aboutsummaryrefslogtreecommitdiff
path: root/src/transport
diff options
context:
space:
mode:
Diffstat (limited to 'src/transport')
-rw-r--r--src/transport/gnunet-service-tng.c233
1 files changed, 233 insertions, 0 deletions
diff --git a/src/transport/gnunet-service-tng.c b/src/transport/gnunet-service-tng.c
index 4d4ac509a..6c9e0589c 100644
--- a/src/transport/gnunet-service-tng.c
+++ b/src/transport/gnunet-service-tng.c
@@ -124,6 +124,22 @@
124#define REASSEMBLY_EXPIRATION GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 4) 124#define REASSEMBLY_EXPIRATION GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 4)
125 125
126/** 126/**
127 * What is the fastest rate at which we send challenges *if* we keep learning
128 * an address (gossip, DHT, etc.)?
129 */
130#define FAST_VALIDATION_CHALLENGE_FREQ GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 1)
131
132/**
133 * What is the slowest rate at which we send challenges?
134 */
135#define MAX_VALIDATION_CHALLENGE_FREQ GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_DAYS, 1)
136
137/**
138 * When do we forget an invalid address for sure?
139 */
140#define MAX_ADDRESS_VALID_UNTIL GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MONTHS, 1)
141
142/**
127 * How many messages can we have pending for a given communicator 143 * How many messages can we have pending for a given communicator
128 * process before we start to throttle that communicator? 144 * process before we start to throttle that communicator?
129 * 145 *
@@ -521,6 +537,105 @@ struct TransportDVBox
521}; 537};
522 538
523 539
540/**
541 * Message send to another peer to validate that it can indeed
542 * receive messages at a particular address.
543 */
544struct TransportValidationChallenge
545{
546
547 /**
548 * Type is #GNUNET_MESSAGE_TYPE_ADDRESS_VALIDATION_CHALLENGE
549 */
550 struct GNUNET_MessageHeader header;
551
552 /**
553 * Zero.
554 */
555 uint32_t reserved GNUNET_PACKED;
556
557 /**
558 * Challenge to be signed by the receiving peer.
559 */
560 struct GNUNET_ShortHashCode challenge;
561
562 /**
563 * Timestamp of the sender, to be copied into the reply
564 * to allow sender to calculate RTT.
565 */
566 struct GNUNET_TIME_AbsoluteNBO sender_time;
567};
568
569
570/**
571 * Message signed by a peer to confirm that it can indeed
572 * receive messages at a particular address.
573 */
574struct TransportValidationPS
575{
576
577 /**
578 * Purpose is #GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE
579 */
580 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
581
582 /**
583 * How long does the sender believe the address on
584 * which the challenge was received to remain valid?
585 */
586 struct GNUNET_TIME_RelativeNBO validity_duration;
587
588 /**
589 * Challenge signed by the receiving peer.
590 */
591 struct GNUNET_ShortHashCode challenge;
592
593};
594
595
596/**
597 * Message send to a peer to respond to a
598 * #GNUNET_MESSAGE_TYPE_ADDRESS_VALIDATION_CHALLENGE
599 */
600struct TransportValidationResponse
601{
602
603 /**
604 * Type is #GNUNET_MESSAGE_TYPE_ADDRESS_VALIDATION_RESPONSE
605 */
606 struct GNUNET_MessageHeader header;
607
608 /**
609 * Zero.
610 */
611 uint32_t reserved GNUNET_PACKED;
612
613 /**
614 * The peer's signature matching the
615 * #GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE purpose.
616 */
617 struct GNUNET_CRYPTO_EddsaSignature signature;
618
619 /**
620 * The challenge that was signed by the receiving peer.
621 */
622 struct GNUNET_ShortHashCode challenge;
623
624 /**
625 * Original timestamp of the sender (was @code{sender_time}),
626 * copied into the reply to allow sender to calculate RTT.
627 */
628 struct GNUNET_TIME_AbsoluteNBO origin_time;
629
630 /**
631 * How long does the sender believe this address to remain
632 * valid?
633 */
634 struct GNUNET_TIME_RelativeNBO validity_duration;
635};
636
637
638
524GNUNET_NETWORK_STRUCT_END 639GNUNET_NETWORK_STRUCT_END
525 640
526 641
@@ -1428,6 +1543,111 @@ struct TransportClient
1428 1543
1429 1544
1430/** 1545/**
1546 * State we keep for validation activities. Each of these
1547 * is both in the #validation_heap and the #validation_map.
1548 */
1549struct ValidationState
1550{
1551
1552 /**
1553 * For which peer is @a address to be validated (or possibly valid)?
1554 * Serves as key in the #validation_map.
1555 */
1556 struct GNUNET_PeerIdentity pid;
1557
1558 /**
1559 * How long did the peer claim this @e address to be valid? Capped at
1560 * minimum of #MAX_ADDRESS_VALID_UNTIL relative to the time where we last
1561 * were told about the address and the value claimed by the other peer at
1562 * that time. May be updated similarly when validation succeeds.
