From 0ba623e7e8dc6cfccd0954ba0a0c541ae9686d1c Mon Sep 17 00:00:00 2001 From: Matthias Wachs Date: Wed, 27 Mar 2013 16:31:31 +0000 Subject: transport cfg based blacklisting --- src/transport/Makefile.am | 18 ++++- src/transport/gnunet-service-transport.c | 2 +- src/transport/gnunet-service-transport_blacklist.c | 87 +++++++++++++++++++++- src/transport/gnunet-service-transport_blacklist.h | 6 +- .../test_transport_blacklisting_cfg_blp_peer1.conf | 37 +++++++++ .../test_transport_blacklisting_cfg_blp_peer2.conf | 36 +++++++++ .../test_transport_blacklisting_cfg_peer1.conf | 30 ++++++++ .../test_transport_blacklisting_cfg_peer2.conf | 29 ++++++++ 8 files changed, 238 insertions(+), 7 deletions(-) create mode 100644 src/transport/test_transport_blacklisting_cfg_blp_peer1.conf create mode 100644 src/transport/test_transport_blacklisting_cfg_blp_peer2.conf create mode 100644 src/transport/test_transport_blacklisting_cfg_peer1.conf create mode 100644 src/transport/test_transport_blacklisting_cfg_peer2.conf (limited to 'src') diff --git a/src/transport/Makefile.am b/src/transport/Makefile.am index 5f65dff60..faa9d437d 100644 --- a/src/transport/Makefile.am +++ b/src/transport/Makefile.am @@ -323,6 +323,7 @@ check_PROGRAMS = \ $(HTTP_SERVER_PLUGIN_TEST) \ $(HTTPS_SERVER_PLUGIN_TEST) \ test_transport_api_blacklisting \ + test_transport_blacklisting_cfg \ test_transport_api_disconnect_tcp \ test_transport_api_bidirectional_connect \ test_transport_api_tcp \ @@ -373,6 +374,7 @@ TESTS = \ $(UNIX_TEST) \ $(WLAN_PLUGIN_TEST) \ test_transport_api_blacklisting \ + test_transport_blacklisting_cfg \ test_transport_api_disconnect_tcp \ test_transport_api_bidirectional_connect \ test_transport_api_tcp \ @@ -443,6 +445,16 @@ test_transport_api_blacklisting_LDADD = \ $(top_builddir)/src/statistics/libgnunetstatistics.la \ $(top_builddir)/src/util/libgnunetutil.la \ $(top_builddir)/src/transport/libgnunettransporttesting.la + +test_transport_blacklisting_cfg_SOURCES = \ + test_transport_blacklisting_cfg.c +test_transport_blacklisting_cfg_LDADD = \ + $(top_builddir)/src/transport/libgnunettransport.la \ + $(top_builddir)/src/hello/libgnunethello.la \ + $(top_builddir)/src/statistics/libgnunetstatistics.la \ + $(top_builddir)/src/util/libgnunetutil.la \ + $(top_builddir)/src/transport/libgnunettransporttesting.la + test_transport_api_disconnect_tcp_SOURCES = \ test_transport_api_disconnect.c @@ -970,5 +982,9 @@ test_transport_api_timeout_https_peer1.conf\ test_transport_api_timeout_https_peer2.conf\ test_transport_api_unreliability_constant_udp_peer1.conf\ test_transport_api_unreliability_constant_udp_peer2.conf\ +test_transport_blacklisting_cfg_peer1.conf \ +test_transport_blacklisting_cfg_peer2.conf +test_transport_blacklisting_cfg_blp_peer1.conf \ +test_transport_blacklisting_cfg_blp_peer2.conf\ test_transport_api_http_reverse_peer1.conf \ -test_transport_api_http_reverse_peer2.conf +test_transport_api_http_reverse_peer2.conf diff --git a/src/transport/gnunet-service-transport.c b/src/transport/gnunet-service-transport.c index 58272a632..c8d688407 100644 --- a/src/transport/gnunet-service-transport.c +++ b/src/transport/gnunet-service-transport.c @@ -689,7 +689,7 @@ key_generation_cb (void *cls, /* start subsystems */ GST_hello_start (&process_hello_update, NULL); GNUNET_assert (NULL != GST_hello_get()); - GST_blacklist_start (GST_server); + GST_blacklist_start (GST_server, GST_cfg, &GST_my_identity); GST_ats = GNUNET_ATS_scheduling_init (GST_cfg, &ats_request_address_change, NULL); GST_manipulation_init (GST_cfg, &plugin_env_update_metrics); diff --git a/src/transport/gnunet-service-transport_blacklist.c b/src/transport/gnunet-service-transport_blacklist.c index 9193922a9..361bf9c4e 100644 --- a/src/transport/gnunet-service-transport_blacklist.c +++ b/src/transport/gnunet-service-transport_blacklist.c @@ -371,16 +371,87 @@ read_blacklist_file () GNUNET_free (fn); } +/** + * Function to iterate over options in the blacklisting section for a peer. + * + * @param cls closure + * @param section name of the section + * @param option name of the option + * @param value value of the option + */ +void blacklist_cfg_iter (void *cls, const char *section, + const char *option, + const char *value) +{ + struct GNUNET_PeerIdentity peer; + char *plugs; + char *pos; + int *res = cls; + + if (GNUNET_OK != GNUNET_CRYPTO_hash_from_string2(option, + strlen (option), &peer.hashPubKey)) + return; + + if ((NULL == value) || (0 == strcmp(value, ""))) + { + /* Blacklist whole peer */ + GST_blacklist_add_peer (&peer, NULL); + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + _("Adding blacklisting entry for peer `%s'\n"), GNUNET_i2s (&peer)); + } + else + { + plugs = GNUNET_strdup (value); + for (pos = strtok (plugs, " "); pos != NULL; pos = strtok (NULL, " ")) + { + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + _("Adding blacklisting entry for peer `%s':`%s'\n"), + GNUNET_i2s (&peer), pos); + GST_blacklist_add_peer (&peer, pos); + } + GNUNET_free (plugs); + } + (*res)++; + +} + + + +/** + * Read blacklist configuration + * + * @param cfg the configuration handle + * @param my_id my peer identity + */ +static void +read_blacklist_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg, + const struct GNUNET_PeerIdentity *my_id) +{ + char *cfg_sect; + int res = 0; + GNUNET_asprintf (&cfg_sect, "transport-blacklist-%s", GNUNET_i2s_full (my_id)); + GNUNET_CONFIGURATION_iterate_section_values (cfg, cfg_sect, &blacklist_cfg_iter, &res); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Loaded %u blacklisting entries from configuration\n", res); + GNUNET_free (cfg_sect); +} /** * Start blacklist subsystem. * * @param server server used to accept clients from + * @param cfg configuration handle + * @param my_id my peer id */ void -GST_blacklist_start (struct GNUNET_SERVER_Handle *server) +GST_blacklist_start (struct GNUNET_SERVER_Handle *server, + const struct GNUNET_CONFIGURATION_Handle *cfg, + const struct GNUNET_PeerIdentity *my_id) { - read_blacklist_file (); + GNUNET_assert (NULL != cfg); + GNUNET_assert (NULL != my_id); + //read_blacklist_file (); + read_blacklist_configuration (cfg, my_id); GNUNET_SERVER_disconnect_notify (server, &client_disconnect_notification, NULL); } @@ -399,7 +470,7 @@ free_blacklist_entry (void *cls, const