Refactor COM stuff a bit, and respond to COM requests a bit more readily for rapid setup. Will need to revisit later.

node/Constants.hpp

@@ -296,7 +296,12 @@
 /**
  * General rate limit timeout for multiple packet types (HELLO, etc.)
  */
-#define ZT_PEER_GENERAL_INBOUND_RATE_LIMIT 1000
+#define ZT_PEER_GENERAL_INBOUND_RATE_LIMIT 500
+
+/**
+ * General limit for max RTT for requests over the network
+ */
+#define ZT_GENERAL_RTT_LIMIT 5000
 
 /**
  * Delay between requests for updated network autoconf information

node/IncomingPacket.cpp

@@ -153,28 +153,21 @@ bool IncomingPacket::_doERROR(const RuntimeEnvironment *RR,const SharedPtr<Peer>
 				break;
 
 			case Packet::ERROR_IDENTITY_COLLISION:
-				// Roots are the only peers currently permitted to state authoritatively
-				// that an identity has collided. When this occurs the node should be shut
-				// down and a new identity created. The odds of this ever happening are
-				// very low.
+				// FIXME: for federation this will need a payload with a signature or something.
 				if (RR->topology->isRoot(peer->identity()))
 					RR->node->postEvent(ZT_EVENT_FATAL_ERROR_IDENTITY_COLLISION);
 				break;
 
 			case Packet::ERROR_NEED_MEMBERSHIP_CERTIFICATE: {
-				// This error can be sent in response to any packet that fails network
-				// authorization. We only listen to it if it's from a peer that has recently
-				// been authorized on this network.
+				// Peers can send this in response to frames if they do not have a recent enough COM from us
 				SharedPtr<Network> network(RR->node->network(at<uint64_t>(ZT_PROTO_VERB_ERROR_IDX_PAYLOAD)));
-				if ((network)&&(network->recentlyAllowedOnNetwork(peer))) {
-					const uint64_t now = RR->node->now();
-					if (peer->rateGateComRequest(now)) {
-						Packet outp(peer->address(),RR->identity.address(),Packet::VERB_NETWORK_CREDENTIALS);
-						network->config().com.serialize(outp);
-						outp.append((uint8_t)0);
-						outp.armor(peer->key(),true);
-						_path->send(RR,outp.data(),outp.size(),now);
-					}
+				const uint64_t now = RR->node->now();
+				if ( (network) && (network->config().com) && (peer->rateGateComRequest(now)) ) {
+					Packet outp(peer->address(),RR->identity.address(),Packet::VERB_NETWORK_CREDENTIALS);
+					network->config().com.serialize(outp);
+					outp.append((uint8_t)0);
+					outp.armor(peer->key(),true);
+					_path->send(RR,outp.data(),outp.size(),now);
 				}
 			}	break;
 

node/Membership.hpp

@@ -154,23 +154,6 @@ public:
 		return nconf.com.agreesWith(_com);
 	}
 
-	/**
-	 * @return True if this member has been on this network recently (or network is public)
-	 */
-	inline bool recentlyAllowedOnNetwork(const NetworkConfig &nconf) const
-	{
-		if (nconf.isPublic())
-			return true;
-		if (_com) {
-			const uint64_t a = _com.timestamp().first;
-			if ((_blacklistBefore)&&(a <= _blacklistBefore))
-				return false;
-			const uint64_t b = nconf.com.timestamp().first;
-			return ((a <= b) ? ((b - a) <= ZT_NETWORKCONFIG_DEFAULT_CREDENTIAL_TIME_MAX_MAX_DELTA) : true);
-		}
-		return false;
-	}
-
 	/**
 	 * Check whether a capability or tag is within its max delta from the timestamp of our network config and newer than any blacklist cutoff time
 	 *
@@ -259,10 +242,7 @@ public:
 	 *
 	 * @param ts Blacklist cutoff
 	 */
-	inline void blacklistBefore(const uint64_t ts)
-	{
-		_blacklistBefore = ts;
-	}
+	inline void blacklistBefore(const uint64_t ts) { _blacklistBefore = ts; }
 
