GNUnet  0.11.x
Macros | Functions | Variables
gnunet-daemon-testbed-blacklist.c File Reference

daemon to restrict incoming connections from other peers at the transport layer of a peer More...

#include "platform.h"
#include "gnunet_util_lib.h"
#include "gnunet_transport_service.h"
Include dependency graph for gnunet-daemon-testbed-blacklist.c:

Go to the source code of this file.

Macros

#define LOG(type, ...)   GNUNET_log (type, __VA_ARGS__)
 Logging shorthand. More...
 
#define DEBUG(...)   LOG (GNUNET_ERROR_TYPE_DEBUG, __VA_ARGS__)
 Debug logging shorthand. More...
 
#define ACCESS_ALLOW   1
 Allow access from the peers read from the whitelist. More...
 
#define ACCESS_DENY   0
 Deny access from the peers read from the blacklist. More...
 

Functions

static void cleanup_map ()
 Cleaup and destroy the map. More...
 
static void do_shutdown (void *cls)
 Shutdown task to cleanup our resources and exit. More...
 
static int check_access (void *cls, const struct GNUNET_PeerIdentity *pid)
 Function that decides if a connection is acceptable or not. More...
 
static void setup_ac (const char *fname, const struct GNUNET_CONFIGURATION_Handle *cfg)
 Setup the access control by reading the given file containing peer identities and then establishing blacklist handler with the peer's transport service. More...
 
static void run (void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *c)
 Main function that will be run. More...
 
int main (int argc, char *const *argv)
 The main function. More...
 

Variables

static struct GNUNET_CONTAINER_MultiPeerMapmap
 The map to store the peer identities to allow/deny. More...
 
static struct GNUNET_PeerIdentityilist
 The array of peer identities we read from whitelist/blacklist. More...
 
static struct GNUNET_TRANSPORT_Blacklistbh
 The blacklist handle we obtain from transport when we register ourselves for access control. More...
 
static int mode
 Are we allowing or denying access from peers. More...
 

Detailed Description

daemon to restrict incoming connections from other peers at the transport layer of a peer

Author
Sree Harsha Totakura sreeh.nosp@m.arsh.nosp@m.a@tot.nosp@m.akur.nosp@m.a.in

Definition in file gnunet-daemon-testbed-blacklist.c.

Macro Definition Documentation

◆ LOG

#define LOG (   type,
  ... 
)    GNUNET_log (type, __VA_ARGS__)

Logging shorthand.

Definition at line 37 of file gnunet-daemon-testbed-blacklist.c.

◆ DEBUG

#define DEBUG (   ...)    LOG (GNUNET_ERROR_TYPE_DEBUG, __VA_ARGS__)

Debug logging shorthand.

Definition at line 43 of file gnunet-daemon-testbed-blacklist.c.

◆ ACCESS_ALLOW

#define ACCESS_ALLOW   1

Allow access from the peers read from the whitelist.

Definition at line 49 of file gnunet-daemon-testbed-blacklist.c.

Referenced by run().

◆ ACCESS_DENY

#define ACCESS_DENY   0

Deny access from the peers read from the blacklist.

Definition at line 54 of file gnunet-daemon-testbed-blacklist.c.

Referenced by check_access(), and run().

Function Documentation

◆ cleanup_map()

static void cleanup_map ( )
static

Cleaup and destroy the map.

Definition at line 82 of file gnunet-daemon-testbed-blacklist.c.

References GNUNET_CONTAINER_multipeermap_destroy().

Referenced by do_shutdown(), and setup_ac().

83 {
84  if (NULL != map)
85  {
87  map = NULL;
88  }
89 }
static struct GNUNET_CONTAINER_MultiPeerMap * map
The map to store the peer identities to allow/deny.
void GNUNET_CONTAINER_multipeermap_destroy(struct GNUNET_CONTAINER_MultiPeerMap *map)
Destroy a hash map.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ do_shutdown()

static void do_shutdown ( void *  cls)
static

Shutdown task to cleanup our resources and exit.

