ZeroTierOne/node/VL1.cpp

/*
 * Copyright (c)2013-2020 ZeroTier, Inc.
 *
 * Use of this software is governed by the Business Source License included
 * in the LICENSE.TXT file in the project's root directory.
 *
 * Change Date: 2024-01-01
 *
 * On the date above, in accordance with the Business Source License, use
 * of this software will be governed by version 2.0 of the Apache License.
 */
/****/

#include "VL1.hpp"
#include "RuntimeEnvironment.hpp"
#include "Node.hpp"
#include "Topology.hpp"
#include "VL2.hpp"
#include "Salsa20.hpp"
#include "LZ4.hpp"
#include "Poly1305.hpp"
#include "Identity.hpp"
#include "SelfAwareness.hpp"
#include "SHA512.hpp"
#include "Peer.hpp"
#include "Path.hpp"
#include "Expect.hpp"

namespace ZeroTier {

namespace {

ZT_INLINE const Identity &identityFromPeerPtr(const SharedPtr<Peer> &p)
{
	if (p)
		return p->identity();
	return Identity::NIL;
}

} // anonymous namespace

VL1::VL1(const RuntimeEnvironment *renv) :
	RR(renv)
{
}

VL1::~VL1()
{
}

void VL1::onRemotePacket(void *const tPtr,const int64_t localSocket,const InetAddress &fromAddr,SharedPtr<Buf> &data,const unsigned int len)
{
	// Get canonical Path object for this originating address and local socket pair.
	const SharedPtr<Path> path(RR->topology->path(localSocket,fromAddr));

	const int64_t now = RR->node->now();

	// Update path's last receive time (this is updated when anything is received at all, even if invalid or a keepalive)
	path->received(now,len);

	try {
		// Handle 8-byte short probes, which are used as a low-bandwidth way to initiate a real handshake.
		// These are only minimally "secure" in the sense that they are unique per graph edge (sender->recipient)
		// to within 1/2^64 but can easily be replayed. We rate limit this to prevent ZeroTier being used as
		// a vector in DDOS amplification attacks, then send a larger fully authenticated message to initiate
		// a handshake. We do not send HELLO since we don't want this to be a vector for third parties to
		// mass-probe for ZeroTier nodes and obtain all of the information in a HELLO. This isn't a huge risk
		// but we might as well avoid it. When the peer receives NOP on a path that hasn't been handshaked yet
		// it will send its own HELLO to which we will respond with a fully encrypted OK(HELLO).
		if (len == ZT_PROTO_PROBE_LENGTH) {
			const SharedPtr<Peer> peer(RR->topology->peerByProbe(data->lI64(0)));
			if ((peer)&&(peer->rateGateInboundProbe(now)))
				path->sent(now,peer->sendNOP(tPtr,path->localSocket(),path->address(),now));
			return;
		}

		// Discard any other runt packets that aren't probes. These are likely to be keepalives.
		// No reason to bother even logging them. Note that the last receive time for the path
		// was still updated, so tiny keepalives do keep the path alive.
		if (len < ZT_PROTO_MIN_FRAGMENT_LENGTH)
			return;

		// A vector of slices of buffers that aspires to eventually hold an assembled packet.
		// These are reassembled into a single contiguous buffer at the same time as decryption
		// and authentication.
		FCV<Buf::Slice,ZT_MAX_PACKET_FRAGMENTS> pktv;

		// Destination address of packet (filled below)
		Address destination;

		if (data->lI8(ZT_PROTO_PACKET_FRAGMENT_INDICATOR_INDEX) == ZT_PROTO_PACKET_FRAGMENT_INDICATOR) {
			// Fragment -----------------------------------------------------------------------------------------------------

			const Protocol::FragmentHeader &fragmentHeader = data->as<Protocol::FragmentHeader>();
			destination.setTo(fragmentHeader.destination);

			if (destination != RR->identity.address()) {
				_relay(tPtr,path,destination,data,len);
				return;
			}

			switch (_inputPacketAssembler.assemble(
				fragmentHeader.packetId,
				pktv,
				data,
				ZT_PROTO_PACKET_FRAGMENT_PAYLOAD_START_AT,
				(unsigned int)(len - ZT_PROTO_PACKET_FRAGMENT_PAYLOAD_START_AT),
				fragmentHeader.counts & 0xfU, // fragment number
				fragmentHeader.counts >> 4U,  // total number of fragments in message is specified in each fragment
				now,
				path,
				ZT_MAX_INCOMING_FRAGMENTS_PER_PATH)) {
				case Defragmenter<ZT_MAX_PACKET_FRAGMENTS>::COMPLETE:
					break;
				default:
					//case Defragmenter<ZT_MAX_PACKET_FRAGMENTS>::OK:
					//case Defragmenter<ZT_MAX_PACKET_FRAGMENTS>::ERR_DUPLICATE_FRAGMENT:
					//case Defragmenter<ZT_MAX_PACKET_FRAGMENTS>::ERR_INVALID_FRAGMENT:
					//case Defragmenter<ZT_MAX_PACKET_FRAGMENTS>::ERR_TOO_MANY_FRAGMENTS_FOR_PATH:
					//case Defragmenter<ZT_MAX_PACKET_FRAGMENTS>::ERR_OUT_OF_MEMORY:
					return;
			}
		} else {
			// Not fragment, meaning whole packet or head of series with fragments ------------------------------------------

			if (len < ZT_PROTO_MIN_PACKET_LENGTH)
				return;
			const Protocol::Header &packetHeader = data->as<Protocol::Header>();
			destination.setTo(packetHeader.destination);

			if (destination != RR->identity.address()) {
				_relay(tPtr,path,destination,data,len);
				return;
			}

			if ((packetHeader.flags & ZT_PROTO_FLAG_FRAGMENTED) != 0) {
				switch (_inputPacketAssembler.assemble(
					packetHeader.packetId,
					pktv,
					data,
					0,
					len,
					0, // always the zero'eth fragment
					0, // this is specified in fragments, not in the head
					now,
					path,
					ZT_MAX_INCOMING_FRAGMENTS_PER_PATH)) {
					case Defragmenter<ZT_MAX_PACKET_FRAGMENTS>::COMPLETE:
						break;
					default:
						//case Defragmenter<ZT_MAX_PACKET_FRAGMENTS>::OK:
						//case Defragmenter<ZT_MAX_PACKET_FRAGMENTS>::ERR_DUPLICATE_FRAGMENT:
						//case Defragmenter<ZT_MAX_PACKET_FRAGMENTS>::ERR_INVALID_FRAGMENT:
						//case Defragmenter<ZT_MAX_PACKET_FRAGMENTS>::ERR_TOO_MANY_FRAGMENTS_FOR_PATH:
						//case Defragmenter<ZT_MAX_PACKET_FRAGMENTS>::ERR_OUT_OF_MEMORY:
						return;
				}
			} else { // packet isn't fragmented, so skip the Defragmenter logic completely.
				Buf::Slice &s = pktv.push();
				s.b.swap(data);
				s.s = 0;
				s.e = len;
			}
		}