 	/**
 	 * Clean up old or stale entries

node/Network.cpp

@@ -648,11 +648,12 @@ bool Network::filterOutgoingPacket(
 {
 	uint32_t remoteTagIds[ZT_MAX_NETWORK_TAGS];
 	uint32_t remoteTagValues[ZT_MAX_NETWORK_TAGS];
-	Address ztDest2(ztDest);
+	Address ztFinalDest(ztDest);
 	Address cc;
 	const Capability *relevantCap = (const Capability *)0;
 	unsigned int ccLength = 0;
 	bool accept = false;
+	const uint64_t now = RR->node->now();
 
 	Mutex::Lock _l(_lock);
 
@@ -663,26 +664,27 @@ bool Network::filterOutgoingPacket(
 		remoteTagCount = m->getAllTags(_config,remoteTagIds,remoteTagValues,ZT_MAX_NETWORK_TAGS);
 	}
 
-	switch(_doZtFilter(RR,_config,false,ztSource,ztDest2,macSource,macDest,frameData,frameLen,etherType,vlanId,_config.rules,_config.ruleCount,_config.tags,_config.tagCount,remoteTagIds,remoteTagValues,remoteTagCount,cc,ccLength)) {
+	switch(_doZtFilter(RR,_config,false,ztSource,ztFinalDest,macSource,macDest,frameData,frameLen,etherType,vlanId,_config.rules,_config.ruleCount,_config.tags,_config.tagCount,remoteTagIds,remoteTagValues,remoteTagCount,cc,ccLength)) {
 
 		case DOZTFILTER_NO_MATCH:
 			for(unsigned int c=0;c<_config.capabilityCount;++c) {
-				ztDest2 = ztDest; // sanity check
+				ztFinalDest = ztDest; // sanity check
 				Address cc2;
 				unsigned int ccLength2 = 0;
-				switch (_doZtFilter(RR,_config,false,ztSource,ztDest2,macSource,macDest,frameData,frameLen,etherType,vlanId,_config.capabilities[c].rules(),_config.capabilities[c].ruleCount(),_config.tags,_config.tagCount,remoteTagIds,remoteTagValues,remoteTagCount,cc2,ccLength2)) {
+				switch (_doZtFilter(RR,_config,false,ztSource,ztFinalDest,macSource,macDest,frameData,frameLen,etherType,vlanId,_config.capabilities[c].rules(),_config.capabilities[c].ruleCount(),_config.tags,_config.tagCount,remoteTagIds,remoteTagValues,remoteTagCount,cc2,ccLength2)) {
 					case DOZTFILTER_NO_MATCH:
 					case DOZTFILTER_DROP: // explicit DROP in a capability just terminates its evaluation and is an anti-pattern
 						break;
 
-					case DOZTFILTER_REDIRECT: // interpreted as ACCEPT but ztDest2 will have been changed in _doZtFilter()
+					case DOZTFILTER_REDIRECT: // interpreted as ACCEPT but ztFinalDest will have been changed in _doZtFilter()
 					case DOZTFILTER_ACCEPT:
 					case DOZTFILTER_SUPER_ACCEPT: // no difference in behavior on outbound side
 						relevantCap = &(_config.capabilities[c]);
 						accept = true;
 
 						if ((!noTee)&&(cc2)) {
-							_membership(cc2).sendCredentialsIfNeeded(RR,RR->node->now(),cc2,_config,relevantCap);
+							Membership &m2 = _membership(cc2);
+							m2.sendCredentialsIfNeeded(RR,now,cc2,_config,relevantCap);
 
 							Packet outp(cc2,RR->identity.address(),Packet::VERB_EXT_FRAME);
 							outp.append(_id);
@@ -705,7 +707,7 @@ bool Network::filterOutgoingPacket(
 		case DOZTFILTER_DROP:
 			return false;
 