struct GNUNET_HashCode * key, void *value { char *be = value; - GNUNET_free (be); + GNUNET_free_non_null (be); return GNUNET_OK; } @@ -679,6 +750,8 @@ void GST_blacklist_add_peer (const struct GNUNET_PeerIdentity *peer, const char *transport_name) { + char * transport = NULL; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding peer `%s' with plugin `%s' to blacklist\n", GNUNET_i2s (peer), transport_name); @@ -686,8 +759,11 @@ GST_blacklist_add_peer (const struct GNUNET_PeerIdentity *peer, blacklist = GNUNET_CONTAINER_multihashmap_create (TRANSPORT_BLACKLIST_HT_SIZE, GNUNET_NO); + if (NULL != transport_name) + transport = GNUNET_strdup (""); + GNUNET_CONTAINER_multihashmap_put (blacklist, &peer->hashPubKey, - GNUNET_strdup (transport_name), + transport, GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE); } @@ -710,6 +786,9 @@ test_blacklisted (void *cls, const struct GNUNET_HashCode * key, void *value) /* blacklist check for specific no specific transport*/ if (transport_name == NULL) return GNUNET_NO; + /* all plugins for this peer were blacklisted */ + if (NULL == value) + return GNUNET_NO; /* blacklist check for specific transport */ if (0 == strcmp (transport_name, be)) diff --git a/src/transport/gnunet-service-transport_blacklist.h b/src/transport/gnunet-service-transport_blacklist.h index b8335ab8c..a0ae5a959 100644 --- a/src/transport/gnunet-service-transport_blacklist.h +++ b/src/transport/gnunet-service-transport_blacklist.h @@ -33,9 +33,13 @@ * Start blacklist subsystem. * * @param server server used to accept clients from + * @param cfg configuration handle + * @param my_id my peer id */ void -GST_blacklist_start (struct GNUNET_SERVER_Handle *server); +GST_blacklist_start (struct GNUNET_SERVER_Handle *server, + const struct GNUNET_CONFIGURATION_Handle *cfg, + const struct GNUNET_PeerIdentity *my_id); /** diff --git a/src/transport/test_transport_blacklisting_cfg_blp_peer1.conf b/src/transport/test_transport_blacklisting_cfg_blp_peer1.conf new file mode 100644 index 000000000..d244265aa --- /dev/null +++ b/src/transport/test_transport_blacklisting_cfg_blp_peer1.conf @@ -0,0 +1,37 @@ +@INLINE@ template_cfg_peer1.conf +[PATHS] +SERVICEHOME = /tmp/test-transport/api-tcp-p1/ + +[transport-tcp] +PORT = 12000 +TIMEOUT = 5 s + +[arm] +PORT = 12005 +DEFAULTSERVICES = transport +UNIXPATH = /tmp/gnunet-p1-service-arm.sock + +[statistics] +PORT = 12004 +UNIXPATH = /tmp/gnunet-p1-service-statistics.sock + +[resolver] +PORT = 12003 +UNIXPATH = /tmp/gnunet-p1-service-resolver.sock + +[peerinfo] +PORT = 12002 +UNIXPATH = /tmp/gnunet-p1-service-peerinfo.sock + +[transport] +#PREFIX = valgrind --leak-check=full +PORT = 12001 +UNIXPATH = /tmp/gnunet-p1-service-transport.sock +PLUGINS = tcp + +[transport-blacklist-AG2PHES1BARB9IJCPAMJTFPVJ5V3A72S3F2A8SBUB8DAQ2V0O3V8G6G2JU56FHGFOHMQVKBSQFV98TCGTC3RJ1NINP82G0RC00N1520] +P565723JO1C2HSN6J29TAQ22MN6CI8HTMUU55T0FUQG4CMDGGEQ8UCNBKUMB94GC8R9G4FB2SF9LDOBAJ6AMINBP4JHHDD6L7VD801G = tcp + +[transport-blacklist-P565723JO1C2HSN6J29TAQ22MN6CI8HTMUU55T0FUQG4CMDGGEQ8UCNBKUMB94GC8R9G4FB2SF9LDOBAJ6AMINBP4JHHDD6L7VD801G] +AG2PHES1BARB9IJCPAMJTFPVJ5V3A72S3F2A8SBUB8DAQ2V0O3V8G6G2JU56FHGFOHMQVKBSQFV98TCGTC3RJ1NINP82G0RC00N1520 = tcp + \ No newline at end of file diff --git a/src/transport/test_transport_blacklisting_cfg_blp_peer2.conf b/src/transport/test_transport_blacklisting_cfg_blp_peer2.conf new file mode 100644 index 000000000..542121f2b --- /dev/null +++ b/src/transport/test_transport_blacklisting_cfg_blp_peer2.conf @@ -0,0 +1,36 @@ +@INLINE@ template_cfg_peer2.conf +[PATHS] +SERVICEHOME = /tmp/test-transport/api-tcp-p2/ + +[transport-tcp] +PORT = 12015 +TIMEOUT = 5 s + +[arm] +PORT = 12014 +DEFAULTSERVICES = transport +UNIXPATH = /tmp/gnunet-p2-service-arm.sock + +[statistics] +PORT = 12013 +UNIXPATH = /tmp/gnunet-p2-service-statistics.sock + +[resolver] +PORT = 12012 +UNIXPATH = /tmp/gnunet-p2-service-resolver.sock + +[peerinfo] +PORT = 12011 +UNIXPATH = /tmp/gnunet-p2-service-peerinfo.sock + +[transport] +#PREFIX = valgrind --leak-check=full +PORT = 12010 +PLUGINS = tcp +UNIXPATH = /tmp/gnunet-p2-service-transport.sock + +[transport-blacklist-AG2PHES1BARB9IJCPAMJTFPVJ5V3A72S3F2A8SBUB8DAQ2V0O3V8G6G2JU56FHGFOHMQVKBSQFV98TCGTC3RJ1NINP82G0RC00N1520] +P565723JO1C2HSN6J29TAQ22MN6CI8HTMUU55T0FUQG4CMDGGEQ8UCNBKUMB94GC8R9G4FB2SF9LDOBAJ6AMINBP4JHHDD6L7VD801G = + +[transport-blacklist-P565723JO1C2HSN6J29TAQ22MN6CI8HTMUU55T0FUQG4CMDGGEQ8UCNBKUMB94GC8R9G4FB2SF9LDOBAJ6AMINBP4JHHDD6L7VD801G] +AG2PHES1BARB9IJCPAMJTFPVJ5V3A72S3F2A8SBUB8DAQ2V0O3V8G6G2JU56FHGFOHMQVKBSQFV98TCGTC3RJ1NINP82G0RC00N1520 = \ No newline at end of file diff --git a/src/transport/test_transport_blacklisting_cfg_peer1.conf b/src/transport/test_transport_blacklisting_cfg_peer1.conf new file mode 100644 index 000000000..db662826b --- /dev/null +++ b/src/transport/test_transport_blacklisting_cfg_peer1.conf @@ -0,0 +1,30 @@ +@INLINE@ template_cfg_peer1.conf +[PATHS] +SERVICEHOME = /tmp/test-transport/api-tcp-p1/ + +[transport-tcp] +PORT = 12000 +TIMEOUT = 5 s + +[arm] +PORT = 12005 +DEFAULTSERVICES = transport +UNIXPATH = /tmp/gnunet-p1-service-arm.sock + +[statistics] +PORT = 12004 +UNIXPATH = /tmp/gnunet-p1-service-statistics.sock + +[resolver] +PORT = 12003 +UNIXPATH = /tmp/gnunet-p1-service-resolver.sock + +[peerinfo] +PORT = 12002 +UNIXPATH = /tmp/gnunet-p1-service-peerinfo.sock + +[transport] +PORT = 12001 +UNIXPATH = /tmp/gnunet-p1-service-transport.sock +PLUGINS = tcp + diff --git a/src/transport/test_transport_blacklisting_cfg_peer2.conf b/src/transport/test_transport_blacklisting_cfg_peer2.conf new file mode 100644 index 000000000..181aab3de --- /dev/null +++ b/src/transport/test_transport_blacklisting_cfg_peer2.conf @@ -0,0 +1,29 @@ +@INLINE@ template_cfg_peer2.conf +[PATHS] +SERVICEHOME = /tmp/test-transport/api-tcp-p2/ + +[transport-tcp] +PORT = 12015 +TIMEOUT = 5 s + +[arm] +PORT = 12014 +DEFAULTSERVICES = transport +UNIXPATH = /tmp/gnunet-p2-service-arm.sock + +[statistics] +PORT = 12013 +UNIXPATH = /tmp/gnunet-p2-service-statistics.sock + +[resolver] +PORT = 12012 +UNIXPATH = /tmp/gnunet-p2-service-resolver.sock + +[peerinfo] +PORT = 12011 +UNIXPATH = /tmp/gnunet-p2-service-peerinfo.sock + +[transport] +PORT = 12010 +PLUGINS = tcp +UNIXPATH = /tmp/gnunet-p2-service-transport.sock -- cgit v1.2.3