		// Packet defragmented and apparently addressed to this node ------------------------------------------------------

		// Subject pktv to a few sanity checks just to make sure Defragmenter worked correctly and
		// there is enough room in each slice to shift their contents to sizes that are multiples
		// of 64 if needed for crypto.
		if ((pktv.empty()) || (((int)pktv[0].e - (int)pktv[0].s) < (int)sizeof(Protocol::Header))) {
			RR->t->unexpectedError(tPtr,0x3df19990,"empty or undersized packet vector after parsing packet from %s of length %d",Trace::str(path->address()).s,(int)len);
			return;
		}
		for(FCV<Buf::Slice,ZT_MAX_PACKET_FRAGMENTS>::const_iterator s(pktv.begin());s!=pktv.end();++s) {
			if ((s->e > (ZT_BUF_MEM_SIZE - 64))||(s->s > s->e))
				return;
		}

		Protocol::Header *ph = &(pktv[0].b->as<Protocol::Header>(pktv[0].s));
		const Address source(ph->source);

		if (source == RR->identity.address())
			return;
		SharedPtr<Peer> peer(RR->topology->peer(tPtr,source));

		Buf::Slice pkt;
		bool authenticated = false;

		const uint8_t hops = Protocol::packetHops(*ph);
		const uint8_t cipher = Protocol::packetCipher(*ph);

		unsigned int packetSize = pktv[0].e - pktv[0].s;
		for(FCV<Buf::Slice,ZT_MAX_PACKET_FRAGMENTS>::const_iterator s(pktv.begin()+1);s!=pktv.end();++s)
			packetSize += s->e - s->s;
		if (packetSize > ZT_PROTO_MAX_PACKET_LENGTH) {
			RR->t->incomingPacketDropped(tPtr,0x010348da,ph->packetId,0,identityFromPeerPtr(peer),path->address(),hops,Protocol::VERB_NOP,ZT_TRACE_PACKET_DROP_REASON_MALFORMED_PACKET);
			return;
		}

		// If we don't know this peer and this is not a HELLO, issue a WHOIS and enqueue this packet to try again.
		if ((!peer)&&(!(((cipher == ZT_PROTO_CIPHER_SUITE__POLY1305_NONE)||(cipher == ZT_PROTO_CIPHER_SUITE__NONE))&&((ph->verb & 0x1fU) == Protocol::VERB_HELLO)))) {
			pkt = Buf::assembleSliceVector(pktv);
			if (pkt.e < ZT_PROTO_MIN_PACKET_LENGTH) {
				RR->t->incomingPacketDropped(tPtr,0xbada9366,ph->packetId,0,identityFromPeerPtr(peer),path->address(),hops,Protocol::VERB_NOP,ZT_TRACE_PACKET_DROP_REASON_MALFORMED_PACKET);
				return;
			}
			{
				Mutex::Lock wl(_whoisQueue_l);
				_WhoisQueueItem &wq = _whoisQueue[source];
				wq.inboundPackets.push_back(pkt);
			}
			_sendPendingWhois(tPtr,now);
			return;
		}

		switch(cipher) {
			case ZT_PROTO_CIPHER_SUITE__POLY1305_NONE:
				if (peer) {
					pkt = Buf::assembleSliceVector(pktv);
					if (pkt.e < ZT_PROTO_MIN_PACKET_LENGTH) {
						RR->t->incomingPacketDropped(tPtr,0x432aa9da,ph->packetId,0,peer->identity(),path->address(),hops,Protocol::VERB_NOP,ZT_TRACE_PACKET_DROP_REASON_MALFORMED_PACKET);
						return;
					}
					ph = &(pkt.b->as<Protocol::Header>());

					// Generate one-time-use MAC key using Salsa20.
					uint8_t perPacketKey[ZT_PEER_SECRET_KEY_LENGTH];
					uint8_t macKey[ZT_POLY1305_KEY_SIZE];
					Protocol::salsa2012DeriveKey(peer->key(),perPacketKey,*pktv[0].b,packetSize);
					Salsa20(perPacketKey,&ph->packetId).crypt12(Utils::ZERO256,macKey,ZT_POLY1305_KEY_SIZE);

					// Verify packet MAC.
					uint64_t mac[2];
					poly1305(mac,pkt.b->unsafeData + ZT_PROTO_PACKET_ENCRYPTED_SECTION_START,packetSize - ZT_PROTO_PACKET_ENCRYPTED_SECTION_START,macKey);
					if (ph->mac != mac[0]) {
						RR->t->incomingPacketDropped(tPtr,0xcc89c812,ph->packetId,0,peer->identity(),path->address(),hops,Protocol::VERB_NOP,ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
						return;
					}
					authenticated = true;
				}
				break;

			case ZT_PROTO_CIPHER_SUITE__POLY1305_SALSA2012:
				if (peer) {
					// Derive per-packet key using symmetric key plus some data from the packet header.
					uint8_t perPacketKey[ZT_PEER_SECRET_KEY_LENGTH];
					Protocol::salsa2012DeriveKey(peer->key(),perPacketKey,*pktv[0].b,packetSize);
					Salsa20 s20(perPacketKey,&ph->packetId);

					// Do one Salsa20 block to generate the one-time-use Poly1305 key.
					uint8_t macKey[ZT_POLY1305_KEY_SIZE];
					s20.crypt12(Utils::ZERO256,macKey,ZT_POLY1305_KEY_SIZE);

					// Get a buffer to store the decrypted and fully contiguous packet.
					pkt.b.set(new Buf());

					// Salsa20 is a stream cipher but it's only seekable to multiples of 64 bytes.
					// This moves data in slices around so that all slices have sizes that are
					// multiples of 64 except the last slice. Note that this does not corrupt
					// the assembled slice vector, just moves data around.
					if (pktv.size() > 1) {
						unsigned int prevOverflow,i;
						for (typename FCV<Buf::Slice,ZT_MAX_PACKET_FRAGMENTS>::iterator ps(pktv.begin()),s(ps + 1);s!=pktv.end();) {
							prevOverflow = (ps->e - ps->s) & 63U; // amount by which previous exceeds a multiple of 64
							for(i=0;i<prevOverflow;++i) {
								if (s->s >= s->e)
									goto next_slice;
								ps->b->unsafeData[ps->e++] = s->b->unsafeData[s->s++]; // move from head of current to end of previous
							}
							next_slice: ps = s++;
						}
					}

