gnunet-daemon-testbed-blacklist.c File Reference

daemon to restrict incoming connections from other peers at the transport layer of a peer More...

#include "platform.h"
#include "gnunet_util_lib.h"
#include "gnunet_transport_service.h"

Include dependency graph for gnunet-daemon-testbed-blacklist.c:

Go to the source code of this file.

Macros
#define	LOG(type, ...)    GNUNET_log (type, __VA_ARGS__)
	Logging shorthand. More...
#define	DEBUG(...)    LOG (GNUNET_ERROR_TYPE_DEBUG, __VA_ARGS__)
	Debug logging shorthand. More...
#define	ACCESS_ALLOW   1
	Allow access from the peers read from the whitelist. More...
#define	ACCESS_DENY   0
	Deny access from the peers read from the blacklist. More...

Functions
static void	cleanup_map ()
	Cleaup and destroy the map. More...
static void	do_shutdown (void *cls)
	Shutdown task to cleanup our resources and exit. More...
static int	check_access (void *cls, const struct GNUNET_PeerIdentity *pid)
	Function that decides if a connection is acceptable or not. More...
static void	setup_ac (const char *fname, const struct GNUNET_CONFIGURATION_Handle *cfg)
	Setup the access control by reading the given file containing peer identities and then establishing blacklist handler with the peer's transport service. More...
static void	run (void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *c)
	Main function that will be run. More...
int	main (int argc, char *const *argv)
	The main function. More...

Variables
static struct GNUNET_CONTAINER_MultiPeerMap *	map
	The map to store the peer identities to allow/deny. More...
static struct GNUNET_PeerIdentity *	ilist
	The array of peer identities we read from whitelist/blacklist. More...
static struct GNUNET_TRANSPORT_Blacklist *	bh
	The blacklist handle we obtain from transport when we register ourselves for access control. More...
static int	mode
	Are we allowing or denying access from peers. More...

Detailed Description

daemon to restrict incoming connections from other peers at the transport layer of a peer

Author

Sree Harsha Totakura sreeh.nosp@m.arsh.nosp@m.a@tot.nosp@m.akur.nosp@m.a.in

Definition in file gnunet-daemon-testbed-blacklist.c.

Macro Definition Documentation

LOG

#define LOG	(		type,
			...
	)		GNUNET_log (type, __VA_ARGS__)

Logging shorthand.

Definition at line 37 of file gnunet-daemon-testbed-blacklist.c.

DEBUG

#define DEBUG

(

...

)

LOG (GNUNET_ERROR_TYPE_DEBUG, __VA_ARGS__)

Debug logging shorthand.

Definition at line 43 of file gnunet-daemon-testbed-blacklist.c.

ACCESS_ALLOW

#define ACCESS_ALLOW   1

Allow access from the peers read from the whitelist.

Definition at line 49 of file gnunet-daemon-testbed-blacklist.c.

ACCESS_DENY

#define ACCESS_DENY   0

Deny access from the peers read from the blacklist.

Definition at line 54 of file gnunet-daemon-testbed-blacklist.c.

Function Documentation

cleanup_map()

static void cleanup_map ( )

static

Cleaup and destroy the map.

Definition at line 82 of file gnunet-daemon-testbed-blacklist.c.

{
  if (NULL != map)
  {
    GNUNET_CONTAINER_multipeermap_destroy (map);
    map = NULL;
  }
}

References GNUNET_CONTAINER_multipeermap_destroy(), and map.

Referenced by do_shutdown(), and setup_ac().

Here is the call graph for this function:

Here is the caller graph for this function:

do_shutdown()

static void do_shutdown ( void *  cls )

static

Shutdown task to cleanup our resources and exit.

Parameters

cls

NULL

Definition at line 98 of file gnunet-daemon-testbed-blacklist.c.

{
  cleanup_map ();
  if (NULL != bh)
    GNUNET_TRANSPORT_blacklist_cancel (bh);
}

References bh, cleanup_map(), and GNUNET_TRANSPORT_blacklist_cancel().

Referenced by setup_ac().

Here is the call graph for this function:

Here is the caller graph for this function:

check_access()

static int check_access ( void *  cls, const struct GNUNET_PeerIdentity *  pid  )

static

Function that decides if a connection is acceptable or not.

Parameters

cls	closure
pid	peer to approve or disapproave

Returns

GNUNET_OK if the connection is allowed, GNUNET_SYSERR if not

Definition at line 114 of file gnunet-daemon-testbed-blacklist.c.

{
  int contains;
 
  if (NULL != map)
    contains = GNUNET_CONTAINER_multipeermap_contains (map, pid);
  else
    contains = GNUNET_NO;
  if (ACCESS_DENY == mode)
    return (contains) ? GNUNET_SYSERR : GNUNET_OK;
  return (contains) ? GNUNET_OK : GNUNET_SYSERR;
}

References ACCESS_DENY, GNUNET_CONTAINER_multipeermap_contains(), GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, map, mode, and pid.

Referenced by setup_ac().

Here is the call graph for this function:

Here is the caller graph for this function:

setup_ac()

static void setup_ac ( const char *  fname, const struct GNUNET_CONFIGURATION_Handle *  cfg  )

static

Setup the access control by reading the given file containing peer identities and then establishing blacklist handler with the peer's transport service.

Parameters

fname	the filename to read the list of peer identities
cfg	the configuration for connecting to the peer's transport service

Definition at line 136 of file gnunet-daemon-testbed-blacklist.c.