-		case DOZTFILTER_REDIRECT: // interpreted as ACCEPT but ztDest2 will have been changed in _doZtFilter()
+		case DOZTFILTER_REDIRECT: // interpreted as ACCEPT but ztFinalDest will have been changed in _doZtFilter()
 		case DOZTFILTER_ACCEPT:
 		case DOZTFILTER_SUPER_ACCEPT: // no difference in behavior on outbound side
 			accept = true;
@@ -714,7 +716,8 @@ bool Network::filterOutgoingPacket(
 
 	if (accept) {
 		if ((!noTee)&&(cc)) {
-			_membership(cc).sendCredentialsIfNeeded(RR,RR->node->now(),cc,_config,relevantCap);
+			Membership &m2 = _membership(cc);
+			m2.sendCredentialsIfNeeded(RR,now,cc,_config,relevantCap);
 
 			Packet outp(cc,RR->identity.address(),Packet::VERB_EXT_FRAME);
 			outp.append(_id);
@@ -727,10 +730,11 @@ bool Network::filterOutgoingPacket(
 			RR->sw->send(outp,true);
 		}
 
-		if ((ztDest != ztDest2)&&(ztDest2)) {
-			_membership(ztDest2).sendCredentialsIfNeeded(RR,RR->node->now(),ztDest2,_config,relevantCap);
+		if ((ztDest != ztFinalDest)&&(ztFinalDest)) {
+			Membership &m2 = _membership(ztFinalDest);
+			m2.sendCredentialsIfNeeded(RR,now,ztFinalDest,_config,relevantCap);
 
-			Packet outp(ztDest2,RR->identity.address(),Packet::VERB_EXT_FRAME);
+			Packet outp(ztFinalDest,RR->identity.address(),Packet::VERB_EXT_FRAME);
 			outp.append(_id);
 			outp.append((uint8_t)0x02); // TEE/REDIRECT from outbound side: 0x02
 			macDest.appendTo(outp);
@@ -742,11 +746,13 @@ bool Network::filterOutgoingPacket(
 
 			return false; // DROP locally, since we redirected
 		} else if (m) {
-			m->sendCredentialsIfNeeded(RR,RR->node->now(),ztDest,_config,relevantCap);
+			m->sendCredentialsIfNeeded(RR,now,ztDest,_config,relevantCap);
 		}
-	}
 
-	return accept;
+		return true;
+	} else {
+		return false;
+	}
 }
 
 int Network::filterIncomingPacket(
@@ -761,7 +767,7 @@ int Network::filterIncomingPacket(
 {
 	uint32_t remoteTagIds[ZT_MAX_NETWORK_TAGS];
 	uint32_t remoteTagValues[ZT_MAX_NETWORK_TAGS];
-	Address ztDest2(ztDest);
+	Address ztFinalDest(ztDest);
 	Address cc;
 	unsigned int ccLength = 0;
 	int accept = 0;
@@ -771,16 +777,16 @@ int Network::filterIncomingPacket(
 	Membership &m = _membership(sourcePeer->address());
 	const unsigned int remoteTagCount = m.getAllTags(_config,remoteTagIds,remoteTagValues,ZT_MAX_NETWORK_TAGS);
 
-	switch (_doZtFilter(RR,_config,true,sourcePeer->address(),ztDest2,macSource,macDest,frameData,frameLen,etherType,vlanId,_config.rules,_config.ruleCount,_config.tags,_config.tagCount,remoteTagIds,remoteTagValues,remoteTagCount,cc,ccLength)) {
+	switch (_doZtFilter(RR,_config,true,sourcePeer->address(),ztFinalDest,macSource,macDest,frameData,frameLen,etherType,vlanId,_config.rules,_config.ruleCount,_config.tags,_config.tagCount,remoteTagIds,remoteTagValues,remoteTagCount,cc,ccLength)) {
 