					// Simultaneously decrypt and assemble packet into a contiguous buffer.
					// Since we moved data around above all slices will have sizes that are
					// multiples of 64.
					Utils::copy<sizeof(Protocol::Header)>(pkt.b->unsafeData,ph);
					pkt.e = sizeof(Protocol::Header);
					for(FCV<Buf::Slice,ZT_MAX_PACKET_FRAGMENTS>::iterator s(pktv.begin());s!=pktv.end();++s) {
						const unsigned int sliceSize = s->e - s->s;
						s20.crypt12(s->b->unsafeData + s->s,pkt.b->unsafeData + pkt.e,sliceSize);
						pkt.e += sliceSize;
					}
					ph = &(pkt.b->as<Protocol::Header>());

					// Verify packet MAC.
					uint64_t mac[2];
					poly1305(mac,pkt.b->unsafeData + ZT_PROTO_PACKET_ENCRYPTED_SECTION_START,packetSize - ZT_PROTO_PACKET_ENCRYPTED_SECTION_START,macKey);
					if (ph->mac != mac[0]) {
						RR->t->incomingPacketDropped(tPtr,0xbc881231,ph->packetId,0,peer->identity(),path->address(),hops,Protocol::VERB_NOP,ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
						return;
					}
					authenticated = true;
				} else {
					RR->t->incomingPacketDropped(tPtr,0xb0b01999,ph->packetId,0,identityFromPeerPtr(peer),path->address(),hops,Protocol::VERB_NOP,ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
					return;
				}
				break;

			case ZT_PROTO_CIPHER_SUITE__NONE: {
				// CIPHER_SUITE__NONE is only used with trusted paths. Verification is performed by
				// checking the address and the presence of its corresponding trusted path ID in the
				// packet header's MAC field.

				pkt = Buf::assembleSliceVector(pktv);
				if (pkt.e < ZT_PROTO_MIN_PACKET_LENGTH)
					RR->t->incomingPacketDropped(tPtr,0x3d3337df,ph->packetId,0,identityFromPeerPtr(peer),path->address(),hops,Protocol::VERB_NOP,ZT_TRACE_PACKET_DROP_REASON_MALFORMED_PACKET);
				ph = &(pkt.b->as<Protocol::Header>());

				if (RR->topology->shouldInboundPathBeTrusted(path->address(),Utils::ntoh(ph->mac))) {
					authenticated = true;
				} else {
					RR->t->incomingPacketDropped(tPtr,0x2dfa910b,ph->packetId,0,identityFromPeerPtr(peer),path->address(),hops,Protocol::VERB_NOP,ZT_TRACE_PACKET_DROP_REASON_NOT_TRUSTED_PATH);
					return;
				}
			} break;

			//case ZT_PROTO_CIPHER_SUITE__AES_GCM_NRH:
			//	if (peer) {
			//	}
			//	break;

			default:
				RR->t->incomingPacketDropped(tPtr,0x5b001099,ph->packetId,0,identityFromPeerPtr(peer),path->address(),hops,Protocol::VERB_NOP,ZT_TRACE_PACKET_DROP_REASON_INVALID_OBJECT);
				return;
		}

		// Packet fully assembled, authenticated 'true' if already authenticated via MAC ----------------------------------

		// Return any still held buffers in pktv to the buffer pool.
		pktv.clear();

		const Protocol::Verb verb = (Protocol::Verb)(ph->verb & ZT_PROTO_VERB_MASK);

		// All verbs except HELLO require authentication before being handled. The HELLO
		// handler does its own authentication.
		if (((!authenticated)||(!peer))&&(verb != Protocol::VERB_HELLO)) {
			RR->t->incomingPacketDropped(tPtr,0x5b001099,ph->packetId,0,identityFromPeerPtr(peer),path->address(),hops,verb,ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
			return;
		}

		// Decompress packet payload if compressed. For additional safety decompression is
		// only performed on packets whose MACs have already been validated. (Only HELLO is
		// sent without this, and HELLO doesn't benefit from compression.)
		if ((ph->verb & ZT_PROTO_VERB_FLAG_COMPRESSED) != 0) {
			if (!authenticated) {
				RR->t->incomingPacketDropped(tPtr,0x390bcd0a,ph->packetId,0,identityFromPeerPtr(peer),path->address(),hops,verb,ZT_TRACE_PACKET_DROP_REASON_MALFORMED_PACKET);
				return;
			}

			SharedPtr<Buf> nb(new Buf());
			const int uncompressedLen = LZ4_decompress_safe(
				reinterpret_cast<const char *>(pkt.b->unsafeData + ZT_PROTO_PACKET_PAYLOAD_START),
				reinterpret_cast<char *>(nb->unsafeData),
				(int)(packetSize - ZT_PROTO_PACKET_PAYLOAD_START),
				ZT_BUF_MEM_SIZE - ZT_PROTO_PACKET_PAYLOAD_START);

			if ((uncompressedLen > 0)&&(uncompressedLen <= (ZT_BUF_MEM_SIZE - ZT_PROTO_PACKET_PAYLOAD_START))) {
				pkt.b.swap(nb);
				pkt.e = packetSize = (unsigned int)uncompressedLen;
			} else {
				RR->t->incomingPacketDropped(tPtr,0xee9e4392,ph->packetId,0,identityFromPeerPtr(peer),path->address(),hops,verb,ZT_TRACE_PACKET_DROP_REASON_INVALID_COMPRESSED_DATA);
				return;
			}
		}

		/*
		 * Important notes:
		 *
		 * All verbs except HELLO assume that authenticated is true and peer is non-NULL.
		 * This is checked above. HELLO will accept either case and always performs its
		 * own secondary validation. The path argument is never NULL.
		 *
		 * VL1 and VL2 are conceptually separate layers of the ZeroTier protocol. In the
		 * code they are almost entirely logically separate. To make the code easier to
		 * understand the handlers for VL2 data paths have been moved to a VL2 class.
		 */

