[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] 99/164: Securyt improvement prevent peer from receiving message
|
From: |
gnunet |
|
Subject: |
[gnunet] 99/164: Securyt improvement prevent peer from receiving message in wrong phase |
|
Date: |
Fri, 30 Jul 2021 15:32:45 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository gnunet.
commit 31e3a57ebe7dc208c848f122549e2132c16bf710
Author: Elias Summermatter <elias.summermatter@seccom.ch>
AuthorDate: Thu May 13 10:45:05 2021 +0200
Securyt improvement prevent peer from receiving message in wrong phase
---
src/setu/gnunet-service-setu.c | 177 +++++++++++++++++++++++++++++++----------
1 file changed, 136 insertions(+), 41 deletions(-)
diff --git a/src/setu/gnunet-service-setu.c b/src/setu/gnunet-service-setu.c
index 9e9a9cbbd..4ff91d81e 100644
--- a/src/setu/gnunet-service-setu.c
+++ b/src/setu/gnunet-service-setu.c
@@ -846,7 +846,6 @@ calculate_perf_rtt() {
bytes_transmitted += sum_sent_received_bytes(4, perf_rtt.done);
-
/*
* Write IBF failure rate for different BUCKET_NUMBER_FACTOR
*/
@@ -861,21 +860,10 @@ calculate_perf_rtt() {
decoded = 1;
int ibf_bytes_transmitted = sum_sent_received_bytes(sizeof(struct
IBFMessage), perf_rtt.ibf);
-
FILE *out1 = fopen("perf_failure_bucket_number_factor.csv", "a");
fprintf(out1,
"%d,%f,%d,%d,%f,%d,%d,%d,%d,%d\n",num_per_bucket,factor,decoded,ibf_bytes_transmitted,rtt,perf_rtt.se_diff,bytes_transmitted,perf_rtt.se_diff_local,perf_rtt.se_diff_remote,
perf_rtt.mode_of_operation);
fclose(out1);
-
- /**
- * Write performance csv output
- * <se_diff>,<active_passive_switches>,<bytes_transmitted>,<rtt>
- */
-
- // FILE *out = fopen("perf_stats.csv", "a");
- // fprintf(out, "%d,%d,%d,%f\n", perf_rtt.se_diff,
perf_rtt.active_passive_switches,bytes_transmitted,rtt);
- //fclose(out);
-
return rtt;
}
@@ -886,8 +874,7 @@ estimate_best_mode_of_operation(uint64_t avg_element_size,
uint64_t est_set_diff_remote,
uint64_t est_set_diff_local,
uint64_t bandwith_latency_tradeoff,
- uint64_t ibf_bucket_number_factor)
-{
+ uint64_t ibf_bucket_number_factor) {
/*
* Calculate bytes for full Sync
*/
@@ -899,14 +886,14 @@ estimate_best_mode_of_operation(uint64_t avg_element_size,
uint16_t estimated_total_diff = (est_set_diff_remote + est_set_diff_local);
/* Estimate byte required if we send first */
- uint64_t total_elements_to_send_local_send_first = est_set_diff_remote +
local_set_size;
+ uint64_t total_elements_to_send_local_send_first = est_set_diff_remote +
local_set_size;
uint64_t total_bytes_full_local_send_first = (avg_element_size *
total_elements_to_send_local_send_first) + \
(total_elements_to_send_local_send_first * sizeof(struct
GNUNET_SETU_ElementMessage)) + \
(SIZEOF_FULL_DONE_HEADER * 2) + \
RTT_MIN_FULL * bandwith_latency_tradeoff;
- /* Estimate bytes required if we request from remote peer */
+ /* Estimate bytes required if we request from remote peer */
uint64_t total_elements_to_send_remote_send_first = est_set_diff_local +
remote_set_size;
uint64_t total_bytes_full_remote_send_first = (avg_element_size *
total_elements_to_send_remote_send_first) + \
@@ -919,7 +906,8 @@ estimate_best_mode_of_operation(uint64_t avg_element_size,
"YYYYY::::: est_set_diff_remote %u, local_set_size %u \n",
est_set_diff_remote, local_set_size);
LOG (GNUNET_ERROR_TYPE_ERROR,
- "XXX::::: total_elements_to_send_local_send_first %u,
total_elements_to_send_remote_send_first %u \n",
total_elements_to_send_local_send_first,
