[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] branch master updated: transport: Improve KX handling.
|
From: |
gnunet |
|
Subject: |
[gnunet] branch master updated: transport: Improve KX handling. |
|
Date: |
Mon, 11 Mar 2024 00:16:18 +0100 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository gnunet.
The following commit(s) were added to refs/heads/master by this push:
new 808c250af transport: Improve KX handling.
808c250af is described below
commit 808c250afc63982679f61339b3310498ac730fc9
Author: Martin Schanzenbach <schanzen@gnunet.org>
AuthorDate: Mon Mar 11 00:14:26 2024 +0100
transport: Improve KX handling.
In particular, this commit fixes cleanup of shared secrets that have expired
due to the amount of data sent.
This allows injected rekeys to be used effectively after the usage limit is
exceeded.
---
src/service/transport/gnunet-communicator-udp.c | 52 +++++++++++++++++++---
src/service/transport/test_communicator_basic.c | 28 +++++++-----
.../test_communicator_udp_basic_peer1.conf | 1 +
.../test_communicator_udp_rekey_peer1.conf | 1 +
4 files changed, 65 insertions(+), 17 deletions(-)
diff --git a/src/service/transport/gnunet-communicator-udp.c
b/src/service/transport/gnunet-communicator-udp.c
index 28729bb73..406c52bff 100644
--- a/src/service/transport/gnunet-communicator-udp.c
+++ b/src/service/transport/gnunet-communicator-udp.c
@@ -93,7 +93,7 @@
*/
#define GCM_TAG_SIZE (128 / 8)
-#define GENERATE_AT_ONCE 16
+#define GENERATE_AT_ONCE 64
/**
* If we fall below this number of available KCNs,
@@ -920,7 +920,6 @@ kce_destroy (struct KeyCacheEntry *kce)
struct SharedSecret *ss = kce->ss;
ss->active_kce_count--;
- ss->sender->acks_available--;
GNUNET_CONTAINER_DLL_remove (ss->kce_head, ss->kce_tail, kce);
GNUNET_assert (GNUNET_YES == GNUNET_CONTAINER_multishortmap_remove
(key_cache,
&kce->kid,
@@ -1011,8 +1010,10 @@ secret_destroy (struct SharedSecret *ss)
GNUNET_CONTAINER_DLL_remove (sender->ss_head, sender->ss_tail, ss);
sender->num_secrets--;
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "%u sender->num_secrets\n",
- sender->num_secrets);
+ "%u sender->num_secrets %u allowed %u used, %u available\n",
+ sender->num_secrets, ss->sequence_allowed, ss->sequence_used,
+ sender->acks_available);
+ sender->acks_available -= (ss->sequence_allowed - ss->sequence_used);
if (NULL != ss->sender->kce_task)
{
GNUNET_SCHEDULER_cancel (ss->sender->kce_task);
@@ -1712,7 +1713,10 @@ try_handle_plaintext (struct SenderAddress *sender,
if (0 == purge_secrets (sender->ss_tail))
{
// No secret purged. Delete oldest.
- secret_destroy (sender->ss_tail);
+ if (sender->num_secrets > MAX_SECRETS)
+ {
+ secret_destroy (sender->ss_tail);
+ }
}
break;
case GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK:
@@ -1752,6 +1756,9 @@ decrypt_box (const struct UDPBox *box,
struct KeyCacheEntry *kce)
{
struct SharedSecret *ss = kce->ss;
+ struct SharedSecret *ss_c = ss->sender->ss_tail;
+ struct SharedSecret *ss_tmp;
+ int ss_destroyed = 0;
char out_buf[box_len - sizeof(*box)];
GNUNET_assert (NULL != ss->sender);
@@ -1768,10 +1775,14 @@ decrypt_box (const struct UDPBox *box,
1,
GNUNET_NO);
kce_destroy (kce);
+ ss->sender->acks_available--;
return;
}
kce_destroy (kce);
kce = NULL;
+ ss->bytes_sent += box_len;
+ ss->sender->acks_available--;
+ ss->sequence_used++;
GNUNET_STATISTICS_update (stats,
"# bytes decrypted with BOX",
sizeof(out_buf),
@@ -1784,6 +1795,27 @@ decrypt_box (const struct UDPBox *box,
"decrypted UDPBox with kid %s\n",
GNUNET_sh2s (&box->kid));
try_handle_plaintext (ss->sender, out_buf, sizeof(out_buf));
+
+ while (NULL != ss_c)
+ {
+ if (ss_c->bytes_sent >= rekey_max_bytes)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Removing SS because rekey bytes reached.\n");
+ ss_tmp = ss_c->prev;
+ if (ss == ss_c)
+ ss_destroyed = 1;
+ secret_destroy (ss_c);
+ ss_c = ss_tmp;
+ continue;
+ }
+ ss_c = ss_c->prev;
+ }
+ if (1 == ss_destroyed)
+ return;
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Sender has %u ack left.\n",
+ ss->sender->acks_available);
if ((KCN_THRESHOLD > ss->sender->acks_available) &&
(NULL == ss->sender->kce_task) &&
(GNUNET_YES == ss->sender->kce_task_finished))
@@ -2191,7 +2223,10 @@ sock_read (void *cls)
if (0 == purge_secrets (sender->ss_tail))
{
// No secret purged. Delete oldest.