		bool ok = true; // set to false if a packet turns out to be invalid
		Protocol::Verb inReVerb = Protocol::VERB_NOP; // set via result parameter to _ERROR and _OK
		switch(verb) {
			case Protocol::VERB_NOP:                        break;
			case Protocol::VERB_HELLO:                      ok = _HELLO(tPtr,path,peer,*pkt.b,(int)packetSize,authenticated); break;
			case Protocol::VERB_ERROR:                      ok = _ERROR(tPtr,path,peer,*pkt.b,(int)packetSize,inReVerb); break;
			case Protocol::VERB_OK:                         ok = _OK(tPtr,path,peer,*pkt.b,(int)packetSize,inReVerb); break;
			case Protocol::VERB_WHOIS:                      ok = _WHOIS(tPtr,path,peer,*pkt.b,(int)packetSize); break;
			case Protocol::VERB_RENDEZVOUS:                 ok = _RENDEZVOUS(tPtr,path,peer,*pkt.b,(int)packetSize); break;
			case Protocol::VERB_FRAME:                      ok = RR->vl2->_FRAME(tPtr,path,peer,*pkt.b,(int)packetSize); break;
			case Protocol::VERB_EXT_FRAME:                  ok = RR->vl2->_EXT_FRAME(tPtr,path,peer,*pkt.b,(int)packetSize); break;
			case Protocol::VERB_ECHO:                       ok = _ECHO(tPtr,path,peer,*pkt.b,(int)packetSize); break;
			case Protocol::VERB_MULTICAST_LIKE:             ok = RR->vl2->_MULTICAST_LIKE(tPtr,path,peer,*pkt.b,(int)packetSize); break;
			case Protocol::VERB_NETWORK_CREDENTIALS:        ok = RR->vl2->_NETWORK_CREDENTIALS(tPtr,path,peer,*pkt.b,(int)packetSize); break;
			case Protocol::VERB_NETWORK_CONFIG_REQUEST:     ok = RR->vl2->_NETWORK_CONFIG_REQUEST(tPtr,path,peer,*pkt.b,(int)packetSize); break;
			case Protocol::VERB_NETWORK_CONFIG:             ok = RR->vl2->_NETWORK_CONFIG(tPtr,path,peer,*pkt.b,(int)packetSize); break;
			case Protocol::VERB_MULTICAST_GATHER:           ok = RR->vl2->_MULTICAST_GATHER(tPtr,path,peer,*pkt.b,(int)packetSize); break;
			case Protocol::VERB_MULTICAST_FRAME_deprecated: ok = RR->vl2->_MULTICAST_FRAME_deprecated(tPtr,path,peer,*pkt.b,(int)packetSize); break;
			case Protocol::VERB_PUSH_DIRECT_PATHS:          ok = _PUSH_DIRECT_PATHS(tPtr,path,peer,*pkt.b,(int)packetSize); break;
			case Protocol::VERB_USER_MESSAGE:               ok = _USER_MESSAGE(tPtr,path,peer,*pkt.b,(int)packetSize); break;
			case Protocol::VERB_MULTICAST:                  ok = RR->vl2->_MULTICAST(tPtr,path,peer,*pkt.b,(int)packetSize); break;
			case Protocol::VERB_ENCAP:                      ok = _ENCAP(tPtr,path,peer,*pkt.b,(int)packetSize); break;
			default:
				RR->t->incomingPacketDropped(tPtr,0xeeeeeff0,ph->packetId,0,identityFromPeerPtr(peer),path->address(),hops,verb,ZT_TRACE_PACKET_DROP_REASON_UNRECOGNIZED_VERB);
				break;
		}
		if (ok)
			peer->received(tPtr,path,hops,ph->packetId,packetSize - ZT_PROTO_PACKET_PAYLOAD_START,verb,inReVerb);
	} catch ( ... ) {
		RR->t->unexpectedError(tPtr,0xea1b6dea,"unexpected exception in onRemotePacket() parsing packet from %s",Trace::str(path->address()).s);
	}
}

void VL1::_relay(void *tPtr,const SharedPtr<Path> &path,const Address &destination,SharedPtr<Buf> &data,unsigned int len)
{
	const uint8_t newHopCount = (data->lI8(ZT_PROTO_PACKET_FLAGS_INDEX) & 7U) + 1;
	if (newHopCount >= ZT_RELAY_MAX_HOPS)
		return;
	data->sI8(ZT_PROTO_PACKET_FLAGS_INDEX,(data->lI8(ZT_PROTO_PACKET_FLAGS_INDEX) & 0xf8U) | newHopCount);

	const SharedPtr<Peer> toPeer(RR->topology->peer(tPtr,destination,false));
	if (!toPeer)
		return;
	const uint64_t now = RR->node->now();
	const SharedPtr<Path> toPath(toPeer->path(now));
	if (!toPath)
		return;

	toPath->send(RR,tPtr,data->unsafeData,len,now);
}

void VL1::_sendPendingWhois(void *const tPtr,const int64_t now)
{
	SharedPtr<Peer> root(RR->topology->root());
	if (!root)
		return;
	SharedPtr<Path> rootPath(root->path(now));
	if (!rootPath)
		return;

	std::vector<Address> toSend;
	{
		Mutex::Lock wl(_whoisQueue_l);
		for(std::map<Address,_WhoisQueueItem>::iterator wi(_whoisQueue.begin());wi!=_whoisQueue.end();++wi) {
			if ((now - wi->second.lastRetry) >= ZT_WHOIS_RETRY_DELAY) {
				wi->second.lastRetry = now;
				++wi->second.retries;
				toSend.push_back(wi->first);
			}
		}
	}

	Buf outp;
	Protocol::Header &ph = outp.as<Protocol::Header>();

	std::vector<Address>::iterator a(toSend.begin());
	while (a != toSend.end()) {
		ph.packetId = Protocol::getPacketId();
		root->address().copyTo(ph.destination);
		RR->identity.address().copyTo(ph.source);
		ph.flags = 0;
		ph.verb = Protocol::VERB_OK;

		int outl = sizeof(Protocol::Header);
		while ((a != toSend.end())&&(outl < ZT_PROTO_MAX_PACKET_LENGTH)) {
			a->copyTo(outp.unsafeData + outl);
			++a;
			outl += ZT_ADDRESS_LENGTH;
		}

		if (outl > (int)sizeof(Protocol::Header)) {
			Protocol::armor(outp,outl,root->key(),root->cipher());
			RR->expect->sending(ph.packetId,now);
			rootPath->send(RR,tPtr,outp.unsafeData,outl,now);
		}
	}
}

bool VL1::_HELLO(void *tPtr,const SharedPtr<Path> &path,SharedPtr<Peer> &peer,Buf &pkt,int packetSize,const bool authenticated)
{
	if (packetSize < (int)sizeof(Protocol::HELLO)) {
		RR->t->incomingPacketDropped(tPtr,0x2bdb0001,0,0,identityFromPeerPtr(peer),path->address(),0,Protocol::VERB_HELLO,ZT_TRACE_PACKET_DROP_REASON_MALFORMED_PACKET);
		return false;
	}
	Protocol::HELLO &p = pkt.as<Protocol::HELLO>();
	const uint8_t hops = Protocol::packetHops(p.h);
	p.h.flags &= (uint8_t)~ZT_PROTO_FLAG_FIELD_HOPS_MASK; // mask off hops for MAC calculation
	int ptr = sizeof(Protocol::HELLO);

	if (p.versionProtocol < ZT_PROTO_VERSION_MIN) {
		RR->t->incomingPacketDropped(tPtr,0xe8d12bad,p.h.packetId,0,identityFromPeerPtr(peer),path->address(),hops,Protocol::VERB_HELLO,ZT_TRACE_PACKET_DROP_REASON_PEER_TOO_OLD);
		return false;
	}