 		case DOZTFILTER_NO_MATCH: {
 			Membership::CapabilityIterator mci(m);
 			const Capability *c;
 			while ((c = mci.next(_config))) {
-				ztDest2 = ztDest; // sanity check
+				ztFinalDest = ztDest; // sanity check
 				Address cc2;
 				unsigned int ccLength2 = 0;
-				switch(_doZtFilter(RR,_config,true,sourcePeer->address(),ztDest2,macSource,macDest,frameData,frameLen,etherType,vlanId,c->rules(),c->ruleCount(),_config.tags,_config.tagCount,remoteTagIds,remoteTagValues,remoteTagCount,cc2,ccLength2)) {
+				switch(_doZtFilter(RR,_config,true,sourcePeer->address(),ztFinalDest,macSource,macDest,frameData,frameLen,etherType,vlanId,c->rules(),c->ruleCount(),_config.tags,_config.tagCount,remoteTagIds,remoteTagValues,remoteTagCount,cc2,ccLength2)) {
 					case DOZTFILTER_NO_MATCH:
 					case DOZTFILTER_DROP: // explicit DROP in a capability just terminates its evaluation and is an anti-pattern
 						break;
@@ -815,7 +821,7 @@ int Network::filterIncomingPacket(
 		case DOZTFILTER_DROP:
 			return 0; // DROP
 
-		case DOZTFILTER_REDIRECT: // interpreted as ACCEPT but ztDest2 will have been changed in _doZtFilter()
+		case DOZTFILTER_REDIRECT: // interpreted as ACCEPT but ztFinalDest will have been changed in _doZtFilter()
 		case DOZTFILTER_ACCEPT:
 			accept = 1; // ACCEPT
 			break;
@@ -839,10 +845,10 @@ int Network::filterIncomingPacket(
 			RR->sw->send(outp,true);
 		}
 
-		if ((ztDest != ztDest2)&&(ztDest2)) {
-			_membership(ztDest2).sendCredentialsIfNeeded(RR,RR->node->now(),ztDest2,_config,(const Capability *)0);
+		if ((ztDest != ztFinalDest)&&(ztFinalDest)) {
+			_membership(ztFinalDest).sendCredentialsIfNeeded(RR,RR->node->now(),ztFinalDest,_config,(const Capability *)0);
 
-			Packet outp(ztDest2,RR->identity.address(),Packet::VERB_EXT_FRAME);
+			Packet outp(ztFinalDest,RR->identity.address(),Packet::VERB_EXT_FRAME);
 			outp.append(_id);
 			outp.append((uint8_t)0x06); // TEE/REDIRECT from inbound side: 0x06
 			macDest.appendTo(outp);
@@ -1063,23 +1069,26 @@ bool Network::gate(const SharedPtr<Peer> &peer,const Packet::Verb verb,const uin
 	Mutex::Lock _l(_lock);
 	try {
 		if (_config) {
-			Membership &m = _membership(peer->address());
-			const bool allow = m.isAllowedOnNetwork(_config);
-			if (allow) {
-				m.sendCredentialsIfNeeded(RR,now,peer->address(),_config,(const Capability *)0);
-				if (m.shouldLikeMulticasts(now)) {
+			Membership *m = _memberships.get(peer->address());
+			if ( (_config.isPublic()) || ((m)&&(m->isAllowedOnNetwork(_config))) ) {
+				if (!m)
+					m = &(_membership(peer->address()));
+				m->sendCredentialsIfNeeded(RR,now,peer->address(),_config,(const Capability *)0);
+				if (m->shouldLikeMulticasts(now)) {
 					_announceMulticastGroupsTo(peer->address(),_allMulticastGroups());
-					m.likingMulticasts(now);
+					m->likingMulticasts(now);
+				}
+				return true;
+			} else {
+				if (peer->rateGateRequestCredentials(now)) {
+					Packet outp(peer->address(),RR->identity.address(),Packet::VERB_ERROR);
+					outp.append((uint8_t)verb);
+					outp.append(packetId);
+					outp.append((uint8_t)Packet::ERROR_NEED_MEMBERSHIP_CERTIFICATE);
+					outp.append(_id);
+					RR->sw->send(outp,true);
 				}
-			} else if (m.recentlyAllowedOnNetwork(_config)&&peer->rateGateRequestCredentials(now)) {
-				Packet outp(peer->address(),RR->identity.address(),Packet::VERB_ERROR);
-				outp.append((uint8_t)verb);
-				outp.append(packetId);
-				outp.append((uint8_t)Packet::ERROR_NEED_MEMBERSHIP_CERTIFICATE);
-				outp.append(_id);
-				RR->sw->send(outp,true);
 			}
-			return allow;
 		}
 	} catch ( ... ) {
 		TRACE("gate() check failed for peer %s: unexpected exception",peer->address().toString().c_str());
@@ -1092,15 +1101,6 @@ bool Network::gateMulticastGatherReply(const SharedPtr<Peer> &peer,const Packet:
 	return ( (peer->address() == controller()) || RR->topology->isUpstream(peer->identity()) || gate(peer,verb,packetId) || _config.isAnchor(peer->address()) );
 }
 
