Integrate IPC stuff into NodeConfig.

node/IpcConnection.cpp

@@ -46,11 +46,13 @@
 
 namespace ZeroTier {
 
-IpcConnection::IpcConnection(const char *endpoint,void (*commandHandler)(void *,const SharedPtr<IpcConnection> &,const char *),void *arg) :
+IpcConnection::IpcConnection(const char *endpoint,void (*commandHandler)(void *,IpcConnection *,IpcConnection::EventType,const char *),void *arg) :
 	_handler(commandHandler),
 	_arg(arg),
 	_sock(0)
 {
+#ifdef __WINDOWS__
+#else
 	struct sockaddr_un unaddr;
 	unaddr.sun_family = AF_UNIX;
 	strncpy(unaddr.sun_path,endpoint,sizeof(unaddr.sun_path));
@@ -64,11 +66,12 @@ IpcConnection::IpcConnection(const char *endpoint,void (*commandHandler)(void *,
 		::close(_sock);
 		throw std::runtime_error("IPC endpoint unreachable");
 	}
+#endif
 
 	Thread::start(this);
 }
 
-IpcConnection::IpcConnection(int s,void (*commandHandler)(void *,const SharedPtr<IpcConnection> &,const char *),void *arg) :
+IpcConnection::IpcConnection(int s,void (*commandHandler)(void *,IpcConnection *,IpcConnection::EventType,const char *),void *arg) :
 	_handler(commandHandler),
 	_arg(arg),
 	_sock(s)
@@ -78,7 +81,17 @@ IpcConnection::IpcConnection(int s,void (*commandHandler)(void *,const SharedPtr
 
 IpcConnection::~IpcConnection()
 {
-	this->close();
+#ifdef __WINDOWS__
+#else
+	_writeLock.lock();
+	int s = _sock;
+	_sock = 0;
+	if (s > 0) {
+		::shutdown(s,SHUT_RDWR);
+		::close(s);
+	}
+	_writeLock.unlock();
+#endif
 }
 
 void IpcConnection::printf(const char *format,...)
@@ -95,44 +108,56 @@ void IpcConnection::printf(const char *format,...)
 	va_start(ap,format);
 	n = (int)::vsnprintf(tmp,sizeof(tmp),format,ap);
 	va_end(ap);
+	if (n <= 0)
+		return;
 
+#ifdef __WINDOWS__
+#else
 	::write(_sock,tmp,n);
-}
-
-void IpcConnection::close()
-{
-	Mutex::Lock _l(_writeLock);
-	int s = _sock;
-	_sock = 0;
-	if (s > 0) {
-		::shutdown(s,SHUT_RDWR);
-		::close(s);
-	}
-	Thread::join(_thread);
+#endif
 }
 
 void IpcConnection::threadMain()
 	throw()
 {
+#ifdef __WINDOWS__
+#else
 	char tmp[65536];
 	char linebuf[65536];
 	unsigned int lineptr = 0;
+	int s,n,i;
+	char c;
 
-	while (_sock) {
-		int n = (int)::read(_sock,tmp,sizeof(tmp));
+	for(;;) {
+		s = _sock;
+		if (s <= 0)
+			break;
+		n = (int)::read(s,tmp,sizeof(tmp));
 		if (n <= 0)
 			break;
-		for(int i=0;i<n;++i) {
-			char c = (linebuf[lineptr] = tmp[i]);
+		for(i=0;i<n;++i) {
+			c = (linebuf[lineptr] = tmp[i]);
 			if ((c == '\r')||(c == '\n')||(lineptr == (sizeof(linebuf) - 1))) {
 				if (lineptr) {
 					linebuf[lineptr] = (char)0;
-					_handler(_arg,SharedPtr<IpcConnection>(this),linebuf);
+					_handler(_arg,this,IPC_EVENT_COMMAND,linebuf);
 					lineptr = 0;
 				}
 			} else ++lineptr;
 		}
 	}
+
+	{
+		_writeLock.lock();
+		int s = _sock;
+		_sock = 0;
+		if (s > 0)
+			::close(s);
+		_writeLock.unlock();
+	}
+
+	_handler(_arg,this,IPC_EVENT_CONNECTION_CLOSING,(const char *)0);
+#endif
 }
 