	Identity id;
	if (pkt.rO(ptr,id) < 0) {
		RR->t->incomingPacketDropped(tPtr,0x707a9810,p.h.packetId,0,identityFromPeerPtr(peer),path->address(),hops,Protocol::VERB_HELLO,ZT_TRACE_PACKET_DROP_REASON_INVALID_OBJECT);
		return false;
	}
	if (Address(p.h.source) != id.address()) {
		RR->t->incomingPacketDropped(tPtr,0x06aa9ff1,p.h.packetId,0,Identity::NIL,path->address(),hops,Protocol::VERB_HELLO,ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
		return false;
	}

	// Packet is basically valid and identity unmarshaled successfully --------------------------------------------------

	uint8_t key[ZT_PEER_SECRET_KEY_LENGTH];
	if ((peer) && (id == peer->identity())) {
		Utils::copy<ZT_PEER_SECRET_KEY_LENGTH>(key,peer->key());
	} else {
		peer.zero();
		if (!RR->identity.agree(id,key)) {
			RR->t->incomingPacketDropped(tPtr,0x46db8010,p.h.packetId,0,id,path->address(),hops,Protocol::VERB_HELLO,ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
			return false;
		}
	}

	if ((!peer)||(!authenticated)) {
		uint8_t perPacketKey[ZT_PEER_SECRET_KEY_LENGTH];
		uint8_t macKey[ZT_POLY1305_KEY_SIZE];
		Protocol::salsa2012DeriveKey(peer->key(),perPacketKey,pkt,packetSize);
		Salsa20(perPacketKey,&p.h.packetId).crypt12(Utils::ZERO256,macKey,ZT_POLY1305_KEY_SIZE);
		uint64_t mac[2];
		poly1305(mac,pkt.unsafeData + ZT_PROTO_PACKET_ENCRYPTED_SECTION_START,packetSize - ZT_PROTO_PACKET_ENCRYPTED_SECTION_START,macKey);
		if (p.h.mac != mac[0]) {
			RR->t->incomingPacketDropped(tPtr,0x11bfff81,p.h.packetId,0,id,path->address(),hops,Protocol::VERB_NOP,ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
			return false;
		}
	}

	// Packet has passed Poly1305 MAC authentication --------------------------------------------------------------------

	uint8_t hmacKey[ZT_PEER_SECRET_KEY_LENGTH],hmac[ZT_HMACSHA384_LEN];
	if (peer->remoteVersionProtocol() >= 11) {
		if (packetSize <= ZT_HMACSHA384_LEN) { // sanity check, should be impossible
			RR->t->incomingPacketDropped(tPtr,0x1000662a,p.h.packetId,0,id,path->address(),hops,Protocol::VERB_NOP,ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
			return false;
		}
		packetSize -= ZT_HMACSHA384_LEN;
		KBKDFHMACSHA384(key,ZT_PROTO_KDF_KEY_LABEL_HELLO_HMAC,0,0,hmacKey); // iter == 0 for HELLO, 1 for OK(HELLO)
		HMACSHA384(hmacKey,pkt.unsafeData,packetSize,hmac);
		if (!Utils::secureEq(pkt.unsafeData + packetSize,hmac,ZT_HMACSHA384_LEN)) {
			RR->t->incomingPacketDropped(tPtr,0x1000662a,p.h.packetId,0,id,path->address(),hops,Protocol::VERB_NOP,ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
			return false;
		}
	}

	// Packet has passed HMAC-SHA384 (if present) -----------------------------------------------------------------------

	InetAddress externalSurfaceAddress;
	Dictionary nodeMetaData;

	// Get external surface address if present.
	if (ptr < packetSize) {
		if (pkt.rO(ptr,externalSurfaceAddress) < 0) {
			RR->t->incomingPacketDropped(tPtr,0x10001003,p.h.packetId,0,id,path->address(),hops,Protocol::VERB_HELLO,ZT_TRACE_PACKET_DROP_REASON_INVALID_OBJECT);
			return false;
		}
	}

	if ((ptr < packetSize)&&(peer->remoteVersionProtocol() >= 11)) {
		// Everything after this point is encrypted with Salsa20/12. This is only a privacy measure
		// since there's nothing truly secret in a HELLO packet. It also means that an observer
		// can't even get ephemeral public keys without first knowing the long term secret key,
		// adding a little defense in depth.
		uint8_t iv[8];
		for (int i = 0; i < 8; ++i) iv[i] = pkt.unsafeData[i];
		iv[7] &= 0xf8U; // this exists for pure legacy reasons, meh...
		Salsa20 s20(key,iv);
		s20.crypt12(pkt.unsafeData + ptr,pkt.unsafeData + ptr,packetSize - ptr);

		ptr += pkt.rI16(ptr); // skip length field which currently is always zero in v2.0+

		if (ptr < packetSize) {
			const unsigned int dictionarySize = pkt.rI16(ptr);
			const void *const dictionaryBytes = pkt.rBnc(ptr,dictionarySize);
			if (Buf::readOverflow(ptr,packetSize)) {
				RR->t->incomingPacketDropped(tPtr,0x0d0f0112,p.h.packetId,0,id,path->address(),hops,Protocol::VERB_HELLO,ZT_TRACE_PACKET_DROP_REASON_MALFORMED_PACKET);
				return false;
			}
			if (dictionarySize) {
				if (!nodeMetaData.decode(dictionaryBytes,dictionarySize)) {
					RR->t->incomingPacketDropped(tPtr,0x67192344,p.h.packetId,0,id,path->address(),hops,Protocol::VERB_HELLO,ZT_TRACE_PACKET_DROP_REASON_INVALID_OBJECT);
					return false;
				}
			}

			ptr += pkt.rI16(ptr); // skip any additional fields, currently always 0
		}
	}

	if (Buf::readOverflow(ptr,packetSize)) { // sanity check, should be impossible
		RR->t->incomingPacketDropped(tPtr,0x50003470,0,p.h.packetId,id,path->address(),0,Protocol::VERB_HELLO,ZT_TRACE_PACKET_DROP_REASON_MALFORMED_PACKET);
		return false;
	}

	// Packet is fully decoded and has passed all tests -----------------------------------------------------------------

	const int64_t now = RR->node->now();

	if (!peer) {
		if (!id.locallyValidate()) {
			RR->t->incomingPacketDropped(tPtr,0x2ff7a909,p.h.packetId,0,id,path->address(),hops,Protocol::VERB_HELLO,ZT_TRACE_PACKET_DROP_REASON_INVALID_OBJECT);
			return false;
		}
		peer.set(new Peer(RR));
		if (!peer)
			return false;
		peer->init(id);
		peer = RR->topology->add(tPtr,peer);
	}