- secret_destroy (sender->ss_tail);
+ if (sender->num_secrets > MAX_SECRETS)
+ {
+ secret_destroy (sender->ss_tail);
+ }
}
}
}
@@ -2392,7 +2427,10 @@ send_msg_with_kx (const struct GNUNET_MessageHeader
*msg, struct
if (0 == purge_secrets (receiver->ss_tail))
{
// No secret purged. Delete oldest.
- secret_destroy (receiver->ss_tail);
+ if (receiver->num_secrets > MAX_SECRETS)
+ {
+ secret_destroy (receiver->ss_tail);
+ }
}
setup_cipher (&ss->master, 0, &out_cipher);
diff --git a/src/service/transport/test_communicator_basic.c
b/src/service/transport/test_communicator_basic.c
index 36784e726..510791a47 100644
--- a/src/service/transport/test_communicator_basic.c
+++ b/src/service/transport/test_communicator_basic.c
@@ -373,10 +373,10 @@ process_statistics (void *cls,
uint64_t value,
int is_persistent)
{
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Statistic: Name %s and value %" PRIu64 "\n",
- name,
- value);
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "Statistic: Name %s and value %" PRIu64 "\n",
+ name,
+ value);
if ((0 == strcmp ("rekey", test_name)) && (0 == strcmp (
"# rekeying successful",
name)))
@@ -410,11 +410,17 @@ process_statistics (void *cls,
name))
&& (6000 > value))
{
- ret = 2;
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Not enough BOX messages! (want: %u, have %llu)\n",
- 6000, (unsigned long long) value);
- GNUNET_SCHEDULER_shutdown ();
+ if (6000 > value)
+ {
+ ret = 2;
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Not enough BOX messages! (want: %u, have %llu)\n",
+ 6000, (unsigned long long) value);
+ GNUNET_SCHEDULER_shutdown ();
+ }
+ LOG (GNUNET_ERROR_TYPE_MESSAGE,
+ "Successful messages in BOX: %llu\n",
+ (unsigned long long) value);
}
return GNUNET_OK;
}
@@ -591,11 +597,13 @@ choose_phase (struct
GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *tc_h)
"backchannel",
test_name))) )
{
+ LOG (GNUNET_ERROR_TYPE_ERROR, "Getting statistics...\n");
if (NULL != box_stats[peer_nr])
GNUNET_STATISTICS_get_cancel (box_stats[peer_nr]);
box_stats[peer_nr] = GNUNET_STATISTICS_get (stats[1],
"C-UDP",
- "# messages decrypted with
BOX",
+ //"# messages decrypted with
BOX",
+ NULL,
process_statistics_box_done,
&process_statistics,
tc_h);
diff --git a/src/service/transport/test_communicator_udp_basic_peer1.conf
b/src/service/transport/test_communicator_udp_basic_peer1.conf
index 6968b3aef..83c599ae5 100644
--- a/src/service/transport/test_communicator_udp_basic_peer1.conf
+++ b/src/service/transport/test_communicator_udp_basic_peer1.conf
@@ -33,6 +33,7 @@ UNIXPATH =
$GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock
[communicator-udp]
# PREFIX = valgrind --leak-check=full --track-origins=yes
--log-file=/tmp/vg_com1
+#PREFIX = valgrind --tool=callgrind
BINDTO = 60002
DISABLE_V6 = YES
MAX_QUEUE_LENGTH=5000
diff --git a/src/service/transport/test_communicator_udp_rekey_peer1.conf
b/src/service/transport/test_communicator_udp_rekey_peer1.conf
index 6294ea1e5..305dd3b84 100644
--- a/src/service/transport/test_communicator_udp_rekey_peer1.conf
+++ b/src/service/transport/test_communicator_udp_rekey_peer1.conf
@@ -42,6 +42,7 @@ REKEY_INTERVAL = 100ms
[communicator-udp]
#PREFIX = xterm -geometry 100x85 -T peer1 -e gdb --args
#PREFIX = valgrind --leak-check=full --track-origins=yes
+#PREFIX = valgrind --tool=callgrind
BINDTO = 60002
DISABLE_V6 = YES
MAX_QUEUE_LENGTH=5000
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [gnunet] branch master updated: transport: Improve KX handling.,
gnunet <=