1563 */
1564 struct GNUNET_TIME_Absolute valid_until;
1565
1566 /**
1567 * How long do *we* consider this @e address to be valid?
1568 * In the past or zero if we have not yet validated it.
1569 */
1570 struct GNUNET_TIME_Absolute validated_until;
1571
1572 /**
1573 * When did we FIRST use the current @e challenge in a message?
1574 * Used to sanity-check @code{origin_time} in the response when
1575 * calculating the RTT. If the @code{origin_time} is not in
1576 * the expected range, the response is discarded as malicious.
1577 */
1578 struct GNUNET_TIME_Absolute first_challenge_use;
1579
1580 /**
1581 * When did we LAST use the current @e challenge in a message?
1582 * Used to sanity-check @code{origin_time} in the response when
1583 * calculating the RTT. If the @code{origin_time} is not in
1584 * the expected range, the response is discarded as malicious.
1585 */
1586 struct GNUNET_TIME_Absolute last_challenge_use;
1587
1588 /**
1589 * Next time we will send the @e challenge to the peer, if this time is past
1590 * @e valid_until, this validation state is released at this time. If the
1591 * address is valid, @e next_challenge is set to @e validated_until MINUS @e
1592 * validation_delay * 3, such that we will try to re-validate before the
1593 * validity actually expires.
1594 */
1595 struct GNUNET_TIME_Absolute next_challenge;
1596
1597 /**
1598 * Current backoff factor we're applying for sending the @a challenge.
1599 * Reset to 0 if the @a challenge is confirmed upon validation.
1600 * Reduced to minimum of #FAST_VALIDATION_CHALLENGE_FREQ and half of the
1601 * existing value if we receive an unvalidated address again over
1602 * another channel (and thus should consider the information "fresh").
1603 * Maximum is #MAX_VALIDATION_CHALLENGE_FREQ.
1604 */
1605 struct GNUNET_TIME_Relative challenge_backoff;
1606
1607 /**
1608 * Initially set to "forever". Once @e validated_until is set, this value is
1609 * set to the RTT that tells us how long it took to receive the validation.
1610 */
1611 struct GNUNET_TIME_Relative validation_rtt;
1612
1613 /**
1614 * The challenge we sent to the peer to get it to validate the address. Note
1615 * that we rotate the challenge whenever we update @e validated_until to
1616 * avoid attacks where a peer simply replays an old challenge in the future.
1617 * (We must not rotate more often as otherwise we may discard valid answers
1618 * due to packet losses, latency and reorderings on the network).
1619 */
1620 struct GNUNET_ShortHashCode challenge;
1621
1622 /**
1623 * Claimed address of the peer.
1624 */
1625 char *address;
1626
1627 /**
1628 * Entry in the #validation_heap, which is sorted by @e next_challenge. The
1629 * heap is used to figure out when the next validation activity should be
1630 * run.
1631 */
1632 struct GNUNET_CONTAINER_HeapNode *hn;
1633
1634 /**
1635 * Handle to a PEERSTORE store operation for this @e address. NULL if
1636 * no PEERSTORE operation is pending.
1637 */
1638 struct GNUNET_PEERSTORE_StoreContext *sc;
1639
1640 /**
1641 * Network type (presumably) associated with @e address. NEEDED?
1642 */
1643 enum GNUNET_NetworkType nt;
1644
1645};
1646
1647
1648
1649
1650/**
1431 * Head of linked list of all clients to this service. 1651 * Head of linked list of all clients to this service.
1432 */ 1652 */
1433static struct TransportClient *clients_head; 1653static struct TransportClient *clients_head;
@@ -1470,6 +1690,19 @@ static struct GNUNET_CONTAINER_MultiPeerMap *neighbours;
1470static struct GNUNET_CONTAINER_MultiPeerMap *dv_routes; 1690static struct GNUNET_CONTAINER_MultiPeerMap *dv_routes;
1471 1691
1472/** 1692/**
1693 * Map from PIDs to `struct ValidationState` entries describing
1694 * addresses we are aware of and their validity state.
1695 */
1696static struct GNUNET_CONTAINER_MultiPeerMap *validation_map;
1697
1698/**
1699 * MIN Heap sorted by "next_challenge" to `struct ValidationState` entries
1700 * sorting addresses we are aware of by when we should next try to (re)validate
1701 * (or expire) them.
1702 */
1703static struct GNUNET_CONTAINER_Heap *validation_heap;
1704
1705/**
1473 * Database for peer's HELLOs. 1706 * Database for peer's HELLOs.
1474 */ 1707 */
1475static struct GNUNET_PEERSTORE_Handle *peerstore; 1708static struct GNUNET_PEERSTORE_Handle *peerstore;