{
  uint64_t fsize;
  unsigned int npeers;
  unsigned int cnt;
 
  GNUNET_assert (GNUNET_OK !=
                 GNUNET_DISK_file_size (fname, &fsize, GNUNET_NO,
                                        GNUNET_YES));
  if (0 != (fsize % sizeof(struct GNUNET_PeerIdentity)))
  {
    GNUNET_break (0);
    return;
  }
  npeers = fsize / sizeof(struct GNUNET_PeerIdentity);
  if (0 != npeers)
  {
    map = GNUNET_CONTAINER_multipeermap_create (npeers, GNUNET_YES);
    ilist = GNUNET_malloc_large (fsize);
    GNUNET_assert (fsize == GNUNET_DISK_fn_read (fname, ilist, fsize));
  }
  for (cnt = 0; cnt < npeers; cnt++)
  {
    if (GNUNET_SYSERR ==
        GNUNET_CONTAINER_multipeermap_put (map, &ilist[cnt],
                                           &ilist[cnt],
                                           GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
    {
      cleanup_map ();
      GNUNET_free (ilist);
      return;
    }
  }
  GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL);
  bh = GNUNET_TRANSPORT_blacklist (cfg, &check_access, NULL);
}

References bh, cfg, check_access(), cleanup_map(), do_shutdown(), GNUNET_assert, GNUNET_break, GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY, GNUNET_CONTAINER_multipeermap_create(), GNUNET_CONTAINER_multipeermap_put(), GNUNET_DISK_file_size(), GNUNET_DISK_fn_read(), GNUNET_free, GNUNET_malloc_large, GNUNET_NO, GNUNET_OK, GNUNET_SCHEDULER_add_shutdown(), GNUNET_SYSERR, GNUNET_TRANSPORT_blacklist(), GNUNET_YES, ilist, and map.

Referenced by run().

Here is the call graph for this function:

Here is the caller graph for this function:

run()

static void run ( void *  cls, char *const *  args, const char *  cfgfile, const struct GNUNET_CONFIGURATION_Handle *  c  )

static

Main function that will be run.

Parameters

cls	closure
args	remaining command-line arguments
cfgfile	name of the configuration file used (for saving, can be NULL!)
c	configuration

Definition at line 184 of file gnunet-daemon-testbed-blacklist.c.

{
  char *shome;
  char *fname;
 
  if (GNUNET_OK !=
      GNUNET_CONFIGURATION_get_value_filename (c,
                                               "PATHS",
                                               "GNUNET_HOME",
                                               &shome))
  {
    GNUNET_break (0);
    return;
  }
  GNUNET_asprintf (&fname,
                   "%s/whitelist",
                   shome);
  if (GNUNET_YES == GNUNET_DISK_file_test (fname))
  {
    mode = ACCESS_ALLOW;
    setup_ac (fname, c);
    GNUNET_free (shome);
    GNUNET_free (fname);
    return;
  }
  GNUNET_free (fname);
  GNUNET_asprintf (&fname,
                   "%s/blacklist",
                   shome);
  if (GNUNET_YES == GNUNET_DISK_file_test (fname))
  {
    mode = ACCESS_DENY;
    setup_ac (shome, c);
  }
  GNUNET_free (shome);
  GNUNET_free (fname);
}

References ACCESS_ALLOW, ACCESS_DENY, GNUNET_asprintf(), GNUNET_break, GNUNET_CONFIGURATION_get_value_filename(), GNUNET_DISK_file_test(), GNUNET_free, GNUNET_OK, GNUNET_YES, mode, and setup_ac().

Referenced by main().

Here is the call graph for this function:

Here is the caller graph for this function:

main()

int main	(	int	argc,
		char *const *	argv
	)

The main function.

Parameters

argc	number of arguments from the command line
argv	command line arguments

Returns

0 ok, 1 on error

Definition at line 234 of file gnunet-daemon-testbed-blacklist.c.

{
  static const struct GNUNET_GETOPT_CommandLineOption options[] = {
    GNUNET_GETOPT_OPTION_END
  };
  int ret;
 
  if (GNUNET_OK !=
      GNUNET_STRINGS_get_utf8_args (argc, argv,
                                    &argc, &argv))
    return 2;
  ret =
    (GNUNET_OK ==
     GNUNET_PROGRAM_run (argc, argv,
                         "gnunet-daemon-testbed-blacklist",
                         _ (
                           "Daemon to restrict incoming transport layer connections during testbed deployments"),
                         options, &run, NULL)) ? 0 : 1;
  GNUNET_free_nz ((void *) argv);
  return ret;
}

References _, GNUNET_free_nz, GNUNET_GETOPT_OPTION_END, GNUNET_OK, GNUNET_PROGRAM_run(), GNUNET_STRINGS_get_utf8_args(), options, ret, and run().

Here is the call graph for this function:

Variable Documentation

map

struct GNUNET_CONTAINER_MultiPeerMap* map

static

The map to store the peer identities to allow/deny.

Definition at line 59 of file gnunet-daemon-testbed-blacklist.c.

Referenced by check_access(), cleanup_map(), and setup_ac().

ilist

struct GNUNET_PeerIdentity* ilist

static

The array of peer identities we read from whitelist/blacklist.

Definition at line 64 of file gnunet-daemon-testbed-blacklist.c.

Referenced by setup_ac().

bh

struct GNUNET_TRANSPORT_Blacklist* bh

static

The blacklist handle we obtain from transport when we register ourselves for access control.

Definition at line 70 of file gnunet-daemon-testbed-blacklist.c.

Referenced by do_shutdown(), GNUNET_HELLO_builder_from_block(), and setup_ac().

mode

int mode

static

Are we allowing or denying access from peers.

Definition at line 75 of file gnunet-daemon-testbed-blacklist.c.

Referenced by check_access(), and run().