diff options
author | Anton Luka Šijanec <anton@sijanec.eu> | 2022-11-27 23:07:08 +0100 |
---|---|---|
committer | Anton Luka Šijanec <anton@sijanec.eu> | 2022-11-27 23:07:08 +0100 |
commit | 5c7fa69c8bd538b806ae6c3bed16d452f10ee486 (patch) | |
tree | 76ce3a4a9c3aa3e84e7034dd81142ad20ba02338 /src/dht.c | |
parent | bencoding (diff) | |
download | travnik-5c7fa69c8bd538b806ae6c3bed16d452f10ee486.tar travnik-5c7fa69c8bd538b806ae6c3bed16d452f10ee486.tar.gz travnik-5c7fa69c8bd538b806ae6c3bed16d452f10ee486.tar.bz2 travnik-5c7fa69c8bd538b806ae6c3bed16d452f10ee486.tar.lz travnik-5c7fa69c8bd538b806ae6c3bed16d452f10ee486.tar.xz travnik-5c7fa69c8bd538b806ae6c3bed16d452f10ee486.tar.zst travnik-5c7fa69c8bd538b806ae6c3bed16d452f10ee486.zip |
Diffstat (limited to '')
-rw-r--r-- | src/dht.c | 458 |
1 files changed, 445 insertions, 13 deletions
@@ -1,18 +1,450 @@ -struct dht { - char id[20]; - int socket; - char secret[16]; /**< for calculating opaque write token, random */ -}; +#include <time.h> +#include <sys/random.h> +#include <errno.h> +#include <sys/socket.h> +#include <unistd.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <arpa/inet.h> +#include <netinet/ip.h> +#define ECB 1 +#define AES128 1 +#include <aes.c> +#include <bencoding.c> + +time_t seconds () { + struct timespec tp; + clock_gettime(CLOCK_MONOTONIC, &tp); + return tp.tv_sec; +} + +int family (struct in6_addr addr) { + return memcmp("\0\0\0\0\0\0\0\0\0\0\xFF\xFF", addr.s6_addr, 12) ? AF_INET6 : AF_INET; +} + +#define K 8 + +/** + * node representation + */ + struct node { char id[20]; - int lost; - int sent; - int answers; - int malformed; - int received; - time_t last; - struct sockaddr addr; + struct sockaddr_in6 * addr; + int unanswered; /**< number of packets I've sent since last_received */ + time_t last_received; /**< time when I received the last packet from it */ + time_t last_sent; /**< time when I sent the last packet to it */ + struct node * next; + struct dht * dht; /**< a reference to the library handle */ +} + +/** + * frees a node + * + * @param n [in] the node to be freed + */ + +void node_free (struct node * n) { + free(n->addr); + free(n); +} + +/** + * bucket representation + */ + +struct bucket { + char id[20]; /**< bucket spans from id inclusive to next->id exclusive */ + struct node * nodes; + struct bucket * next; + struct dht * dht; /**< a reference to the library handle */ + int count; /**< number of nodes in this bucket */ +} + +/** + * frees a bucket + * + * @param b [in] the bucket to be freed + */ + +void bucket_free (struct bucket * b) { + struct node * node = b->nodes; + while (node) { + struct node * old = node; + node = node->next; + node_free(old); + } + free(b); +} + +/** + * handle for the library + */ + +struct dht { + char id[20]; /**< own id */ + int socket; /**< v4&v6 UDP socket that is bound on UDP and sends to nodes */ + char secret[16]; /**< for calculating opaque write token, random */ + FILE * log; /**< FILE to log to, defaults to stderr */ + struct bucket * buckets; + struct bucket * buckets6: /**< IPv6 routing table */ }; -void token (char * dest, struct sockaddr addr) {š +/** + * creates a handle. you can override id and log in the result struct. + * + * this function does not log, as log fd is not known yet + * + * socket must be close()d before being overriden, if the caller wants to use custom binding. + * + * binds UDP to all ifaces + */ + +struct dht * dht_init (void) { + struct dht * d = calloc(1, sizeof *d); + d->log = stderr; + d->buckets = calloc(1, sizeof(struct bucket)); + d->buckets->dht = d; + errno = 0; + if (!d) + return NULL; + if (getrandom(d->id, 20, GRND_NONBLOCK) == -1) + goto e; + if (getrandom(d->secret, 16, GRND_NONBLOCK) == -1) + goto e; + d->socket = socket(AF_INET6, SOCK_DGRAM | SOCK_NONBLOCK | SOCK_CLOEXEC, 0); + if (d->socket == -1) + goto e; + struct