||
1328 | queue->rekey_monotime_get = NULL; | ||
1329 | // FIXME: Why should we try to gracefully finish here?? | ||
1330 | queue_finish (queue); | ||
1331 | return; | ||
1332 | } | ||
1333 | queue->rekey_monotime_sc = GNUNET_PEERSTORE_store (peerstore, | ||
1334 | "transport_tcp_communicator", | ||
1335 | pid, | ||
1336 | GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_REKEY, | ||
1337 | rekey_monotonic_time, | ||
1338 | sizeof(* | ||
1339 | rekey_monotonic_time), | ||
1340 | GNUNET_TIME_UNIT_FOREVER_ABS, | ||
1341 | GNUNET_PEERSTORE_STOREOPTION_REPLACE, | ||
1342 | &rekey_monotime_store_cb, | ||
1343 | queue); | ||
1344 | } | ||
1345 | |||
1346 | |||
1347 | /** | ||
1348 | * Setup cipher of @a queue for decryption. | ||
1349 | * | ||
1350 | * @param ephemeral ephemeral key we received from the other peer | ||
1351 | * @param[in,out] queue queue to initialize decryption cipher for | ||
1352 | */ | ||
1353 | static void | ||
1354 | setup_in_cipher (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral, | ||
1355 | struct Queue *queue) | ||
1356 | { | ||
1357 | struct GNUNET_HashCode k; | ||
1358 | |||
1359 | GNUNET_CRYPTO_eddsa_kem_decaps (my_private_key, ephemeral, &k); | ||
1360 | setup_cipher (&k, &my_identity, &queue->in_cipher, &queue->in_hmac); | ||
1361 | } | ||
1362 | |||
1363 | |||
1364 | /** | ||
1365 | * Handle @a rekey message on @a queue. The message was already | ||
1366 | * HMAC'ed, but we should additionally still check the signature. | ||
1367 | * Then we need to stop the old cipher and start afresh. | ||
1368 | * | ||
1369 | * @param queue the queue @a rekey was received on | ||
1370 | * @param rekey the rekey message | ||
1371 | */ | ||
1372 | static void | ||
1373 | do_rekey (struct Queue *queue, const struct TCPRekey *rekey) | ||
1374 | { | ||
1375 | struct TcpRekeySignature thp; | ||
1376 | |||
1377 | thp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_TCP_REKEY); | ||
1378 | thp.purpose.size = htonl (sizeof(thp)); | ||
1379 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1380 | "do_rekey size %u\n", | ||
1381 | thp.purpose.size); | ||
1382 | thp.sender = queue->target; | ||
1383 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1384 | "sender %s\n", | ||
1385 | GNUNET_p2s (&thp.sender.public_key)); | ||
1386 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1387 | "sender %s\n", | ||
1388 | GNUNET_p2s (&queue->target.public_key)); | ||
1389 | thp.receiver = my_identity; | ||
1390 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1391 | "receiver %s\n", | ||
1392 | GNUNET_p2s (&thp.receiver.public_key)); | ||
1393 | thp.ephemeral = rekey->ephemeral; | ||
1394 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1395 | "ephemeral %s\n", | ||
1396 | GNUNET_e2s (&thp.ephemeral)); | ||
1397 | thp.monotonic_time = rekey->monotonic_time; | ||
1398 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1399 | "time %s\n", | ||
1400 | GNUNET_STRINGS_absolute_time_to_string ( | ||
1401 | GNUNET_TIME_absolute_ntoh (thp.monotonic_time))); | ||
1402 | GNUNET_assert (ntohl ((&thp)->purpose.size) == sizeof (*(&thp))); | ||
1403 | if (GNUNET_OK != | ||
1404 | GNUNET_CRYPTO_eddsa_verify ( | ||
1405 | GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_TCP_REKEY, | ||
1406 | &thp, | ||
1407 | &rekey->sender_sig, | ||
1408 | &queue->target.public_key)) | ||
1409 | { | ||
1410 | GNUNET_break (0); | ||
1411 | // FIXME Why should we try to gracefully finish here? | ||
1412 | queue_finish (queue); | ||
1413 | return; | ||
1414 | } | ||
1415 | queue->rekey_monotonic_time = rekey->monotonic_time; | ||
1416 | queue->rekey_monotime_get = GNUNET_PEERSTORE_iteration_start (peerstore, | ||
1417 | "transport_tcp_communicator", | ||
1418 | &queue->target, | ||
1419 | GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_REKEY, | ||
1420 | & | ||
1421 | rekey_monotime_cb, | ||
1422 | queue); | ||
1423 | gcry_cipher_close (queue->in_cipher); | ||
1424 | queue->rekeyed = GNUNET_YES; | ||
1425 | setup_in_cipher (&rekey->ephemeral, queue); | ||
1426 | } | ||
1427 | |||
1428 | |||
1429 | /** | ||
1430 | * Callback called when peerstore store operation for handshake ack monotime value is finished. | ||
1431 | * @param cls Queue context the store operation was executed. | ||
1432 | * @param success Store operation was successful (GNUNET_OK) or not. | ||
1433 | */ | ||
1434 | static void | ||
1435 | handshake_ack_monotime_store_cb (void *cls, int success) | ||
1436 | { | ||
1437 | struct Queue *queue = cls; | ||
1438 | |||
1439 | if (GNUNET_OK != success) | ||
1440 | { | ||
1441 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1442 | "Failed to store handshake ack monotonic time in PEERSTORE!\n"); | ||
1443 | } | ||
1444 | queue->handshake_ack_monotime_sc = NULL; | ||
1445 | GNUNET_PEERSTORE_iteration_next (queue->handshake_ack_monotime_get, 1); | ||
1446 | } | ||
1447 | |||
1448 | |||
1449 | /** | ||
1450 | * Callback called by peerstore when records for GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE_ACK | ||
1451 | * where found. | ||
1452 | * @param cls Queue context the store operation was executed. | ||
1453 | * @param record The record found or NULL if there is no record left. | ||
1454 | * @param emsg Message from peerstore. | ||
1455 | */ | ||
1456 | static void | ||
1457 | handshake_ack_monotime_cb (void *cls, | ||
1458 | const struct GNUNET_PEERSTORE_Record *record, | ||
1459 | const char *emsg) | ||
1460 | { | ||
1461 | struct Queue *queue = cls; | ||
1462 | struct GNUNET_TIME_AbsoluteNBO *mtbe; | ||
1463 | struct GNUNET_TIME_Absolute mt; | ||
1464 | const struct GNUNET_PeerIdentity *pid; | ||
1465 | struct GNUNET_TIME_AbsoluteNBO *handshake_ack_monotonic_time; | ||
1466 | |||
1467 | (void) emsg; | ||
1468 | |||
1469 | handshake_ack_monotonic_time = &queue->handshake_ack_monotonic_time; | ||
1470 | pid = &queue->target; | ||
1471 | if (NULL == record) | ||
1472 | { | ||
1473 | queue->handshake_ack_monotime_get = NULL; | ||
1474 | return; | ||
1475 | } | ||
1476 | if (sizeof(*mtbe) != record->value_size) | ||
1477 | { | ||
1478 | GNUNET_PEERSTORE_iteration_next (queue->handshake_ack_monotime_get, 1); | ||
1479 | GNUNET_break (0); | ||
1480 | return; | ||
1481 | } | ||
1482 | mtbe = record->value; | ||
1483 | mt = GNUNET_TIME_absolute_ntoh (*mtbe); | ||
1484 | if (mt.abs_value_us > GNUNET_TIME_absolute_ntoh ( | ||
1485 | queue->handshake_ack_monotonic_time).abs_value_us) | ||
1486 | { | ||
1487 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1488 | "Queue from %s dropped, handshake ack monotime in the past\n", | ||
1489 | GNUNET_i2s (&queue->target)); | ||
1490 | GNUNET_break (0); | ||
1491 | GNUNET_PEERSTORE_iteration_stop (queue->handshake_ack_monotime_get); | ||
1492 | queue->handshake_ack_monotime_get = NULL; | ||
1493 | // FIXME: Why should we try to gracefully finish here? | ||
1494 | queue_finish (queue); | ||
1495 | return; | ||
1496 | } | ||
1497 | queue->handshake_ack_monotime_sc = | ||
1498 | GNUNET_PEERSTORE_store (peerstore, | ||
1499 | "transport_tcp_communicator", | ||
1500 | pid, | ||
1501 | GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE_ACK, | ||
1502 | handshake_ack_monotonic_time, | ||
1503 | sizeof(*handshake_ack_monotonic_time), | ||
1504 | GNUNET_TIME_UNIT_FOREVER_ABS, | ||
1505 | GNUNET_PEERSTORE_STOREOPTION_REPLACE, | ||
1506 | &handshake_ack_monotime_store_cb, | ||
1507 | queue); | ||
1508 | } | ||
1509 | |||
1510 | |||
1511 | /** | ||
1512 | * Sending challenge with TcpConfirmationAck back to sender of ephemeral key. | ||
1513 | * | ||
1514 | * @param tc The TCPConfirmation originally send. | ||
1515 | * @param queue The queue context. | ||
1516 | */ | ||
1517 | static void | ||
1518 | send_challenge (struct GNUNET_CRYPTO_ChallengeNonceP challenge, | ||
1519 | struct Queue *queue) | ||
1520 | { | ||
1521 | struct TCPConfirmationAck tca; | ||
1522 | struct TcpHandshakeAckSignature thas; | ||
1523 | |||
1524 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1525 | "sending challenge\n"); | ||
1526 | |||
1527 | tca.header.type = ntohs ( | ||
1528 | GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_CONFIRMATION_ACK); | ||
1529 | tca.header.size = ntohs (sizeof(tca)); | ||
1530 | tca.challenge = challenge; | ||
1531 | tca.sender = my_identity; | ||
1532 | tca.monotonic_time = | ||
1533 | GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg)); | ||
1534 | thas.purpose.purpose = htonl ( | ||
1535 | GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_TCP_HANDSHAKE_ACK); | ||
1536 | thas.purpose.size = htonl (sizeof(thas)); | ||
1537 | thas.sender = my_identity; | ||
1538 | thas.receiver = queue->target; | ||
1539 | thas.monotonic_time = tca.monotonic_time; | ||
1540 | thas.challenge = tca.challenge; | ||
1541 | GNUNET_CRYPTO_eddsa_sign (my_private_key, | ||
1542 | &thas, | ||
1543 | &tca.sender_sig); | ||
1544 | GNUNET_assert (0 == | ||
1545 | gcry_cipher_encrypt (queue->out_cipher, | ||
1546 | &queue->cwrite_buf[queue->cwrite_off], | ||
1547 | sizeof(tca), | ||
1548 | &tca, | ||
1549 | sizeof(tca))); | ||
1550 | queue->cwrite_off += sizeof(tca); | ||
1551 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1552 | "sending challenge done\n"); | ||
1553 | } | ||
1554 | |||
1555 | |||
1556 | /** | ||
1557 | * Setup cipher for outgoing data stream based on target and | ||
1558 | * our ephemeral private key. | ||
1559 | * | ||
1560 | * @param queue queue to setup outgoing (encryption) cipher for | ||
1561 | */ | ||
1562 | static void | ||
1563 | setup_out_cipher (struct Queue *queue, struct GNUNET_HashCode *dh) | ||
1564 | { | ||
1565 | setup_cipher (dh, &queue->target, &queue->out_cipher, &queue->out_hmac); | ||
1566 | queue->rekey_time = GNUNET_TIME_relative_to_absolute (rekey_interval); | ||
1567 | queue->rekey_left_bytes = | ||
1568 | GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK, rekey_max_bytes); | ||
1569 | } | ||
1570 | |||
1571 | |||
1572 | /** | ||
1573 | * Inject a `struct TCPRekey` message into the queue's plaintext | ||
1574 | * buffer. | ||
1575 | * | ||
1576 | * @param queue queue to perform rekeying on | ||
1577 | */ | ||
1578 | static void | ||
1579 | inject_rekey (struct Queue *queue) | ||
1580 | { | ||
1581 | struct TCPRekey rekey; | ||
1582 | struct TcpRekeySignature thp; | ||
1583 | struct GNUNET_HashCode k; | ||
1584 | |||
1585 | GNUNET_assert (0 == queue->pwrite_off); | ||
1586 | memset (&rekey, 0, sizeof(rekey)); | ||
1587 | GNUNET_CRYPTO_eddsa_kem_encaps (&queue->target.public_key, &rekey.ephemeral, | ||
1588 | &k); | ||
1589 | rekey.header.type = ntohs (GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY); | ||
1590 | rekey.header.size = ntohs (sizeof(rekey)); | ||
1591 | rekey.monotonic_time = | ||
1592 | GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg)); | ||
1593 | thp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_TCP_REKEY); | ||
1594 | thp.purpose.size = htonl (sizeof(thp)); | ||
1595 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1596 | "inject_rekey size %u\n", | ||
1597 | thp.purpose.size); | ||
1598 | thp.sender = my_identity; | ||
1599 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1600 | "sender %s\n", | ||
1601 | GNUNET_p2s (&thp.sender.public_key)); | ||
1602 | thp.receiver = queue->target; | ||
1603 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1604 | "receiver %s\n", | ||
1605 | GNUNET_p2s (&thp.receiver.public_key)); | ||
1606 | thp.ephemeral = rekey.ephemeral; | ||
1607 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1608 | "ephemeral %s\n", | ||
1609 | GNUNET_e2s (&thp.ephemeral)); | ||
1610 | thp.monotonic_time = rekey.monotonic_time; | ||
1611 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1612 | "time %s\n", | ||
1613 | GNUNET_STRINGS_absolute_time_to_string ( | ||
1614 | GNUNET_TIME_absolute_ntoh (thp.monotonic_time))); | ||
1615 | GNUNET_CRYPTO_eddsa_sign (my_private_key, | ||
1616 | &thp, | ||
1617 | &rekey.sender_sig); | ||
1618 | calculate_hmac (&queue->out_hmac, &rekey, sizeof(rekey), &rekey.hmac); | ||
1619 | /* Encrypt rekey message with 'old' cipher */ | ||
1620 | GNUNET_assert (0 == | ||
1621 | gcry_cipher_encrypt (queue->out_cipher, | ||
1622 | &queue->cwrite_buf[queue->cwrite_off], | ||
1623 | sizeof(rekey), | ||
1624 | &rekey, | ||
1625 | sizeof(rekey))); | ||
1626 | queue->cwrite_off += sizeof(rekey); | ||
1627 | /* Setup new cipher for successive messages */ | ||
1628 | gcry_cipher_close (queue->out_cipher); | ||
1629 | setup_out_cipher (queue, &k); | ||
1630 | } | ||
1631 | |||
1632 | |||
1633 | static int | ||
1634 | pending_reversals_delete_it (void *cls, | ||
1635 | const struct GNUNET_HashCode *key, | ||
1636 | void *value) | ||
1637 | { | ||
1638 | (void) cls; | ||
1639 | struct PendingReversal *pending_reversal = value; | ||
1640 | |||
1641 | if (NULL != pending_reversal->timeout_task) | ||
1642 | { | ||
1643 | GNUNET_SCHEDULER_cancel (pending_reversal->timeout_task); | ||
1644 | pending_reversal->timeout_task = NULL; | ||
1645 | } | ||
1646 | GNUNET_assert (GNUNET_YES == GNUNET_CONTAINER_multihashmap_remove ( | ||
1647 | pending_reversals, | ||
1648 | key, | ||