 } // namespace ZeroTier

node/IpcConnection.hpp

@@ -32,8 +32,6 @@
 #include "Thread.hpp"
 #include "NonCopyable.hpp"
 #include "Mutex.hpp"
-#include "SharedPtr.hpp"
-#include "AtomicCounter.hpp"
 
 namespace ZeroTier {
 
@@ -45,9 +43,15 @@ class IpcListener;
 class IpcConnection : NonCopyable
 {
 	friend class IpcListener;
-	friend class SharedPtr<IpcConnection>;
 
 public:
+	enum EventType
+	{
+		IPC_EVENT_COMMAND,
+		IPC_EVENT_NEW_CONNECTION,
+		IPC_EVENT_CONNECTION_CLOSED
+	};
+
 	/**
 	 * Connect to an IPC endpoint
 	 *
@@ -56,7 +60,7 @@ public:
 	 * @param arg First argument to command handler
 	 * @throws std::runtime_error Unable to connect
 	 */
-	IpcConnection(const char *endpoint,void (*commandHandler)(void *,const SharedPtr<IpcConnection> &,const char *),void *arg);
+	IpcConnection(const char *endpoint,void (*commandHandler)(void *,IpcConnection *,IpcConnection::EventType,const char *),void *arg);
 	~IpcConnection();
 
 	/**
@@ -65,25 +69,17 @@ public:
 	 */
 	void printf(const char *format,...);
 
-	/**
-	 * Close this connection
-	 */
-	void close();
-
 	void threadMain()
 		throw();
 
 private:
 	// Used by IpcListener to construct incoming connections
-	IpcConnection(int s,void (*commandHandler)(void *,const SharedPtr<IpcConnection> &,const char *),void *arg);
+	IpcConnection(int s,void (*commandHandler)(void *,IpcConnection *,IpcConnection::EventType,const char *),void *arg);
 
-	void (*_handler)(void *,const SharedPtr<IpcConnection> &,const char *);
+	void (*_handler)(void *,IpcConnection *,IpcConnection::EventType,const char *);
 	void *_arg;
 	volatile int _sock;
-	Thread _thread;
 	Mutex _writeLock;
-
-	AtomicCounter __refCount;
 };
 
 } // namespace ZeroTier

node/IpcListener.cpp

@@ -30,10 +30,7 @@
 #include <string.h>
 #include <errno.h>
 
-#include <set>
-
 #include "IpcListener.hpp"
-#include "IpcConnection.hpp"
 
 #ifdef __WINDOWS__
 #include <WinSock2.h>
@@ -46,7 +43,7 @@
 
 namespace ZeroTier {
 
-IpcListener::IpcListener(const char *ep,void (*commandHandler)(void *,const SharedPtr<IpcConnection> &,const char *),void *arg) :
+IpcListener::IpcListener(const char *ep,void (*commandHandler)(void *,IpcConnection *,IpcConnection::EventType,const char *),void *arg) :
 	_endpoint(ep),
 	_handler(commandHandler),
 	_arg(arg),
@@ -127,7 +124,7 @@ void IpcListener::threadMain()
 			break;
 		}
 		try {
-			_handler(_arg,SharedPtr<IpcConnection>(new IpcConnection(s,_handler,_arg)),(const char *)0);
+			_handler(_arg,new IpcConnection(s,_handler,_arg),Ipcconnection::IPC_EVENT_NEW_CONNECTION,(const char *)0);
 		} catch ( ... ) {} // handlers should not throw
 	}
 #endif

node/IpcListener.hpp

@@ -31,7 +31,7 @@
 #include "Constants.hpp"
 #include "Thread.hpp"
 #include "NonCopyable.hpp"
-#include "SharedPtr.hpp"
+#include "IpcConnection.hpp"
 
 #include <string>
 #include <stdexcept>
@@ -44,8 +44,6 @@
 
 namespace ZeroTier {
 
-class IpcConnection;
-
 /**
  * IPC incoming connection listener (Unix domain sockets or named pipes on Windows)
  */
@@ -53,11 +51,25 @@ class IpcListener : NonCopyable
 {
 public:
 	/**
+	 * Listen for IPC connections
+	 *
+	 * The supplied handler is passed on to incoming instances of IpcConnection. When
+	 * a connection is first opened, it is called with IPC_EVENT_NEW_CONNECTION. The
+	 * receiver must take ownership of the connection object. When a connection is
+	 * closed, IPC_EVENT_CONNECTION_CLOSING is generated. At this point (or after) the
+	 * receiver must delete the object. IPC_EVENT_COMMAND is generated when lines of
+	 * text are read, and in this cases the last argument is not NULL. No closed event
+	 * is generated in the event of manual delete if the connection is still open.
+	 *
+	 * Yeah, this whole callback model sort of sucks. Might rethink and replace with
+	 * some kind of actor model or something if it gets too unweildy. But for now the
+	 * use cases are simple enough that it's not too bad.
+	 *
 	 * @param commandHandler Function to call for each command
 	 * @param arg First argument to pass to handler
 	 * @throws std::runtime_error Unable to bind to endpoint
 	 */
-	IpcListener(const char *ep,void (*commandHandler)(void *,const SharedPtr<IpcConnection> &,const char *),void *arg);
+	IpcListener(const char *ep,void (*commandHandler)(void *,IpcConnection *,IpcConnection::EventType,const char *),void *arg);
 