	// All validation steps complete, peer learned if not yet known -----------------------------------------------------

	if ((hops == 0) && (externalSurfaceAddress))
		RR->sa->iam(tPtr,id,path->localSocket(),path->address(),externalSurfaceAddress,RR->topology->isRoot(id),now);

	peer->setRemoteVersion(p.versionProtocol,p.versionMajor,p.versionMinor,Utils::ntoh(p.versionRev));

	// Compose and send OK(HELLO) ---------------------------------------------------------------------------------------

	std::vector<uint8_t> myNodeMetaDataBin;
	{
		Dictionary myNodeMetaData;
		myNodeMetaData.encode(myNodeMetaDataBin);
	}
	if (myNodeMetaDataBin.size() > ZT_PROTO_MAX_PACKET_LENGTH) {
		RR->t->unexpectedError(tPtr,0xbc8861e0,"node meta-data dictionary exceeds maximum packet length while composing OK(HELLO) to %s",Trace::str(id.address(),path).s);
		return false;
	}

	Buf outp;
	Protocol::OK::HELLO &ok = outp.as<Protocol::OK::HELLO>();

	ok.h.h.packetId = Protocol::getPacketId();
	id.address().copyTo(ok.h.h.destination);
	RR->identity.address().copyTo(ok.h.h.source);
	ok.h.h.flags = 0;
	ok.h.h.verb = Protocol::VERB_OK;

	ok.h.inReVerb = Protocol::VERB_HELLO;
	ok.h.inRePacketId = p.h.packetId;

	ok.timestampEcho = p.timestamp;
	ok.versionProtocol = ZT_PROTO_VERSION;
	ok.versionMajor = ZEROTIER_VERSION_MAJOR;
	ok.versionMinor = ZEROTIER_VERSION_MINOR;
	ok.versionRev = ZT_CONST_TO_BE_UINT16(ZEROTIER_VERSION_REVISION);

	int outl = sizeof(Protocol::OK::HELLO);
	outp.wO(outl,path->address());

	outp.wI16(outl,0); // legacy field, always 0

	if (p.versionProtocol >= 11) {
		outp.wI16(outl,(uint16_t)myNodeMetaDataBin.size());
		outp.wB(outl,myNodeMetaDataBin.data(),(unsigned int)myNodeMetaDataBin.size());
		outp.wI16(outl,0); // length of additional fields, currently 0

		if ((outl + ZT_HMACSHA384_LEN) > ZT_PROTO_MAX_PACKET_LENGTH) // sanity check, shouldn't be possible
			return false;

		KBKDFHMACSHA384(key,ZT_PROTO_KDF_KEY_LABEL_HELLO_HMAC,0,1,hmacKey); // iter == 1 for OK
		HMACSHA384(hmacKey,outp.unsafeData + sizeof(ok.h),outl - sizeof(ok.h),outp.unsafeData + outl);
		outl += ZT_HMACSHA384_LEN;
	}

	Protocol::armor(outp,outl,peer->key(),peer->cipher());
	path->send(RR,tPtr,outp.unsafeData,outl,now);

	return true;
}

bool VL1::_ERROR(void *tPtr,const SharedPtr<Path> &path,const SharedPtr<Peer> &peer,Buf &pkt,int packetSize,Protocol::Verb &inReVerb)
{
	if (packetSize < (int)sizeof(Protocol::ERROR::Header)) {
		RR->t->incomingPacketDropped(tPtr,0x3beb1947,0,0,identityFromPeerPtr(peer),path->address(),0,Protocol::VERB_ERROR,ZT_TRACE_PACKET_DROP_REASON_MALFORMED_PACKET);
		return false;
	}
	Protocol::ERROR::Header &eh = pkt.as<Protocol::ERROR::Header>();
	inReVerb = (Protocol::Verb)eh.inReVerb;

	const int64_t now = RR->node->now();
	if (!RR->expect->expecting(eh.inRePacketId,now)) {
		RR->t->incomingPacketDropped(tPtr,0x4c1f1ff7,0,0,identityFromPeerPtr(peer),path->address(),0,Protocol::VERB_OK,ZT_TRACE_PACKET_DROP_REASON_REPLY_NOT_EXPECTED);
		return false;
	}

	switch(eh.error) {

		//case Protocol::ERROR_INVALID_REQUEST:
		//case Protocol::ERROR_BAD_PROTOCOL_VERSION:
		//case Protocol::ERROR_CANNOT_DELIVER:
		default:
			break;

		case Protocol::ERROR_OBJ_NOT_FOUND:
			if (eh.inReVerb == Protocol::VERB_NETWORK_CONFIG_REQUEST) {
			}
			break;

		case Protocol::ERROR_UNSUPPORTED_OPERATION:
			if (eh.inReVerb == Protocol::VERB_NETWORK_CONFIG_REQUEST) {
			}
			break;

		case Protocol::ERROR_NEED_MEMBERSHIP_CERTIFICATE:
			break;

		case Protocol::ERROR_NETWORK_ACCESS_DENIED_:
			if (eh.inReVerb == Protocol::VERB_NETWORK_CONFIG_REQUEST) {
			}
			break;

	}
	return true;
}

bool VL1::_OK(void *tPtr,const SharedPtr<Path> &path,const SharedPtr<Peer> &peer,Buf &pkt,int packetSize,Protocol::Verb &inReVerb)
{
	if (packetSize < (int)sizeof(Protocol::OK::Header)) {
		RR->t->incomingPacketDropped(tPtr,0x4c1f1ff7,0,0,identityFromPeerPtr(peer),path->address(),0,Protocol::VERB_OK,ZT_TRACE_PACKET_DROP_REASON_MALFORMED_PACKET);
		return false;
	}
	Protocol::OK::Header &oh = pkt.as<Protocol::OK::Header>();
	inReVerb = (Protocol::Verb)oh.inReVerb;

	const int64_t now = RR->node->now();
	if (!RR->expect->expecting(oh.inRePacketId,now)) {
		RR->t->incomingPacketDropped(tPtr,0x4c1f1ff7,0,0,identityFromPeerPtr(peer),path->address(),0,Protocol::VERB_OK,ZT_TRACE_PACKET_DROP_REASON_REPLY_NOT_EXPECTED);
		return false;
	}

	switch(oh.inReVerb) {

		case Protocol::VERB_HELLO:
			break;

		case Protocol::VERB_WHOIS:
			break;

		case Protocol::VERB_NETWORK_CONFIG_REQUEST:
			break;

		case Protocol::VERB_MULTICAST_GATHER:
			break;