1649 | pending_reversal)); | ||
1650 | GNUNET_free (pending_reversal->in); | ||
1651 | GNUNET_free (pending_reversal); | ||
1652 | return GNUNET_OK; | ||
1653 | } | ||
1654 | |||
1655 | |||
1656 | static void | ||
1657 | check_and_remove_pending_reversal (struct sockaddr *in, sa_family_t sa_family, | ||
1658 | struct GNUNET_PeerIdentity *sender) | ||
1659 | { | ||
1660 | if (AF_INET == sa_family) | ||
1661 | { | ||
1662 | struct PendingReversal *pending_reversal; | ||
1663 | struct GNUNET_HashCode key; | ||
1664 | struct sockaddr_in *natted_address; | ||
1665 | |||
1666 | natted_address = GNUNET_memdup (in, sizeof (struct sockaddr)); | ||
1667 | natted_address->sin_port = 0; | ||
1668 | GNUNET_CRYPTO_hash (natted_address, | ||
1669 | sizeof(struct sockaddr), | ||
1670 | &key); | ||
1671 | |||
1672 | pending_reversal = GNUNET_CONTAINER_multihashmap_get (pending_reversals, | ||
1673 | &key); | ||
1674 | if (NULL != pending_reversal && (NULL == sender || | ||
1675 | 0 != memcmp (sender, | ||
1676 | &pending_reversal->target, | ||
1677 | sizeof(struct | ||
1678 | GNUNET_PeerIdentity)))) | ||
1679 | { | ||
1680 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
1681 | "Removing invalid pending reversal for `%s'at `%s'\n", | ||
1682 | GNUNET_i2s (&pending_reversal->target), | ||
1683 | GNUNET_a2s (in, sizeof (struct sockaddr))); | ||
1684 | pending_reversals_delete_it (NULL, &key, pending_reversal); | ||
1685 | } | ||
1686 | GNUNET_free (natted_address); | ||
1687 | } | ||
1688 | } | ||
1689 | |||
1690 | |||
1691 | /** | ||
1692 | * Closes socket and frees memory associated with @a pq. | ||
1693 | * | ||
1694 | * @param pq proto queue to free | ||
1695 | */ | ||
1696 | static void | ||
1697 | free_proto_queue (struct ProtoQueue *pq) | ||
1698 | { | ||
1699 | if (NULL != pq->listen_sock) | ||
1700 | { | ||
1701 | GNUNET_break (GNUNET_OK == GNUNET_NETWORK_socket_close (pq->listen_sock)); | ||
1702 | pq->listen_sock = NULL; | ||
1703 | } | ||
1704 | if (NULL != pq->read_task) | ||
1705 | { | ||
1706 | GNUNET_SCHEDULER_cancel (pq->read_task); | ||
1707 | pq->read_task = NULL; | ||
1708 | } | ||
1709 | if (NULL != pq->write_task) | ||
1710 | { | ||
1711 | GNUNET_SCHEDULER_cancel (pq->write_task); | ||
1712 | pq->write_task = NULL; | ||
1713 | } | ||
1714 | check_and_remove_pending_reversal (pq->address, pq->address->sa_family, NULL); | ||
1715 | GNUNET_NETWORK_socket_close (pq->sock); | ||
1716 | GNUNET_free (pq->address); | ||
1717 | GNUNET_CONTAINER_DLL_remove (proto_head, proto_tail, pq); | ||
1718 | GNUNET_free (pq); | ||
1719 | } | ||
1720 | |||
1721 | |||
1722 | /** | ||
1723 | * We have been notified that our socket is ready to write. | ||
1724 | * Then reschedule this function to be called again once more is available. | ||
1725 | * | ||
1726 | * @param cls a `struct ProtoQueue` | ||
1727 | */ | ||
1728 | static void | ||
1729 | proto_queue_write (void *cls) | ||
1730 | { | ||
1731 | struct ProtoQueue *pq = cls; | ||
1732 | ssize_t sent; | ||
1733 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "In proto queue write\n"); | ||
1734 | pq->write_task = NULL; | ||
1735 | if (0 != pq->write_off) | ||
1736 | { | ||
1737 | sent = GNUNET_NETWORK_socket_send (pq->sock, | ||
1738 | pq->write_buf, | ||
1739 | pq->write_off); | ||
1740 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1741 | "Sent %lu bytes to TCP queue\n", sent); | ||
1742 | if ((-1 == sent) && (EAGAIN != errno) && (EINTR != errno)) | ||
1743 | { | ||
1744 | GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "send"); | ||
1745 | free_proto_queue (pq); | ||
1746 | return; | ||
1747 | } | ||
1748 | if (sent > 0) | ||
1749 | { | ||
1750 | size_t usent = (size_t) sent; | ||
1751 | pq->write_off -= usent; | ||
1752 | memmove (pq->write_buf, | ||
1753 | &pq->write_buf[usent], | ||
1754 | pq->write_off); | ||
1755 | } | ||
1756 | } | ||
1757 | /* do we care to write more? */ | ||
1758 | if ((0 < pq->write_off)) | ||
1759 | pq->write_task = | ||
1760 | GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL, | ||
1761 | pq->sock, | ||
1762 | &proto_queue_write, | ||
1763 | pq); | ||
1764 | } | ||
1765 | |||
1766 | |||
1767 | /** | ||
1768 | * We have been notified that our socket is ready to write. | ||
1769 | * Then reschedule this function to be called again once more is available. | ||
1770 | * | ||
1771 | * @param cls a `struct Queue` | ||
1772 | */ | ||
1773 | static void | ||
1774 | queue_write (void *cls) | ||
1775 | { | ||
1776 | struct Queue *queue = cls; | ||
1777 | ssize_t sent; | ||
1778 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "In queue write\n"); | ||
1779 | queue->write_task = NULL; | ||
1780 | if (0 != queue->cwrite_off) | ||
1781 | { | ||
1782 | sent = GNUNET_NETWORK_socket_send (queue->sock, | ||
1783 | queue->cwrite_buf, | ||
1784 | queue->cwrite_off); | ||
1785 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1786 | "Sent %lu bytes to TCP queue\n", sent); | ||
1787 | if ((-1 == sent) && (EAGAIN != errno) && (EINTR != errno)) | ||
1788 | { | ||
1789 | GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "send"); | ||
1790 | queue_destroy (queue); | ||
1791 | return; | ||
1792 | } | ||
1793 | if (sent > 0) | ||
1794 | { | ||
1795 | size_t usent = (size_t) sent; | ||
1796 | queue->cwrite_off -= usent; | ||
1797 | memmove (queue->cwrite_buf, | ||
1798 | &queue->cwrite_buf[usent], | ||
1799 | queue->cwrite_off); | ||
1800 | queue->timeout = | ||
1801 | GNUNET_TIME_relative_to_absolute ( | ||
1802 | GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT); | ||
1803 | } | ||
1804 | } | ||
1805 | /* can we encrypt more? (always encrypt full messages, needed | ||
1806 | such that #mq_cancel() can work!) */ | ||
1807 | unsigned int we_do_not_need_to_rekey = (0 < queue->rekey_left_bytes | ||
1808 | - (queue->cwrite_off | ||
1809 | + queue->pwrite_off | ||
1810 | + sizeof (struct TCPRekey))); | ||
1811 | if (we_do_not_need_to_rekey && | ||
1812 | (queue->pwrite_off > 0) && | ||
1813 | (queue->cwrite_off + queue->pwrite_off <= BUF_SIZE)) | ||
1814 | { | ||
1815 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1816 | "Encrypting %lu bytes\n", queue->pwrite_off); | ||
1817 | GNUNET_assert (0 == | ||
1818 | gcry_cipher_encrypt (queue->out_cipher, | ||
1819 | &queue->cwrite_buf[queue->cwrite_off], | ||
1820 | queue->pwrite_off, | ||
1821 | queue->pwrite_buf, | ||
1822 | queue->pwrite_off)); | ||
1823 | if (queue->rekey_left_bytes > queue->pwrite_off) | ||
1824 | queue->rekey_left_bytes -= queue->pwrite_off; | ||
1825 | else | ||
1826 | queue->rekey_left_bytes = 0; | ||
1827 | queue->cwrite_off += queue->pwrite_off; | ||
1828 | queue->pwrite_off = 0; | ||
1829 | } | ||
1830 | // if ((-1 != unverified_size)&& ((0 == queue->pwrite_off) && | ||
1831 | if (((0 == queue->rekey_left_bytes) || | ||
1832 | (0 == GNUNET_TIME_absolute_get_remaining ( | ||
1833 | queue->rekey_time).rel_value_us)) && | ||
1834 | (((0 == queue->pwrite_off) || ! we_do_not_need_to_rekey) && | ||
1835 | (queue->cwrite_off + sizeof (struct TCPRekey) <= BUF_SIZE))) | ||
1836 | { | ||
1837 | inject_rekey (queue); | ||
1838 | } | ||
1839 | if ((0 == queue->pwrite_off) && (! queue->finishing) && | ||
1840 | (GNUNET_YES == queue->mq_awaits_continue)) | ||
1841 | { | ||
1842 | queue->mq_awaits_continue = GNUNET_NO; | ||
1843 | GNUNET_MQ_impl_send_continue (queue->mq); | ||
1844 | } | ||
1845 | /* did we just finish writing 'finish'? */ | ||
1846 | if ((0 == queue->cwrite_off) && (GNUNET_YES == queue->finishing)) | ||
1847 | { | ||
1848 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1849 | "Finishing queue\n"); | ||
1850 | queue_destroy (queue); | ||
1851 | return; | ||
1852 | } | ||
1853 | /* do we care to write more? */ | ||
1854 | if ((0 < queue->cwrite_off) || (0 < queue->pwrite_off)) | ||
1855 | queue->write_task = | ||
1856 | GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL, | ||
1857 | queue->sock, | ||
1858 | &queue_write, | ||
1859 | queue); | ||
1860 | } | ||
1861 | |||
1862 | |||
1863 | /** | ||
1864 | * Test if we have received a full message in plaintext. | ||
1865 | * If so, handle it. | ||
1866 | * | ||
1867 | * @param queue queue to process inbound plaintext for | ||
1868 | * @return number of bytes of plaintext handled, 0 for none | ||
1869 | */ | ||
1870 | static size_t | ||
1871 | try_handle_plaintext (struct Queue *queue) | ||
1872 | { | ||
1873 | const struct GNUNET_MessageHeader *hdr; | ||
1874 | const struct TCPConfirmationAck *tca; | ||
1875 | const struct TCPBox *box; | ||
1876 | const struct TCPRekey *rekey; | ||
1877 | const struct TCPFinish *fin; | ||
1878 | struct TCPRekey rekeyz; | ||
1879 | struct TCPFinish finz; | ||
1880 | struct GNUNET_ShortHashCode tmac; | ||
1881 | uint16_t type; | ||
1882 | size_t size = 0; | ||
1883 | struct TcpHandshakeAckSignature thas; | ||
1884 | const struct GNUNET_CRYPTO_ChallengeNonceP challenge = queue->challenge; | ||
1885 | |||
1886 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1887 | "try handle plaintext!\n"); | ||
1888 | |||
1889 | hdr = (const struct GNUNET_MessageHeader *) queue->pread_buf; | ||
1890 | if ((sizeof(*hdr) > queue->pread_off)) | ||
1891 | { | ||
1892 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1893 | "Handling plaintext, not even a header!\n"); | ||
1894 | return 0; /* not even a header */ | ||
1895 | } | ||
1896 | |||
1897 | if ((GNUNET_YES != queue->initial_core_kx_done) && (queue->unverified_size > | ||
1898 | INITIAL_CORE_KX_SIZE)) | ||
1899 | { | ||
1900 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1901 | "Already received data of size %lu bigger than KX size %lu!\n", | ||
1902 | queue->unverified_size, | ||
1903 | INITIAL_CORE_KX_SIZE); | ||
1904 | GNUNET_break_op (0); | ||
1905 | queue_finish (queue); | ||
1906 | return 0; | ||
1907 | } | ||
1908 | |||
1909 | type = ntohs (hdr->type); | ||
1910 | switch (type) | ||
1911 | { | ||
1912 | case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_CONFIRMATION_ACK: | ||
1913 | tca = (const struct TCPConfirmationAck *) queue->pread_buf; | ||
1914 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1915 | "start processing ack\n"); | ||
1916 | if (sizeof(*tca) > queue->pread_off) | ||
1917 | { | ||
1918 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1919 | "Handling plaintext size of tca greater than pread offset.\n") | ||
1920 | ; | ||
1921 | return 0; | ||
1922 | } | ||
1923 | if (ntohs (hdr->size) != sizeof(*tca)) | ||
1924 | { | ||
1925 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1926 | "Handling plaintext size does not match message type.\n"); | ||
1927 | GNUNET_break_op (0); | ||
1928 | queue_finish (queue); | ||
1929 | return 0; | ||
1930 | } | ||
1931 | |||
1932 | thas.purpose.purpose = htonl ( | ||
1933 | GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_TCP_HANDSHAKE_ACK); | ||
1934 | thas.purpose.size = htonl (sizeof(thas)); | ||
1935 | thas.sender = tca->sender; | ||
1936 | thas.receiver = my_identity; | ||
1937 | thas.monotonic_time = tca->monotonic_time; | ||
1938 | thas.challenge = tca->challenge; | ||
1939 | |||
1940 | if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_verify ( | ||
1941 | GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_TCP_HANDSHAKE_ACK, | ||
1942 | &thas, | ||
1943 | &tca->sender_sig, | ||
1944 | &tca->sender.public_key)) | ||
1945 | { | ||
1946 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1947 | "Verification of signature failed!\n"); | ||
1948 | GNUNET_break (0); | ||
1949 | queue_finish (queue); | ||
1950 | return 0; | ||
1951 | } | ||
1952 | if (0 != GNUNET_memcmp (&tca->challenge, &challenge)) | ||
1953 | { | ||
1954 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1955 | "Challenge in TCPConfirmationAck not correct!\n"); | ||
1956 | GNUNET_break (0); | ||
1957 | queue_finish (queue); | ||
1958 | return 0; | ||
1959 | } | ||
1960 | |||
1961 | queue->handshake_ack_monotime_get = GNUNET_PEERSTORE_iteration_start ( | ||
1962 | peerstore, | ||
1963 | "transport_tcp_communicator", | ||
1964 | &queue->target, | ||
1965 | GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE_ACK, | ||
1966 | &handshake_ack_monotime_cb, | ||
1967 | queue); | ||
1968 | |||
1969 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1970 | "Handling plaintext, ack processed!\n"); | ||
1971 | |||
1972 | if (GNUNET_TRANSPORT_CS_INBOUND == queue->cs) | ||
1973 | { | ||
1974 | send_challenge (queue->challenge_received, queue); | ||
1975 | queue->write_task = | ||
1976 | GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL, | ||
1977 | queue->sock, | ||
1978 | &queue_write, | ||
1979 | queue); | ||
1980 | } | ||
1981 | else if (GNUNET_TRANSPORT_CS_OUTBOUND == queue->cs) | ||
1982 | { | ||
1983 | check_and_remove_pending_reversal (queue->address, | ||
1984 | queue->address->sa_family, NULL); | ||
1985 | } | ||
1986 | |||
1987 | /** | ||
1988 | * Once we received this ack, we consider this a verified connection. | ||
1989 | * FIXME: I am not sure this logic is sane here. | ||
1990 | */ | ||
1991 | queue->initial_core_kx_done = GNUNET_YES; | ||
1992 | |||
1993 | char *foreign_addr; | ||
1994 | |||
