aboutsummaryrefslogtreecommitdiff
path: root/src/transport/gnunet-communicator-udp.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/transport/gnunet-communicator-udp.c')
-rw-r--r--src/transport/gnunet-communicator-udp.c97
1 files changed, 94 insertions, 3 deletions
diff --git a/src/transport/gnunet-communicator-udp.c b/src/transport/gnunet-communicator-udp.c
index 8e070d414..d464cd0d1 100644
--- a/src/transport/gnunet-communicator-udp.c
+++ b/src/transport/gnunet-communicator-udp.c
@@ -24,16 +24,22 @@
24 * @author Christian Grothoff 24 * @author Christian Grothoff
25 * 25 *
26 * TODO: 26 * TODO:
27 * - main BOXed sending logic 27 * - implement main BOXed sending logic
28 * - figure out what to do with MTU: 1280 for IPv6 is obvious; 28 * - figure out what to do with MTU: 1280 for IPv6 is obvious;
29 * what for IPv4? 1500? Also, consider differences in 29 * what for IPv4? 1500? Also, consider differences in
30 * headers for with/without box: need to give MIN of both 30 * headers for with/without box: need to give MIN of both
31 * to TNG (as TNG expects a fixed MTU!), or maybe 31 * to TNG (as TNG expects a fixed MTU!), or maybe
32 * we create a FRESH MQ while we have available BOXes SQNs? 32 * we create a FRESH MQ while we have available BOXes SQNs?
33 * (otherwise padding will REALLY hurt) 33 * (otherwise padding will REALLY hurt)
34 * - add and use util/ check for IPv6 availability (#V6)
35 * - consider imposing transmission limits in the absence
36 * of ACKs; or: maybe this should be done at TNG service level?
37 * - support broadcasting for neighbour discovery (#)
38 * (think: what was the story again on address validation?
39 * where is the API for that!?!)
34 * - support DNS names in BINDTO option (#5528) 40 * - support DNS names in BINDTO option (#5528)
35 * - support NAT connection reversal method (#5529) 41 * - support NAT connection reversal method (#5529)
36 * - support other UDP-specific NAT traversal methods 42 * - support other UDP-specific NAT traversal methods (#)
37 */ 43 */
38#include "platform.h" 44#include "platform.h"
39#include "gnunet_util_lib.h" 45#include "gnunet_util_lib.h"
@@ -242,6 +248,56 @@ struct UDPAck
242 248
243 249
244/** 250/**
251 * Signature we use to verify that the broadcast was really made by
252 * the peer that claims to have made it. Basically, affirms that the
253 * peer is really using this IP address (albeit possibly not in _our_
254 * LAN). Makes it difficult for peers in the LAN to claim to
255 * be just any global peer -- an attacker must have at least
256 * shared a LAN with the peer they're pretending to be here.
257 */
258struct UdpBroadcastSignature
259{
260 /**
261 * Purpose must be #GNUNET_SIGNATURE_COMMUNICATOR_UDP_BROADCAST
262 */
263 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
264
265 /**
266 * Identity of the inititor of the UDP broadcast.
267 */
268 struct GNUNET_PeerIdentity sender;
269
270 /**
271 * Hash of the sender's UDP address.
272 */
273 struct GNUNET_HashCode h_address;
274};
275
276
277/**
278 * Broadcast by peer in LAN announcing its presence. Unusual in that
279 * we don't pad these to full MTU, as we cannot prevent being
280 * recognized in LAN as GNUnet peers if this feature is enabled
281 * anyway. Also, the entire message is in cleartext.
282 */
283struct UDPBroadcast
284{
285
286 /**
287 * Sender's peer identity.
288 */
289 struct GNUNET_PeerIdentity sender;
290
291 /**
292 * Sender's signature of type
293 * #GNUNET_SIGNATURE_COMMUNICATOR_UDP_BROADCAST
294 */
295 struct GNUNET_CRYPTO_EddsaSignature sender_sig;
296
297};
298
299
300/**
245 * UDP message box. Always sent encrypted, only allowed after 301 * UDP message box. Always sent encrypted, only allowed after
246 * the receiver sent a `struct UDPAck` for the base key! 302 * the receiver sent a `struct UDPAck` for the base key!
247 */ 303 */
@@ -1414,6 +1470,7 @@ sock_read (void *cls)
1414 "recv"); 1470 "recv");
1415 return; 1471 return;
1416 } 1472 }
1473
1417 /* first, see if it is a UDPBox */ 1474 /* first, see if it is a UDPBox */
1418 if (rcvd > sizeof (struct UDPBox)) 1475 if (rcvd > sizeof (struct UDPBox))
1419 { 1476 {
@@ -1431,7 +1488,39 @@ sock_read (void *cls)
1431 return; 1488 return;
1432 } 1489 }
1433 } 1490 }
1434 /* next, test if it is a KX */ 1491
1492 /* next, check if it is a broadcast */
1493 if (sizeof (struct UDPBroadcast) == rcvd)
1494 {
1495 const struct UDPBroadcast *ub;
1496 struct UdpBroadcastSignature uhs;
1497
1498 ub = (const struct UDPBroadcast *) buf;
1499 uhs.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_UDP_BROADCAST);
1500 uhs.purpose.size = htonl (sizeof (uhs));
1501 uhs.sender = ub->sender;
1502 GNUNET_CRYPTO_hash (&sa,
1503 salen,
1504 &uhs.h_address);
1505 if (GNUNET_OK ==
1506 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_UDP_BROADCAST,
1507 &uhs.purpose,
1508 &ub->sender_sig,
1509 &ub->sender.public_key))
1510 {
1511 GNUNET_STATISTICS_update (stats,
1512 "# broadcasts received",
1513 1,
1514 GNUNET_NO);
1515 // FIXME: we effectively just got a HELLO!
1516 // trigger verification NOW!
1517 return;
1518 }
1519 /* continue with KX, mostly for statistics... */
1520 }
1521
1522
1523 /* finally, test if it is a KX */
1435 if (rcvd < sizeof (struct UDPConfirmation) + sizeof (struct InitialKX)) 1524 if (rcvd < sizeof (struct UDPConfirmation) + sizeof (struct InitialKX))
1436 { 1525 {
1437 GNUNET_STATISTICS_update (stats, 1526 GNUNET_STATISTICS_update (stats,
@@ -1535,6 +1624,8 @@ udp_address_to_sockaddr (const char *bindto,
1535 bindto); 1624 bindto);
1536 return NULL; 1625 return NULL;
1537 } 1626 }
1627 /* FIXME #V6: add test to util/ for IPv6 availability,
1628 and depending on the result, go directly for v4-only */
1538 if (GNUNET_YES == 1629 if (GNUNET_YES ==
1539 GNUNET_CONFIGURATION_get_value_yesno (cfg, 1630 GNUNET_CONFIGURATION_get_value_yesno (cfg,
1540 COMMUNICATOR_CONFIG_SECTION, 1631 COMMUNICATOR_CONFIG_SECTION,