sockaddr_in6 a = { + sin6_family = AF_INET6, + sin6_addr = in6addr_any + }; + if (bind(d->socket, &a, sizeof a) == -1) + goto e; + return d; + e: + free(d); + return NULL; +} + +/** + * frees a handle. does nothing if handle is NULL. does not fclose log. closes socket. please set socket to -1 before calling if you don't want to close it. + * TODO: sends all my knowledge as a burst of UDP packets to nodes in my bucket. + */ + +#define L(o, f, ...) do {char t[512]; time_t n = time(NULL); strftime(t, 512, "%c", localtime(&n)); fprintf(o, "[%s] %s()%s:%d: " f "\n", t, __func__, __FILE__, __LINE__ __VA_OPT__(,) __VA_ARGS__)} while (0) + +void dht_free (struct dht * d) { + if (d->socket != -1) + if (close(d->socket) == -1) + L(d->log, "close(d->socket) == -1"); + struct bucket * bucket = d->buckets; + while (bucket) { + struct bucket * old = bucket; + bucket = bucket->next; + bucket_free(old); + } + free(d); +} + +/** + * generates a 16 byte token for allowing a node to store it's IP addres in our node. verify with valid() + * + * @param d [in] used to obtain the secret key + * @param t [out] the destination to which to write the 16 bytes + * @param a [in] the node's IP address, from which get_peers was received + * @param l [in] the length of socket address struct a + */ + +void token (const struct dht * d, char * t, struct sockaddr_in6 * a) { + struct AES_ctx aes; + memcpy(t, a->sin6_addr, 16); + AES_init_ctx(&aes, dht->secret); + AES_ECB_encrypt(&aes, t); +} + +/** + * verifies a 16 byte token, if it was really generated with token(), to prevent unsolicited adding of IPs to storage with src ip addr spoofing. + * + * @param d [in] used to obtain the secret key + * @param t [in] the address from which to obtain the 16 byte token + * @param a [in] the node's IP address, from which announce was received + * @param l [in] the length of socket address struct a + * @return 1 if the token is valid for this node, 0 otherwise + */ + +int valid (const struct dht * d, const char * t, struct sockaddr_in6 * a) { + char try[16]; + memcpy(try, t, 16); + token(d, try, a, l); + return !memcmp(try, t, 16); +} + +/** + * sends a bencoding object to the remote node. does not free the input bencoding. inserts a v key to the input bencoding. + * + * @param d [in] the dht library handle + * @param b [in] the bencoding to send serialized, m. ownership NOT transfered + * @param a [in] destination address + */ + +void sendb (const struct dht * d, struct bencoding * b, struct sockaddr_in6 * a) { + char remote[INET6_ADDRSTRLEN + 7]; + if (!inet_ntop(a->sa_family, a, remote, sizeof *a)) + snprintf(remote, sizeof remote, "(inet_ntop: %s)", strerror(errno)); + sprintf(remote+strlen(remote), ":%d", ntohs(((struct sockaddr_in6 *) a)->sin6_port)); + struct bencoding * v = bstr(strdup("TK00")); + v->key = bstr(strdup("v")); + binsert(b, v); + int len = b2json_length(b); + char json[len+1]; + b2json(json, a); + json[len] = '\0'; + L(d->log, "sending to %s: %s", remote, json); + len = bencode_length(b); + char text[len]; + bencode(text, b); + if (sendto(dht->socket, text, len, MSG_DONTWAIT | MSG_NOSIGNAL, a, sizeof *a) == -1) + L(d->log, "sendto(%s): %s", remote, strerror(errno)); +} + +/** + * sends an error rpc packet to a node. make sure that this is always similar size to the received packet, otherwise we could get amplification attacks. + * + * @param d [in] the dht library handle, for logging and for socket fd + * @param b [in] the incoming packet that caused the error, to get key t + * @param a [in] address of the incoming packet to which an error is sent + * @param num [in] error number, as specified by BEP-0005 + * @param text [in] error text. memory ownership is transfered and string is freed, so make sure it's allocated on heap and no longer used by the caller - for static strings use strdup() + */ + +void