1995 | switch (queue->address->sa_family) | ||
1996 | { | ||
1997 | case AF_INET: | ||
1998 | GNUNET_asprintf (&foreign_addr, | ||
1999 | "%s-%s", | ||
2000 | COMMUNICATOR_ADDRESS_PREFIX, | ||
2001 | GNUNET_a2s (queue->address, queue->address_len)); | ||
2002 | break; | ||
2003 | |||
2004 | case AF_INET6: | ||
2005 | GNUNET_asprintf (&foreign_addr, | ||
2006 | "%s-%s", | ||
2007 | COMMUNICATOR_ADDRESS_PREFIX, | ||
2008 | GNUNET_a2s (queue->address, queue->address_len)); | ||
2009 | break; | ||
2010 | |||
2011 | default: | ||
2012 | GNUNET_assert (0); | ||
2013 | } | ||
2014 | |||
2015 | queue->qh = GNUNET_TRANSPORT_communicator_mq_add (ch, | ||
2016 | &queue->target, | ||
2017 | foreign_addr, | ||
2018 | UINT16_MAX, /* no MTU */ | ||
2019 | GNUNET_TRANSPORT_QUEUE_LENGTH_UNLIMITED, | ||
2020 | 0, /* Priority */ | ||
2021 | queue->nt, | ||
2022 | queue->cs, | ||
2023 | queue->mq); | ||
2024 | |||
2025 | GNUNET_free (foreign_addr); | ||
2026 | |||
2027 | size = ntohs (hdr->size); | ||
2028 | break; | ||
2029 | case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_BOX: | ||
2030 | /* Special case: header size excludes box itself! */ | ||
2031 | box = (const struct TCPBox *) queue->pread_buf; | ||
2032 | if (ntohs (hdr->size) + sizeof(struct TCPBox) > queue->pread_off) | ||
2033 | return 0; | ||
2034 | calculate_hmac (&queue->in_hmac, &box[1], ntohs (hdr->size), &tmac); | ||
2035 | if (0 != memcmp (&tmac, &box->hmac, sizeof(tmac))) | ||
2036 | { | ||
2037 | GNUNET_break_op (0); | ||
2038 | queue_finish (queue); | ||
2039 | return 0; | ||
2040 | } | ||
2041 | pass_plaintext_to_core (queue, (const void *) &box[1], ntohs (hdr->size)); | ||
2042 | size = ntohs (hdr->size) + sizeof(*box); | ||
2043 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2044 | "Handling plaintext, box processed!\n"); | ||
2045 | GNUNET_STATISTICS_update (stats, | ||
2046 | "# bytes decrypted with BOX", | ||
2047 | size, | ||
2048 | GNUNET_NO); | ||
2049 | GNUNET_STATISTICS_update (stats, | ||
2050 | "# messages decrypted with BOX", | ||
2051 | 1, | ||
2052 | GNUNET_NO); | ||
2053 | break; | ||
2054 | |||
2055 | case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY: | ||
2056 | rekey = (const struct TCPRekey *) queue->pread_buf; | ||
2057 | if (sizeof(*rekey) > queue->pread_off) | ||
2058 | return 0; | ||
2059 | if (ntohs (hdr->size) != sizeof(*rekey)) | ||
2060 | { | ||
2061 | GNUNET_break_op (0); | ||
2062 | queue_finish (queue); | ||
2063 | return 0; | ||
2064 | } | ||
2065 | rekeyz = *rekey; | ||
2066 | memset (&rekeyz.hmac, 0, sizeof(rekeyz.hmac)); | ||
2067 | calculate_hmac (&queue->in_hmac, &rekeyz, sizeof(rekeyz), &tmac); | ||
2068 | if (0 != memcmp (&tmac, &rekey->hmac, sizeof(tmac))) | ||
2069 | { | ||
2070 | GNUNET_break_op (0); | ||
2071 | queue_finish (queue); | ||
2072 | return 0; | ||
2073 | } | ||
2074 | do_rekey (queue, rekey); | ||
2075 | size = ntohs (hdr->size); | ||
2076 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2077 | "Handling plaintext, rekey processed!\n"); | ||
2078 | GNUNET_STATISTICS_update (stats, | ||
2079 | "# rekeying successful", | ||
2080 | 1, | ||
2081 | GNUNET_NO); | ||
2082 | break; | ||
2083 | |||
2084 | case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH: | ||
2085 | fin = (const struct TCPFinish *) queue->pread_buf; | ||
2086 | if (sizeof(*fin) > queue->pread_off) | ||
2087 | return 0; | ||
2088 | if (ntohs (hdr->size) != sizeof(*fin)) | ||
2089 | { | ||
2090 | GNUNET_break_op (0); | ||
2091 | queue_finish (queue); | ||
2092 | return 0; | ||
2093 | } | ||
2094 | finz = *fin; | ||
2095 | memset (&finz.hmac, 0, sizeof(finz.hmac)); | ||
2096 | calculate_hmac (&queue->in_hmac, &finz, sizeof(finz), &tmac); | ||
2097 | if (0 != memcmp (&tmac, &fin->hmac, sizeof(tmac))) | ||
2098 | { | ||
2099 | GNUNET_break_op (0); | ||
2100 | queue_finish (queue); | ||
2101 | return 0; | ||
2102 | } | ||
2103 | /* handle FINISH by destroying queue */ | ||
2104 | queue_destroy (queue); | ||
2105 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2106 | "Handling plaintext, finish processed!\n"); | ||
2107 | break; | ||
2108 | |||
2109 | default: | ||
2110 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2111 | "Handling plaintext, nothing processed!\n"); | ||
2112 | GNUNET_break_op (0); | ||
2113 | queue_finish (queue); | ||
2114 | return 0; | ||
2115 | } | ||
2116 | GNUNET_assert (0 != size); | ||
2117 | if (-1 != queue->unverified_size) | ||
2118 | queue->unverified_size += size; | ||
2119 | return size; | ||
2120 | } | ||
2121 | |||
2122 | |||
2123 | /** | ||
2124 | * Queue read task. If we hit the timeout, disconnect it | ||
2125 | * | ||
2126 | * @param cls the `struct Queue *` to disconnect | ||
2127 | */ | ||
2128 | static void | ||
2129 | queue_read (void *cls) | ||
2130 | { | ||
2131 | struct Queue *queue = cls; | ||
2132 | struct GNUNET_TIME_Relative left; | ||
2133 | ssize_t rcvd; | ||
2134 | |||
2135 | queue->read_task = NULL; | ||
2136 | rcvd = GNUNET_NETWORK_socket_recv (queue->sock, | ||
2137 | &queue->cread_buf[queue->cread_off], | ||
2138 | BUF_SIZE - queue->cread_off); | ||
2139 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2140 | "Received %zd bytes from TCP queue\n", rcvd); | ||
2141 | if (-1 == rcvd) | ||
2142 | { | ||
2143 | if ((EAGAIN != errno) && (EINTR != errno)) | ||
2144 | { | ||
2145 | GNUNET_log_strerror (GNUNET_ERROR_TYPE_DEBUG, "recv"); | ||
2146 | queue_destroy (queue); | ||
2147 | return; | ||
2148 | } | ||
2149 | /* try again */ | ||
2150 | left = GNUNET_TIME_absolute_get_remaining (queue->timeout); | ||
2151 | if (0 != left.rel_value_us) | ||
2152 | { | ||
2153 | queue->read_task = | ||
2154 | GNUNET_SCHEDULER_add_read_net (left, queue->sock, &queue_read, queue); | ||
2155 | return; | ||
2156 | } | ||
2157 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2158 | "Queue %p was idle for %s, disconnecting\n", | ||
2159 | queue, | ||
2160 | GNUNET_STRINGS_relative_time_to_string ( | ||
2161 | GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT, | ||
2162 | GNUNET_YES)); | ||
2163 | queue_destroy (queue); | ||
2164 | return; | ||
2165 | } | ||
2166 | if (0 == rcvd) | ||
2167 | { | ||
2168 | /* Orderly shutdown of connection */ | ||
2169 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2170 | "Socket for queue %p seems to have been closed\n", queue); | ||
2171 | queue_destroy (queue); | ||
2172 | return; | ||
2173 | } | ||
2174 | queue->timeout = | ||
2175 | GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT); | ||
2176 | queue->cread_off += rcvd; | ||
2177 | while ((queue->pread_off < sizeof(queue->pread_buf)) && | ||
2178 | (queue->cread_off > 0)) | ||
2179 | { | ||
2180 | size_t max = GNUNET_MIN (sizeof(queue->pread_buf) - queue->pread_off, | ||
2181 | queue->cread_off); | ||
2182 | size_t done; | ||
2183 | size_t total; | ||
2184 | size_t old_pread_off = queue->pread_off; | ||
2185 | |||
2186 | GNUNET_assert (0 == | ||
2187 | gcry_cipher_decrypt (queue->in_cipher, | ||
2188 | &queue->pread_buf[queue->pread_off], | ||
2189 | max, | ||
2190 | queue->cread_buf, | ||
2191 | max)); | ||
2192 | queue->pread_off += max; | ||
2193 | total = 0; | ||
2194 | while (0 != (done = try_handle_plaintext (queue))) | ||
2195 | { | ||
2196 | /* 'done' bytes of plaintext were used, shift buffer */ | ||
2197 | GNUNET_assert (done <= queue->pread_off); | ||
2198 | /* NOTE: this memmove() could possibly sometimes be | ||
2199 | avoided if we pass 'total' into try_handle_plaintext() | ||
2200 | and use it at an offset into the buffer there! */ | ||
2201 | memmove (queue->pread_buf, | ||
2202 | &queue->pread_buf[done], | ||
2203 | queue->pread_off - done); | ||
2204 | queue->pread_off -= done; | ||
2205 | total += done; | ||
2206 | /* The last plaintext was a rekey, abort for now */ | ||
2207 | if (GNUNET_YES == queue->rekeyed) | ||
2208 | break; | ||
2209 | } | ||
2210 | /* when we encounter a rekey message, the decryption above uses the | ||
2211 | wrong key for everything after the rekey; in that case, we have | ||
2212 | to re-do the decryption at 'total' instead of at 'max'. | ||
2213 | However, we have to take into account that the plaintext buffer may have | ||
2214 | already contained data and not jumped too far ahead in the ciphertext. | ||
2215 | If there is no rekey and the last message is incomplete (max > total), | ||
2216 | it is safe to keep the decryption so we shift by 'max' */ | ||
2217 | if (GNUNET_YES == queue->rekeyed) | ||
2218 | { | ||
2219 | max = total - old_pread_off; | ||
2220 | queue->rekeyed = GNUNET_NO; | ||
2221 | queue->pread_off = 0; | ||
2222 | } | ||
2223 | memmove (queue->cread_buf, &queue->cread_buf[max], queue->cread_off - max); | ||
2224 | queue->cread_off -= max; | ||
2225 | } | ||
2226 | if (BUF_SIZE == queue->cread_off) | ||
2227 | return; /* buffer full, suspend reading */ | ||
2228 | left = GNUNET_TIME_absolute_get_remaining (queue->timeout); | ||
2229 | if (0 != left.rel_value_us) | ||
2230 | { | ||
2231 | if (max_queue_length > queue->backpressure) | ||
2232 | { | ||
2233 | /* continue reading */ | ||
2234 | queue->read_task = | ||
2235 | GNUNET_SCHEDULER_add_read_net (left, queue->sock, &queue_read, queue); | ||
2236 | } | ||
2237 | return; | ||
2238 | } | ||
2239 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2240 | "Queue %p was idle for %s, disconnecting\n", | ||
2241 | queue, | ||
2242 | GNUNET_STRINGS_relative_time_to_string ( | ||
2243 | GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT, | ||
2244 | GNUNET_YES)); | ||
2245 | queue_destroy (queue); | ||
2246 | } | ||
2247 | |||
2248 | |||
2249 | /** | ||
2250 | * Convert a `struct sockaddr_in6 to a `struct sockaddr *` | ||
2251 | * | ||
2252 | * @param[out] sock_len set to the length of the address. | ||
2253 | * @param v6 The sockaddr_in6 to be converted. | ||
2254 | * @return The struct sockaddr *. | ||
2255 | */ | ||
2256 | static struct sockaddr * | ||
2257 | tcp_address_to_sockaddr_numeric_v6 (socklen_t *sock_len, | ||
2258 | struct sockaddr_in6 v6, | ||
2259 | unsigned int port) | ||
2260 | { | ||
2261 | struct sockaddr *in; | ||
2262 | |||
2263 | v6.sin6_family = AF_INET6; | ||
2264 | v6.sin6_port = htons ((uint16_t) port); | ||
2265 | #if HAVE_SOCKADDR_IN_SIN_LEN | ||
2266 | v6.sin6_len = sizeof(struct sockaddr_in6); | ||
2267 | #endif | ||
2268 | v6.sin6_flowinfo = 0; | ||
2269 | v6.sin6_scope_id = 0; | ||
2270 | in = GNUNET_memdup (&v6, sizeof(v6)); | ||
2271 | *sock_len = sizeof(struct sockaddr_in6); | ||
2272 | |||
2273 | return in; | ||
2274 | } | ||
2275 | |||
2276 | |||
2277 | /** | ||
2278 | * Convert a `struct sockaddr_in4 to a `struct sockaddr *` | ||
2279 | * | ||
2280 | * @param[out] sock_len set to the length of the address. | ||
2281 | * @param v4 The sockaddr_in4 to be converted. | ||
2282 | * @return The struct sockaddr *. | ||
2283 | */ | ||
2284 | static struct sockaddr * | ||
2285 | tcp_address_to_sockaddr_numeric_v4 (socklen_t *sock_len, | ||
2286 | struct sockaddr_in v4, | ||
2287 | unsigned int port) | ||
2288 | { | ||
2289 | struct sockaddr *in; | ||
2290 | |||
2291 | v4.sin_family = AF_INET; | ||
2292 | v4.sin_port = htons ((uint16_t) port); | ||
2293 | #if HAVE_SOCKADDR_IN_SIN_LEN | ||
2294 | v4.sin_len = sizeof(struct sockaddr_in); | ||
2295 | #endif | ||
2296 | in = GNUNET_memdup (&v4, sizeof(v4)); | ||
2297 | *sock_len = sizeof(struct sockaddr_in); | ||
2298 | return in; | ||
2299 | } | ||
2300 | |||
2301 | |||
2302 | /** | ||
2303 | * Convert TCP bind specification to a `struct PortOnlyIpv4Ipv6 *` | ||
2304 | * | ||
2305 | * @param bindto bind specification to convert. | ||
2306 | * @return The converted bindto specification. | ||
2307 | */ | ||
2308 | static struct PortOnlyIpv4Ipv6 * | ||
2309 | tcp_address_to_sockaddr_port_only (const char *bindto, unsigned int *port) | ||
2310 | { | ||
2311 | struct PortOnlyIpv4Ipv6 *po; | ||
2312 | struct sockaddr_in *i4; | ||
2313 | struct sockaddr_in6 *i6; | ||
2314 | socklen_t sock_len_ipv4; | ||
2315 | socklen_t sock_len_ipv6; | ||
2316 | |||
2317 | /* interpreting value as just a PORT number */ | ||
2318 | if (*port > UINT16_MAX) | ||
2319 | { | ||
2320 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2321 | "BINDTO specification `%s' invalid: value too large for port\n", | ||
2322 | bindto); | ||
2323 | return NULL; | ||
2324 | } | ||
2325 | |||
2326 | po = GNUNET_new (struct PortOnlyIpv4Ipv6); | ||
2327 | |||
2328 | if (GNUNET_YES == disable_v6) | ||
2329 | { | ||
2330 | i4 = GNUNET_malloc (sizeof(struct sockaddr_in)); | ||
2331 | po->addr_ipv4 = tcp_address_to_sockaddr_numeric_v4 (&sock_len_ipv4, *i4, | ||
2332 | *port); | ||
2333 | po->addr_len_ipv4 = sock_len_ipv4; | ||
2334 | } | ||
2335 | else | ||
2336 | { | ||
2337 | |||
2338 | i4 = GNUNET_malloc (sizeof(struct sockaddr_in)); | ||
2339 | po->addr_ipv4 = tcp_address_to_sockaddr_numeric_v4 (&sock_len_ipv4, *i4, | ||
2340 | *port); | ||
2341 | po->addr_len_ipv4 = sock_len_ipv4; | ||
2342 | |||
2343 | i6 = GNUNET_malloc (sizeof(struct sockaddr_in6)); | ||
2344 | po->addr_ipv6 = tcp_address_to_sockaddr_numeric_v6 (&sock_len_ipv6, *i6, | ||
2345 | *port); | ||
