Home Explore Help
Sign In
cpp
/
ZeroTierOne
mirror of https://github.com/zerotier/ZeroTierOne
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

More cleanup to direct path push, comment fixes, etc.

Adam Ierymenko 10 years ago
parent
c863ff3f02
commit
778c7e6e70
8 changed files with 71 additions and 85 deletions
Split View Show Diff Stats
  1. 2 15
      node/IncomingPacket.cpp
  2. 1 1
      node/Network.hpp
  3. 2 6
      node/OutboundMulticast.cpp
  4. 4 4
      node/Packet.hpp
  5. 6 4
      node/Peer.cpp
  6. 4 4
      node/Peer.hpp
  7. 48 50
      node/Switch.cpp
  8. 4 1
      node/Switch.hpp

+ 2 - 15
node/IncomingPacket.cpp
View File 

@@ -661,21 +661,8 @@ bool IncomingPacket::_doNETWORK_MEMBERSHIP_CERTIFICATE(const RuntimeEnvironment
 
 			ptr += com.deserialize(*this,ptr);
 
 			if (com.hasRequiredFields()) {
 
 				SharedPtr<Network> network(RR->node->network(com.networkId()));
 
-				if (network) {
 
-					if (network->validateAndAddMembershipCertificate(com)) {
 
-						if ((network->isAllowed(peer->address()))&&(network->peerNeedsOurMembershipCertificate(peer->address(),RR->node->now()))) {
 
-							// If peer passed our check and we haven't sent it our cert yet, respond
 
-							// and push our cert as well for instant authorization setup.
 
-							SharedPtr<NetworkConfig> nconf(network->config2());
 
-							if ((nconf)&&(nconf->com())) {
 
-								Packet outp(peer->address(),RR->identity.address(),Packet::VERB_NETWORK_MEMBERSHIP_CERTIFICATE);
 
-								nconf->com().serialize(outp);
 
-								outp.armor(peer->key(),true);
 
-								RR->node->putPacket(_remoteAddress,outp.data(),outp.size());
 
-							}
 
-						}
 
-					}
 
-				}
 
+				if (network)
 
+					network->validateAndAddMembershipCertificate(com);
 
 			}
 
 		}

+ 1 - 1
node/Network.hpp
View File 

@@ -184,7 +184,7 @@ public:
 
 	bool validateAndAddMembershipCertificate(const CertificateOfMembership &cert);
 
 
 	/**
 
-	 * Check if we should push membership certificate to a peer, and update last pushed
 
+	 * Check if we should push membership certificate to a peer, AND update last pushed
 
 	 *
 
 	 * If we haven't pushed a cert to this peer in a long enough time, this returns
 
 	 * true and updates the last pushed time. Otherwise it returns false.

+ 2 - 6
node/OutboundMulticast.cpp
View File 

@@ -102,13 +102,9 @@ void OutboundMulticast::init(
 
 
 void OutboundMulticast::sendOnly(const RuntimeEnvironment *RR,const Address &toAddr)
 
 {
 
-	SharedPtr<Network> network(RR->node->network(_nwid));
 
-
 
-	if (!network)
 
-		return;
 
-
 
 	if (_haveCom) {
 
-		if (network->peerNeedsOurMembershipCertificate(toAddr,RR->node->now())) {
 
+		SharedPtr<Network> network(RR->node->network(_nwid));
 
+		if ((network)&&(network->peerNeedsOurMembershipCertificate(toAddr,RR->node->now()))) {
 
 			_packetWithCom.newInitializationVector();
 
 			_packetWithCom.setDestination(toAddr);
 
 			//TRACE(">>MC %.16llx -> %s (with COM)",(unsigned long long)this,toAddr.toString().c_str());

+ 4 - 4
node/Packet.hpp
View File 

@@ -678,10 +678,10 @@ public:
 
 		 *   <[...] serialized certificate of membership>
 
 		 *   [ ... additional certificates may follow ...]
 
 		 *
 
-		 * OK/ERROR are not generated, but the recipient should push its network
 
-		 * membership certificate if the certificate the peer pushed is valid
 
-		 * and agrees and if it hasn't done so in too long. This ensures instant
 
-		 * network authentication setup between valid and authorized peers.
 