Parameters
clsNULL

Definition at line 98 of file gnunet-daemon-testbed-blacklist.c.

References cleanup_map(), and GNUNET_TRANSPORT_blacklist_cancel().

Referenced by setup_ac().

99 {
100  cleanup_map ();
101  if (NULL != bh)
103 }
static void cleanup_map()
Cleaup and destroy the map.
void GNUNET_TRANSPORT_blacklist_cancel(struct GNUNET_TRANSPORT_Blacklist *br)
Abort the blacklist.
static struct GNUNET_TRANSPORT_Blacklist * bh
The blacklist handle we obtain from transport when we register ourselves for access control...
Here is the call graph for this function:
Here is the caller graph for this function:

◆ check_access()

static int check_access ( void *  cls,
const struct GNUNET_PeerIdentity pid 
)
static

Function that decides if a connection is acceptable or not.

Parameters
clsclosure
pidpeer to approve or disapproave
Returns
GNUNET_OK if the connection is allowed, GNUNET_SYSERR if not

Definition at line 114 of file gnunet-daemon-testbed-blacklist.c.

References ACCESS_DENY, GNUNET_CONTAINER_multipeermap_contains(), GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, and mode.

Referenced by setup_ac().

115 {
116  int contains;
117 
118  if (NULL != map)
120  else
121  contains = GNUNET_NO;
122  if (ACCESS_DENY == mode)
123  return (contains) ? GNUNET_SYSERR : GNUNET_OK;
124  return (contains) ? GNUNET_OK : GNUNET_SYSERR;
125 }
static int mode
Are we allowing or denying access from peers.
static struct GNUNET_CONTAINER_MultiPeerMap * map
The map to store the peer identities to allow/deny.
#define GNUNET_NO
Definition: gnunet_common.h:78
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
#define GNUNET_SYSERR
Definition: gnunet_common.h:76
#define ACCESS_DENY
Deny access from the peers read from the blacklist.
int GNUNET_CONTAINER_multipeermap_contains(const struct GNUNET_CONTAINER_MultiPeerMap *map, const struct GNUNET_PeerIdentity *key)
Check if the map contains any value under the given key (including values that are NULL)...
Here is the call graph for this function:
Here is the caller graph for this function:

◆ setup_ac()

static void setup_ac ( const char *  fname,
const struct GNUNET_CONFIGURATION_Handle cfg 
)
static

Setup the access control by reading the given file containing peer identities and then establishing blacklist handler with the peer's transport service.

Parameters
fnamethe filename to read the list of peer identities
cfgthe configuration for connecting to the peer's transport service

Definition at line 136 of file gnunet-daemon-testbed-blacklist.c.

References check_access(), cleanup_map(), do_shutdown(), GNUNET_assert, GNUNET_break, GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY, GNUNET_CONTAINER_multipeermap_create(), GNUNET_CONTAINER_multipeermap_put(), GNUNET_DISK_file_size(), GNUNET_DISK_fn_read(), GNUNET_free, GNUNET_malloc_large, GNUNET_NO, GNUNET_OK, GNUNET_SCHEDULER_add_shutdown(), GNUNET_SYSERR, GNUNET_TRANSPORT_blacklist(), and GNUNET_YES.

Referenced by run().