2346 | |||
2347 | po->addr_len_ipv6 = sock_len_ipv6; | ||
2348 | |||
2349 | GNUNET_free (i6); | ||
2350 | } | ||
2351 | |||
2352 | GNUNET_free (i4); | ||
2353 | |||
2354 | return po; | ||
2355 | } | ||
2356 | |||
2357 | |||
2358 | /** | ||
2359 | * This Method extracts the address part of the BINDTO string. | ||
2360 | * | ||
2361 | * @param bindto String we extract the address part from. | ||
2362 | * @return The extracted address string. | ||
2363 | */ | ||
2364 | static char * | ||
2365 | extract_address (const char *bindto) | ||
2366 | { | ||
2367 | char *addr; | ||
2368 | char *start; | ||
2369 | char *token; | ||
2370 | char *cp; | ||
2371 | char *rest = NULL; | ||
2372 | char *res; | ||
2373 | |||
2374 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2375 | "extract address with bindto %s\n", | ||
2376 | bindto); | ||
2377 | |||
2378 | if (NULL == bindto) | ||
2379 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2380 | "bindto is NULL\n"); | ||
2381 | |||
2382 | cp = GNUNET_strdup (bindto); | ||
2383 | |||
2384 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2385 | "extract address 2\n"); | ||
2386 | |||
2387 | start = cp; | ||
2388 | if (('[' == *cp) && (']' == cp[strlen (cp) - 1])) | ||
2389 | { | ||
2390 | start++; /* skip over '['*/ | ||
2391 | cp[strlen (cp) - 1] = '\0'; /* eat ']'*/ | ||
2392 | addr = GNUNET_strdup (start); | ||
2393 | } | ||
2394 | else | ||
2395 | { | ||
2396 | token = strtok_r (cp, "]", &rest); | ||
2397 | if (strlen (bindto) == strlen (token)) | ||
2398 | { | ||
2399 | token = strtok_r (cp, ":", &rest); | ||
2400 | addr = GNUNET_strdup (token); | ||
2401 | } | ||
2402 | else | ||
2403 | { | ||
2404 | token++; | ||
2405 | res = GNUNET_strdup (token); | ||
2406 | addr = GNUNET_strdup (res); | ||
2407 | } | ||
2408 | } | ||
2409 | |||
2410 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2411 | "tcp address: %s\n", | ||
2412 | addr); | ||
2413 | GNUNET_free (cp); | ||
2414 | return addr; | ||
2415 | } | ||
2416 | |||
2417 | |||
2418 | /** | ||
2419 | * This Method extracts the port part of the BINDTO string. | ||
2420 | * | ||
2421 | * @param addr_and_port String we extract the port from. | ||
2422 | * @return The extracted port as unsigned int. | ||
2423 | */ | ||
2424 | static unsigned int | ||
2425 | extract_port (const char *addr_and_port) | ||
2426 | { | ||
2427 | unsigned int port; | ||
2428 | char dummy[2]; | ||
2429 | char *token; | ||
2430 | char *addr; | ||
2431 | char *colon; | ||
2432 | char *cp; | ||
2433 | char *rest = NULL; | ||
2434 | |||
2435 | if (NULL != addr_and_port) | ||
2436 | { | ||
2437 | cp = GNUNET_strdup (addr_and_port); | ||
2438 | token = strtok_r (cp, "]", &rest); | ||
2439 | if (strlen (addr_and_port) == strlen (token)) | ||
2440 | { | ||
2441 | colon = strrchr (cp, ':'); | ||
2442 | if (NULL == colon) | ||
2443 | { | ||
2444 | GNUNET_free (cp); | ||
2445 | return 0; | ||
2446 | } | ||
2447 | addr = colon; | ||
2448 | addr++; | ||
2449 | } | ||
2450 | else | ||
2451 | { | ||
2452 | token = strtok_r (NULL, "]", &rest); | ||
2453 | if (NULL == token) | ||
2454 | { | ||
2455 | GNUNET_free (cp); | ||
2456 | return 0; | ||
2457 | } | ||
2458 | else | ||
2459 | { | ||
2460 | addr = token; | ||
2461 | addr++; | ||
2462 | } | ||
2463 | } | ||
2464 | |||
2465 | |||
2466 | if (1 == sscanf (addr, "%u%1s", &port, dummy)) | ||
2467 | { | ||
2468 | /* interpreting value as just a PORT number */ | ||
2469 | if (port > UINT16_MAX) | ||
2470 | { | ||
2471 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2472 | "Port `%u' invalid: value too large for port\n", | ||
2473 | port); | ||
2474 | GNUNET_free (cp); | ||
2475 | return 0; | ||
2476 | } | ||
2477 | } | ||
2478 | else | ||
2479 | { | ||
2480 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2481 | "BINDTO specification invalid: last ':' not followed by number\n"); | ||
2482 | GNUNET_free (cp); | ||
2483 | return 0; | ||
2484 | } | ||
2485 | GNUNET_free (cp); | ||
2486 | } | ||
2487 | else | ||
2488 | { | ||
2489 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2490 | "return 0\n"); | ||
2491 | /* interpret missing port as 0, aka pick any free one */ | ||
2492 | port = 0; | ||
2493 | } | ||
2494 | |||
2495 | return port; | ||
2496 | } | ||
2497 | |||
2498 | |||
2499 | /** | ||
2500 | * Convert TCP bind specification to a `struct sockaddr *` | ||
2501 | * | ||
2502 | * @param bindto bind specification to convert | ||
2503 | * @param[out] sock_len set to the length of the address | ||
2504 | * @return converted bindto specification | ||
2505 | */ | ||
2506 | static struct sockaddr * | ||
2507 | tcp_address_to_sockaddr (const char *bindto, socklen_t *sock_len) | ||
2508 | { | ||
2509 | struct sockaddr *in; | ||
2510 | unsigned int port; | ||
2511 | struct sockaddr_in v4; | ||
2512 | struct sockaddr_in6 v6; | ||
2513 | char *start; | ||
2514 | |||
2515 | memset (&v4, 0, sizeof(v4)); | ||
2516 | start = extract_address (bindto); | ||
2517 | GNUNET_assert (NULL != start); | ||
2518 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2519 | "start %s\n", | ||
2520 | start); | ||
2521 | |||
2522 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2523 | "!bindto %s\n", | ||
2524 | bindto); | ||
2525 | |||
2526 | |||
2527 | if (1 == inet_pton (AF_INET, start, &v4.sin_addr)) | ||
2528 | { | ||
2529 | port = extract_port (bindto); | ||
2530 | |||
2531 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2532 | "port %u\n", | ||
2533 | port); | ||
2534 | |||
2535 | in = tcp_address_to_sockaddr_numeric_v4 (sock_len, v4, port); | ||
2536 | } | ||
2537 | else if (1 == inet_pton (AF_INET6, start, &v6.sin6_addr)) | ||
2538 | { | ||
2539 | port = extract_port (bindto); | ||
2540 | in = tcp_address_to_sockaddr_numeric_v6 (sock_len, v6, port); | ||
2541 | } | ||
2542 | else | ||
2543 | { | ||
2544 | GNUNET_assert (0); | ||
2545 | } | ||
2546 | |||
2547 | GNUNET_free (start); | ||
2548 | return in; | ||
2549 | } | ||
2550 | |||
2551 | |||
2552 | /** | ||
2553 | * Signature of functions implementing the sending functionality of a | ||
2554 | * message queue. | ||
2555 | * | ||
2556 | * @param mq the message queue | ||
2557 | * @param msg the message to send | ||
2558 | * @param impl_state our `struct Queue` | ||
2559 | */ | ||
2560 | static void | ||
2561 | mq_send (struct GNUNET_MQ_Handle *mq, | ||
2562 | const struct GNUNET_MessageHeader *msg, | ||
2563 | void *impl_state) | ||
2564 | { | ||
2565 | struct Queue *queue = impl_state; | ||
2566 | uint16_t msize = ntohs (msg->size); | ||
2567 | struct TCPBox box; | ||
2568 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2569 | "In MQ send. Queue finishing: %s; write task running: %s\n", | ||
2570 | (GNUNET_YES == queue->finishing) ? "yes" : "no", | ||
2571 | (NULL == queue->write_task) ? "yes" : "no"); | ||
2572 | GNUNET_assert (mq == queue->mq); | ||
2573 | queue->mq_awaits_continue = GNUNET_YES; | ||
2574 | if (GNUNET_YES == queue->finishing) | ||
2575 | return; /* this queue is dying, drop msg */ | ||
2576 | GNUNET_assert (0 == queue->pwrite_off); | ||
2577 | box.header.type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_BOX); | ||
2578 | box.header.size = htons (msize); | ||
2579 | calculate_hmac (&queue->out_hmac, msg, msize, &box.hmac); | ||
2580 | memcpy (&queue->pwrite_buf[queue->pwrite_off], &box, sizeof(box)); | ||
2581 | queue->pwrite_off += sizeof(box); | ||
2582 | memcpy (&queue->pwrite_buf[queue->pwrite_off], msg, msize); | ||
2583 | queue->pwrite_off += msize; | ||
2584 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2585 | "%lu bytes of plaintext to send\n", queue->pwrite_off); | ||
2586 | GNUNET_assert (NULL != queue->sock); | ||
2587 | if (NULL == queue->write_task) | ||
2588 | queue->write_task = | ||
2589 | GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL, | ||
2590 | queue->sock, | ||
2591 | &queue_write, | ||
2592 | queue); | ||
2593 | } | ||
2594 | |||
2595 | |||
2596 | /** | ||
2597 | * Signature of functions implementing the destruction of a message | ||
2598 | * queue. Implementations must not free @a mq, but should take care | ||
2599 | * of @a impl_state. | ||
2600 | * | ||
2601 | * @param mq the message queue to destroy | ||
2602 | * @param impl_state our `struct Queue` | ||
2603 | */ | ||
2604 | static void | ||
2605 | mq_destroy (struct GNUNET_MQ_Handle *mq, void *impl_state) | ||
2606 | { | ||
2607 | struct Queue *queue = impl_state; | ||
2608 | |||
2609 | if (mq == queue->mq) | ||
2610 | { | ||
2611 | queue->mq = NULL; | ||
2612 | queue_finish (queue); | ||
2613 | } | ||
2614 | } | ||
2615 | |||
2616 | |||
2617 | /** | ||
2618 | * Implementation function that cancels the currently sent message. | ||
2619 | * | ||
2620 | * @param mq message queue | ||
2621 | * @param impl_state our `struct Queue` | ||
2622 | */ | ||
2623 | static void | ||
2624 | mq_cancel (struct GNUNET_MQ_Handle *mq, void *impl_state) | ||
2625 | { | ||
2626 | struct Queue *queue = impl_state; | ||
2627 | |||
2628 | GNUNET_assert (0 != queue->pwrite_off); | ||
2629 | queue->pwrite_off = 0; | ||
2630 | } | ||
2631 | |||
2632 | |||
2633 | /** | ||
2634 | * Generic error handler, called with the appropriate | ||
2635 | * error code and the same closure specified at the creation of | ||
2636 | * the message queue. | ||
2637 | * Not every message queue implementation supports an error handler. | ||
2638 | * | ||
2639 | * @param cls our `struct Queue` | ||
2640 | * @param error error code | ||
2641 | */ | ||
2642 | static void | ||
2643 | mq_error (void *cls, enum GNUNET_MQ_Error error) | ||
2644 | { | ||
2645 | struct Queue *queue = cls; | ||
2646 | |||
2647 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2648 | "MQ error in queue to %s: %d\n", | ||
2649 | GNUNET_i2s (&queue->target), | ||
2650 | (int) error); | ||
2651 | queue_finish (queue); | ||
2652 | } | ||
2653 | |||
2654 | |||
2655 | /** | ||
2656 | * Add the given @a queue to our internal data structure. Setup the | ||
2657 | * MQ processing and inform transport that the queue is ready. Must | ||
2658 | * be called after the KX for outgoing messages has been bootstrapped. | ||
2659 | * | ||
2660 | * @param queue queue to boot | ||
2661 | */ | ||
2662 | static void | ||
2663 | boot_queue (struct Queue *queue) | ||
2664 | { | ||
2665 | queue->nt = | ||
2666 | GNUNET_NT_scanner_get_type (is, queue->address, queue->address_len); | ||
2667 | (void) GNUNET_CONTAINER_multihashmap_put ( | ||
2668 | queue_map, | ||
2669 | &queue->key, | ||
2670 | queue, | ||
2671 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE); | ||
2672 | GNUNET_STATISTICS_set (stats, | ||
2673 | "# queues active", | ||
2674 | GNUNET_CONTAINER_multihashmap_size (queue_map), | ||
2675 | GNUNET_NO); | ||
2676 | queue->timeout = | ||
2677 | GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT); | ||
2678 | queue->mq = GNUNET_MQ_queue_for_callbacks (&mq_send, | ||
2679 | &mq_destroy, | ||
2680 | &mq_cancel, | ||
2681 | queue, | ||
2682 | NULL, | ||
2683 | &mq_error, | ||
2684 | queue); | ||
2685 | } | ||
2686 | |||
2687 | |||
2688 | /** | ||
2689 | * Generate and transmit our ephemeral key and the signature for | ||
2690 | * the initial KX with the other peer. Must be called first, before | ||
2691 | * any other bytes are ever written to the output buffer. Note that | ||
2692 | * our cipher must already be initialized when calling this function. | ||
2693 | * Helper function for #start_initial_kx_out(). | ||
2694 | * | ||
2695 | * @param queue queue to do KX for | ||
2696 | * @param epub our public key for the KX | ||
2697 | */ | ||
2698 | static void | ||
2699 | transmit_kx (struct Queue *queue, | ||
2700 | const struct GNUNET_CRYPTO_EcdhePublicKey *epub) | ||
2701 | { | ||
2702 | struct TcpHandshakeSignature ths; | ||
2703 | struct TCPConfirmation tc; | ||
2704 | |||
2705 | memcpy (queue->cwrite_buf, epub, sizeof(*epub)); | ||
2706 | queue->cwrite_off = sizeof(*epub); | ||
2707 | /* compute 'tc' and append in encrypted format to cwrite_buf */ | ||
2708 | tc.sender = my_identity; | ||
2709 | tc.monotonic_time = | ||
2710 | GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg)); | ||
2711 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, | ||
2712 | &tc.challenge, | ||
2713 | sizeof(tc.challenge)); | ||
2714 | ths.purpose.purpose = htonl ( | ||
2715 | GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_TCP_HANDSHAKE); | ||
2716 | ths.purpose.size = htonl (sizeof(ths)); | ||
2717 | ths.sender = my_identity; | ||
2718 | ths.receiver = queue->target; | ||
2719 | ths.ephemeral = *epub; | ||
2720 | ths.monotonic_time = tc.monotonic_time; | ||
2721 | ths.challenge = tc.challenge; | ||
2722 | GNUNET_CRYPTO_eddsa_sign (my_private_key, | ||
2723 | &ths, | ||
2724 | &tc.sender_sig); | ||
2725 | GNUNET_assert (0 == | ||
2726 | gcry_cipher_encrypt (queue->out_cipher, | ||
2727 | &queue->cwrite_buf[queue->cwrite_off], | ||
2728 | sizeof(tc), | ||
2729 | &tc, | ||
2730 | sizeof(tc))); | ||
2731 | queue->challenge = tc.challenge; | ||
2732 | queue->cwrite_off += sizeof(tc); | ||
2733 | |||
2734 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2735 | "handshake written\n"); | ||