-bool Network::recentlyAllowedOnNetwork(const SharedPtr<Peer> &peer) const
-{
-	Mutex::Lock _l(_lock);
-	const Membership *m = _memberships.get(peer->address());
-	if (m)
-		return m->recentlyAllowedOnNetwork(_config);
-	return false;
-}
-
 void Network::clean()
 {
 	const uint64_t now = RR->node->now();
@@ -1308,13 +1308,11 @@ void Network::_sendUpdatesToMembers(const MulticastGroup *const newMulticastGrou
 		Membership *m = (Membership *)0;
 		Hashtable<Address,Membership>::Iterator i(_memberships);
 		while (i.next(a,m)) {
-			if ( (m->recentlyAllowedOnNetwork(_config)) || (std::find(anchors.begin(),anchors.end(),*a) != anchors.end()) ) {
-				m->sendCredentialsIfNeeded(RR,RR->node->now(),*a,_config,(const Capability *)0);
-				if ( ((newMulticastGroup)||(m->shouldLikeMulticasts(now))) && (m->isAllowedOnNetwork(_config)) ) {
-					if (!newMulticastGroup)
-						m->likingMulticasts(now);
-					_announceMulticastGroupsTo(*a,groups);
-				}
+			m->sendCredentialsIfNeeded(RR,now,*a,_config,(const Capability *)0);
+			if ( ((newMulticastGroup)||(m->shouldLikeMulticasts(now))) && (m->isAllowedOnNetwork(_config)) ) {
+				if (!newMulticastGroup)
+					m->likingMulticasts(now);
+				_announceMulticastGroupsTo(*a,groups);
 			}
 		}
 	}

node/Network.hpp

@@ -248,7 +248,10 @@ public:
 	void requestConfiguration();
 
 	/**
-	 * Membership check gate for incoming packets related to this network
+	 * Determine whether this peer is permitted to communicate on this network
+	 *
+	 * This also performs certain periodic actions such as pushing renewed
+	 * credentials to peers or requesting them if not present.
 	 *
 	 * @param peer Peer to check
 	 * @param verb Packet verb
@@ -262,12 +265,6 @@ public:
 	 */
 	bool gateMulticastGatherReply(const SharedPtr<Peer> &peer,const Packet::Verb verb,const uint64_t packetId);
 
-	/**
-	 * @param peer Peer to check
-	 * @return True if peer has recently been a valid member of this network
-	 */
-	bool recentlyAllowedOnNetwork(const SharedPtr<Peer> &peer) const;
-
 	/**
 	 * Perform cleanup and possibly save state
 	 */

node/Node.cpp

@@ -241,7 +241,7 @@ public:
 			}
 
 			lastReceiveFromUpstream = std::max(p->lastReceive(),lastReceiveFromUpstream);
-		} else if (p->activelyTransferringFrames(_now)) {
+		} else if (p->isActive(_now)) {
 			// Normal nodes get their preferred link kept alive if the node has generated frame traffic recently
 			p->doPingAndKeepalive(_now,-1);
 		}

node/Peer.cpp

@@ -41,7 +41,6 @@ namespace ZeroTier {
 static uint32_t _natKeepaliveBuf = 0;
 
 Peer::Peer(const RuntimeEnvironment *renv,const Identity &myIdentity,const Identity &peerIdentity) :
-	_lastUsed(0),
 	_lastReceive(0),
 	_lastUnicastFrame(0),
 	_lastMulticastFrame(0),
@@ -408,19 +407,16 @@ bool Peer::hasActiveDirectPath(uint64_t now) const
 	return false;
 }
 