 	~IpcListener();
 
@@ -66,7 +78,7 @@ public:
 
 private:
 	std::string _endpoint;
-	void (*_handler)(void *,const SharedPtr<IpcConnection> &,const char *);
+	void (*_handler)(void *,IpcConnection *,const char *);
 	void *_arg;
 	volatile int _sock;
 	Thread _thread;

node/NodeConfig.cpp

@@ -37,41 +37,27 @@
 
 #include "Constants.hpp"
 
-#ifdef __WINDOWS__
-#include <WinSock2.h>
-#include <Windows.h>
-#endif
-
 #include "NodeConfig.hpp"
 #include "RuntimeEnvironment.hpp"
 #include "Defaults.hpp"
 #include "Utils.hpp"
 #include "Logger.hpp"
 #include "Topology.hpp"
-#include "Demarc.hpp"
 #include "Packet.hpp"
 #include "InetAddress.hpp"
 #include "Peer.hpp"
-#include "Salsa20.hpp"
-#include "Poly1305.hpp"
-#include "SHA512.hpp"
 #include "Node.hpp"
 #include "SoftwareUpdater.hpp"
 
 namespace ZeroTier {
 
-NodeConfig::NodeConfig(const RuntimeEnvironment *renv,const char *authToken,unsigned int controlPort) :
+NodeConfig::NodeConfig(const RuntimeEnvironment *renv,const char *authToken) :
 	_r(renv),
-	_controlSocket(true,controlPort,false,&_CBcontrolPacketHandler,this)
+	_ipcListener(ZT_IPC_ENDPOINT,&_CBcommandHandler,this),
+	_authToken(authToken)
 {
 	{
-		unsigned int csk[64];
-		SHA512::hash(csk,authToken,(unsigned int)strlen(authToken));
-		memcpy(_controlSocketKey,csk,32);
-	}
-
-	{
-		Mutex::Lock _llc(_localConfig_m);
+		Mutex::Lock _l(_localConfig_m);
 		_readLocalConfig();
 	}
 
@@ -103,6 +89,12 @@ NodeConfig::NodeConfig(const RuntimeEnvironment *renv,const char *authToken,unsi
 NodeConfig::~NodeConfig()
 {
 	_writeLocalConfig();
+
+	// Close any open IPC connections
+	Mutex::Lock _l(_connections_m);
+	for(std::map< IpcConnection *,bool >::iterator c(_connections.begin());c!=_connections.end();++c)
+		delete c->first;
+	_connections.clear();
 }
 
 void NodeConfig::putLocalConfig(const std::string &key,const char *value)
@@ -135,283 +127,191 @@ void NodeConfig::clean()
 		n->second->clean();
 }
 
-/////////////////////////////////////////////////////////////////////////////
-// UDP localhost control bus
-
-// Macro used in execute() to push lines onto the return packet
-#undef _P
-#define _P(f,...) { r.push_back(std::string()); Utils::stdsprintf(r.back(),(f),##__VA_ARGS__); }
+void NodeConfig::_CBcommandHandler(void *arg,IpcConnection *ipcc,IpcConnection::EventType event,const char *commandLine)
+{
+	switch(event) {
+		case IpcConnection::IPC_EVENT_COMMAND:
+			((NodeConfig *)arg)->_doCommand(ipcc,commandLine);
+			break;
+		case IpcConnection::IPC_EVENT_NEW_CONNECTION: {
+			Mutex::Lock _l(((NodeConfig *)arg)->_connections_m);
+			((NodeConfig *)arg)->_connections[ipcc] = false; // not yet authenticated
+		}	break;
+		case IpcConnection::IPC_EVENT_CONNECTION_CLOSED: {
+			Mutex::Lock _l(((NodeConfig *)arg)->_connections_m);
+			((NodeConfig *)arg)->_connections.erase(ipcc);
+			delete ipcc;
+		}	break;
+	}
+}
 
