PacketDecoder.cpp 23 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515
  1. /*
  2. * ZeroTier One - Global Peer to Peer Ethernet
  3. * Copyright (C) 2012-2013 ZeroTier Networks LLC
  4. *
  5. * This program is free software: you can redistribute it and/or modify
  6. * it under the terms of the GNU General Public License as published by
  7. * the Free Software Foundation, either version 3 of the License, or
  8. * (at your option) any later version.
  9. *
  10. * This program is distributed in the hope that it will be useful,
  11. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. * GNU General Public License for more details.
  14. *
  15. * You should have received a copy of the GNU General Public License
  16. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  17. *
  18. * --
  19. *
  20. * ZeroTier may be used and distributed under the terms of the GPLv3, which
  21. * are available at: http://www.gnu.org/licenses/gpl-3.0.html
  22. *
  23. * If you would like to embed ZeroTier into a commercial application or
  24. * redistribute it in a modified binary form, please contact ZeroTier Networks
  25. * LLC. Start here: http://www.zerotier.com/
  26. */
  27. #include "RuntimeEnvironment.hpp"
  28. #include "Topology.hpp"
  29. #include "PacketDecoder.hpp"
  30. #include "Switch.hpp"
  31. #include "Peer.hpp"
  32. #include "NodeConfig.hpp"
  33. #include "Filter.hpp"
  34. namespace ZeroTier {
  35. bool PacketDecoder::tryDecode(const RuntimeEnvironment *_r)
  36. throw(std::out_of_range,std::runtime_error)
  37. {
  38. if ((!encrypted())&&(verb() == Packet::VERB_HELLO)) {
  39. // Unencrypted HELLOs are handled here since they are used to
  40. // populate our identity cache in the first place. Thus we might get
  41. // a HELLO for someone for whom we don't have a Peer record.
  42. TRACE("HELLO from %s(%s)",source().toString().c_str(),_remoteAddress.toString().c_str());
  43. return _doHELLO(_r);
  44. }
  45. SharedPtr<Peer> peer = _r->topology->getPeer(source());
  46. if (peer) {
  47. if (_step == DECODE_STEP_WAITING_FOR_ORIGINAL_SUBMITTER_LOOKUP) {
  48. // This means we've already decoded, decrypted, decompressed, and
  49. // validated, and we're processing a MULTICAST_FRAME. We're waiting
  50. // for a lookup on the frame's original submitter. So try again and
  51. // see if we have it.
  52. return _doMULTICAST_FRAME(_r,peer);
  53. }
  54. if (!hmacVerify(peer->macKey())) {
  55. TRACE("dropped packet from %s(%s), HMAC authentication failed (size: %u)",source().toString().c_str(),_remoteAddress.toString().c_str(),size());
  56. return true;
  57. }
  58. if (encrypted()) {
  59. decrypt(peer->cryptKey());
  60. } else {
  61. // Unencrypted is tolerated in case we want to run this on
  62. // devices where squeezing out cycles matters. HMAC is
  63. // what's really important. But log it in debug to catch any
  64. // packets being mistakenly sent in the clear.
  65. TRACE("ODD: %s from %s(%s) wasn't encrypted",Packet::verbString(verb()),source().toString().c_str(),_remoteAddress.toString().c_str());
  66. }
  67. if (!uncompress()) {
  68. TRACE("dropped packet from %s(%s), compressed data invalid",source().toString().c_str(),_remoteAddress.toString().c_str());
  69. return true;
  70. }
  71. Packet::Verb v = verb();
  72. // Validated packets that have passed HMAC can result in us learning a new
  73. // path to this peer.
  74. peer->onReceive(_r,_localPort,_remoteAddress,hops(),v,Utils::now());
  75. switch(v) {
  76. case Packet::VERB_NOP:
  77. TRACE("NOP from %s(%s)",source().toString().c_str(),_remoteAddress.toString().c_str());
  78. return true;
  79. case Packet::VERB_HELLO:
  80. return _doHELLO(_r);
  81. case Packet::VERB_ERROR:
  82. return _doERROR(_r,peer);
  83. case Packet::VERB_OK:
  84. return _doOK(_r,peer);
  85. case Packet::VERB_WHOIS:
  86. return _doWHOIS(_r,peer);
  87. case Packet::VERB_RENDEZVOUS:
  88. return _doRENDEZVOUS(_r,peer);
  89. case Packet::VERB_FRAME:
  90. return _doFRAME(_r,peer);
  91. case Packet::VERB_MULTICAST_LIKE:
  92. return _doMULTICAST_LIKE(_r,peer);
  93. case Packet::VERB_MULTICAST_FRAME:
  94. return _doMULTICAST_FRAME(_r,peer);
  95. default:
  96. // This might be something from a new or old version of the protocol.