+		 * This is sent in response to ERROR_NEED_MEMBERSHIP_CERTIFICATE and may
 
+		 * be pushed at any other time to keep exchanged certificates up to date.
 
+		 *
 
+		 * OK/ERROR are not generated.
 
 		 */
 
 		VERB_NETWORK_MEMBERSHIP_CERTIFICATE = 10,

+ 6 - 4
node/Peer.cpp
View File 

@@ -208,12 +208,13 @@ void Peer::doPingAndKeepalive(const RuntimeEnvironment *RR,uint64_t now)
 
 	}
 
 }
 
 
-void Peer::pushDirectPaths(const RuntimeEnvironment *RR,const std::vector<Path> &dps,uint64_t now,bool force)
 
+void Peer::pushDirectPaths(const RuntimeEnvironment *RR,RemotePath *path,uint64_t now,bool force)
 
 {
 
-	if ((!dps.empty())&&(((now - _lastDirectPathPush) >= ZT_DIRECT_PATH_PUSH_INTERVAL)||(force))) {
 
+	if ((((now - _lastDirectPathPush) >= ZT_DIRECT_PATH_PUSH_INTERVAL)||(force))) {
 
 		_lastDirectPathPush = now;
 
 
-		TRACE("pushing %u direct paths to %s",(unsigned int)dps.size(),_id.address().toString().c_str());
 
+		std::vector<Path> dps(RR->node->directPaths());
 
+		TRACE("pushing %u direct paths (local interface addresses) to %s",(unsigned int)dps.size(),_id.address().toString().c_str());
 
 
 		std::vector<Path>::const_iterator p(dps.begin());
 
 		while (p != dps.end()) {
 
@@ -266,7 +267,8 @@ void Peer::pushDirectPaths(const RuntimeEnvironment *RR,const std::vector<Path>
 
 
 			if (count) {
 
 				outp.setAt(ZT_PACKET_IDX_PAYLOAD,(uint16_t)count);
 
-				RR->sw->send(outp,true,0);
 
+				outp.armor(_key,true);
 
+				path->send(RR,outp.data(),outp.size(),now);
 
 			}
 
 		}
 
 	}

+ 4 - 4
node/Peer.hpp
View File 

@@ -179,14 +179,14 @@ public:
 
 	void doPingAndKeepalive(const RuntimeEnvironment *RR,uint64_t now);
 
 
 	/**
 
-	 * Push direct paths (if within rate limit)
 
+	 * Push direct paths if we haven't done so in [rate limit] milliseconds
 
 	 *
 
 	 * @param RR Runtime environment
 
-	 * @param dps Direct paths to me to push to this peer
 
+	 * @param path Remote path to use to send the push
 
 	 * @param now Current time
 
-	 * @param force If true, force regardless of when we pushed direct paths last
 
+	 * @param force If true, push regardless of rate limit
 
 	 */
 
-	void pushDirectPaths(const RuntimeEnvironment *RR,const std::vector<Path> &dps,uint64_t now,bool force);
 
+	void pushDirectPaths(const RuntimeEnvironment *RR,RemotePath *path,uint64_t now,bool force);
 
 
 	/**
 
 	 * @return All known direct paths to this peer

+ 48 - 50
node/Switch.cpp
View File 

@@ -162,38 +162,34 @@ void Switch::onLocalEthernet(const SharedPtr<Network> &network,const MAC &from,c
 
 	if (to[0] == MAC::firstOctetForNetwork(network->id())) {
 
 		// Destination is another ZeroTier peer on the same network
 
 
-		Address toZT(to.toAddress(network->id()));
 
-		if (network->isAllowed(toZT)) {
 
-			const bool includeCom = network->peerNeedsOurMembershipCertificate(toZT,RR->node->now());
 
-			if ((fromBridged)||(includeCom)) {
 
-				Packet outp(toZT,RR->identity.address(),Packet::VERB_EXT_FRAME);
 
-				outp.append(network->id());
 
-				if (includeCom) {
 
-					outp.append((unsigned char)0x01); // 0x01 -- COM included
 
-					nconf->com().serialize(outp);
 
-				} else {
 
-					outp.append((unsigned char)0x00);
 
-				}
 
-				to.appendTo(outp);
 