send_error (const struct dht * d, const struct bencoding * b, struct sockaddr_in6 * a, int errnum, char * text) { + struct bencoding * e = calloc(1, sizeof *e); + e->type = list; + e->key = bstr(strdup("e")); + binsert(e, bstr(text)); + binsert(e, bnum(errnum)); + struct bencoding * y = bstr(strdup("e")); + b->key = bstr(strdup("y")); + struct bencoding * response = calloc(1, sizeof *response); + binsert(response, y); + binsert(response, e); + binsert(response, bpath(b, "t")); + sendb(d, response, a); + free_bencoding(response); +} + +/** + * decides if a node id belongs to a bucket or not. this does not actually check the bucket for it's contents, just the ranges. + * + * @param id [in] the node id + * @param b [in] the bucket + * @return 1 if belongs to a bucket, 0 otherwise + */ + +int in_bucket (const char * id, const struct bucket * b) { + return memcmp(id, b->id, 20) >= 0 && (!b->next || memcmp(id, b->next->id, 20) < 0); +} + +/** + * searches for a stored node based on id + * + * @param id [in] the node id + * @param b pointer to a variable containing a pointer to the first bucket in ll. after the call the value at this pointer is overwritten to the bucket that should contain this node. since it's overwritten, do NOT just pass &dht->buckets. do struct bucket * b = dht->buckets and pass &b instead. + * @param n [out] the node directly before the searched for node. NULL is written if this node would be placed at the start of the bucket. NULL may be passed without consequences. + * @return the pointer to the node or NULL if not found + */ + +struct node * find (const char * id, struct bucket ** b, struct ** n) { + while (!in_bucket(id, *b)) + *b = (*b)->next; + struct node * node = (*b)->nodes; + struct prev = NULL; + while (node && memcmp(node->id, id) < 0) { + prev = node; + node = node->next; + } + *n = prev; +} + +/** + * informs the library of a successfully received response packet from a node, knowing it's id and ip:port. do not call if the node queried us, if that's the case, use potential_node(). + * + * if the node is new, it's added in a bucket. + * + * if the node is found in a bucket, it's last received time and window are updated + * + * @param d [in] handle + * @param id [in] node id that was received + * @param addr [in] address from which the id was received + */ + +void replied (const struct dht * d, const char * id, const struct sockaddr_in6 * addr) { + +} + +/** + * sends a find_node query to a "raw node", a tuple if id and ip + * + * @param d [in] handle + * @param id [in] id of remote node to which we are sending the query + * @param a [in] address of the remote node + * @param query [in] 20 byte id we are querying + */ + +void find_node (const struct dht * d, const char * id, const struct sockaddr_in6 * a, const char * query) { + +} + +/** + * when we are sure about association nodeid<->ipaddress and we are unsure if the node is already in the routing table, we call this function, which makes a query to this node if it's a candidate for filling the routing table. this doesn't yet add it to the routing table, because we are unsure if it's a good node / can respond to queries. replied() is called if a node replied to our query. + * + * @param d [in] library handle + * @param id [in] 20 byte node id + * @param a [in] pointer to sockaddr of the node + */ + +void potential_node (const struct dht * d, const char * id, const struct sockaddr_in6 * a) { + struct bucket * bucket = d->buckets; + if (family(a->sin6_addr) == AF_INET6) + bucket = b->buckets6; + find(rid->value, &bucket, NULL); + if (bucket->count <= K || in_bucket(d->id, bucket)) { + char random[20]; + if (getrandom(random, 20, GRND_NONBLOCK) == -1) + return; + find_node(d, id, a, random); + } +} + +/** + * does work; syncs with the network, handles incoming queries + * + * call this: + * - whenever socket