  97. // Technically it passed HMAC so the packet is still valid, but we
  98. // ignore it.
  99. TRACE("ignored unrecognized verb %.2x from %s(%s)",(unsigned int)v,source().toString().c_str(),_remoteAddress.toString().c_str());
  100. return true;
  101. }
  102. } else {
  103. _step = DECODE_STEP_WAITING_FOR_SENDER_LOOKUP;
  104. _r->sw->requestWhois(source());
  105. return false;
  106. }
  107. }
  108. void PacketDecoder::_CBaddPeerFromHello(void *arg,const SharedPtr<Peer> &p,Topology::PeerVerifyResult result)
  109. {
  110. _CBaddPeerFromHello_Data *req = (_CBaddPeerFromHello_Data *)arg;
  111. const RuntimeEnvironment *_r = req->renv;
  112. switch(result) {
  113. case Topology::PEER_VERIFY_ACCEPTED_NEW:
  114. case Topology::PEER_VERIFY_ACCEPTED_ALREADY_HAVE:
  115. case Topology::PEER_VERIFY_ACCEPTED_DISPLACED_INVALID_ADDRESS: {
  116. _r->sw->doAnythingWaitingForPeer(p);
  117. Packet outp(req->source,_r->identity.address(),Packet::VERB_OK);
  118. outp.append((unsigned char)Packet::VERB_HELLO);
  119. outp.append(req->helloPacketId);
  120. outp.append(req->helloTimestamp);
  121. outp.encrypt(p->cryptKey());
  122. outp.hmacSet(p->macKey());
  123. _r->demarc->send(req->localPort,req->remoteAddress,outp.data(),outp.size(),-1);
  124. } break;
  125. case Topology::PEER_VERIFY_REJECTED_INVALID_IDENTITY: {
  126. Packet outp(req->source,_r->identity.address(),Packet::VERB_ERROR);
  127. outp.append((unsigned char)Packet::VERB_HELLO);
  128. outp.append(req->helloPacketId);
  129. outp.append((unsigned char)Packet::ERROR_IDENTITY_INVALID);
  130. outp.encrypt(p->cryptKey());
  131. outp.hmacSet(p->macKey());
  132. _r->demarc->send(req->localPort,req->remoteAddress,outp.data(),outp.size(),-1);
  133. } break;
  134. case Topology::PEER_VERIFY_REJECTED_DUPLICATE:
  135. case Topology::PEER_VERIFY_REJECTED_DUPLICATE_TRIAGED: {
  136. Packet outp(req->source,_r->identity.address(),Packet::VERB_ERROR);
  137. outp.append((unsigned char)Packet::VERB_HELLO);
  138. outp.append(req->helloPacketId);
  139. outp.append((unsigned char)Packet::ERROR_IDENTITY_COLLISION);
  140. outp.encrypt(p->cryptKey());
  141. outp.hmacSet(p->macKey());
  142. _r->demarc->send(req->localPort,req->remoteAddress,outp.data(),outp.size(),-1);
  143. } break;
  144. }
  145. delete req;
  146. }
  147. void PacketDecoder::_CBaddPeerFromWhois(void *arg,const SharedPtr<Peer> &p,Topology::PeerVerifyResult result)
  148. {
  149. switch(result) {
  150. case Topology::PEER_VERIFY_ACCEPTED_NEW:
  151. case Topology::PEER_VERIFY_ACCEPTED_ALREADY_HAVE:
  152. case Topology::PEER_VERIFY_ACCEPTED_DISPLACED_INVALID_ADDRESS:
  153. ((const RuntimeEnvironment *)arg)->sw->doAnythingWaitingForPeer(p);
  154. break;
  155. default:
  156. break;
  157. }
  158. }
  159. bool PacketDecoder::_doERROR(const RuntimeEnvironment *_r,const SharedPtr<Peer> &peer)
  160. {
  161. try {
  162. #ifdef ZT_TRACE
  163. Packet::Verb inReVerb = (Packet::Verb)(*this)[ZT_PROTO_VERB_ERROR_IDX_IN_RE_VERB];
  164. Packet::ErrorCode errorCode = (Packet::ErrorCode)(*this)[ZT_PROTO_VERB_ERROR_IDX_ERROR_CODE];
  165. TRACE("ERROR %s from %s(%s) in-re %s",Packet::errorString(errorCode),source().toString().c_str(),_remoteAddress.toString().c_str(),Packet::verbString(inReVerb));
  166. #endif
  167. // TODO (sorta):
  168. // The fact is that the protocol works fine without error handling.