-bool Peer::resetWithinScope(InetAddress::IpScope scope,int inetAddressFamily,uint64_t now)
+void Peer::resetWithinScope(InetAddress::IpScope scope,int inetAddressFamily,uint64_t now)
 {
 	Mutex::Lock _l(_paths_m);
-	bool resetSomething = false;
 	for(unsigned int p=0;p<_numPaths;++p) {
 		if ( (_paths[p].path->address().ss_family == inetAddressFamily) && (_paths[p].path->address().ipScope() == scope) ) {
 			attemptToContactAt(_paths[p].path->localAddress(),_paths[p].path->address(),now);
 			_paths[p].path->sent(now);
-			_paths[p].lastReceive >>= 2; // de-prioritize heavily vs. other paths, will get reset if we get OK(HELLO) or other traffic
-			resetSomething = true;
+			_paths[p].lastReceive = 0; // path will not be used unless it speaks again
 		}
 	}
-	return resetSomething;
 }
 
 void Peer::getBestActiveAddresses(uint64_t now,InetAddress &v4,InetAddress &v6) const

node/Peer.hpp

@@ -68,18 +68,6 @@ public:
 	 */
 	Peer(const RuntimeEnvironment *renv,const Identity &myIdentity,const Identity &peerIdentity);
 
-	/**
-	 * @return Time peer record was last used in any way
-	 */
-	inline uint64_t lastUsed() const throw() { return _lastUsed; }
-
-	/**
-	 * Log a use of this peer record (done by Topology when peers are looked up)
-	 *
-	 * @param now New time of last use
-	 */
-	inline void use(uint64_t now) throw() { _lastUsed = now; }
-
 	/**
 	 * @return This peer's ZT address (short for identity().address())
 	 */
@@ -194,15 +182,14 @@ public:
 	/**
 	 * Reset paths within a given IP scope and address family
 	 *
-	 * Resetting a path involves sending a HELLO to it and then de-prioritizing
-	 * it vs. other paths.
+	 * Resetting a path involves sending an ECHO to it and then deactivating
+	 * it until or unless it responds.
 	 *
 	 * @param scope IP scope
 	 * @param inetAddressFamily Family e.g. AF_INET
 	 * @param now Current time
-	 * @return True if we forgot at least one path
 	 */
-	bool resetWithinScope(InetAddress::IpScope scope,int inetAddressFamily,uint64_t now);
+	void resetWithinScope(InetAddress::IpScope scope,int inetAddressFamily,uint64_t now);
 
 	/**
 	 * Get most recently active path addresses for IPv4 and/or IPv6
@@ -232,27 +219,32 @@ public:
 	/**
 	 * @return Time of last receive of anything, whether direct or relayed
 	 */
-	inline uint64_t lastReceive() const throw() { return _lastReceive; }
+	inline uint64_t lastReceive() const { return _lastReceive; }
+
+	/**
+	 * @return True if we've heard from this peer in less than ZT_PEER_ACTIVITY_TIMEOUT
+	 */
+	inline bool isAlive(const uint64_t now) const { return ((now - _lastReceive) < ZT_PEER_ACTIVITY_TIMEOUT); }
 
 	/**
 	 * @return Time of most recent unicast frame received
 	 */
-	inline uint64_t lastUnicastFrame() const throw() { return _lastUnicastFrame; }
+	inline uint64_t lastUnicastFrame() const { return _lastUnicastFrame; }
 
 	/**
 	 * @return Time of most recent multicast frame received
 	 */
-	inline uint64_t lastMulticastFrame() const throw() { return _lastMulticastFrame; }
+	inline uint64_t lastMulticastFrame() const { return _lastMulticastFrame; }
 
 	/**
 	 * @return Time of most recent frame of any kind (unicast or multicast)
 	 */
-	inline uint64_t lastFrame() const throw() { return std::max(_lastUnicastFrame,_lastMulticastFrame); }
+	inline uint64_t lastFrame() const { return std::max(_lastUnicastFrame,_lastMulticastFrame); }
 