-				from.appendTo(outp);
 
-				outp.append((uint16_t)etherType);
 
-				outp.append(data,len);
 
-				outp.compress();
 
-				send(outp,true,network->id());
 
+		Address toZT(to.toAddress(network->id())); // since in-network MACs are derived from addresses and network IDs, we can reverse this
 
+		const bool includeCom = network->peerNeedsOurMembershipCertificate(toZT,RR->node->now());
 
+		if ((fromBridged)||(includeCom)) {
 
+			Packet outp(toZT,RR->identity.address(),Packet::VERB_EXT_FRAME);
 
+			outp.append(network->id());
 
+			if (includeCom) {
 
+				outp.append((unsigned char)0x01); // 0x01 -- COM included
 
+				nconf->com().serialize(outp);
 
 			} else {
 
-				Packet outp(toZT,RR->identity.address(),Packet::VERB_FRAME);
 
-				outp.append(network->id());
 
-				outp.append((uint16_t)etherType);
 
-				outp.append(data,len);
 
-				outp.compress();
 
-				send(outp,true,network->id());
 
+				outp.append((unsigned char)0x00);
 
 			}
 
-
 
-			//TRACE("%.16llx: UNICAST: %s -> %s etherType==%s(%.4x) vlanId==%u len==%u fromBridged==%d includeCom==%d",network->id(),from.toString().c_str(),to.toString().c_str(),etherTypeName(etherType),etherType,vlanId,len,(int)fromBridged,(int)includeCom);
 
+			to.appendTo(outp);
 
+			from.appendTo(outp);
 
+			outp.append((uint16_t)etherType);
 
+			outp.append(data,len);
 
+			outp.compress();
 
+			send(outp,true,network->id());
 
 		} else {
 
-			TRACE("%.16llx: UNICAST: %s -> %s etherType==%s dropped, destination not a member of private network",network->id(),from.toString().c_str(),to.toString().c_str(),etherTypeName(etherType));
 
+			Packet outp(toZT,RR->identity.address(),Packet::VERB_FRAME);
 
+			outp.append(network->id());
 
+			outp.append((uint16_t)etherType);
 
+			outp.append(data,len);
 
+			outp.compress();
 
+			send(outp,true,network->id());
 
 		}
 
 
+		//TRACE("%.16llx: UNICAST: %s -> %s etherType==%s(%.4x) vlanId==%u len==%u fromBridged==%d includeCom==%d",network->id(),from.toString().c_str(),to.toString().c_str(),etherTypeName(etherType),etherType,vlanId,len,(int)fromBridged,(int)includeCom);
 
+
 
 		return;
 
 	}
 
 
@@ -205,7 +201,7 @@ void Switch::onLocalEthernet(const SharedPtr<Network> &network,const MAC &from,c
 
 
 		/* Create an array of up to ZT_MAX_BRIDGE_SPAM recipients for this bridged frame. */
 
 		bridges[0] = network->findBridgeTo(to);
 
-		if ((bridges[0])&&(bridges[0] != RR->identity.address())&&(network->isAllowed(bridges[0]))&&(network->permitsBridging(bridges[0]))) {
 
+		if ((bridges[0])&&(bridges[0] != RR->identity.address())&&(network->permitsBridging(bridges[0]))) {
 
 			/* We have a known bridge route for this MAC, send it there. */
 
 			++numBridges;
 
 		} else if (!nconf->activeBridges().empty()) {
 
@@ -215,8 +211,7 @@ void Switch::onLocalEthernet(const SharedPtr<Network> &network,const MAC &from,c
 
 			if (nconf->activeBridges().size() <= ZT_MAX_BRIDGE_SPAM) {
 
 				// If there are <= ZT_MAX_BRIDGE_SPAM active bridges, spam them all
 
 				while (ab != nconf->activeBridges().end()) {
 
-					if (network->isAllowed(*ab)) // config sanity check
 
-						bridges[numBridges++] = *ab;
 
+					bridges[numBridges++] = *ab;
 
 					++ab;
 
 				}
 
 			} else {
 
@@ -225,8 +220,7 @@ void Switch::onLocalEthernet(const SharedPtr<Network> &network,const MAC &from,c
 
 					if (ab == nconf->activeBridges().end())
 
 						ab = nconf->activeBridges().begin();
 
 					if (((unsigned long)RR->prng->next32() % (unsigned long)nconf->activeBridges().size()) == 0) {
 