  169. // The only error that really needs to be handled here is duplicate
  170. // identity collision, which if it comes from a supernode should cause
  171. // us to restart and regenerate a new identity.
  172. } catch (std::exception &ex) {
  173. TRACE("dropped ERROR from %s(%s): unexpected exception: %s",source().toString().c_str(),_remoteAddress.toString().c_str(),ex.what());
  174. } catch ( ... ) {
  175. TRACE("dropped ERROR from %s(%s): unexpected exception: (unknown)",source().toString().c_str(),_remoteAddress.toString().c_str());
  176. }
  177. return true;
  178. }
  179. bool PacketDecoder::_doHELLO(const RuntimeEnvironment *_r)
  180. {
  181. try {
  182. //unsigned int protoVersion = (*this)[ZT_PROTO_VERB_HELLO_IDX_PROTOCOL_VERSION];
  183. unsigned int vMajor = (*this)[ZT_PROTO_VERB_HELLO_IDX_MAJOR_VERSION];
  184. unsigned int vMinor = (*this)[ZT_PROTO_VERB_HELLO_IDX_MINOR_VERSION];
  185. unsigned int vRevision = at<uint16_t>(ZT_PROTO_VERB_HELLO_IDX_REVISION);
  186. uint64_t timestamp = at<uint64_t>(ZT_PROTO_VERB_HELLO_IDX_TIMESTAMP);
  187. Identity id(*this,ZT_PROTO_VERB_HELLO_IDX_IDENTITY);
  188. SharedPtr<Peer> candidate(new Peer(_r->identity,id));
  189. candidate->setPathAddress(_remoteAddress,false);
  190. // Initial sniff test
  191. if (id.address().isReserved()) {
  192. TRACE("rejected HELLO from %s(%s): identity has reserved address",source().toString().c_str(),_remoteAddress.toString().c_str());
  193. Packet outp(source(),_r->identity.address(),Packet::VERB_ERROR);
  194. outp.append((unsigned char)Packet::VERB_HELLO);
  195. outp.append(packetId());
  196. outp.append((unsigned char)Packet::ERROR_IDENTITY_INVALID);
  197. outp.encrypt(candidate->cryptKey());
  198. outp.hmacSet(candidate->macKey());
  199. _r->demarc->send(_localPort,_remoteAddress,outp.data(),outp.size(),-1);
  200. return true;
  201. }
  202. if (id.address() != source()) {
  203. TRACE("rejected HELLO from %s(%s): identity is not for sender of packet (HELLO is a self-announcement)",source().toString().c_str(),_remoteAddress.toString().c_str());
  204. Packet outp(source(),_r->identity.address(),Packet::VERB_ERROR);
  205. outp.append((unsigned char)Packet::VERB_HELLO);
  206. outp.append(packetId());
  207. outp.append((unsigned char)Packet::ERROR_INVALID_REQUEST);
  208. outp.encrypt(candidate->cryptKey());
  209. outp.hmacSet(candidate->macKey());
  210. _r->demarc->send(_localPort,_remoteAddress,outp.data(),outp.size(),-1);
  211. return true;
  212. }
  213. // Is this a HELLO for a peer we already know? If so just update its
  214. // packet receive stats and send an OK.
  215. SharedPtr<Peer> existingPeer(_r->topology->getPeer(id.address()));
  216. if ((existingPeer)&&(existingPeer->identity() == id)) {
  217. existingPeer->onReceive(_r,_localPort,_remoteAddress,hops(),Packet::VERB_HELLO,Utils::now());
  218. existingPeer->setRemoteVersion(vMajor,vMinor,vRevision);
  219. Packet outp(source(),_r->identity.address(),Packet::VERB_OK);
  220. outp.append((unsigned char)Packet::VERB_HELLO);
  221. outp.append(packetId());
  222. outp.append(timestamp);
  223. outp.encrypt(existingPeer->cryptKey());
  224. outp.hmacSet(existingPeer->macKey());
  225. _r->demarc->send(_localPort,_remoteAddress,outp.data(),outp.size(),-1);
  226. return true;
  227. }
  228. // Otherwise we call addPeer() and set up a callback to handle the verdict
  229. _CBaddPeerFromHello_Data *arg = new _CBaddPeerFromHello_Data;
  230. arg->renv = _r;
  231. arg->source = source();
  232. arg->remoteAddress = _remoteAddress;
  233. arg->localPort = _localPort;
  234. arg->vMajor = vMajor;
  235. arg->vMinor = vMinor;
  236. arg->vRevision = vRevision;
  237. arg->helloPacketId = packetId();
  238. arg->helloTimestamp = timestamp;
  239. _r->topology->addPeer(candidate,&PacketDecoder::_CBaddPeerFromHello,arg);
  240. } catch (std::exception &ex) {
  241. TRACE("dropped HELLO from %s(%s): %s",source().toString().c_str(),_remoteAddress.toString().c_str(),ex.what());
  242. } catch ( ... ) {
  243. TRACE("dropped HELLO from %s(%s): unexpected exception",source().toString().c_str(),_remoteAddress.toString().c_str());
  244. }
  245. return true;
  246. }
  247. bool PacketDecoder::_doOK(const RuntimeEnvironment *_r,const SharedPtr<Peer> &peer)
  248. {
  249. try {
  250. Packet::Verb inReVerb = (Packet::Verb)(*this)[ZT_PROTO_VERB_OK_IDX_IN_RE_VERB];
  251. switch(inReVerb) {
  252. case Packet::VERB_HELLO: {
  253. // OK from HELLO permits computation of latency.