total_elements_to_send_remote_send_first);
+ "XXX::::: total_elements_to_send_local_send_first %u,
total_elements_to_send_remote_send_first %u \n",
+ total_elements_to_send_local_send_first,
total_elements_to_send_remote_send_first);
/*
* Calculate bytes for differential Sync
@@ -935,7 +923,8 @@ estimate_best_mode_of_operation(uint64_t avg_element_size,
uint64_t ibf_message_count = ceil((float) ibf_bucket_count /
MAX_BUCKETS_PER_MESSAGE);
- uint64_t estimated_counter_size = ceil(MIN(2 *
log2l((float)local_set_size/ibf_bucket_count), log2l(local_set_size)));
+ uint64_t estimated_counter_size = ceil(
+ MIN(2 * log2l((float) local_set_size / ibf_bucket_count),
log2l(local_set_size)));
float counter_bytes = (float) estimated_counter_size / 8;
@@ -945,15 +934,16 @@ estimate_best_mode_of_operation(uint64_t avg_element_size,
(ibf_bucket_count * counter_bytes) * 1.2);
/* Estimate full byte count for differential sync */
- uint64_t element_size=(avg_element_size + sizeof(struct
GNUNET_SETU_ElementMessage)) * \
+ uint64_t element_size = (avg_element_size + sizeof(struct
GNUNET_SETU_ElementMessage)) * \
estimated_total_diff;
uint64_t done_size = SIZEOF_DONE_HEADER;
uint64_t inquery_size = (sizeof(struct IBF_Key) + sizeof(struct
InquiryMessage)) * estimated_total_diff;
- uint64_t demand_size = (sizeof(struct GNUNET_HashCode) + sizeof(struct
GNUNET_MessageHeader)) * estimated_total_diff;
+ uint64_t demand_size =
+ (sizeof(struct GNUNET_HashCode) + sizeof(struct
GNUNET_MessageHeader)) * estimated_total_diff;
uint64_t offer_size = (sizeof(struct GNUNET_HashCode) + sizeof(struct
GNUNET_MessageHeader)) * estimated_total_diff;
uint64_t total_bytes_diff = (element_size + done_size + inquery_size +
demand_size + offer_size + ibf_bytes) + \
- ( DIFFERENTIAL_RTT_MEAN *
bandwith_latency_tradeoff );
+ (DIFFERENTIAL_RTT_MEAN *
bandwith_latency_tradeoff);
uint64_t full_min = MIN(total_bytes_full_local_send_first,
total_bytes_full_local_send_first);
@@ -967,7 +957,7 @@ estimate_best_mode_of_operation(uint64_t avg_element_size,
if (full_min < total_bytes_diff) {
/* Decide between sending all element first or receiving all elements
*/
- if(total_bytes_full_remote_send_first >
total_bytes_full_local_send_first) {
+ if (total_bytes_full_remote_send_first >
total_bytes_full_local_send_first) {
return FULL_SYNC_LOCAL_SENDING_FIRST;
} else {
return FULL_SYNC_REMOTE_SENDING_FIRST;
@@ -977,6 +967,20 @@ estimate_best_mode_of_operation(uint64_t avg_element_size,
}
}
+static int check_valid_phase(uint8_t allowed_phases[], size_t size_phases,
struct Operation *op){
+ for(uint32_t phase_ctr=0; phase_ctr < size_phases; phase_ctr++) {
+ uint8_t phase = allowed_phases[phase_ctr];
+ if (phase == op->phase) {
+ LOG (GNUNET_ERROR_TYPE_ERROR,
+ "Found correct phase\n");
+ return GNUNET_YES;
+ }
+ }
+ LOG (GNUNET_ERROR_TYPE_ERROR,
+ "Received message in invalid phase phase: %u\n", op->phase);
+ return GNUNET_NO;
+}
+
/**
* Iterator over hash map entries, called to
@@ -1745,6 +1749,17 @@ handle_union_p2p_strata_estimator (void *cls,
// Setting peer site to receiving peer
op->peer_site = 1;
+ /**
+ * Check that the message is received only in supported phase
+ */
+ uint8_t allowed_phases[] = {PHASE_EXPECT_SE};
+ if( GNUNET_OK !=
+ check_valid_phase(allowed_phases,sizeof(allowed_phases),op)){
+ GNUNET_break (0);
+ fail_union_operation (op);
+ return;
+ }
+
is_compressed = (GNUNET_MESSAGE_TYPE_SETU_P2P_SEC == htons (
msg->header.type));
GNUNET_STATISTICS_update (_GSS_statistics,