 // Used with Topology::eachPeer to dump peer stats
 class _DumpPeerStatistics
 {
 public:
-	_DumpPeerStatistics(std::vector<std::string> &out) :
-		r(out),
-		_now(Utils::now())
+	_DumpPeerStatistics(IpcConnection *i) :
+		ipcc(i),
+		now(Utils::now())
 	{
 	}
-
 	inline void operator()(Topology &t,const SharedPtr<Peer> &p)
 	{
-		InetAddress v4(p->ipv4ActivePath(_now));
-		InetAddress v6(p->ipv6ActivePath(_now));
+		InetAddress v4(p->ipv4ActivePath(now));
+		InetAddress v6(p->ipv6ActivePath(now));
 		if ((v4)||(v6)) {
-			_P("200 listpeers %s %s %s %u %s",
+			ipcc->printf("200 listpeers %s %s %s %u %s"ZT_EOL_S,
 				p->address().toString().c_str(),
 				((v4) ? v4.toString().c_str() : "-"),
 				((v6) ? v6.toString().c_str() : "-"),
 				p->latency(),
 				p->remoteVersion().c_str());
 		} else {
-			_P("200 listpeers %s - - - %s",
+			ipcc->printf("200 listpeers %s - - - %s"ZT_EOL_S,
 				p->address().toString().c_str(),
 				p->remoteVersion().c_str());
 		}
 	}
-
-private:
-	std::vector<std::string> &r;
-	uint64_t _now;
+	IpcConnection *ipcc;
+	uint64_t now;
 };
 
-std::vector<std::string> NodeConfig::execute(const char *command)
+void NodeConfig::_doCommand(IpcConnection *ipcc,const char *commandLine)
 {
+	if (!commandLine)
+		return; // sanity check
 	std::vector<std::string> r;
-	std::vector<std::string> cmd(Utils::split(command,"\r\n \t","\\","'"));
-
-	/* Not coincidentally, response type codes correspond with HTTP
-	 * status codes. Technically a little arbitrary, but would maybe
-	 * make things easier if we wanted to slap some kind of web API
-	 * in front of this thing. */
+	std::vector<std::string> cmd(Utils::split(commandLine,"\r\n \t","\\","'"));
 
 	if ((cmd.empty())||(cmd[0] == "help")) {
-		_P("200 help help");
-		_P("200 help info");
-		_P("200 help listpeers");
-		_P("200 help listnetworks");
-		_P("200 help join <network ID>");
-		_P("200 help leave <network ID>");
-		_P("200 help terminate [<reason>]");
-		_P("200 help updatecheck");
-	} else if (cmd[0] == "info") {
-		// We are online if at least one supernode has spoken to us since the last time our
-		// network environment changed and also less than ZT_PEER_LINK_ACTIVITY_TIMEOUT ago.
-		bool isOnline = false;
-		uint64_t now = Utils::now();
-		uint64_t since = _r->timeOfLastNetworkEnvironmentChange;
-		std::vector< SharedPtr<Peer> > snp(_r->topology->supernodePeers());
-		for(std::vector< SharedPtr<Peer> >::const_iterator sn(snp.begin());sn!=snp.end();++sn) {
-			uint64_t lastRec = (*sn)->lastDirectReceive();
-			if ((lastRec)&&(lastRec > since)&&((now - lastRec) < ZT_PEER_LINK_ACTIVITY_TIMEOUT)) {
-				isOnline = true;
-				break;
+		ipcc->printf("200 help help"ZT_EOL_S);
+		ipcc->printf("200 auth token"ZT_EOL_S);
+		ipcc->printf("200 help info"ZT_EOL_S);
+		ipcc->printf("200 help listpeers"ZT_EOL_S);
+		ipcc->printf("200 help listnetworks"ZT_EOL_S);
+		ipcc->printf("200 help join <network ID>"ZT_EOL_S);
+		ipcc->printf("200 help leave <network ID>"ZT_EOL_S);
+		ipcc->printf("200 help terminate [<reason>]"ZT_EOL_S);
+		ipcc->printf("200 help updatecheck"ZT_EOL_S);
+	} else if (cmd[0] == "auth") {
+		if ((cmd.size() > 1)&&(_authToken == cmd[1])) {
+			Mutex::Lock _l(_connections_m);
+			_connections[ipcc] = true;
+			ipcc->printf("200 OK"ZT_EOL_S);
+		} else ipcc->printf("403 auth failed"ZT_EOL_S);
+	} else {
+		{
+			Mutex::Lock _l(_connections_m);
+			if (!_connections[ipcc]) {
+				ipcc->printf("403 not authorized"ZT_EOL_S""ZT_EOL_S);
+				return;
 			}
 		}
 