  254. unsigned int latency = std::min((unsigned int)(Utils::now() - at<uint64_t>(ZT_PROTO_VERB_HELLO__OK__IDX_TIMESTAMP)),(unsigned int)0xffff);
  255. TRACE("%s(%s): OK(HELLO), latency: %u",source().toString().c_str(),_remoteAddress.toString().c_str(),latency);
  256. peer->setLatency(_remoteAddress,latency);
  257. } break;
  258. case Packet::VERB_WHOIS:
  259. // Right now we only query supernodes for WHOIS and only accept
  260. // OK back from them. If we query other nodes, we'll have to
  261. // do something to prevent WHOIS cache poisoning such as
  262. // using the packet ID field in the OK packet to match with the
  263. // original query. Technically we should be doing this anyway.
  264. TRACE("%s(%s): OK(%s)",source().toString().c_str(),_remoteAddress.toString().c_str(),Packet::verbString(inReVerb));
  265. if (_r->topology->isSupernode(source()))
  266. _r->topology->addPeer(SharedPtr<Peer>(new Peer(_r->identity,Identity(*this,ZT_PROTO_VERB_WHOIS__OK__IDX_IDENTITY))),&PacketDecoder::_CBaddPeerFromWhois,const_cast<void *>((const void *)_r));
  267. break;
  268. default:
  269. TRACE("%s(%s): OK(%s)",source().toString().c_str(),_remoteAddress.toString().c_str(),Packet::verbString(inReVerb));
  270. break;
  271. }
  272. } catch (std::exception &ex) {
  273. TRACE("dropped OK from %s(%s): unexpected exception: %s",source().toString().c_str(),_remoteAddress.toString().c_str(),ex.what());
  274. } catch ( ... ) {
  275. TRACE("dropped OK from %s(%s): unexpected exception: (unknown)",source().toString().c_str(),_remoteAddress.toString().c_str());
  276. }
  277. return true;
  278. }
  279. bool PacketDecoder::_doWHOIS(const RuntimeEnvironment *_r,const SharedPtr<Peer> &peer)
  280. {
  281. if (payloadLength() == ZT_ADDRESS_LENGTH) {
  282. SharedPtr<Peer> p(_r->topology->getPeer(Address(payload())));
  283. if (p) {
  284. Packet outp(source(),_r->identity.address(),Packet::VERB_OK);
  285. outp.append((unsigned char)Packet::VERB_WHOIS);
  286. outp.append(packetId());
  287. p->identity().serialize(outp,false);
  288. outp.encrypt(peer->cryptKey());
  289. outp.hmacSet(peer->macKey());
  290. _r->demarc->send(_localPort,_remoteAddress,outp.data(),outp.size(),-1);
  291. TRACE("sent WHOIS response to %s for %s",source().toString().c_str(),Address(payload()).toString().c_str());
  292. } else {
  293. Packet outp(source(),_r->identity.address(),Packet::VERB_ERROR);
  294. outp.append((unsigned char)Packet::VERB_WHOIS);
  295. outp.append(packetId());
  296. outp.append((unsigned char)Packet::ERROR_NOT_FOUND);
  297. outp.append(payload(),ZT_ADDRESS_LENGTH);
  298. outp.encrypt(peer->cryptKey());
  299. outp.hmacSet(peer->macKey());
  300. _r->demarc->send(_localPort,_remoteAddress,outp.data(),outp.size(),-1);
  301. TRACE("sent WHOIS ERROR to %s for %s (not found)",source().toString().c_str(),Address(payload()).toString().c_str());
  302. }
  303. } else {
  304. TRACE("dropped WHOIS from %s(%s): missing or invalid address",source().toString().c_str(),_remoteAddress.toString().c_str());
  305. }
  306. return true;
  307. }
  308. bool PacketDecoder::_doRENDEZVOUS(const RuntimeEnvironment *_r,const SharedPtr<Peer> &peer)
  309. {