138 {
139  uint64_t fsize;
140  unsigned int npeers;
141  unsigned int cnt;
142 
144  GNUNET_DISK_file_size (fname, &fsize, GNUNET_NO,
145  GNUNET_YES));
146  if (0 != (fsize % sizeof(struct GNUNET_PeerIdentity)))
147  {
148  GNUNET_break (0);
149  return;
150  }
151  npeers = fsize / sizeof(struct GNUNET_PeerIdentity);
152  if (0 != npeers)
153  {
155  ilist = GNUNET_malloc_large (fsize);
156  GNUNET_assert (fsize == GNUNET_DISK_fn_read (fname, ilist, fsize));
157  }
158  for (cnt = 0; cnt < npeers; cnt++)
159  {
160  if (GNUNET_SYSERR ==
162  &ilist[cnt],
164  {
165  cleanup_map ();
166  GNUNET_free (ilist);
167  return;
168  }
169  }
172 }
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_shutdown(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run on shutdown, that is when a CTRL-C signal is received, or when GNUNET_SCHEDULER_shutdown() is being invoked.
Definition: scheduler.c:1300
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int check_access(void *cls, const struct GNUNET_PeerIdentity *pid)
Function that decides if a connection is acceptable or not.
static void cleanup_map()
Cleaup and destroy the map.
static struct GNUNET_CONTAINER_MultiPeerMap * map
The map to store the peer identities to allow/deny.
#define GNUNET_NO
Definition: gnunet_common.h:78
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
struct GNUNET_CONTAINER_MultiPeerMap * GNUNET_CONTAINER_multipeermap_create(unsigned int len, int do_not_copy_keys)
Create a multi peer map (hash map for public keys of peers).
#define GNUNET_malloc_large(size)
Wrapper around malloc.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
struct GNUNET_TRANSPORT_Blacklist * GNUNET_TRANSPORT_blacklist(const struct GNUNET_CONFIGURATION_Handle *cfg, GNUNET_TRANSPORT_BlacklistCallback cb, void *cb_cls)
Install a blacklist callback.
static void do_shutdown(void *cls)
Shutdown task to cleanup our resources and exit.
static struct GNUNET_TRANSPORT_Blacklist * bh
The blacklist handle we obtain from transport when we register ourselves for access control...
There must only be one value per key; storing a value should fail if a value under the same key alrea...
#define GNUNET_SYSERR
Definition: gnunet_common.h:76
int GNUNET_DISK_file_size(const char *filename, uint64_t *size, int include_symbolic_links, int single_file_mode)
Get the size of the file (or directory) of the given file (in bytes).
Definition: disk.c:257
static struct GNUNET_PeerIdentity * ilist
The array of peer identities we read from whitelist/blacklist.
int GNUNET_CONTAINER_multipeermap_put(struct GNUNET_CONTAINER_MultiPeerMap *map, const struct GNUNET_PeerIdentity *key, void *value, enum GNUNET_CONTAINER_MultiHashMapOption opt)
Store a key-value pair in the map.
The identity of the host (wraps the signing key of the peer).
#define GNUNET_YES
Definition: gnunet_common.h:77
ssize_t GNUNET_DISK_fn_read(const char *fn, void *result, size_t len)
Read the contents of a binary file into a buffer.
Definition: disk.c:794
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ run()

static void run ( void *  cls,
char *const *  args,
const char *  cfgfile,
const struct GNUNET_CONFIGURATION_Handle c 
)
static

Main function that will be run.

Parameters
clsclosure
argsremaining command-line arguments
cfgfilename of the configuration file used (for saving, can be NULL!)
cconfiguration

Definition at line 184 of file gnunet-daemon-testbed-blacklist.c.

References ACCESS_ALLOW, ACCESS_DENY, GNUNET_asprintf(), GNUNET_break, GNUNET_CONFIGURATION_get_value_filename(), GNUNET_DISK_file_test(), GNUNET_free, GNUNET_OK, GNUNET_YES, mode, and setup_ac().

Referenced by main().

