Home Explore Help
Sign In
cpp
/
ZeroTierOne
mirror of https://github.com/zerotier/ZeroTierOne
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Do packet MAC check before locallyValidate(), and add timing measurement in selftest.

Adam Ierymenko 8 years ago
parent
1fcbb1fbed
commit
ab4021dd0e
2 changed files with 16 additions and 11 deletions
Unified View Show Diff Stats
  1. 8 7
      node/IncomingPacket.cpp
  2. 8 4
      selftest.cpp

+ 8 - 7
node/IncomingPacket.cpp
View File 

@@ -275,7 +275,7 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,const bool alreadyAut
 
 
 
 					// Continue at // VALID
 
 					// Continue at // VALID
 
 				}
 
 				}
 
-			} // else continue at // VALID
 
+			} // else if alreadyAuthenticated then continue at // VALID
 
 		} else {
 
 		} else {
 
 			// We don't already have an identity with this address -- validate and learn it
 
 			// We don't already have an identity with this address -- validate and learn it
 
 
 
@@ -285,18 +285,19 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,const bool alreadyAut
 
 				return true;
 
 				return true;
 
 			}
 
 			}
 
 
 
+			// Check packet integrity and MAC
 
+			SharedPtr<Peer> newPeer(new Peer(RR,RR->identity,id));
 
+			if (!dearmor(newPeer->key())) {
 
+				TRACE("rejected HELLO from %s(%s): packet failed authentication",id.address().toString().c_str(),_path->address().toString().c_str());
 
+				return true;
 
+			}
 
+
 
 			// Check that identity's address is valid as per the derivation function
 
 			// Check that identity's address is valid as per the derivation function
 
 			if (!id.locallyValidate()) {
 
 			if (!id.locallyValidate()) {
 
 				TRACE("dropped HELLO from %s(%s): identity invalid",id.address().toString().c_str(),_path->address().toString().c_str());
 
 				TRACE("dropped HELLO from %s(%s): identity invalid",id.address().toString().c_str(),_path->address().toString().c_str());
 
 				return true;
 
 				return true;
 
 			}
 
 			}
 
 
 
-			// Check packet integrity and authentication
 
-			SharedPtr<Peer> newPeer(new Peer(RR,RR->identity,id));
 
-			if (!dearmor(newPeer->key())) {
 
-				TRACE("rejected HELLO from %s(%s): packet failed authentication",id.address().toString().c_str(),_path->address().toString().c_str());
 
-				return true;
 
-			}
 
 			peer = RR->topology->addPeer(newPeer);
 
 			peer = RR->topology->addPeer(newPeer);
 
 
 
 			// Continue at // VALID
 
 			// Continue at // VALID

+ 8 - 4
selftest.cpp
View File 

@@ -376,11 +376,15 @@ static int testIdentity()
 
 		std::cout << "FAIL (1)" << std::endl;
 
 		std::cout << "FAIL (1)" << std::endl;
 
 		return -1;
 
 		return -1;
 
 	}
 
 	}
 
-	if (!id.locallyValidate()) {
 
-		std::cout << "FAIL (2)" << std::endl;
 
-		return -1;
 
+	const uint64_t vst = OSUtils::now();
 
+	for(int k=0;k<10;++k) {
 
+		if (!id.locallyValidate()) {
 
+			std::cout << "FAIL (2)" << std::endl;
 
+			return -1;
 
+		}
 
 	}
 
 	}
 
-	std::cout << "PASS" << std::endl;
 
+	const uint64_t vet = OSUtils::now();
 
+	std::cout << "PASS (" << ((double)(vet - vst) / 10.0) << "ms per validation)" << std::endl;
 
 
 
 	std::cout << "[identity] Validate known-bad identity... "; std::cout.flush();
 
 	std::cout << "[identity] Validate known-bad identity... "; std::cout.flush();
 
 	if (!id.fromString(KNOWN_BAD_IDENTITY)) {
 
 	if (!id.fromString(KNOWN_BAD_IDENTITY)) {