	}
	return true;
}

bool VL1::_WHOIS(void *tPtr,const SharedPtr<Path> &path,const SharedPtr<Peer> &peer,Buf &pkt,int packetSize)
{
	if (packetSize < (int)sizeof(Protocol::OK::Header)) {
		RR->t->incomingPacketDropped(tPtr,0x4c1f1ff7,0,0,identityFromPeerPtr(peer),path->address(),0,Protocol::VERB_OK,ZT_TRACE_PACKET_DROP_REASON_MALFORMED_PACKET);
		return false;
	}
	Protocol::Header &ph = pkt.as<Protocol::Header>();

	if (!peer->rateGateInboundWhoisRequest(RR->node->now())) {
		RR->t->incomingPacketDropped(tPtr,0x19f7194a,ph.packetId,0,peer->identity(),path->address(),Protocol::packetHops(ph),Protocol::VERB_WHOIS,ZT_TRACE_PACKET_DROP_REASON_RATE_LIMIT_EXCEEDED);
		return true;
	}

	Buf outp;
	Protocol::OK::WHOIS &outh = outp.as<Protocol::OK::WHOIS>();
	int ptr = sizeof(Protocol::Header);
	while ((ptr + ZT_ADDRESS_LENGTH) <= packetSize) {
		outh.h.h.packetId = Protocol::getPacketId();
		peer->address().copyTo(outh.h.h.destination);
		RR->identity.address().copyTo(outh.h.h.source);
		outh.h.h.flags = 0;
		outh.h.h.verb = Protocol::VERB_OK;

		outh.h.inReVerb = Protocol::VERB_WHOIS;
		outh.h.inRePacketId = ph.packetId;

		int outl = sizeof(Protocol::OK::WHOIS);
		while ( ((ptr + ZT_ADDRESS_LENGTH) <= packetSize) && ((outl + ZT_IDENTITY_MARSHAL_SIZE_MAX + ZT_LOCATOR_MARSHAL_SIZE_MAX) < ZT_PROTO_MAX_PACKET_LENGTH) ) {
			const SharedPtr<Peer> &wp(RR->topology->peer(tPtr,Address(pkt.unsafeData + ptr)));
			if (wp) {
				outp.wO(outl,wp->identity());
				if (peer->remoteVersionProtocol() >= 11) { // older versions don't know what a locator is
					const Locator loc(wp->locator());
					outp.wO(outl,loc);
				}
				if (Buf::writeOverflow(outl)) { // sanity check, shouldn't be possible
					RR->t->unexpectedError(tPtr,0xabc0f183,"Buf write overflow building OK(WHOIS) to reply to %s",Trace::str(peer->address(),path).s);
					return false;
				}
			}
			ptr += ZT_ADDRESS_LENGTH;
		}

		if (outl > (int)sizeof(Protocol::OK::WHOIS)) {
			Protocol::armor(outp,outl,peer->key(),peer->cipher());
			path->send(RR,tPtr,outp.unsafeData,outl,RR->node->now());
		}
	}

	return true;
}

bool VL1::_RENDEZVOUS(void *tPtr,const SharedPtr<Path> &path,const SharedPtr<Peer> &peer,Buf &pkt,int packetSize)
{
	if (RR->topology->isRoot(peer->identity())) {
		if (packetSize < (int)sizeof(Protocol::RENDEZVOUS)) {
			RR->t->incomingPacketDropped(tPtr,0x43e90ab3,Protocol::packetId(pkt,packetSize),0,peer->identity(),path->address(),Protocol::packetHops(pkt,packetSize),Protocol::VERB_RENDEZVOUS,ZT_TRACE_PACKET_DROP_REASON_MALFORMED_PACKET);
			return false;
		}
		Protocol::RENDEZVOUS &rdv = pkt.as<Protocol::RENDEZVOUS>();

		const SharedPtr<Peer> with(RR->topology->peer(tPtr,Address(rdv.peerAddress)));
		if (with) {
			const int64_t now = RR->node->now();
			const unsigned int port = Utils::ntoh(rdv.port);
			if (port != 0) {
				switch(rdv.addressLength) {
					case 4:
					case 16:
						if ((int)(sizeof(Protocol::RENDEZVOUS) + rdv.addressLength) <= packetSize) {
							const InetAddress atAddr(pkt.unsafeData + sizeof(Protocol::RENDEZVOUS),rdv.addressLength,port);
							peer->contact(tPtr,Endpoint(atAddr),now,false);
							RR->t->tryingNewPath(tPtr,0x55a19aaa,with->identity(),atAddr,path->address(),Protocol::packetId(pkt,packetSize),Protocol::VERB_RENDEZVOUS,peer->identity(),ZT_TRACE_TRYING_NEW_PATH_REASON_RENDEZVOUS);
						}
						break;
					case 255: {
						Endpoint ep;
						int p = sizeof(Protocol::RENDEZVOUS);
						int epl = pkt.rO(p,ep);
						if ((epl > 0) && (ep) && (!Buf::readOverflow(p,packetSize))) {
							switch (ep.type()) {
								case Endpoint::TYPE_INETADDR_V4:
								case Endpoint::TYPE_INETADDR_V6:
									peer->contact(tPtr,ep,now,false);
									RR->t->tryingNewPath(tPtr,0x55a19aab,with->identity(),ep.inetAddr(),path->address(),Protocol::packetId(pkt,packetSize),Protocol::VERB_RENDEZVOUS,peer->identity(),ZT_TRACE_TRYING_NEW_PATH_REASON_RENDEZVOUS);
									break;
								default:
									break;
							}
						}
					} break;
				}
			}
		}
	}
	return true;
}

bool VL1::_ECHO(void *tPtr,const SharedPtr<Path> &path,const SharedPtr<Peer> &peer,Buf &pkt,int packetSize)
{
	const uint64_t packetId = Protocol::packetId(pkt,packetSize);
	const uint64_t now = RR->node->now();
	if (packetSize < (int)sizeof(Protocol::Header)) {
		RR->t->incomingPacketDropped(tPtr,0x14d70bb0,packetId,0,peer->identity(),path->address(),Protocol::packetHops(pkt,packetSize),Protocol::VERB_ECHO,ZT_TRACE_PACKET_DROP_REASON_MALFORMED_PACKET);
		return false;
	}

	if (peer->rateGateEchoRequest(now)) {
		Buf outp;
		Protocol::OK::ECHO &outh = outp.as<Protocol::OK::ECHO>();
		outh.h.h.packetId = Protocol::getPacketId();
		peer->address().copyTo(outh.h.h.destination);
		RR->identity.address().copyTo(outh.h.h.source);
		outh.h.h.flags = 0;
		outh.h.h.verb = Protocol::VERB_OK;
		outh.h.inReVerb = Protocol::VERB_ECHO;
		outh.h.inRePacketId = packetId;
		int outl = sizeof(Protocol::OK::ECHO);
		outp.wB(outl,pkt.unsafeData + sizeof(Protocol::Header),packetSize - sizeof(Protocol::Header));

		if (Buf::writeOverflow(outl)) {
			RR->t->incomingPacketDropped(tPtr,0x14d70bb0,packetId,0,peer->identity(),path->address(),Protocol::packetHops(pkt,packetSize),Protocol::VERB_ECHO,ZT_TRACE_PACKET_DROP_REASON_MALFORMED_PACKET);
			return false;
		}