-						if (network->isAllowed(*ab)) // config sanity check
 
-							bridges[numBridges++] = *ab;
 
+						bridges[numBridges++] = *ab;
 
 						++ab;
 
 					} else ++ab;
 
 				}
 
@@ -703,29 +697,28 @@ bool Switch::_trySend(const Packet &packet,bool encrypt,uint64_t nwid)
 
 	if (peer) {
 
 		const uint64_t now = RR->node->now();
 
 
+		SharedPtr<Network> network;
 
+		SharedPtr<NetworkConfig> nconf;
 
 		if (nwid) {
 
-			// If this packet has an associated network, give the peer additional hints for direct connectivity
 
-			peer->pushDirectPaths(RR,RR->node->directPaths(),now,false);
 
+			network = RR->node->network(nwid);
 
+			if (!network)
 
+				return false; // we probably just left this network, let its packets die
 
+			nconf = network->config2();
 
+			if (!nconf)
 
+				return false; // sanity check: unconfigured network? why are we trying to talk to it?
 
 		}
 
 
 		RemotePath *viaPath = peer->getBestPath(now);
 
+		SharedPtr<Peer> relay;
 
 		if (!viaPath) {
 
-			SharedPtr<Peer> relay;
 
-
 
 			// See if this network has a preferred relay (if packet has an associated network)
 
-			if (nwid) {
 
-				SharedPtr<Network> network(RR->node->network(nwid));
 
-				if (network) {
 
-					SharedPtr<NetworkConfig> nconf(network->config2());
 
-					if (nconf) {
 
-						unsigned int latency = ~((unsigned int)0);
 
-						for(std::vector< std::pair<Address,InetAddress> >::const_iterator r(nconf->relays().begin());r!=nconf->relays().end();++r) {
 
-							if (r->first != peer->address()) {
 
-								SharedPtr<Peer> rp(RR->topology->getPeer(r->first));
 
-								if ((rp)&&(rp->hasActiveDirectPath(now))&&(rp->latency() <= latency))
 
-									rp.swap(relay);
 
-							}
 
-						}
 
+			if (nconf) {
 
+				unsigned int latency = ~((unsigned int)0);
 
+				for(std::vector< std::pair<Address,InetAddress> >::const_iterator r(nconf->relays().begin());r!=nconf->relays().end();++r) {
 
+					if (r->first != peer->address()) {
 
+						SharedPtr<Peer> rp(RR->topology->getPeer(r->first));
 
+						if ((rp)&&(rp->hasActiveDirectPath(now))&&(rp->latency() <= latency))
 
+							rp.swap(relay);
 
 					}
 
 				}
 
 			}
 
@@ -735,7 +728,12 @@ bool Switch::_trySend(const Packet &packet,bool encrypt,uint64_t nwid)
 
 				relay = RR->topology->getBestRoot();
 
 
 			if (!(relay)||(!(viaPath = relay->getBestPath(now))))
 
-				return false;
 
+				return false; // no paths, no root servers?
 
+		}
 
+
 
+		if ((network)&&(relay)&&(network->isAllowed(peer->address()))) {
 
+			// Push hints for direct connectivity to this peer if we are relaying
 
+			peer->pushDirectPaths(RR,viaPath,now,false);
 
 		}
 
 
 		Packet tmp(packet);

+ 4 - 1
node/Switch.hpp
View File 

@@ -108,10 +108,13 @@ public:
 
 	 * 
 	 * Needless to say, the packet's source must be this node. Otherwise it
 
 	 * won't be encrypted right. (This is not used for relaying.)
 
+	 *
 
+	 * The network ID should only be specified for frames and other actual
 
+	 * network traffic.
 
 	 * 
 	 * @param packet Packet to send
 
 	 * @param encrypt Encrypt packet payload? (always true except for HELLO)
 
-	 * @param nwid Network ID or 0 if message is not related to a specific network
 
+	 * @param nwid Related network ID or 0 if message is not in-network traffic
 
 	 */
 
 	void send(const Packet &packet,bool encrypt,uint64_t nwid);