-		_P("200 info %s %s %s",_r->identity.address().toString().c_str(),(isOnline ? "ONLINE" : "OFFLINE"),Node::versionString());
-	} else if (cmd[0] == "listpeers") {
-		_P("200 listpeers <ztaddr> <ipv4> <ipv6> <latency> <version>");
-		_r->topology->eachPeer(_DumpPeerStatistics(r));
-	} else if (cmd[0] == "listnetworks") {
-		Mutex::Lock _l(_networks_m);
-		_P("200 listnetworks <nwid> <name> <status> <config age> <type> <dev> <ips>");
-		for(std::map< uint64_t,SharedPtr<Network> >::const_iterator nw(_networks.begin());nw!=_networks.end();++nw) {
-			std::string tmp;
-			std::set<InetAddress> ips(nw->second->ips());
-			for(std::set<InetAddress>::iterator i(ips.begin());i!=ips.end();++i) {
-				if (tmp.length())
-					tmp.push_back(',');
-				tmp.append(i->toString());
+		if (cmd[0] == "info") {
+			// We are online if at least one supernode has spoken to us since the last time our
+			// network environment changed and also less than ZT_PEER_LINK_ACTIVITY_TIMEOUT ago.
+			bool isOnline = false;
+			uint64_t now = Utils::now();
+			uint64_t since = _r->timeOfLastNetworkEnvironmentChange;
+			std::vector< SharedPtr<Peer> > snp(_r->topology->supernodePeers());
+			for(std::vector< SharedPtr<Peer> >::const_iterator sn(snp.begin());sn!=snp.end();++sn) {
+				uint64_t lastRec = (*sn)->lastDirectReceive();
+				if ((lastRec)&&(lastRec > since)&&((now - lastRec) < ZT_PEER_LINK_ACTIVITY_TIMEOUT)) {
+					isOnline = true;
+					break;
+				}
 			}
 
-			SharedPtr<NetworkConfig> nconf(nw->second->config2());
-
-			long long age = (nconf) ? ((long long)Utils::now() - (long long)nconf->timestamp()) : (long long)0;
-			if (age < 0)
-				age = 0;
-			age /= 1000;
+			ipcc->printf("200 info %s %s %s"ZT_EOL_S,_r->identity.address().toString().c_str(),(isOnline ? "ONLINE" : "OFFLINE"),Node::versionString());
+		} else if (cmd[0] == "listpeers") {
+			ipcc->printf("200 listpeers <ztaddr> <ipv4> <ipv6> <latency> <version>"ZT_EOL_S);
+			_r->topology->eachPeer(_DumpPeerStatistics(ipcc));
+		} else if (cmd[0] == "listnetworks") {
+			Mutex::Lock _l(_networks_m);
+			ipcc->printf("200 listnetworks <nwid> <name> <status> <config age> <type> <dev> <ips>"ZT_EOL_S);
+			for(std::map< uint64_t,SharedPtr<Network> >::const_iterator nw(_networks.begin());nw!=_networks.end();++nw) {
+				std::string tmp;
+				std::set<InetAddress> ips(nw->second->ips());
+				for(std::set<InetAddress>::iterator i(ips.begin());i!=ips.end();++i) {
+					if (tmp.length())
+						tmp.push_back(',');
+					tmp.append(i->toString());
+				}
 