		Protocol::armor(outp,outl,peer->key(),peer->cipher());
		path->send(RR,tPtr,outp.unsafeData,outl,now);
	} else {
		RR->t->incomingPacketDropped(tPtr,0x27878bc1,packetId,0,peer->identity(),path->address(),Protocol::packetHops(pkt,packetSize),Protocol::VERB_ECHO,ZT_TRACE_PACKET_DROP_REASON_RATE_LIMIT_EXCEEDED);
	}

	return true;
}

bool VL1::_PUSH_DIRECT_PATHS(void *tPtr,const SharedPtr<Path> &path,const SharedPtr<Peer> &peer,Buf &pkt,int packetSize)
{
	if (packetSize < (int)sizeof(Protocol::PUSH_DIRECT_PATHS)) {
		RR->t->incomingPacketDropped(tPtr,0x1bb1bbb1,Protocol::packetId(pkt,packetSize),0,peer->identity(),path->address(),Protocol::packetHops(pkt,packetSize),Protocol::VERB_PUSH_DIRECT_PATHS,ZT_TRACE_PACKET_DROP_REASON_MALFORMED_PACKET);
		return false;
	}
	Protocol::PUSH_DIRECT_PATHS &pdp = pkt.as<Protocol::PUSH_DIRECT_PATHS>();

	const uint64_t now = RR->node->now();
	if (!peer->rateGateInboundPushDirectPaths(now)) {
		RR->t->incomingPacketDropped(tPtr,0x35b1aaaa,pdp.h.packetId,0,peer->identity(),path->address(),Protocol::packetHops(pdp.h),Protocol::VERB_PUSH_DIRECT_PATHS,ZT_TRACE_PACKET_DROP_REASON_RATE_LIMIT_EXCEEDED);
		return true;
	}

	int ptr = sizeof(Protocol::PUSH_DIRECT_PATHS);
	const unsigned int numPaths = Utils::ntoh(pdp.numPaths);
	InetAddress a;
	Endpoint ep;
	for(unsigned int pi=0;pi<numPaths;++pi) {
		/*const uint8_t flags = pkt.rI8(ptr);*/ ++ptr; // flags are not presently used

		const int xas = (int)pkt.rI16(ptr);
		//const uint8_t *const extendedAttrs = pkt.rBnc(ptr,xas);
		ptr += xas;

		const unsigned int addrType = pkt.rI8(ptr);
		const unsigned int addrRecordLen = pkt.rI8(ptr);
		if (addrRecordLen == 0) {
			RR->t->incomingPacketDropped(tPtr,0xaed00118,pdp.h.packetId,0,peer->identity(),path->address(),Protocol::packetHops(pdp.h),Protocol::VERB_PUSH_DIRECT_PATHS,ZT_TRACE_PACKET_DROP_REASON_MALFORMED_PACKET);
			return false;
		}
		if (Buf::readOverflow(ptr,packetSize)) {
			RR->t->incomingPacketDropped(tPtr,0xb450e10f,pdp.h.packetId,0,peer->identity(),path->address(),Protocol::packetHops(pdp.h),Protocol::VERB_PUSH_DIRECT_PATHS,ZT_TRACE_PACKET_DROP_REASON_MALFORMED_PACKET);
			return false;
		}

		const void *addrBytes = nullptr;
		unsigned int addrLen = 0;
		unsigned int addrPort = 0;
		switch(addrType) {
			case 0:
				addrBytes = pkt.rBnc(ptr,addrRecordLen);
				addrLen = addrRecordLen;
				break;
			case 4:
				addrBytes = pkt.rBnc(ptr,4);
				addrLen = 4;
				addrPort = pkt.rI16(ptr);
				break;
			case 6:
				addrBytes = pkt.rBnc(ptr,16);
				addrLen = 16;
				addrPort = pkt.rI16(ptr);
				break;
			//case 200:
				// TODO: this would be a WebRTC SDP offer contained in the extended attrs field
				//break;
			default: break;
		}

		if (Buf::readOverflow(ptr,packetSize)) {
			RR->t->incomingPacketDropped(tPtr,0xb4d0f10f,pdp.h.packetId,0,peer->identity(),path->address(),Protocol::packetHops(pdp.h),Protocol::VERB_PUSH_DIRECT_PATHS,ZT_TRACE_PACKET_DROP_REASON_MALFORMED_PACKET);
			return false;
		}

		if (addrPort) {
			a.set(addrBytes,addrLen,addrPort);
		} else if (addrLen) {
			if (ep.unmarshal(reinterpret_cast<const uint8_t *>(addrBytes),(int)addrLen) <= 0) {
				RR->t->incomingPacketDropped(tPtr,0x00e0f00d,pdp.h.packetId,0,peer->identity(),path->address(),Protocol::packetHops(pdp.h),Protocol::VERB_PUSH_DIRECT_PATHS,ZT_TRACE_PACKET_DROP_REASON_MALFORMED_PACKET);
				return false;
			}

			switch(ep.type()) {
				case Endpoint::TYPE_INETADDR_V4:
				case Endpoint::TYPE_INETADDR_V6:
					a = ep.inetAddr();
					break;
				default: // other types are not supported yet
					break;
			}
		}

		if (a) {
			RR->t->tryingNewPath(tPtr,0xa5ab1a43,peer->identity(),a,path->address(),Protocol::packetId(pkt,packetSize),Protocol::VERB_RENDEZVOUS,peer->identity(),ZT_TRACE_TRYING_NEW_PATH_REASON_RECEIVED_PUSH_DIRECT_PATHS);
		}

		ptr += (int)addrRecordLen;
	}

	return true;
}

bool VL1::_USER_MESSAGE(void *tPtr,const SharedPtr<Path> &path,const SharedPtr<Peer> &peer,Buf &pkt,int packetSize)
{
	// TODO
	return true;
}

bool VL1::_ENCAP(void *tPtr,const SharedPtr<Path> &path,const SharedPtr<Peer> &peer,Buf &pkt,int packetSize)
{
	// TODO: not implemented yet
	return true;
}

} // namespace ZeroTier