188 {
189  char *shome;
190  char *fname;
191 
192  if (GNUNET_OK !=
194  "PATHS",
195  "GNUNET_HOME",
196  &shome))
197  {
198  GNUNET_break (0);
199  return;
200  }
201  GNUNET_asprintf (&fname,
202  "%s/whitelist",
203  shome);
204  if (GNUNET_YES == GNUNET_DISK_file_test (fname))
205  {
206  mode = ACCESS_ALLOW;
207  setup_ac (fname, c);
208  GNUNET_free (shome);
209  GNUNET_free (fname);
210  return;
211  }
212  GNUNET_free (fname);
213  GNUNET_asprintf (&fname,
214  "%s/blacklist",
215  shome);
216  if (GNUNET_YES == GNUNET_DISK_file_test (fname))
217  {
218  mode = ACCESS_DENY;
219  setup_ac (shome, c);
220  }
221  GNUNET_free (shome);
222  GNUNET_free (fname);
223 }
int GNUNET_DISK_file_test(const char *fil)
Check that fil corresponds to a filename (of a file that exists and that is not a directory)...
Definition: disk.c:544
static void setup_ac(const char *fname, const struct GNUNET_CONFIGURATION_Handle *cfg)
Setup the access control by reading the given file containing peer identities and then establishing b...
static int mode
Are we allowing or denying access from peers.
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
#define ACCESS_DENY
Deny access from the peers read from the blacklist.
#define ACCESS_ALLOW
Allow access from the peers read from the whitelist.
int GNUNET_CONFIGURATION_get_value_filename(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be the name of a file or directory.
#define GNUNET_YES
Definition: gnunet_common.h:77
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ main()

int main ( int  argc,
char *const *  argv 
)

The main function.

Parameters
argcnumber of arguments from the command line
argvcommand line arguments
Returns
0 ok, 1 on error

Definition at line 234 of file gnunet-daemon-testbed-blacklist.c.

References _, GNUNET_free, GNUNET_GETOPT_OPTION_END, GNUNET_OK, GNUNET_PROGRAM_run(), GNUNET_STRINGS_get_utf8_args(), ret, and run().

235 {
236  static const struct GNUNET_GETOPT_CommandLineOption options[] = {
238  };
239  int ret;
240 
241  if (GNUNET_OK !=
242  GNUNET_STRINGS_get_utf8_args (argc, argv,
243  &argc, &argv))
244  return 2;
245  ret =
246  (GNUNET_OK ==
247  GNUNET_PROGRAM_run (argc, argv,
248  "gnunet-daemon-testbed-blacklist",
249  _ (
250  "Daemon to restrict incoming transport layer connections during testbed deployments"),
251  options, &run, NULL)) ? 0 : 1;
252  GNUNET_free ((void*) argv);
253  return ret;
254 }
struct GNUNET_GETOPT_CommandLineOption options[]
Definition: 002.c:5
int GNUNET_STRINGS_get_utf8_args(int argc, char *const *argv, int *u8argc, char *const **u8argv)
Returns utf-8 encoded arguments.
Definition: strings.c:1438
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
Definition of a command line option.
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_OPTION_END
Definition: 002.c:13
#define _(String)
GNU gettext support macro.
Definition: platform.h:181
static void run(void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *c)
Main function that will be run.
int GNUNET_PROGRAM_run(int argc, char *const *argv, const char *binaryName, const char *binaryHelp, const struct GNUNET_GETOPT_CommandLineOption *options, GNUNET_PROGRAM_Main task, void *task_cls)
Run a standard GNUnet command startup sequence (initialize loggers and configuration, parse options).
Definition: program.c:367
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:

Variable Documentation

◆ map

struct GNUNET_CONTAINER_MultiPeerMap* map
static

The map to store the peer identities to allow/deny.

Definition at line 59 of file gnunet-daemon-testbed-blacklist.c.

◆ ilist

struct GNUNET_PeerIdentity* ilist
static

The array of peer identities we read from whitelist/blacklist.

Definition at line 64 of file gnunet-daemon-testbed-blacklist.c.

◆ bh

struct GNUNET_TRANSPORT_Blacklist* bh
static

The blacklist handle we obtain from transport when we register ourselves for access control.

Definition at line 70 of file gnunet-daemon-testbed-blacklist.c.

◆ mode

int mode
static

Are we allowing or denying access from peers.

Definition at line 75 of file gnunet-daemon-testbed-blacklist.c.

Referenced by check_access(), and run().