-			std::string dn(nw->second->tapDeviceName());
-			_P("200 listnetworks %.16llx %s %s %lld %s %s %s",
-				(unsigned long long)nw->first,
-				((nconf) ? nconf->name().c_str() : "?"),
-				Network::statusString(nw->second->status()),
-				age,
-				((nconf) ? (nconf->isOpen() ? "public" : "private") : "?"),
-				(dn.length() > 0) ? dn.c_str() : "?",
-				((tmp.length() > 0) ? tmp.c_str() : "-"));
-		}
-	} else if (cmd[0] == "join") {
-		if (cmd.size() > 1) {
-			uint64_t nwid = Utils::hexStrToU64(cmd[1].c_str());
-			if (nwid > 0) {
+				SharedPtr<NetworkConfig> nconf(nw->second->config2());
+
+				long long age = (nconf) ? ((long long)Utils::now() - (long long)nconf->timestamp()) : (long long)0;
+				if (age < 0)
+					age = 0;
+				age /= 1000;
+
+				std::string dn(nw->second->tapDeviceName());
+				ipcc->printf("200 listnetworks %.16llx %s %s %lld %s %s %s"ZT_EOL_S,
+					(unsigned long long)nw->first,
+					((nconf) ? nconf->name().c_str() : "?"),
+					Network::statusString(nw->second->status()),
+					age,
+					((nconf) ? (nconf->isOpen() ? "public" : "private") : "?"),
+					(dn.length() > 0) ? dn.c_str() : "?",
+					((tmp.length() > 0) ? tmp.c_str() : "-"));
+			}
+		} else if (cmd[0] == "join") {
+			if (cmd.size() > 1) {
+				uint64_t nwid = Utils::hexStrToU64(cmd[1].c_str());
+				if (nwid > 0) {
+					Mutex::Lock _l(_networks_m);
+					if (_networks.count(nwid)) {
+						ipcc->printf("409 already a member of %.16llx"ZT_EOL_S,(unsigned long long)nwid);
+					} else {
+						try {
+							SharedPtr<Network> nw(Network::newInstance(_r,this,nwid));
+							_networks[nwid] = nw;
+							ipcc->printf("200 join %.16llx OK"ZT_EOL_S,(unsigned long long)nwid);
+						} catch (std::exception &exc) {
+							ipcc->printf("500 join %.16llx ERROR: %s"ZT_EOL_S,(unsigned long long)nwid,exc.what());
+						} catch ( ... ) {
+							ipcc->printf("500 join %.16llx ERROR: (unknown exception)"ZT_EOL_S,(unsigned long long)nwid);
+						}
+					}
+				} else {
+					ipcc->printf("400 join requires a network ID (>0) in hexadecimal format"ZT_EOL_S);
+				}
+			} else {
+				ipcc->printf("400 join requires a network ID (>0) in hexadecimal format"ZT_EOL_S);
+			}
+		} else if (cmd[0] == "leave") {
+			if (cmd.size() > 1) {
 				Mutex::Lock _l(_networks_m);
-				if (_networks.count(nwid)) {
-					_P("409 already a member of %.16llx",(unsigned long long)nwid);
+				uint64_t nwid = Utils::hexStrToU64(cmd[1].c_str());
+				std::map< uint64_t,SharedPtr<Network> >::iterator nw(_networks.find(nwid));
+				if (nw == _networks.end()) {
+					ipcc->printf("404 leave %.16llx ERROR: not a member of that network"ZT_EOL_S,(unsigned long long)nwid);
 				} else {
-					try {
-						SharedPtr<Network> nw(Network::newInstance(_r,this,nwid));
-						_networks[nwid] = nw;
-						_P("200 join %.16llx OK",(unsigned long long)nwid);
-					} catch (std::exception &exc) {
-						_P("500 join %.16llx ERROR: %s",(unsigned long long)nwid,exc.what());
-					} catch ( ... ) {
-						_P("500 join %.16llx ERROR: (unknown exception)",(unsigned long long)nwid);
-					}
+					nw->second->destroyOnDelete();
+					_networks.erase(nw);
 				}
 			} else {
-				_P("400 join requires a network ID (>0) in hexadecimal format");
+				ipcc->printf("400 leave requires a network ID (>0) in hexadecimal format"ZT_EOL_S);
 			}
-		} else {
-			_P("400 join requires a network ID (>0) in hexadecimal format");
-		}
-	} else if (cmd[0] == "leave") {
-		if (cmd.size() > 1) {
-			Mutex::Lock _l(_networks_m);
-			uint64_t nwid = Utils::hexStrToU64(cmd[1].c_str());
-			std::map< uint64_t,SharedPtr<Network> >::iterator nw(_networks.find(nwid));
-			if (nw == _networks.end()) {
-				_P("404 leave %.16llx ERROR: not a member of that network",(unsigned long long)nwid);
+		} else if (cmd[0] == "terminate") {
+			if (cmd.size() > 1)
+				_r->node->terminate(Node::NODE_NORMAL_TERMINATION,cmd[1].c_str());
+			else _r->node->terminate(Node::NODE_NORMAL_TERMINATION,"terminate via IPC command");
+		} else if (cmd[0] == "updatecheck") {
+			if (_r->updater) {
+				ipcc->printf("200 checking for software updates now at: %s"ZT_EOL_S,ZT_DEFAULTS.updateLatestNfoURL.c_str());
+				_r->updater->checkNow();
 			} else {
-				nw->second->destroyOnDelete();
-				_networks.erase(nw);
+				ipcc->printf("500 software updates are not enabled"ZT_EOL_S);
 			}
 		} else {
-			_P("400 leave requires a network ID (>0) in hexadecimal format");
-		}
-	} else if (cmd[0] == "terminate") {
-		if (cmd.size() > 1)
-			_r->node->terminate(Node::NODE_NORMAL_TERMINATION,cmd[1].c_str());
-		else _r->node->terminate(Node::NODE_NORMAL_TERMINATION,(const char *)0);
-	} else if (cmd[0] == "updatecheck") {
-		if (_r->updater) {
-			_P("200 checking for software updates now at: %s",ZT_DEFAULTS.updateLatestNfoURL.c_str());
-			_r->updater->checkNow();
-		} else {
-			_P("500 software updates are not enabled");
+			ipcc->printf("404 %s No such command. Use 'help' for help."ZT_EOL_S,cmd[0].c_str());
 		}
-	} else {
-		_P("404 %s No such command. Use 'help' for help.",cmd[0].c_str());
 	}
 
-	r.push_back(std::string()); // terminate with empty line
-
-	return r;
+	ipcc->printf(ZT_EOL_S); // blank line ends response
 }
 