2736 | } | ||
2737 | |||
2738 | |||
2739 | /** | ||
2740 | * Initialize our key material for outgoing transmissions and | ||
2741 | * inform the other peer about it. Must be called first before | ||
2742 | * any data is sent. | ||
2743 | * | ||
2744 | * @param queue the queue to setup | ||
2745 | */ | ||
2746 | static void | ||
2747 | start_initial_kx_out (struct Queue *queue) | ||
2748 | { | ||
2749 | struct GNUNET_CRYPTO_EcdhePublicKey epub; | ||
2750 | struct GNUNET_HashCode k; | ||
2751 | |||
2752 | // TODO: We could use the Elligator KEM here! https://bugs.gnunet.org/view.php?id=8065 | ||
2753 | GNUNET_CRYPTO_eddsa_kem_encaps (&queue->target.public_key, &epub, &k); | ||
2754 | setup_out_cipher (queue, &k); | ||
2755 | transmit_kx (queue, &epub); | ||
2756 | } | ||
2757 | |||
2758 | |||
2759 | /** | ||
2760 | * Callback called when peerstore store operation for handshake monotime is finished. | ||
2761 | * @param cls Queue context the store operation was executed. | ||
2762 | * @param success Store operation was successful (GNUNET_OK) or not. | ||
2763 | */ | ||
2764 | static void | ||
2765 | handshake_monotime_store_cb (void *cls, int success) | ||
2766 | { | ||
2767 | struct Queue *queue = cls; | ||
2768 | if (GNUNET_OK != success) | ||
2769 | { | ||
2770 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2771 | "Failed to store handshake monotonic time in PEERSTORE!\n"); | ||
2772 | } | ||
2773 | queue->handshake_monotime_sc = NULL; | ||
2774 | GNUNET_PEERSTORE_iteration_next (queue->handshake_ack_monotime_get, 1); | ||
2775 | } | ||
2776 | |||
2777 | |||
2778 | /** | ||
2779 | * Callback called by peerstore when records for GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE | ||
2780 | * where found. | ||
2781 | * @param cls Queue context the store operation was executed. | ||
2782 | * @param record The record found or NULL if there is no record left. | ||
2783 | * @param emsg Message from peerstore. | ||
2784 | */ | ||
2785 | static void | ||
2786 | handshake_monotime_cb (void *cls, | ||
2787 | const struct GNUNET_PEERSTORE_Record *record, | ||
2788 | const char *emsg) | ||
2789 | { | ||
2790 | struct Queue *queue = cls; | ||
2791 | struct GNUNET_TIME_AbsoluteNBO *mtbe; | ||
2792 | struct GNUNET_TIME_Absolute mt; | ||
2793 | const struct GNUNET_PeerIdentity *pid; | ||
2794 | struct GNUNET_TIME_AbsoluteNBO *handshake_monotonic_time; | ||
2795 | |||
2796 | (void) emsg; | ||
2797 | |||
2798 | handshake_monotonic_time = &queue->handshake_monotonic_time; | ||
2799 | pid = &queue->target; | ||
2800 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2801 | "tcp handshake with us %s\n", | ||
2802 | GNUNET_i2s (&my_identity)); | ||
2803 | if (NULL == record) | ||
2804 | { | ||
2805 | queue->handshake_monotime_get = NULL; | ||
2806 | return; | ||
2807 | } | ||
2808 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2809 | "tcp handshake from peer %s\n", | ||
2810 | GNUNET_i2s (pid)); | ||
2811 | if (sizeof(*mtbe) != record->value_size) | ||
2812 | { | ||
2813 | GNUNET_PEERSTORE_iteration_next (queue->handshake_ack_monotime_get, 1); | ||
2814 | GNUNET_break (0); | ||
2815 | return; | ||
2816 | } | ||
2817 | mtbe = record->value; | ||
2818 | mt = GNUNET_TIME_absolute_ntoh (*mtbe); | ||
2819 | if (mt.abs_value_us > GNUNET_TIME_absolute_ntoh ( | ||
2820 | queue->handshake_monotonic_time).abs_value_us) | ||
2821 | { | ||
2822 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2823 | "Queue from %s dropped, handshake monotime in the past\n", | ||
2824 | GNUNET_i2s (&queue->target)); | ||
2825 | GNUNET_break (0); | ||
2826 | GNUNET_PEERSTORE_iteration_stop (queue->handshake_ack_monotime_get); | ||
2827 | queue->handshake_ack_monotime_get = NULL; | ||
2828 | queue_finish (queue); | ||
2829 | return; | ||
2830 | } | ||
2831 | queue->handshake_monotime_sc = GNUNET_PEERSTORE_store (peerstore, | ||
2832 | "transport_tcp_communicator", | ||
2833 | pid, | ||
2834 | GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE, | ||
2835 | handshake_monotonic_time, | ||
2836 | sizeof(* | ||
2837 | handshake_monotonic_time), | ||
2838 | GNUNET_TIME_UNIT_FOREVER_ABS, | ||
2839 | GNUNET_PEERSTORE_STOREOPTION_REPLACE, | ||
2840 | & | ||
2841 | handshake_monotime_store_cb, | ||
2842 | queue); | ||
2843 | } | ||
2844 | |||
2845 | |||
2846 | /** | ||
2847 | * We have received the first bytes from the other side on a @a queue. | ||
2848 | * Decrypt the @a tc contained in @a ibuf and check the signature. | ||
2849 | * Note that #setup_in_cipher() must have already been called. | ||
2850 | * | ||
2851 | * @param queue queue to decrypt initial bytes from other peer for | ||
2852 | * @param[out] tc where to store the result | ||
2853 | * @param ibuf incoming data, of size | ||
2854 | * `INITIAL_KX_SIZE` | ||
2855 | * @return #GNUNET_OK if the signature was OK, #GNUNET_SYSERR if not | ||
2856 | */ | ||
2857 | static int | ||
2858 | decrypt_and_check_tc (struct Queue *queue, | ||
2859 | struct TCPConfirmation *tc, | ||
2860 | char *ibuf) | ||
2861 | { | ||
2862 | struct TcpHandshakeSignature ths; | ||
2863 | enum GNUNET_GenericReturnValue ret; | ||
2864 | |||
2865 | GNUNET_assert ( | ||
2866 | 0 == | ||
2867 | gcry_cipher_decrypt (queue->in_cipher, | ||
2868 | tc, | ||
2869 | sizeof(*tc), | ||
2870 | &ibuf[sizeof(struct GNUNET_CRYPTO_EcdhePublicKey)], | ||
2871 | sizeof(*tc))); | ||
2872 | ths.purpose.purpose = htonl ( | ||
2873 | GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_TCP_HANDSHAKE); | ||
2874 | ths.purpose.size = htonl (sizeof(ths)); | ||
2875 | ths.sender = tc->sender; | ||
2876 | ths.receiver = my_identity; | ||
2877 | memcpy (&ths.ephemeral, ibuf, sizeof(struct GNUNET_CRYPTO_EcdhePublicKey)); | ||
2878 | ths.monotonic_time = tc->monotonic_time; | ||
2879 | ths.challenge = tc->challenge; | ||
2880 | ret = GNUNET_CRYPTO_eddsa_verify ( | ||
2881 | GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_TCP_HANDSHAKE, | ||
2882 | &ths, | ||
2883 | &tc->sender_sig, | ||
2884 | &tc->sender.public_key); | ||
2885 | if (GNUNET_YES == ret) | ||
2886 | queue->handshake_monotime_get = | ||
2887 | GNUNET_PEERSTORE_iteration_start (peerstore, | ||
2888 | "transport_tcp_communicator", | ||
2889 | &queue->target, | ||
2890 | GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE, | ||
2891 | &handshake_monotime_cb, | ||
2892 | queue); | ||
2893 | return ret; | ||
2894 | } | ||
2895 | |||
2896 | |||
2897 | /** | ||
2898 | * Read from the socket of the queue until we have enough data | ||
2899 | * to initialize the decryption logic and can switch to regular | ||
2900 | * reading. | ||
2901 | * | ||
2902 | * @param cls a `struct Queue` | ||
2903 | */ | ||
2904 | static void | ||
2905 | queue_read_kx (void *cls) | ||
2906 | { | ||
2907 | struct Queue *queue = cls; | ||
2908 | ssize_t rcvd; | ||
2909 | struct GNUNET_TIME_Relative left; | ||
2910 | struct TCPConfirmation tc; | ||
2911 | |||
2912 | queue->read_task = NULL; | ||
2913 | left = GNUNET_TIME_absolute_get_remaining (queue->timeout); | ||
2914 | if (0 == left.rel_value_us) | ||
2915 | { | ||
2916 | queue_destroy (queue); | ||
2917 | return; | ||
2918 | } | ||
2919 | rcvd = GNUNET_NETWORK_socket_recv (queue->sock, | ||
2920 | &queue->cread_buf[queue->cread_off], | ||
2921 | BUF_SIZE - queue->cread_off); | ||
2922 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2923 | "Received %lu bytes to write in buffer of size %lu for KX from queue %p (expires in %" | ||
2924 | PRIu64 ")\n", | ||
2925 | rcvd, BUF_SIZE - queue->cread_off, queue, left.rel_value_us); | ||
2926 | if (-1 == rcvd) | ||
2927 | { | ||
2928 | if ((EAGAIN != errno) && (EINTR != errno)) | ||
2929 | { | ||
2930 | GNUNET_log_strerror (GNUNET_ERROR_TYPE_DEBUG, "recv"); | ||
2931 | queue_destroy (queue); | ||
2932 | return; | ||
2933 | } | ||
2934 | queue->read_task = | ||
2935 | GNUNET_SCHEDULER_add_read_net (left, queue->sock, &queue_read_kx, queue); | ||
2936 | return; | ||
2937 | } | ||
2938 | if (0 == rcvd) | ||
2939 | { | ||
2940 | /* Orderly shutdown of connection */ | ||
2941 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2942 | "Socket for queue %p seems to have been closed\n", queue); | ||
2943 | queue_destroy (queue); | ||
2944 | return; | ||
2945 | } | ||
2946 | queue->cread_off += rcvd; | ||
2947 | if (queue->cread_off < INITIAL_KX_SIZE) | ||
2948 | { | ||
2949 | /* read more */ | ||
2950 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
2951 | "%lu/%lu bytes of KX read. Rescheduling...\n", | ||
2952 | queue->cread_off, INITIAL_KX_SIZE); | ||
2953 | queue->read_task = | ||
2954 | GNUNET_SCHEDULER_add_read_net (left, queue->sock, &queue_read_kx, queue); | ||
2955 | return; | ||
2956 | } | ||
2957 | /* we got all the data, let's find out who we are talking to! */ | ||
2958 | setup_in_cipher ((const struct GNUNET_CRYPTO_EcdhePublicKey *) | ||
2959 | queue->cread_buf, | ||
2960 | queue); | ||
2961 | if (GNUNET_OK != decrypt_and_check_tc (queue, &tc, queue->cread_buf)) | ||
2962 | { | ||
2963 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
2964 | "Invalid TCP KX received from %s\n", | ||
2965 | GNUNET_a2s (queue->address, queue->address_len)); | ||
2966 | queue_destroy (queue); | ||
2967 | return; | ||
2968 | } | ||
2969 | if (0 != | ||
2970 | memcmp (&tc.sender, &queue->target, sizeof(struct GNUNET_PeerIdentity))) | ||
2971 | { | ||
2972 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
2973 | "Invalid sender in TCP KX received from %s\n", | ||
2974 | GNUNET_a2s (queue->address, queue->address_len)); | ||
2975 | queue_destroy (queue); | ||
2976 | return; | ||
2977 | } | ||
2978 | send_challenge (tc.challenge, queue); | ||
2979 | queue->write_task = | ||
2980 | GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL, | ||
2981 | queue->sock, | ||
2982 | &queue_write, | ||
2983 | queue); | ||
2984 | |||
2985 | /* update queue timeout */ | ||
2986 | queue->timeout = | ||
2987 | GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT); | ||
2988 | /* prepare to continue with regular read task immediately */ | ||
2989 | memmove (queue->cread_buf, | ||
2990 | &queue->cread_buf[INITIAL_KX_SIZE], | ||
2991 | queue->cread_off - (INITIAL_KX_SIZE)); | ||
2992 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2993 | "cread_off is %lu bytes before adjusting\n", | ||
2994 | queue->cread_off); | ||
2995 | queue->cread_off -= INITIAL_KX_SIZE; | ||
2996 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2997 | "cread_off set to %lu bytes\n", | ||
2998 | queue->cread_off); | ||
2999 | queue->read_task = GNUNET_SCHEDULER_add_now (&queue_read, queue); | ||
3000 | } | ||
3001 | |||
3002 | |||
3003 | /** | ||
3004 | * Read from the socket of the proto queue until we have enough data | ||
3005 | * to upgrade to full queue. | ||
3006 | * | ||
3007 | * @param cls a `struct ProtoQueue` | ||
3008 | */ | ||
3009 | static void | ||
3010 | proto_read_kx (void *cls) | ||
3011 | { | ||
3012 | struct ProtoQueue *pq = cls; | ||
3013 | ssize_t rcvd; | ||
3014 | struct GNUNET_TIME_Relative left; | ||
3015 | struct Queue *queue; | ||
3016 | struct TCPConfirmation tc; | ||
3017 | GNUNET_SCHEDULER_TaskCallback read_task; | ||
3018 | |||
3019 | pq->read_task = NULL; | ||
3020 | left = GNUNET_TIME_absolute_get_remaining (pq->timeout); | ||
3021 | if (0 == left.rel_value_us) | ||
3022 | { | ||
3023 | free_proto_queue (pq); | ||
3024 | return; | ||
3025 | } | ||
3026 | rcvd = GNUNET_NETWORK_socket_recv (pq->sock, | ||
3027 | &pq->ibuf[pq->ibuf_off], | ||
3028 | sizeof(pq->ibuf) - pq->ibuf_off); | ||
3029 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3030 | "Proto received %lu bytes for KX\n", rcvd); | ||
3031 | if (-1 == rcvd) | ||
3032 | { | ||
3033 | if ((EAGAIN != errno) && (EINTR != errno)) | ||
3034 | { | ||
3035 | GNUNET_log_strerror (GNUNET_ERROR_TYPE_DEBUG, "recv"); | ||
3036 | free_proto_queue (pq); | ||
3037 | return; | ||
3038 | } | ||
3039 | /* try again */ | ||
3040 | pq->read_task = | ||
3041 | GNUNET_SCHEDULER_add_read_net (left, pq->sock, &proto_read_kx, pq); | ||
3042 | return; | ||
3043 | } | ||
3044 | if (0 == rcvd) | ||
3045 | { | ||
3046 | /* Orderly shutdown of connection */ | ||
3047 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3048 | "Socket for proto queue %p seems to have been closed\n", pq); | ||
3049 | free_proto_queue (pq); | ||
3050 | return; | ||
3051 | } | ||
3052 | pq->ibuf_off += rcvd; | ||
3053 | if (sizeof (struct TCPNATProbeMessage) == pq->ibuf_off) | ||
3054 | { | ||
3055 | struct TCPNATProbeMessage *pm = (struct TCPNATProbeMessage *) pq->ibuf; | ||
3056 | |||
3057 | check_and_remove_pending_reversal (pq->address, pq->address->sa_family, | ||
3058 | &pm->clientIdentity); | ||
3059 | |||
3060 | queue = GNUNET_new (struct Queue); | ||
3061 | queue->target = pm->clientIdentity; | ||
3062 | queue->cs = GNUNET_TRANSPORT_CS_OUTBOUND; | ||
3063 | read_task = &queue_read_kx; | ||
3064 | } | ||
3065 | else if (pq->ibuf_off > sizeof(pq->ibuf)) | ||
3066 | { | ||
3067 | /* read more */ | ||
3068 | pq->read_task = | ||
3069 | GNUNET_SCHEDULER_add_read_net (left, pq->sock, &proto_read_kx, pq); | ||
3070 | return; | ||