 	/**
 	 * @return True if this peer has sent us real network traffic recently
 	 */
-	inline uint64_t activelyTransferringFrames(uint64_t now) const throw() { return ((now - lastFrame()) < ZT_PEER_ACTIVITY_TIMEOUT); }
+	inline uint64_t isActive(uint64_t now) const { return ((now - lastFrame()) < ZT_PEER_ACTIVITY_TIMEOUT); }
 
 	/**
 	 * @return Latency in milliseconds or 0 if unknown
@@ -464,7 +456,6 @@ private:
 
 	uint8_t _key[ZT_PEER_SECRET_KEY_LENGTH];
 	uint8_t _remoteClusterOptimal6[16];
-	uint64_t _lastUsed;
 	uint64_t _lastReceive; // direct or indirect
 	uint64_t _lastUnicastFrame;
 	uint64_t _lastMulticastFrame;

node/SelfAwareness.cpp

@@ -45,9 +45,7 @@ public:
 		_family(inetAddressFamily),
 		_scope(scope) {}
 
-	inline void operator()(Topology &t,const SharedPtr<Peer> &p) { if (p->resetWithinScope(_scope,_family,_now)) peersReset.push_back(p); }
-
-	std::vector< SharedPtr<Peer> > peersReset;
+	inline void operator()(Topology &t,const SharedPtr<Peer> &p) { p->resetWithinScope(_scope,_family,_now); }
 
 private:
 	uint64_t _now;
@@ -95,16 +93,6 @@ void SelfAwareness::iam(const Address &reporter,const InetAddress &receivedOnLoc
 		// Reset all paths within this scope and address family
 		_ResetWithinScope rset(now,myPhysicalAddress.ss_family,(InetAddress::IpScope)scope);
 		RR->topology->eachPeer<_ResetWithinScope &>(rset);
-
-		// Send a NOP to all peers for whom we forgot a path. This will cause direct
-		// links to be re-established if possible, possibly using a root server or some
-		// other relay.
-		for(std::vector< SharedPtr<Peer> >::const_iterator p(rset.peersReset.begin());p!=rset.peersReset.end();++p) {
-			if ((*p)->activelyTransferringFrames(now)) {
-				Packet outp((*p)->address(),RR->identity.address(),Packet::VERB_NOP);
-				RR->sw->send(outp,true);
-			}
-		}
 	} else {
 		// Otherwise just update DB to use to determine external surface info
 		entry.mySurface = myPhysicalAddress;

node/Switch.cpp

@@ -354,8 +354,7 @@ void Switch::onLocalEthernet(const SharedPtr<Network> &network,const MAC &from,c
 			return;
 		}
 
-		// Destination is a multicast address (including broadcast)
-		MulticastGroup mg(to,0);
+		MulticastGroup multicastGroup(to,0);
 
 		if (to.isBroadcast()) {
 			if ( (etherType == ZT_ETHERTYPE_ARP) && (len >= 28) && ((((const uint8_t *)data)[2] == 0x08)&&(((const uint8_t *)data)[3] == 0x00)&&(((const uint8_t *)data)[4] == 6)&&(((const uint8_t *)data)[5] == 4)&&(((const uint8_t *)data)[7] == 0x01)) ) {
@@ -368,7 +367,7 @@ void Switch::onLocalEthernet(const SharedPtr<Network> &network,const MAC &from,c
 				 * them into multicasts by stuffing the IP address being queried into
 				 * the 32-bit ADI field. In practice this uses our multicast pub/sub
 				 * system to implement a kind of extended/distributed ARP table. */
-				mg = MulticastGroup::deriveMulticastGroupForAddressResolution(InetAddress(((const unsigned char *)data) + 24,4,0));
+				multicastGroup = MulticastGroup::deriveMulticastGroupForAddressResolution(InetAddress(((const unsigned char *)data) + 24,4,0));
 			} else if (!network->config().enableBroadcast()) {
 				// Don't transmit broadcasts if this network doesn't want them
 				TRACE("%.16llx: dropped broadcast since ff:ff:ff:ff:ff:ff is not enabled",network->id());
@@ -463,9 +462,9 @@ void Switch::onLocalEthernet(const SharedPtr<Network> &network,const MAC &from,c
 		 * multicast addresses on bridge interfaces and subscribing each slave.
 		 * But in that case this does no harm, as the sets are just merged. */
 		if (fromBridged)
-			network->learnBridgedMulticastGroup(mg,RR->node->now());
+			network->learnBridgedMulticastGroup(multicastGroup,RR->node->now());
 