-std::vector< Buffer<ZT_NODECONFIG_MAX_PACKET_SIZE> > NodeConfig::encodeControlMessage(const void *key,unsigned long conversationId,const std::vector<std::string> &payload)
-{
-	char poly1305tag[ZT_POLY1305_MAC_LEN];
-	char iv[8];
-	char keytmp[32];
-	std::vector< Buffer<ZT_NODECONFIG_MAX_PACKET_SIZE> > packets;
-	Buffer<ZT_NODECONFIG_MAX_PACKET_SIZE> packet;
-
-	packet.setSize(16); // room for poly1305 auth tag and IV
-	packet.append((uint32_t)(conversationId & 0xffffffff));
-
-	for(unsigned int i=0;i<payload.size();++i) {
-		packet.append(payload[i]); // will throw if too big
-		packet.append((unsigned char)0);
-
-		if (((i + 1) >= payload.size())||((packet.size() + payload[i + 1].length() + 1) >= packet.capacity())) {
-			Utils::getSecureRandom(iv,8);
-			memcpy(packet.field(8,8),iv,8);
-
-			Salsa20 s20(key,256,iv,ZT_PROTO_SALSA20_ROUNDS);
-			s20.encrypt(packet.field(16,packet.size() - 16),packet.field(16,packet.size() - 16),packet.size() - 16);
-
-			memcpy(keytmp,key,32);
-			for(unsigned int i=0;i<8;++i)
-				keytmp[i] ^= iv[i]; // can't reuse poly1305 keys, so mangle key with IV each time
-			Poly1305::compute(poly1305tag,packet.field(16,packet.size() - 16),packet.size() - 16,keytmp);
-			memcpy(packet.field(0,8),poly1305tag,8);
-
-			packets.push_back(packet);
-
-			packet.setSize(16); // room for poly1305 auth tag and IV
-			packet.append((uint32_t)(conversationId & 0xffffffff));
-		}
-	}
-
-	return packets;
-}
-
-bool NodeConfig::decodeControlMessagePacket(const void *key,const void *data,unsigned int len,unsigned long &conversationId,std::vector<std::string> &payload)
-{
-	char poly1305tag[ZT_POLY1305_MAC_LEN];
-	char keytmp[32];
-	char iv[8];
-
-	try {
-		if (len < 20)
-			return false;
-
-		Buffer<ZT_NODECONFIG_MAX_PACKET_SIZE> packet(data,len);
-
-		memcpy(keytmp,key,32);
-		memcpy(iv,packet.field(8,8),8);
-		for(unsigned int i=0;i<8;++i)
-			keytmp[i] ^= iv[i];
-		Poly1305::compute(poly1305tag,packet.field(16,packet.size() - 16),packet.size() - 16,keytmp);
-		if (!Utils::secureEq(packet.field(0,8),poly1305tag,8))
-			return false;
-
-		Salsa20 s20(key,256,packet.field(8,8),ZT_PROTO_SALSA20_ROUNDS);
-		s20.decrypt(packet.field(16,packet.size() - 16),packet.field(16,packet.size() - 16),packet.size() - 16);
-
-		conversationId = packet.at<uint32_t>(16);
-
-		const char *pl = ((const char *)packet.data()) + 20;
-		unsigned int pll = packet.size() - 20;
-		for(unsigned int i=0;i<pll;) {
-			unsigned int eos = i;
-			while ((eos < pll)&&(pl[eos]))
-				++eos;
-			if (eos >= i) {
-				payload.push_back(std::string(pl + i,eos - i));
-				i = eos + 1;
-			} else break;
-		}
-
-		return true;
-	} catch ( ... ) {
-		return false;
-	}
-}
-
-void NodeConfig::_CBcontrolPacketHandler(UdpSocket *sock,void *arg,const InetAddress &remoteAddr,const void *data,unsigned int len)
-{
-	NodeConfig *nc = (NodeConfig *)arg;
-#ifdef ZT_TRACE
-	const RuntimeEnvironment *_r = nc->_r;
-#endif
-
-	try {
-		unsigned long convId = 0;
-		std::vector<std::string> commands;
-
-		if (!decodeControlMessagePacket(nc->_controlSocketKey,data,len,convId,commands)) {
-			TRACE("control bus packet from %s failed decode, discarded",remoteAddr.toString().c_str());
-			return;
-		}
-		TRACE("control bus packet from %s, contains %d commands",remoteAddr.toString().c_str(),(int)commands.size());
-
-		for(std::vector<std::string>::iterator c(commands.begin());c!=commands.end();++c) {
-			std::vector< Buffer<ZT_NODECONFIG_MAX_PACKET_SIZE> > resultPackets(encodeControlMessage(nc->_controlSocketKey,convId,nc->execute(c->c_str())));
-			for(std::vector< Buffer<ZT_NODECONFIG_MAX_PACKET_SIZE> >::iterator p(resultPackets.begin());p!=resultPackets.end();++p)
-				sock->send(remoteAddr,p->data(),p->size(),-1);
-		}
-	} catch (std::exception &exc) {
-		TRACE("exception handling control bus packet from %s: %s",remoteAddr.toString().c_str(),exc.what());
-	} catch ( ... ) {
-		TRACE("exception handling control bus packet from %s: (unknown)",remoteAddr.toString().c_str());
-	}
-}
-
-/////////////////////////////////////////////////////////////////////////////
-
 void NodeConfig::_readLocalConfig()
 {
 	// assumes _localConfig_m is locked