@@ -1793,7 +1808,7 @@ handle_union_p2p_strata_estimator (void *cls,
op->remote_element_count,
diff_local,
diff_remote,
- 0,
+
op->rtt_bandwidth_tradeoff,
op->ibf_bucket_number_factor);
perf_rtt.se_diff_local = diff_local;
@@ -2203,6 +2218,17 @@ handle_union_p2p_ibf (void *cls,
struct Operation *op = cls;
unsigned int buckets_in_message;
+ /**
+ * Check that the message is received only in supported phase
+ */
+ uint8_t allowed_phases[] = {PHASE_EXPECT_IBF, PHASE_EXPECT_IBF_LAST,
PHASE_PASSIVE_DECODING};
+ if( GNUNET_OK !=
+ check_valid_phase(allowed_phases,sizeof(allowed_phases),op)){
+ GNUNET_break (0);
+ fail_union_operation (op);
+ return;
+ }
+
perf_rtt.ibf.received += 1;
perf_rtt.ibf.received_var_bytes += (ntohs (msg->header.size) - sizeof *msg);
@@ -2396,6 +2422,17 @@ handle_union_p2p_elements (void *cls,
struct KeyEntry *ke;
uint16_t element_size;
+ /**
+ * Check that the message is received only in supported phase
+ */
+ uint8_t allowed_phases[] = {PHASE_ACTIVE_DECODING, PHASE_PASSIVE_DECODING,
PHASE_FINISH_WAITING, PHASE_FINISH_CLOSING};
+ if( GNUNET_OK !=
+ check_valid_phase(allowed_phases,sizeof(allowed_phases),op)){
+ GNUNET_break (0);
+ fail_union_operation (op);
+ return;
+ }
+
element_size = ntohs (emsg->header.size) - sizeof(struct
GNUNET_SETU_ElementMessage);
@@ -2511,28 +2548,21 @@ handle_union_p2p_full_element (void *cls,
struct KeyEntry *ke;
uint16_t element_size;
-
-
if(PHASE_EXPECT_IBF == op->phase) {
op->phase = PHASE_FULL_RECEIVING;
}
-
-
- /* Allow only receiving of full element message if in expect IBF or in
PHASE_FULL_RECEIVING state */
- if ((PHASE_FULL_RECEIVING != op->phase) &&
- (PHASE_FULL_SENDING != op->phase))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Handle full element phase is %u\n",
- (unsigned) op->phase);
- GNUNET_break_op (0);
- fail_union_operation (op);
- return;
+ /**
+ * Check that the message is received only in supported phase
+ */
+ uint8_t allowed_phases[] = {PHASE_FULL_RECEIVING, PHASE_FULL_SENDING};
+ if( GNUNET_OK !=
+ check_valid_phase(allowed_phases,sizeof(allowed_phases),op)){
+ GNUNET_break (0);
+ fail_union_operation (op);
+ return;
}
-
-
element_size = ntohs (emsg->header.size)
- sizeof(struct GNUNET_SETU_ElementMessage);
@@ -2650,6 +2680,17 @@ handle_union_p2p_inquiry (void *cls,
const struct IBF_Key *ibf_key;
unsigned int num_keys;
+ /**
+ * Check that the message is received only in supported phase
+ */
+ uint8_t allowed_phases[] = {PHASE_ACTIVE_DECODING, PHASE_PASSIVE_DECODING};
+ if( GNUNET_OK !=
+ check_valid_phase(allowed_phases,sizeof(allowed_phases),op)){
+ GNUNET_break (0);
+ fail_union_operation (op);
+ return;
+ }
+
perf_rtt.inquery.received += 1;
perf_rtt.inquery.received_var_bytes += (ntohs (msg->header.size) -
sizeof(struct InquiryMessage));
@@ -2722,6 +2763,17 @@ handle_union_p2p_request_full (void *cls,
{
struct Operation *op = cls;
+ /**
+ * Check that the message is received only in supported phase
+ */
+ uint8_t allowed_phases[] = {PHASE_EXPECT_IBF};
+ if( GNUNET_OK !=
+ check_valid_phase(allowed_phases,sizeof(allowed_phases),op)){
+ GNUNET_break (0);
+ fail_union_operation (op);
+ return;
+ }
+
perf_rtt.request_full.received += 1;
LOG (GNUNET_ERROR_TYPE_DEBUG,
@@ -2752,6 +2804,17 @@ handle_union_p2p_full_done (void *cls,
{
struct Operation *op = cls;
+ /**
+ * Check that the message is received only in supported phase
+ */
+ uint8_t allowed_phases[] = {PHASE_FULL_SENDING, PHASE_FULL_RECEIVING};