-		//TRACE("%.16llx: MULTICAST %s -> %s %s %u",network->id(),from.toString().c_str(),mg.toString().c_str(),etherTypeName(etherType),len);
+		//TRACE("%.16llx: MULTICAST %s -> %s %s %u",network->id(),from.toString().c_str(),multicastGroup.toString().c_str(),etherTypeName(etherType),len);
 
 		// First pass sets noTee to false, but noTee is set to true in OutboundMulticast to prevent duplicates.
 		if (!network->filterOutgoingPacket(false,RR->identity.address(),Address(),from,to,(const uint8_t *)data,len,etherType,vlanId)) {
@@ -478,7 +477,7 @@ void Switch::onLocalEthernet(const SharedPtr<Network> &network,const MAC &from,c
 			RR->node->now(),
 			network->id(),
 			network->config().activeBridges(),
-			mg,
+			multicastGroup,
 			(fromBridged) ? from : MAC(),
 			etherType,
 			data,

node/Topology.cpp

@@ -96,7 +96,6 @@ SharedPtr<Peer> Topology::addPeer(const SharedPtr<Peer> &peer)
 		np = hp;
 	}
 
-	np->use(RR->node->now());
 	saveIdentity(np->identity());
 
 	return np;
@@ -113,7 +112,6 @@ SharedPtr<Peer> Topology::getPeer(const Address &zta)
 		Mutex::Lock _l(_lock);
 		const SharedPtr<Peer> *const ap = _peers.get(zta);
 		if (ap) {
-			(*ap)->use(RR->node->now());
 			return *ap;
 		}
 	}
@@ -127,7 +125,6 @@ SharedPtr<Peer> Topology::getPeer(const Address &zta)
 				SharedPtr<Peer> &ap = _peers[zta];
 				if (!ap)
 					ap.swap(np);
-				ap->use(RR->node->now());
 				return ap;
 			}
 		}
@@ -176,10 +173,8 @@ SharedPtr<Peer> Topology::getBestRoot(const Address *avoid,unsigned int avoidCou
 			if (_rootAddresses[p] == RR->identity.address()) {
 				for(unsigned long q=1;q<_rootAddresses.size();++q) {
 					const SharedPtr<Peer> *const nextsn = _peers.get(_rootAddresses[(p + q) % _rootAddresses.size()]);
-					if ((nextsn)&&((*nextsn)->hasActiveDirectPath(now))) {
-						(*nextsn)->use(now);
+					if ((nextsn)&&((*nextsn)->hasActiveDirectPath(now)))
 						return *nextsn;
-					}
 				}
 				break;
 			}
@@ -214,10 +209,8 @@ SharedPtr<Peer> Topology::getBestRoot(const Address *avoid,unsigned int avoidCou
 		}
 
 		if (bestNotAvoid) {
-			(*bestNotAvoid)->use(now);
 			return *bestNotAvoid;
 		} else if ((!strictAvoid)&&(bestOverall)) {
-			(*bestOverall)->use(now);
 			return *bestOverall;
 		}
 
@@ -256,7 +249,7 @@ void Topology::clean(uint64_t now)
 		Address *a = (Address *)0;
 		SharedPtr<Peer> *p = (SharedPtr<Peer> *)0;
 		while (i.next(a,p)) {
-			if (((now - (*p)->lastUsed()) >= ZT_PEER_IN_MEMORY_EXPIRATION)&&(std::find(_rootAddresses.begin(),_rootAddresses.end(),*a) == _rootAddresses.end()))
+			if ( (!(*p)->isAlive(now)) && (std::find(_rootAddresses.begin(),_rootAddresses.end(),*a) == _rootAddresses.end()) )
 				_peers.erase(*a);
 		}
 	}