node/NodeConfig.hpp

@@ -36,10 +36,11 @@
 #include <vector>
 #include <stdexcept>
 
+#include "IpcListener.hpp"
+#include "IpcConnection.hpp"
 #include "SharedPtr.hpp"
 #include "Network.hpp"
 #include "Utils.hpp"
-#include "UdpSocket.hpp"
 #include "Buffer.hpp"
 #include "Dictionary.hpp"
 
@@ -47,11 +48,6 @@ namespace ZeroTier {
 
 class RuntimeEnvironment;
 
-/**
- * Maximum size of a packet for node configuration
- */
-#define ZT_NODECONFIG_MAX_PACKET_SIZE 4096
-
 /**
  * Node configuration endpoint
  */
@@ -61,10 +57,9 @@ public:
 	/**
 	 * @param renv Runtime environment
 	 * @param authToken Configuration authentication token
-	 * @param controlPort Control port for local control packet I/O
-	 * @throws std::runtime_error Unable to bind to local control port
+	 * @throws std::runtime_error Unable to initialize or listen for IPC connections
 	 */
-	NodeConfig(const RuntimeEnvironment *renv,const char *authToken,unsigned int controlPort);
+	NodeConfig(const RuntimeEnvironment *renv,const char *authToken);
 
 	~NodeConfig();
 
@@ -110,7 +105,7 @@ public:
 	}
 
 	/**
-	 * Perform cleanup and possibly update saved state
+	 * Perform cleanup and possibly persist saved state
 	 */
 	void clean();
 
@@ -125,7 +120,7 @@ public:
 	}
 
 	/**
-	 * @return Set of network tap device names
+	 * @return Set of network tap device names from our virtual networks (not other taps on system)
 	 */
 	inline std::set<std::string> networkTapDeviceNames() const
 	{
@@ -139,52 +134,19 @@ public:
 		return tapDevs;
 	}
 
-	/**
-	 * Execute a control command (called when stuff comes in via control bus)
-	 *
-	 * @param command Command and arguments separated by whitespace (must already be trimmed of CR+LF, etc.)
-	 * @return One or more command results (lines of output)
-	 */
-	std::vector<std::string> execute(const char *command);
-
-	/**
-	 * Armor payload for control bus
-	 *
-	 * Note that no single element of payload can be longer than the max packet
-	 * size. If this occurs out_of_range is thrown.
-	 *
-	 * @param key 32 byte key
-	 * @param conversationId 32-bit conversation ID (bits beyond 32 are ignored)
-	 * @param payload One or more strings to encode in packet
-	 * @return One or more transport armored packets (if payload too big)
-	 * @throws std::out_of_range An element of payload is too big
-	 */
-	static std::vector< Buffer<ZT_NODECONFIG_MAX_PACKET_SIZE> > encodeControlMessage(const void *key,unsigned long conversationId,const std::vector<std::string> &payload);
-
-	/**
-	 * Decode a packet from the control bus
-	 *
-	 * Note that 'payload' is appended to. Existing data is not cleared.
-	 *
-	 * @param key 32 byte key
-	 * @param data Packet data
-	 * @param len Packet length
-	 * @param conversationId Result parameter filled with conversation ID on success
-	 * @param payload Result parameter to which results are appended
-	 * @return True on success, false on invalid packet or packet that failed authentication
-	 */
-	static bool decodeControlMessagePacket(const void *key,const void *data,unsigned int len,unsigned long &conversationId,std::vector<std::string> &payload);
-
 private:
-	static void _CBcontrolPacketHandler(UdpSocket *sock,void *arg,const InetAddress &remoteAddr,const void *data,unsigned int len);
+	static void _CBcommandHandler(void *arg,IpcConnection *ipcc,IpcConnection::EventType event,const char *commandLine);
+	void _doCommand(IpcConnection *ipcc,const char *commandLine);
 
 	void _readLocalConfig();
 	void _writeLocalConfig();
 
 	const RuntimeEnvironment *_r;
 
-	unsigned char _controlSocketKey[32];
-	UdpSocket _controlSocket;
+	IpcListener _ipcListener;
+	std::string _authToken;
+	std::map< IpcConnection *,bool > _connections;
+	Mutex _connections_m;
 
 	Dictionary _localConfig; // persisted as local.conf
 	Mutex _localConfig_m;