3071 | } | ||
3072 | else | ||
3073 | { | ||
3074 | /* we got all the data, let's find out who we are talking to! */ | ||
3075 | queue = GNUNET_new (struct Queue); | ||
3076 | setup_in_cipher ((const struct GNUNET_CRYPTO_EcdhePublicKey *) pq->ibuf, | ||
3077 | queue); | ||
3078 | if (GNUNET_OK != decrypt_and_check_tc (queue, &tc, pq->ibuf)) | ||
3079 | { | ||
3080 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
3081 | "Invalid TCP KX received from %s\n", | ||
3082 | GNUNET_a2s (pq->address, pq->address_len)); | ||
3083 | gcry_cipher_close (queue->in_cipher); | ||
3084 | GNUNET_free (queue); | ||
3085 | free_proto_queue (pq); | ||
3086 | return; | ||
3087 | } | ||
3088 | queue->target = tc.sender; | ||
3089 | queue->cs = GNUNET_TRANSPORT_CS_INBOUND; | ||
3090 | read_task = &queue_read; | ||
3091 | } | ||
3092 | queue->address = pq->address; /* steals reference */ | ||
3093 | queue->address_len = pq->address_len; | ||
3094 | queue->listen_sock = pq->listen_sock; | ||
3095 | queue->sock = pq->sock; | ||
3096 | |||
3097 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3098 | "created queue with target %s\n", | ||
3099 | GNUNET_i2s (&queue->target)); | ||
3100 | |||
3101 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3102 | "start kx proto\n"); | ||
3103 | |||
3104 | start_initial_kx_out (queue); | ||
3105 | boot_queue (queue); | ||
3106 | queue->read_task = | ||
3107 | GNUNET_SCHEDULER_add_read_net (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT, | ||
3108 | queue->sock, | ||
3109 | read_task, | ||
3110 | queue); | ||
3111 | queue->write_task = | ||
3112 | GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL, | ||
3113 | queue->sock, | ||
3114 | &queue_write, | ||
3115 | queue); | ||
3116 | // TODO To early! Move it somewhere else. | ||
3117 | // send_challenge (tc.challenge, queue); | ||
3118 | queue->challenge_received = tc.challenge; | ||
3119 | |||
3120 | GNUNET_CONTAINER_DLL_remove (proto_head, proto_tail, pq); | ||
3121 | GNUNET_free (pq); | ||
3122 | } | ||
3123 | |||
3124 | |||
3125 | static struct ProtoQueue * | ||
3126 | create_proto_queue (struct GNUNET_NETWORK_Handle *sock, | ||
3127 | struct sockaddr *in, | ||
3128 | socklen_t addrlen) | ||
3129 | { | ||
3130 | struct ProtoQueue *pq = GNUNET_new (struct ProtoQueue); | ||
3131 | |||
3132 | if (NULL == sock) | ||
3133 | { | ||
3134 | // sock = GNUNET_CONNECTION_create_from_sockaddr (AF_INET, addr, addrlen); | ||
3135 | sock = GNUNET_NETWORK_socket_create (in->sa_family, SOCK_STREAM, 0); | ||
3136 | if (NULL == sock) | ||
3137 | { | ||
3138 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
3139 | "socket(%d) failed: %s", | ||
3140 | in->sa_family, | ||
3141 | strerror (errno)); | ||
3142 | GNUNET_free (in); | ||
3143 | GNUNET_free (pq); | ||
3144 | return NULL; | ||
3145 | } | ||
3146 | if ((GNUNET_OK != GNUNET_NETWORK_socket_connect (sock, in, addrlen)) && | ||
3147 | (errno != EINPROGRESS)) | ||
3148 | { | ||
3149 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
3150 | "connect to `%s' failed: %s", | ||
3151 | GNUNET_a2s (in, addrlen), | ||
3152 | strerror (errno)); | ||
3153 | GNUNET_NETWORK_socket_close (sock); | ||
3154 | GNUNET_free (in); | ||
3155 | GNUNET_free (pq); | ||
3156 | return NULL; | ||
3157 | } | ||
3158 | } | ||
3159 | pq->address_len = addrlen; | ||
3160 | pq->address = in; | ||
3161 | pq->timeout = GNUNET_TIME_relative_to_absolute (PROTO_QUEUE_TIMEOUT); | ||
3162 | pq->sock = sock; | ||
3163 | pq->read_task = GNUNET_SCHEDULER_add_read_net (PROTO_QUEUE_TIMEOUT, | ||
3164 | pq->sock, | ||
3165 | &proto_read_kx, | ||
3166 | pq); | ||
3167 | GNUNET_CONTAINER_DLL_insert (proto_head, proto_tail, pq); | ||
3168 | |||
3169 | return pq; | ||
3170 | } | ||
3171 | |||
3172 | |||
3173 | /** | ||
3174 | * We have been notified that our listen socket has something to | ||
3175 | * read. Do the read and reschedule this function to be called again | ||
3176 | * once more is available. | ||
3177 | * | ||
3178 | * @param cls ListenTask with listening socket and task | ||
3179 | */ | ||
3180 | static void | ||
3181 | listen_cb (void *cls) | ||
3182 | { | ||
3183 | struct sockaddr_storage in; | ||
3184 | socklen_t addrlen; | ||
3185 | struct GNUNET_NETWORK_Handle *sock; | ||
3186 | struct ListenTask *lt; | ||
3187 | struct sockaddr *in_addr; | ||
3188 | |||
3189 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3190 | "listen_cb\n"); | ||
3191 | |||
3192 | lt = cls; | ||
3193 | |||
3194 | lt->listen_task = NULL; | ||
3195 | GNUNET_assert (NULL != lt->listen_sock); | ||
3196 | addrlen = sizeof(in); | ||
3197 | memset (&in, 0, sizeof(in)); | ||
3198 | sock = GNUNET_NETWORK_socket_accept (lt->listen_sock, | ||
3199 | (struct sockaddr*) &in, | ||
3200 | &addrlen); | ||
3201 | if ((NULL == sock) && ((EMFILE == errno) || (ENFILE == errno))) | ||
3202 | return; /* system limit reached, wait until connection goes down */ | ||
3203 | lt->listen_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL, | ||
3204 | lt->listen_sock, | ||
3205 | &listen_cb, | ||
3206 | lt); | ||
3207 | if ((NULL == sock) && ((EAGAIN == errno) || (ENOBUFS == errno))) | ||
3208 | return; | ||
3209 | if (NULL == sock) | ||
3210 | { | ||
3211 | GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "accept"); | ||
3212 | return; | ||
3213 | } | ||
3214 | in_addr = GNUNET_memdup (&in, addrlen); | ||
3215 | create_proto_queue (sock, in_addr, addrlen); | ||
3216 | } | ||
3217 | |||
3218 | |||
3219 | static void | ||
3220 | try_connection_reversal (void *cls, | ||
3221 | const struct sockaddr *addr, | ||
3222 | socklen_t addrlen) | ||
3223 | { | ||
3224 | (void) cls; | ||
3225 | struct TCPNATProbeMessage pm; | ||
3226 | struct ProtoQueue *pq; | ||
3227 | struct sockaddr *in_addr; | ||
3228 | |||
3229 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3230 | "addr->sa_family %d\n", | ||
3231 | addr->sa_family); | ||
3232 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3233 | "Try to connect back\n"); | ||
3234 | in_addr = GNUNET_memdup (addr, addrlen); | ||
3235 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3236 | "in_addr->sa_family %d\n", | ||
3237 | in_addr->sa_family); | ||
3238 | pq = create_proto_queue (NULL, in_addr, addrlen); | ||
3239 | if (NULL != pq) | ||
3240 | { | ||
3241 | pm.header.size = htons (sizeof(struct TCPNATProbeMessage)); | ||
3242 | pm.header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_TCP_NAT_PROBE); | ||
3243 | pm.clientIdentity = my_identity; | ||
3244 | memcpy (pq->write_buf, &pm, sizeof(struct TCPNATProbeMessage)); | ||
3245 | pq->write_off = sizeof(struct TCPNATProbeMessage); | ||
3246 | pq->write_task = GNUNET_SCHEDULER_add_write_net (PROTO_QUEUE_TIMEOUT, | ||
3247 | pq->sock, | ||
3248 | &proto_queue_write, | ||
3249 | pq); | ||
3250 | } | ||
3251 | else | ||
3252 | { | ||
3253 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
3254 | "Couldn't create ProtoQueue for sending TCPNATProbeMessage\n"); | ||
3255 | } | ||
3256 | } | ||
3257 | |||
3258 | |||
3259 | static void | ||
3260 | pending_reversal_timeout (void *cls) | ||
3261 | { | ||
3262 | struct sockaddr *in = cls; | ||
3263 | struct PendingReversal *pending_reversal; | ||
3264 | struct GNUNET_HashCode key; | ||
3265 | |||
3266 | GNUNET_CRYPTO_hash (in, | ||
3267 | sizeof(struct sockaddr), | ||
3268 | &key); | ||
3269 | pending_reversal = GNUNET_CONTAINER_multihashmap_get (pending_reversals, | ||
3270 | &key); | ||
3271 | |||
3272 | GNUNET_assert (NULL != pending_reversal); | ||
3273 | |||
3274 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_remove (pending_reversals, | ||
3275 | &key, | ||
3276 | pending_reversal)) | ||
3277 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
3278 | "No pending reversal found for address %s\n", | ||
3279 | GNUNET_a2s (in, sizeof (struct sockaddr))); | ||
3280 | GNUNET_free (pending_reversal->in); | ||
3281 | GNUNET_free (pending_reversal); | ||
3282 | } | ||
3283 | |||
3284 | |||
3285 | /** | ||
3286 | * Function called by the transport service to initialize a | ||
3287 | * message queue given address information about another peer. | ||
3288 | * If and when the communication channel is established, the | ||
3289 | * communicator must call #GNUNET_TRANSPORT_communicator_mq_add() | ||
3290 | * to notify the service that the channel is now up. It is | ||
3291 | * the responsibility of the communicator to manage sane | ||
3292 | * retries and timeouts for any @a peer/@a address combination | ||
3293 | * provided by the transport service. Timeouts and retries | ||
3294 | * do not need to be signalled to the transport service. | ||
3295 | * | ||
3296 | * @param cls closure | ||
3297 | * @param peer identity of the other peer | ||
3298 | * @param address where to send the message, human-readable | ||
3299 | * communicator-specific format, 0-terminated, UTF-8 | ||
3300 | * @return #GNUNET_OK on success, #GNUNET_SYSERR if the provided address is | ||
3301 | * invalid | ||
3302 | */ | ||
3303 | static int | ||
3304 | mq_init (void *cls, const struct GNUNET_PeerIdentity *peer, const char *address) | ||
3305 | { | ||
3306 | struct sockaddr *in; | ||
3307 | socklen_t in_len = 0; | ||
3308 | const char *path; | ||
3309 | struct sockaddr_in *v4; | ||
3310 | struct sockaddr_in6 *v6; | ||
3311 | unsigned int is_natd = GNUNET_NO; | ||
3312 | struct GNUNET_HashCode key; | ||
3313 | struct GNUNET_HashCode queue_map_key; | ||
3314 | struct GNUNET_HashContext *hsh; | ||
3315 | struct Queue *queue; | ||
3316 | |||
3317 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3318 | "Connecting to %s at %s\n", | ||
3319 | GNUNET_i2s (peer), | ||
3320 | address); | ||
3321 | if (0 != strncmp (address, | ||
3322 | COMMUNICATOR_ADDRESS_PREFIX "-", | ||
3323 | strlen (COMMUNICATOR_ADDRESS_PREFIX "-"))) | ||
3324 | { | ||
3325 | GNUNET_break_op (0); | ||
3326 | return GNUNET_SYSERR; | ||
3327 | } | ||
3328 | path = &address[strlen (COMMUNICATOR_ADDRESS_PREFIX "-")]; | ||
3329 | in = tcp_address_to_sockaddr (path, &in_len); | ||
3330 | |||
3331 | if (NULL == in) | ||
3332 | { | ||
3333 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
3334 | "Failed to setup TCP socket address\n"); | ||
3335 | return GNUNET_SYSERR; | ||
3336 | } | ||
3337 | |||
3338 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3339 | "in %s\n", | ||
3340 | GNUNET_a2s (in, in_len)); | ||
3341 | |||
3342 | hsh = GNUNET_CRYPTO_hash_context_start (); | ||
3343 | GNUNET_CRYPTO_hash_context_read (hsh, address, strlen (address)); | ||
3344 | GNUNET_CRYPTO_hash_context_read (hsh, peer, sizeof (*peer)); | ||
3345 | GNUNET_CRYPTO_hash_context_finish (hsh, &queue_map_key); | ||
3346 | queue = GNUNET_CONTAINER_multihashmap_get (queue_map, &queue_map_key); | ||
3347 | |||
3348 | if (NULL != queue) | ||
3349 | { | ||
3350 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3351 | "Queue for %s already exists or is in construction\n", address); | ||
3352 | return GNUNET_NO; | ||
3353 | } | ||
3354 | switch (in->sa_family) | ||
3355 | { | ||
3356 | case AF_INET: | ||
3357 | v4 = (struct sockaddr_in *) in; | ||
3358 | if (0 == v4->sin_port) | ||
3359 | { | ||
3360 | is_natd = GNUNET_YES; | ||
3361 | GNUNET_CRYPTO_hash (in, | ||
3362 | sizeof(struct sockaddr), | ||
3363 | &key); | ||
3364 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains ( | ||
3365 | pending_reversals, | ||
3366 | &key)) | ||
3367 | { | ||
3368 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
3369 | "There is already a request reversal for `%s'at `%s'\n", | ||
3370 | GNUNET_i2s (peer), | ||
3371 | address); | ||
3372 | GNUNET_free (in); | ||
3373 | return GNUNET_SYSERR; | ||
3374 | } | ||
3375 | } | ||
3376 | break; | ||
3377 | |||
3378 | case AF_INET6: | ||
3379 | if (GNUNET_YES == disable_v6) | ||
3380 | { | ||
3381 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3382 | "IPv6 disabled, skipping %s\n", address); | ||
3383 | GNUNET_free (in); | ||
3384 | return GNUNET_SYSERR; | ||
3385 | } | ||
3386 | v6 = (struct sockaddr_in6 *) in; | ||
3387 | if (0 == v6->sin6_port) | ||
3388 | { | ||
3389 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
3390 | "Request reversal for `%s' at `%s' not possible for an IPv6 address\n", | ||
3391 | GNUNET_i2s (peer), | ||
3392 | address); | ||
3393 | GNUNET_free (in); | ||
3394 | return GNUNET_SYSERR; | ||
3395 | } | ||
3396 | break; | ||
3397 | |||
3398 | default: | ||
3399 | GNUNET_assert (0); | ||
3400 | } | ||
3401 | |||
3402 | if (GNUNET_YES == is_natd) | ||
3403 | { | ||
3404 | struct sockaddr_in local_sa; | ||
3405 | struct PendingReversal *pending_reversal; | ||
3406 | |||
3407 | memset (&local_sa, 0, sizeof(local_sa)); | ||
3408 | local_sa.sin_family = AF_INET; | ||
3409 | local_sa.sin_port = htons (bind_port); | ||
3410 | /* We leave sin_address at 0, let the kernel figure it out, | ||
3411 | even if our bind() is more specific. (May want to reconsider | ||
3412 | later.) */ | ||
3413 | if (GNUNET_OK != GNUNET_NAT_request_reversal (nat, &local_sa, v4)) | ||
3414 | { | ||
3415 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
3416 | "request reversal for `%s' at `%s' failed\n", | ||