+ if( GNUNET_OK !=
+ check_valid_phase(allowed_phases,sizeof(allowed_phases),op)){
+ GNUNET_break (0);
+ fail_union_operation (op);
+ return;
+ }
+
perf_rtt.full_done.received += 1;
switch (op->phase)
@@ -2846,7 +2909,18 @@ handle_union_p2p_demand (void *cls,
unsigned int num_hashes;
struct GNUNET_MQ_Envelope *ev;
- perf_rtt.demand.received += 1;
+ /**
+ * Check that the message is received only in supported phase
+ */
+ uint8_t allowed_phases[] = {PHASE_ACTIVE_DECODING, PHASE_PASSIVE_DECODING,
PHASE_FINISH_WAITING, PHASE_FINISHED};
+ if( GNUNET_OK !=
+ check_valid_phase(allowed_phases,sizeof(allowed_phases),op)){
+ GNUNET_break (0);
+ fail_union_operation (op);
+ return;
+ }
+
+ perf_rtt.demand.received += 1;
perf_rtt.demand.received_var_bytes += (ntohs (mh->size) - sizeof(struct
GNUNET_MessageHeader));
num_hashes = (ntohs (mh->size) - sizeof(struct GNUNET_MessageHeader))
@@ -2947,6 +3021,16 @@ handle_union_p2p_offer (void *cls,
struct Operation *op = cls;
const struct GNUNET_HashCode *hash;
unsigned int num_hashes;
+ /**
+ * Check that the message is received only in supported phase
+ */
+ uint8_t allowed_phases[] = {PHASE_ACTIVE_DECODING, PHASE_PASSIVE_DECODING};
+ if( GNUNET_OK !=
+ check_valid_phase(allowed_phases,sizeof(allowed_phases),op)){
+ GNUNET_break (0);
+ fail_union_operation (op);
+ return;
+ }
perf_rtt.offer.received += 1;
perf_rtt.offer.received_var_bytes += (ntohs (mh->size) - sizeof(struct
GNUNET_MessageHeader));
@@ -3013,7 +3097,18 @@ handle_union_p2p_done (void *cls,
{
struct Operation *op = cls;
- perf_rtt.done.received += 1;
+ /**
+ * Check that the message is received only in supported phase
+ */
+ uint8_t allowed_phases[] = {PHASE_ACTIVE_DECODING, PHASE_PASSIVE_DECODING};
+ if( GNUNET_OK !=
+ check_valid_phase(allowed_phases,sizeof(allowed_phases),op)){
+ GNUNET_break (0);
+ fail_union_operation (op);
+ return;
+ }
+
+ perf_rtt.done.received += 1;
switch (op->phase)
{
case PHASE_PASSIVE_DECODING:
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [gnunet] 83/164: Perf test, (continued)
- [gnunet] 83/164: Perf test, gnunet, 2021/07/30
- [gnunet] 71/164: Fixed some ugly construct, gnunet, 2021/07/30
- [gnunet] 82/164: Perf test, gnunet, 2021/07/30
- [gnunet] 91/164: Perftest, gnunet, 2021/07/30
- [gnunet] 92/164: Perftest, gnunet, 2021/07/30
- [gnunet] 97/164: Perftest, gnunet, 2021/07/30
- [gnunet] 72/164: Performance chech, gnunet, 2021/07/30
- [gnunet] 79/164: Added perf monitoring of operation mode, gnunet, 2021/07/30
- [gnunet] 107/164: Increased shufle nonce to 64bit, gnunet, 2021/07/30
- [gnunet] 96/164: Perftest, gnunet, 2021/07/30
- [gnunet] 99/164: Securyt improvement prevent peer from receiving message in wrong phase,
gnunet <=
- [gnunet] 90/164: Perftest, gnunet, 2021/07/30
- [gnunet] 120/164: Added checks for byzantine bounds, gnunet, 2021/07/30
- [gnunet] 88/164: Perf test, gnunet, 2021/07/30
- [gnunet] 116/164: Prepare fore messurement 2, gnunet, 2021/07/30
- [gnunet] 132/164: Removed Operation type from Operation Request message not required anymore, gnunet, 2021/07/30
- [gnunet] 136/164: Fixed some more errors from review, gnunet, 2021/07/30
- [gnunet] 112/164: Baseline for salt optimization, gnunet, 2021/07/30
- [gnunet] 102/164: Some more tests, gnunet, 2021/07/30
- [gnunet] 106/164: Added configuration new configration options as api options fixes memory leak, gnunet, 2021/07/30
- [gnunet] 105/164: Added randum seed for randum map, gnunet, 2021/07/30