can be read from (via poll/epoll/select/...) + * - every 14 minutes so that nodes with no activity are pinged + */ + +void work (struct dht * d) { + char packet[65536]; + struct sockaddr_in6 addr; + socklen_t addrlen = sizeof addr; + int ret = recvfrom(d->socket, packet, 65536, MSG_DONTWAIT | MSG_TRUNC, &addr, &addrlen); + if (addrlen != sizeof add) + L(d->log, "addrlen changed, not parsing packet"); + else if (ret > 65536) + L(d->log, "recvfrom()d larger packet than 65536, not parsing packet"); + else if (ret < 0) + if (ret != EAGAIN) + L(d->log, "recvfrom(): %s", strerror(errno)); + else { + struct bdecoding * b = bdecode(packet, ret, replace); + struct bdecoding * v = bpath(b, "v"); + char * node_ver = ""; + char remote[INET_ADDRSTRLEN + INET6_ADDRSTRLEN + 7 + (v && v->type & string) ? v->valuelen : 0]; + if (!inet_ntop(addr.sa_family, &addr, remote, addrlen)) + snprintf(remote, sizeof remote, "(inet_ntop: %s)", strerror(errno)); + sprintf(remote+strlen(remote), ":%d", ntohs(addr.sin6_port)); + } + if (v && v->type & string) { + node_ver = v->value; + sprintf(remote+strlen(remote), "-%s", node_ver); + } + struct bdecoding * y = bpath(b, "y"); + char * msg_type = ""; + if (y && y->type & string) + msg_type = y->value; + switch (msg_type[0]) { + case 'Q': + case 'q': + struct bencoding * q = bpath(b, "q"); + char * qtype = ""; + if (q && q->type & string) + qtype = q->value; + switch (qtype[0]) { + case 'P': // ping + case 'p': + struct bencoding * rid = bpath(bpath(b, "a"), "id"); + if (rid && rid->type & string && rid->valuelen == 20) { + potential_node(d, rid->value, &addr, addrlen); + } + else { // see NOTE01 + int len = b2json_length(b); + char j[len+1]; + b2json(j, b); + j[len] = '\0'; + L("%s did not send a valid id in %s", remote, j); + } + struct bencoding * id = calloc(1, sizeof *d); + id->type = dict; + id->key = bstr(strdup("id")); + id->valuelen = 20; + id->value = malloc(20); + memcpy(id->value, d->id, 20); + struct bencoding * r = calloc(1, sizeof *d); + r->type = dict; + r->key = bstr(strdup("r")); + binsert(r, id); + struct bencoding * y = bstr(strdup("r")); + y->key = bstr(strdup("y")); + struct bencoding * response = calloc(1, sizeof *r); + response->type = dict; + binsert(response, y); + binsert(response, r); + binsert(response, bclone(bpath(b, "t"))); + sendb(d, response, &addr, addrlen); + free_bencoding(response); + break; + default: // see NOTE01 + int len = b2json_length(b); + char json[len+1]; + b2json(json, b); + json[len] = '\0'; + L(dht->log, "%s sent an unknown query type: %s"); + break; + } + break; + case 'R': + case 'r': + break; + case 'E': + case 'e': + struct bdecoding * e = bpath(b, "e"); + char * errtype = "Unspecified Error"; + if (e && e->child) + switch (e->child->intvalue) { + case 201: + errtype = "Generic Error"; + break; + case 202: + errtype = "Server Error"; + break; + case 203: + errtype = "Protocol Error, such as a malformed packet, invalid arguments, or bad token"; + break; + case 204: + errtype = "Method Unknown"; + break; + default: + errtype = "Unknown Error"; + break; + } + char * msg = NULL; + if (e && e->child && e->child->next && e->child->next->type & string) + msg = e->child->next->value; + L(d->log, "%s sent %s%s%s", remote, errtype, msg ? ": " : "", msg ? msg : ""); + break; + default: // NOTE01 sending an error is unfortunately bad in this case, since clever hackers can force two servers speaking entirely different UDP based protcols into sending error messages to each other, telling one another that they don't understand each other's messages. + int len = b2json_length(b); + char json[len+1]; + b2json(json, b); + json[len] = '\0'; + L(dht->log, "%s sent an unknown type: %s"); + // send_error(d, b, &addr, addrlen, 203, "unknown type"); + break; + } + struct bdecoding * trans_id = bpath(b, "t"); + free_bencoding(b); + } } |