3417 | GNUNET_i2s (peer), | ||
3418 | address); | ||
3419 | GNUNET_free (in); | ||
3420 | return GNUNET_SYSERR; | ||
3421 | } | ||
3422 | pending_reversal = GNUNET_new (struct PendingReversal); | ||
3423 | pending_reversal->in = in; | ||
3424 | GNUNET_assert (GNUNET_OK == | ||
3425 | GNUNET_CONTAINER_multihashmap_put (pending_reversals, | ||
3426 | &key, | ||
3427 | pending_reversal, | ||
3428 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); | ||
3429 | pending_reversal->target = *peer; | ||
3430 | pending_reversal->timeout_task = GNUNET_SCHEDULER_add_delayed (NAT_TIMEOUT, | ||
3431 | & | ||
3432 | pending_reversal_timeout, | ||
3433 | in); | ||
3434 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3435 | "Created NAT WAIT connection to `%s' at `%s'\n", | ||
3436 | GNUNET_i2s (peer), | ||
3437 | GNUNET_a2s (in, sizeof (struct sockaddr))); | ||
3438 | } | ||
3439 | else | ||
3440 | { | ||
3441 | struct GNUNET_NETWORK_Handle *sock; | ||
3442 | |||
3443 | sock = GNUNET_NETWORK_socket_create (in->sa_family, SOCK_STREAM, | ||
3444 | IPPROTO_TCP); | ||
3445 | if (NULL == sock) | ||
3446 | { | ||
3447 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
3448 | "socket(%d) failed: %s", | ||
3449 | in->sa_family, | ||
3450 | strerror (errno)); | ||
3451 | GNUNET_free (in); | ||
3452 | return GNUNET_SYSERR; | ||
3453 | } | ||
3454 | if ((GNUNET_OK != GNUNET_NETWORK_socket_connect (sock, in, in_len)) && | ||
3455 | (errno != EINPROGRESS)) | ||
3456 | { | ||
3457 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
3458 | "connect to `%s' failed: %s", | ||
3459 | address, | ||
3460 | strerror (errno)); | ||
3461 | GNUNET_NETWORK_socket_close (sock); | ||
3462 | GNUNET_free (in); | ||
3463 | return GNUNET_SYSERR; | ||
3464 | } | ||
3465 | |||
3466 | queue = GNUNET_new (struct Queue); | ||
3467 | queue->target = *peer; | ||
3468 | queue->key = queue_map_key; | ||
3469 | queue->address = in; | ||
3470 | queue->address_len = in_len; | ||
3471 | queue->sock = sock; | ||
3472 | queue->cs = GNUNET_TRANSPORT_CS_OUTBOUND; | ||
3473 | boot_queue (queue); | ||
3474 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3475 | "booted queue with target %s\n", | ||
3476 | GNUNET_i2s (&queue->target)); | ||
3477 | // queue->mq_awaits_continue = GNUNET_YES; | ||
3478 | queue->read_task = | ||
3479 | GNUNET_SCHEDULER_add_read_net (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT, | ||
3480 | queue->sock, | ||
3481 | &queue_read_kx, | ||
3482 | queue); | ||
3483 | |||
3484 | |||
3485 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3486 | "start kx mq_init\n"); | ||
3487 | |||
3488 | start_initial_kx_out (queue); | ||
3489 | queue->write_task = | ||
3490 | GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL, | ||
3491 | queue->sock, | ||
3492 | &queue_write, | ||
3493 | queue); | ||
3494 | } | ||
3495 | |||
3496 | return GNUNET_OK; | ||
3497 | } | ||
3498 | |||
3499 | |||
3500 | /** | ||
3501 | * Iterator over all ListenTasks to clean up. | ||
3502 | * | ||
3503 | * @param cls NULL | ||
3504 | * @param key unused | ||
3505 | * @param value the ListenTask to cancel. | ||
3506 | * @return #GNUNET_OK to continue to iterate | ||
3507 | */ | ||
3508 | static int | ||
3509 | get_lt_delete_it (void *cls, | ||
3510 | const struct GNUNET_HashCode *key, | ||
3511 | void *value) | ||
3512 | { | ||
3513 | struct ListenTask *lt = value; | ||
3514 | |||
3515 | (void) cls; | ||
3516 | (void) key; | ||
3517 | if (NULL != lt->listen_task) | ||
3518 | { | ||
3519 | GNUNET_SCHEDULER_cancel (lt->listen_task); | ||
3520 | lt->listen_task = NULL; | ||
3521 | } | ||
3522 | if (NULL != lt->listen_sock) | ||
3523 | { | ||
3524 | GNUNET_break (GNUNET_OK == GNUNET_NETWORK_socket_close (lt->listen_sock)); | ||
3525 | lt->listen_sock = NULL; | ||
3526 | } | ||
3527 | GNUNET_free (lt); | ||
3528 | return GNUNET_OK; | ||
3529 | } | ||
3530 | |||
3531 | |||
3532 | /** | ||
3533 | * Iterator over all message queues to clean up. | ||
3534 | * | ||
3535 | * @param cls NULL | ||
3536 | * @param target unused | ||
3537 | * @param value the queue to destroy | ||
3538 | * @return #GNUNET_OK to continue to iterate | ||
3539 | */ | ||
3540 | static int | ||
3541 | get_queue_delete_it (void *cls, | ||
3542 | const struct GNUNET_HashCode *target, | ||
3543 | void *value) | ||
3544 | { | ||
3545 | struct Queue *queue = value; | ||
3546 | |||
3547 | (void) cls; | ||
3548 | (void) target; | ||
3549 | queue_destroy (queue); | ||
3550 | return GNUNET_OK; | ||
3551 | } | ||
3552 | |||
3553 | |||
3554 | /** | ||
3555 | * Shutdown the UNIX communicator. | ||
3556 | * | ||
3557 | * @param cls NULL (always) | ||
3558 | */ | ||
3559 | static void | ||
3560 | do_shutdown (void *cls) | ||
3561 | { | ||
3562 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3563 | "Shutdown %s!\n", | ||
3564 | shutdown_running ? "running" : "not running"); | ||
3565 | |||
3566 | if (GNUNET_YES == shutdown_running) | ||
3567 | return; | ||
3568 | else | ||
3569 | shutdown_running = GNUNET_YES; | ||
3570 | |||
3571 | while (NULL != proto_head) | ||
3572 | free_proto_queue (proto_head); | ||
3573 | if (NULL != nat) | ||
3574 | { | ||
3575 | GNUNET_NAT_unregister (nat); | ||
3576 | nat = NULL; | ||
3577 | } | ||
3578 | GNUNET_CONTAINER_multihashmap_iterate (pending_reversals, | ||
3579 | &pending_reversals_delete_it, NULL); | ||
3580 | GNUNET_CONTAINER_multihashmap_destroy (pending_reversals); | ||
3581 | GNUNET_CONTAINER_multihashmap_iterate (lt_map, &get_lt_delete_it, NULL); | ||
3582 | GNUNET_CONTAINER_multihashmap_destroy (lt_map); | ||
3583 | GNUNET_CONTAINER_multihashmap_iterate (queue_map, &get_queue_delete_it, NULL); | ||
3584 | GNUNET_CONTAINER_multihashmap_destroy (queue_map); | ||
3585 | if (NULL != ch) | ||
3586 | { | ||
3587 | GNUNET_TRANSPORT_communicator_address_remove_all (ch); | ||
3588 | GNUNET_TRANSPORT_communicator_disconnect (ch); | ||
3589 | ch = NULL; | ||
3590 | } | ||
3591 | if (NULL != stats) | ||
3592 | { | ||
3593 | GNUNET_STATISTICS_destroy (stats, GNUNET_YES); | ||
3594 | stats = NULL; | ||
3595 | } | ||
3596 | if (NULL != my_private_key) | ||
3597 | { | ||
3598 | GNUNET_free (my_private_key); | ||
3599 | my_private_key = NULL; | ||
3600 | } | ||
3601 | if (NULL != is) | ||
3602 | { | ||
3603 | GNUNET_NT_scanner_done (is); | ||
3604 | is = NULL; | ||
3605 | } | ||
3606 | if (NULL != peerstore) | ||
3607 | { | ||
3608 | GNUNET_PEERSTORE_disconnect (peerstore); | ||
3609 | peerstore = NULL; | ||
3610 | } | ||
3611 | if (NULL != resolve_request_handle) | ||
3612 | { | ||
3613 | GNUNET_RESOLVER_request_cancel (resolve_request_handle); | ||
3614 | resolve_request_handle = NULL; | ||
3615 | } | ||
3616 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3617 | "Shutdown done!\n"); | ||
3618 | } | ||
3619 | |||
3620 | |||
3621 | /** | ||
3622 | * Function called when the transport service has received an | ||
3623 | * acknowledgement for this communicator (!) via a different return | ||
3624 | * path. | ||
3625 | * | ||
3626 | * Not applicable for TCP. | ||
3627 | * | ||
3628 | * @param cls closure | ||
3629 | * @param sender which peer sent the notification | ||
3630 | * @param msg payload | ||
3631 | */ | ||
3632 | static void | ||
3633 | enc_notify_cb (void *cls, | ||
3634 | const struct GNUNET_PeerIdentity *sender, | ||
3635 | const struct GNUNET_MessageHeader *msg) | ||
3636 | { | ||
3637 | (void) cls; | ||
3638 | (void) sender; | ||
3639 | (void) msg; | ||
3640 | GNUNET_break_op (0); | ||
3641 | } | ||
3642 | |||
3643 | |||
3644 | /** | ||
3645 | * Signature of the callback passed to #GNUNET_NAT_register() for | ||
3646 | * a function to call whenever our set of 'valid' addresses changes. | ||
3647 | * | ||
3648 | * @param cls closure | ||
3649 | * @param[in,out] app_ctx location where the app can store stuff | ||
3650 | * on add and retrieve it on remove | ||
3651 | * @param add_remove #GNUNET_YES to add a new public IP address, | ||
3652 | * #GNUNET_NO to remove a previous (now invalid) one | ||
3653 | * @param ac address class the address belongs to | ||
3654 | * @param addr either the previous or the new public IP address | ||
3655 | * @param addrlen actual length of the @a addr | ||
3656 | */ | ||
3657 | static void | ||
3658 | nat_address_cb (void *cls, | ||
3659 | void **app_ctx, | ||
3660 | int add_remove, | ||
3661 | enum GNUNET_NAT_AddressClass ac, | ||
3662 | const struct sockaddr *addr, | ||
3663 | socklen_t addrlen) | ||
3664 | { | ||
3665 | char *my_addr; | ||
3666 | struct GNUNET_TRANSPORT_AddressIdentifier *ai; | ||
3667 | |||
3668 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3669 | "nat address cb %s %s\n", | ||
3670 | add_remove ? "add" : "remove", | ||
3671 | GNUNET_a2s (addr, addrlen)); | ||
3672 | |||
3673 | if (GNUNET_YES == add_remove) | ||
3674 | { | ||
3675 | enum GNUNET_NetworkType nt; | ||
3676 | |||
3677 | GNUNET_asprintf (&my_addr, | ||
3678 | "%s-%s", | ||
3679 | COMMUNICATOR_ADDRESS_PREFIX, | ||
3680 | GNUNET_a2s (addr, addrlen)); | ||
3681 | nt = GNUNET_NT_scanner_get_type (is, addr, addrlen); | ||
3682 | ai = | ||
3683 | GNUNET_TRANSPORT_communicator_address_add (ch, | ||
3684 | my_addr, | ||
3685 | nt, | ||
3686 | GNUNET_TIME_UNIT_FOREVER_REL); | ||
3687 | GNUNET_free (my_addr); | ||
3688 | *app_ctx = ai; | ||
3689 | } | ||
3690 | else | ||
3691 | { | ||
3692 | ai = *app_ctx; | ||
3693 | GNUNET_TRANSPORT_communicator_address_remove (ai); | ||
3694 | *app_ctx = NULL; | ||
3695 | } | ||
3696 | } | ||
3697 | |||
3698 | |||
3699 | /** | ||
3700 | * This method adds addresses to the DLL, that are later register at the NAT service. | ||
3701 | */ | ||
3702 | static void | ||
3703 | add_addr (struct sockaddr *in, socklen_t in_len) | ||
3704 | { | ||
3705 | |||
3706 | struct Addresses *saddrs; | ||
3707 | |||
3708 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3709 | "add address %s\n", | ||
3710 | GNUNET_a2s (in, in_len)); | ||
3711 | |||
3712 | saddrs = GNUNET_new (struct Addresses); | ||
3713 | saddrs->addr = in; | ||
3714 | saddrs->addr_len = in_len; | ||
3715 | GNUNET_CONTAINER_DLL_insert (addrs_head, addrs_tail, saddrs); | ||
3716 | |||
3717 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3718 | "after add address %s\n", | ||
3719 | GNUNET_a2s (in, in_len)); | ||
3720 | |||
3721 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3722 | "add address %s\n", | ||
3723 | GNUNET_a2s (saddrs->addr, saddrs->addr_len)); | ||
3724 | |||
3725 | addrs_lens++; | ||
3726 | } | ||
3727 | |||
3728 | |||
3729 | /** | ||
3730 | * This method launch network interactions for each address we like to bind to. | ||
3731 | * | ||
3732 | * @param addr The address we will listen to. | ||
3733 | * @param in_len The length of the address we will listen to. | ||
3734 | * @return GNUNET_SYSERR in case of error. GNUNET_OK in case we are successfully listen to the address. | ||
3735 | */ | ||
3736 | static int | ||
3737 | init_socket (struct sockaddr *addr, | ||
3738 | socklen_t in_len) | ||
3739 | { | ||
3740 | struct sockaddr_storage in_sto; | ||
3741 | socklen_t sto_len; | ||
3742 | struct GNUNET_NETWORK_Handle *listen_sock; | ||
3743 | struct ListenTask *lt; | ||
3744 | int sockfd; | ||
3745 | struct GNUNET_HashCode h_sock; | ||
3746 | |||
3747 | if (NULL == addr) | ||
3748 | { | ||
3749 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
3750 | "Address is NULL.\n"); | ||
3751 | return GNUNET_SYSERR; | ||
3752 | } | ||
3753 | |||
3754 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3755 | "address %s\n", | ||
3756 | GNUNET_a2s (addr, in_len)); | ||
3757 | |||
3758 | listen_sock = | ||
3759 | GNUNET_NETWORK_socket_create (addr->sa_family, SOCK_STREAM, IPPROTO_TCP); | ||
3760 | if (NULL == listen_sock) | ||
3761 | { | ||
3762 | GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "socket"); | ||
3763 | return GNUNET_SYSERR; | ||
3764 | } | ||
3765 | |||
3766 | if (GNUNET_OK != GNUNET_NETWORK_socket_bind (listen_sock, addr, in_len)) | ||
3767 | { | ||
3768 | GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "bind"); | ||
3769 | GNUNET_NETWORK_socket_close (listen_sock); | ||
3770 | listen_sock = NULL; | ||
3771 | return GNUNET_SYSERR; | ||
3772 | } | ||
3773 | |||
3774 | if (GNUNET_OK != | ||
3775 | GNUNET_NETWORK_socket_listen (listen_sock, | ||
3776 | 5)) | ||
3777 | { | ||
3778 | GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, | ||
3779 | "listen"); | ||
3780 | GNUNET_NETWORK_socket_close (listen_sock); | ||
3781 | listen_sock = NULL; | ||
3782 | return GNUNET_SYSERR; | ||
3783 | } | ||
3784 | |||
3785 | /* We might have bound to port 0, allowing the OS to figure it out; | ||
3786 | thus, get the real IN-address from the socket */ | ||
3787 | sto_len = sizeof(in_sto); | ||
3788 | |||
3789 | if (0 != getsockname (GNUNET_NETWORK_get_fd (listen_sock), | ||
3790 | (struct sockaddr *) &in_sto, | ||
3791 | &sto_len)) | ||
3792 | { | ||
3793 | memcpy (&in_sto, addr, in_len); | ||
3794 | sto_len = in_len; | ||
3795 | } | ||
3796 | |||
3797 | // addr = (struct sockaddr *) &in_sto; | ||
3798 | in_len = sto_len; | ||
3799 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3800 | "Bound to `%s'\n", | ||
3801 | GNUNET_a2s ((const struct sockaddr *) &in_sto, sto_len)); | ||
3802 | stats = GNUNET_STATISTICS_create ("communicator-tcp", cfg); | ||
3803 | |||
3804 | if (NULL == is) | ||
3805 | is = GNUNET_NT_scanner_init (); | ||
3806 | |||
3807 | if (NULL == my_private_key) | ||
3808 | my_private_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg); | ||
3809 | if (NULL == my_private_key) | ||
3810 | { | ||
3811 | GNUNET_log ( | ||
3812 | GNUNET_ERROR_TYPE_ERROR, | ||
3813 | _ ( | ||
3814 | "Transport service is lacking key configuration settings. Exiting.\n")); | ||
3815 | if (NULL != resolve_request_handle) | ||
3816 | GNUNET_RESOLVER_request_cancel (resolve_request_handle); | ||
3817 | GNUNET_SCHEDULER_shutdown (); | ||
3818 | return GNUNET_SYSERR; | ||
3819 | } | ||
3820 | GNUNET_CRYPTO_eddsa_key_get_public (my_private_key, &my_identity.public_key); | ||
3821 | /* start listening */ | ||
3822 | |||
3823 | lt = GNUNET_new (struct ListenTask); | ||
3824 | lt->listen_sock = listen_sock; | ||
3825 | |||
3826 | lt->listen_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL, | ||
3827 | listen_sock, | ||
3828 | &listen_cb, | ||
3829 | lt); | ||
3830 | |||
3831 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3832 | "creating hash\n"); | ||
3833 | sockfd = GNUNET_NETWORK_get_fd (lt->listen_sock); | ||
3834 | GNUNET_CRYPTO_hash (&sockfd, | ||
3835 | sizeof(int), | ||
3836 | &h_sock); | ||
3837 | |||
3838 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3839 | "creating map\n"); | ||
3840 | if (NULL == lt_map) | ||
3841 | lt_map = GNUNET_CONTAINER_multihashmap_create (2, GNUNET_NO); | ||
3842 | |||
3843 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3844 | "creating map entry\n"); | ||
3845 | GNUNET_assert (GNUNET_OK == | ||
3846 | GNUNET_CONTAINER_multihashmap_put (lt_map, | ||
3847 | &h_sock, | ||
3848 | lt, | ||
3849 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); | ||
3850 | |||
3851 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3852 | "map entry created\n"); | ||
3853 | |||
3854 | if (NULL == queue_map) | ||
3855 | queue_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); | ||
3856 | |||
3857 | if (NULL == ch) | ||
3858 | ch = GNUNET_TRANSPORT_communicator_connect (cfg, | ||
3859 | COMMUNICATOR_CONFIG_SECTION, | ||
3860 | COMMUNICATOR_ADDRESS_PREFIX, | ||
3861 | GNUNET_TRANSPORT_CC_RELIABLE, | ||
3862 | &mq_init, | ||
3863 | NULL, | ||
3864 | &enc_notify_cb, | ||
3865 | NULL); | ||
3866 | |||
3867 | if (NULL == ch) | ||
3868 | { | ||
3869 | GNUNET_break (0); | ||
3870 | if (NULL != resolve_request_handle) | ||
3871 | GNUNET_RESOLVER_request_cancel (resolve_request_handle); | ||
3872 | GNUNET_SCHEDULER_shutdown (); | ||
3873 | return GNUNET_SYSERR; | ||
3874 | } | ||
3875 | |||
3876 | add_addr (addr, in_len); | ||
3877 | return GNUNET_OK; | ||
3878 | |||
3879 | } | ||
3880 | |||
3881 | |||
3882 | /** | ||
3883 | * This method reads from the DLL addrs_head to register them at the NAT service. | ||
3884 | */ | ||
3885 | static void | ||
3886 | nat_register () | ||
3887 | { | ||
3888 | struct sockaddr **saddrs; | ||
3889 | socklen_t *saddr_lens; | ||
3890 | int i; | ||
3891 | size_t len; | ||
3892 | |||
3893 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3894 | "starting nat register!\n"); | ||
3895 | len = 0; | ||
3896 | i = 0; | ||
3897 | saddrs = GNUNET_malloc ((addrs_lens) * sizeof(struct sockaddr *)); | ||
3898 | saddr_lens = GNUNET_malloc ((addrs_lens) * sizeof(socklen_t)); | ||
3899 | for (struct Addresses *pos = addrs_head; NULL != pos; pos = pos->next) | ||
3900 | { | ||
3901 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3902 | "registering address %s\n", | ||
3903 | GNUNET_a2s (addrs_head->addr, addrs_head->addr_len)); | ||
3904 | |||
3905 | saddr_lens[i] = addrs_head->addr_len; | ||
3906 | len += saddr_lens[i]; | ||
3907 | saddrs[i] = GNUNET_memdup (addrs_head->addr, saddr_lens[i]); | ||
3908 | i++; | ||
3909 | } | ||
3910 | |||
3911 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3912 | "registering addresses %lu %lu %lu %lu\n", | ||
3913 | (addrs_lens) * sizeof(struct sockaddr *), | ||
3914 | (addrs_lens) * sizeof(socklen_t), | ||
3915 | len, | ||
3916 | sizeof(COMMUNICATOR_CONFIG_SECTION)); | ||
3917 | nat = GNUNET_NAT_register (cfg, | ||
3918 | COMMUNICATOR_CONFIG_SECTION, | ||
3919 | IPPROTO_TCP, | ||
3920 | addrs_lens, | ||
3921 | (const struct sockaddr **) saddrs, | ||
3922 | saddr_lens, | ||
3923 | &nat_address_cb, | ||
3924 | try_connection_reversal, | ||
3925 | NULL /* closure */); | ||
3926 | for (i = addrs_lens - 1; i >= 0; i--) | ||
3927 | GNUNET_free (saddrs[i]); | ||
3928 | GNUNET_free (saddrs); | ||
3929 | GNUNET_free (saddr_lens); | ||
3930 | |||
3931 | if (NULL == nat) | ||
3932 | { | ||
3933 | GNUNET_break (0); | ||
3934 | if (NULL != resolve_request_handle) | ||
3935 | GNUNET_RESOLVER_request_cancel (resolve_request_handle); | ||
3936 | GNUNET_SCHEDULER_shutdown (); | ||
3937 | } | ||
3938 | } | ||
3939 | |||
3940 | |||
3941 | /** | ||
3942 | * This method is the callback called by the resolver API, and wraps method init_socket. | ||
3943 | * | ||
3944 | * @param cls The port we will bind to. | ||
3945 | * @param addr The address we will bind to. | ||
3946 | * @param in_len The length of the address we will bind to. | ||
3947 | */ | ||
3948 | static void | ||
3949 | init_socket_resolv (void *cls, | ||
3950 | const struct sockaddr *addr, | ||
3951 | socklen_t in_len) | ||
3952 | { | ||
3953 | struct sockaddr_in *v4; | ||
3954 | struct sockaddr_in6 *v6; | ||
3955 | struct sockaddr *in; | ||
3956 | |||
3957 | (void) cls; | ||
3958 | if (NULL != addr) | ||
3959 | { | ||
3960 | if (AF_INET == addr->sa_family) | ||
3961 | { | ||
3962 | v4 = (struct sockaddr_in *) addr; | ||
3963 | in = tcp_address_to_sockaddr_numeric_v4 (&in_len, *v4, bind_port);// _global); | ||
3964 | } | ||
3965 | else if (AF_INET6 == addr->sa_family) | ||
3966 | { | ||
3967 | v6 = (struct sockaddr_in6 *) addr; | ||
3968 | in = tcp_address_to_sockaddr_numeric_v6 (&in_len, *v6, bind_port);// _global); | ||
3969 | } | ||
3970 | else | ||
3971 | { | ||
3972 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
3973 | "Address family %u not suitable (not AF_INET %u nor AF_INET6 %u \n", | ||
3974 | addr->sa_family, | ||
3975 | AF_INET, | ||
3976 | AF_INET6); | ||
3977 | return; | ||
3978 | } | ||
3979 | init_socket (in, in_len); | ||
3980 | } | ||
3981 | else | ||
3982 | { | ||
3983 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
3984 | "Address is NULL. This might be an error or the resolver finished resolving.\n"); | ||
3985 | if (NULL == addrs_head) | ||
3986 | { | ||
3987 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
3988 | "Resolver finished resolving, but we do not listen to an address!.\n"); | ||
3989 | return; | ||
3990 | } | ||
3991 | nat_register (); | ||
3992 | } | ||
3993 | } | ||
3994 | |||
3995 | |||
3996 | /** | ||
3997 | * Setup communicator and launch network interactions. | ||
3998 | * | ||
3999 | * @param cls NULL (always) | ||
4000 | * @param args remaining command-line arguments | ||
4001 | * @param cfgfile name of the configuration file used (for saving, can be NULL!) | ||
4002 | * @param c configuration | ||
4003 | */ | ||
4004 | static void | ||
4005 | run (void *cls, | ||
4006 | char *const *args, | ||
4007 | const char *cfgfile, | ||
4008 | const struct GNUNET_CONFIGURATION_Handle *c) | ||
4009 | { | ||
4010 | char *bindto; | ||
4011 | struct sockaddr *in; | ||
4012 | socklen_t in_len; | ||
4013 | struct sockaddr_in v4; | ||
4014 | struct sockaddr_in6 v6; | ||
4015 | char *start; | ||
4016 | unsigned int port; | ||
4017 | char dummy[2]; | ||
4018 | char *rest = NULL; | ||
4019 | struct PortOnlyIpv4Ipv6 *po; | ||
4020 | socklen_t addr_len_ipv4; | ||
4021 | socklen_t addr_len_ipv6; | ||
4022 | |||
4023 | (void) cls; | ||
4024 | |||
4025 | pending_reversals = GNUNET_CONTAINER_multihashmap_create (16, GNUNET_NO); | ||
4026 | memset (&v4,0,sizeof(struct sockaddr_in)); | ||
4027 | memset (&v6,0,sizeof(struct sockaddr_in6)); | ||
4028 | cfg = c; | ||
4029 | if (GNUNET_OK != | ||
4030 | GNUNET_CONFIGURATION_get_value_string (cfg, | ||
4031 | COMMUNICATOR_CONFIG_SECTION, | ||
4032 | "BINDTO", | ||
4033 | &bindto)) | ||
4034 | { | ||
4035 | GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, | ||
4036 | COMMUNICATOR_CONFIG_SECTION, | ||
4037 | "BINDTO"); | ||
4038 | return; | ||
4039 | } | ||
4040 | if (GNUNET_OK != | ||
4041 | GNUNET_CONFIGURATION_get_value_number (cfg, | ||
4042 | COMMUNICATOR_CONFIG_SECTION, | ||
4043 | "MAX_QUEUE_LENGTH", | ||
4044 | &max_queue_length)) | ||
4045 | { | ||
4046 | max_queue_length = DEFAULT_MAX_QUEUE_LENGTH; | ||
4047 | } | ||
4048 | if (GNUNET_OK != | ||
4049 | GNUNET_CONFIGURATION_get_value_time (cfg, | ||
4050 | COMMUNICATOR_CONFIG_SECTION, | ||
4051 | "REKEY_INTERVAL", | ||
4052 | &rekey_interval)) | ||
4053 | { | ||
4054 | rekey_interval = DEFAULT_REKEY_INTERVAL; | ||
4055 | } | ||
4056 | if (GNUNET_OK != | ||
4057 | GNUNET_CONFIGURATION_get_value_number (cfg, | ||
4058 | COMMUNICATOR_CONFIG_SECTION, | ||
4059 | "REKEY_MAX_BYTES", | ||
4060 | &rekey_max_bytes)) | ||
4061 | { | ||
4062 | rekey_max_bytes = REKEY_MAX_BYTES; | ||
4063 | } | ||
4064 | disable_v6 = GNUNET_NO; | ||
4065 | if ((GNUNET_NO == GNUNET_NETWORK_test_pf (PF_INET6)) || | ||
4066 | (GNUNET_YES == | ||
4067 | GNUNET_CONFIGURATION_get_value_yesno (cfg, | ||
4068 | COMMUNICATOR_CONFIG_SECTION, | ||
4069 | "DISABLE_V6"))) | ||
4070 | { | ||
4071 | disable_v6 = GNUNET_YES; | ||
4072 | } | ||
4073 | peerstore = GNUNET_PEERSTORE_connect (cfg); | ||
4074 | if (NULL == peerstore) | ||
4075 | { | ||
4076 | GNUNET_free (bindto); | ||
4077 | GNUNET_break (0); | ||
4078 | GNUNET_SCHEDULER_shutdown (); | ||
4079 | return; | ||
4080 | } | ||
4081 | |||
4082 | GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); | ||
4083 | |||
4084 | if (1 == sscanf (bindto, "%u%1s", &bind_port, dummy)) | ||
4085 | { | ||
4086 | po = tcp_address_to_sockaddr_port_only (bindto, &bind_port); | ||
4087 | addr_len_ipv4 = po->addr_len_ipv4; | ||
4088 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
4089 | "address po %s\n", | ||
4090 | GNUNET_a2s (po->addr_ipv4, addr_len_ipv4)); | ||
4091 | if (NULL != po->addr_ipv4) | ||
4092 | { | ||
4093 | init_socket (po->addr_ipv4, addr_len_ipv4); | ||
4094 | } | ||
4095 | if (NULL != po->addr_ipv6) | ||
4096 | { | ||
4097 | addr_len_ipv6 = po->addr_len_ipv6; | ||
4098 | init_socket (po->addr_ipv6, addr_len_ipv6); | ||
4099 | } | ||
4100 | GNUNET_free (po); | ||
4101 | nat_register (); | ||
4102 | GNUNET_free (bindto); | ||
4103 | return; | ||
4104 | } | ||
4105 | |||
4106 | start = extract_address (bindto); | ||
4107 | // FIXME: check for NULL == start... | ||
4108 | if (1 == inet_pton (AF_INET, start, &v4.sin_addr)) | ||
4109 | { | ||
4110 | bind_port = extract_port (bindto); | ||
4111 | |||
4112 | in = tcp_address_to_sockaddr_numeric_v4 (&in_len, v4, bind_port); | ||
4113 | init_socket (in, in_len); | ||
4114 | nat_register (); | ||
4115 | GNUNET_free (start); | ||
4116 | GNUNET_free (bindto); | ||
4117 | return; | ||
4118 | } | ||
4119 | |||
4120 | if (1 == inet_pton (AF_INET6, start, &v6.sin6_addr)) | ||
4121 | { | ||
4122 | bind_port = extract_port (bindto); | ||
4123 | in = tcp_address_to_sockaddr_numeric_v6 (&in_len, v6, bind_port); | ||
4124 | init_socket (in, in_len); | ||
4125 | nat_register (); | ||
4126 | GNUNET_free (start); | ||
4127 | GNUNET_free (bindto); | ||
4128 | return; | ||
4129 | } | ||
4130 | |||
4131 | bind_port = extract_port (bindto); | ||
4132 | resolve_request_handle = GNUNET_RESOLVER_ip_get (strtok_r (bindto, | ||
4133 | ":", | ||
4134 | &rest), | ||
4135 | AF_UNSPEC, | ||
4136 | GNUNET_TIME_UNIT_MINUTES, | ||
4137 | &init_socket_resolv, | ||
4138 | &port); | ||
4139 | |||
4140 | GNUNET_free (bindto); | ||
4141 | GNUNET_free (start); | ||
4142 | } | ||
4143 | |||
4144 | |||
4145 | /** | ||
4146 | * The main function for the UNIX communicator. | ||
4147 | * | ||
4148 | * @param argc number of arguments from the command line | ||
4149 | * @param argv command line arguments | ||
4150 | * @return 0 ok, 1 on error | ||
4151 | */ | ||
4152 | int | ||
4153 | main (int argc, char *const *argv) | ||
4154 | { | ||
4155 | static const struct GNUNET_GETOPT_CommandLineOption options[] = { | ||
4156 | GNUNET_GETOPT_OPTION_END | ||
4157 | }; | ||
4158 | int ret; | ||
4159 | |||
4160 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
4161 | "Starting tcp communicator\n"); | ||
4162 | if (GNUNET_OK != | ||
4163 | GNUNET_STRINGS_get_utf8_args (argc, argv, | ||
4164 | &argc, &argv)) | ||
4165 | return 2; | ||
4166 | |||
4167 | ret = (GNUNET_OK == | ||
4168 | GNUNET_PROGRAM_run (argc, | ||
4169 | argv, | ||
4170 | "gnunet-communicator-tcp", | ||
4171 | _ ("GNUnet TCP communicator"), | ||
4172 | options, | ||
4173 | &run, | ||
4174 | NULL)) | ||
4175 | ? 0 | ||
4176 | : 1; | ||
4177 | GNUNET_free_nz ((void *) argv); | ||
4178 | return ret; | ||
4179 | } | ||
4180 | |||
4181 | |||
4182 | /* end of gnunet-communicator-tcp.c */ | ||