  310. try {
  311. Address with(field(ZT_PROTO_VERB_RENDEZVOUS_IDX_ZTADDRESS,ZT_ADDRESS_LENGTH));
  312. if (_r->topology->getPeer(with)) {
  313. unsigned int port = at<uint16_t>(ZT_PROTO_VERB_RENDEZVOUS_IDX_PORT);
  314. unsigned int addrlen = (*this)[ZT_PROTO_VERB_RENDEZVOUS_IDX_ADDRLEN];
  315. if ((port > 0)&&((addrlen == 4)||(addrlen == 16))) {
  316. InetAddress atAddr(field(ZT_PROTO_VERB_RENDEZVOUS_IDX_ADDRESS,addrlen),addrlen,port);
  317. TRACE("RENDEZVOUS from %s says %s might be at %s, starting NAT-t",source().toString().c_str(),with.toString().c_str(),atAddr.toString().c_str());
  318. _r->sw->contact(peer,atAddr);
  319. } else {
  320. TRACE("dropped corrupt RENDEZVOUS from %s(%s) (bad address or port)",source().toString().c_str(),_remoteAddress.toString().c_str());
  321. }
  322. } else {
  323. TRACE("ignored RENDEZVOUS from %s(%s) to meet unknown peer %s",source().toString().c_str(),_remoteAddress.toString().c_str(),with.toString().c_str());
  324. }
  325. } catch (std::exception &ex) {
  326. TRACE("dropped RENDEZVOUS from %s(%s): %s",source().toString().c_str(),_remoteAddress.toString().c_str(),ex.what());
  327. } catch ( ... ) {
  328. TRACE("dropped RENDEZVOUS from %s(%s): unexpected exception",source().toString().c_str(),_remoteAddress.toString().c_str());
  329. }
  330. return true;
  331. }
  332. bool PacketDecoder::_doFRAME(const RuntimeEnvironment *_r,const SharedPtr<Peer> &peer)
  333. {
  334. try {
  335. SharedPtr<Network> network(_r->nc->network(at<uint64_t>(ZT_PROTO_VERB_FRAME_IDX_NETWORK_ID)));
  336. if (network) {
  337. if (network->isAllowed(source())) {
  338. unsigned int etherType = at<uint16_t>(ZT_PROTO_VERB_FRAME_IDX_ETHERTYPE);
  339. if ((etherType != ZT_ETHERTYPE_ARP)&&(etherType != ZT_ETHERTYPE_IPV4)&&(etherType != ZT_ETHERTYPE_IPV6)) {
  340. TRACE("dropped FRAME from %s: unsupported ethertype",source().toString().c_str());
  341. } else if (size() > ZT_PROTO_VERB_FRAME_IDX_PAYLOAD) {
  342. network->tap().put(source().toMAC(),network->tap().mac(),etherType,data() + ZT_PROTO_VERB_FRAME_IDX_PAYLOAD,size() - ZT_PROTO_VERB_FRAME_IDX_PAYLOAD);
  343. }
  344. } else {
  345. TRACE("dropped FRAME from %s(%s): not a member of closed network %llu",source().toString().c_str(),_remoteAddress.toString().c_str(),network->id());
  346. }
  347. } else {
  348. TRACE("dropped FRAME from %s(%s): network %llu unknown",source().toString().c_str(),_remoteAddress.toString().c_str(),at<uint64_t>(ZT_PROTO_VERB_FRAME_IDX_NETWORK_ID));
  349. }
  350. } catch (std::exception &ex) {
  351. TRACE("dropped FRAME from %s(%s): unexpected exception: %s",source().toString().c_str(),_remoteAddress.toString().c_str(),ex.what());
  352. } catch ( ... ) {
  353. TRACE("dropped FRAME from %s(%s): unexpected exception: (unknown)",source().toString().c_str(),_remoteAddress.toString().c_str());
  354. }
  355. return true;
  356. }
  357. bool PacketDecoder::_doMULTICAST_LIKE(const RuntimeEnvironment *_r,const SharedPtr<Peer> &peer)
  358. {
  359. try {
  360. unsigned int ptr = ZT_PACKET_IDX_PAYLOAD;
  361. unsigned int numAccepted = 0;
  362. uint64_t now = Utils::now();
  363. // Iterate through 18-byte network,MAC,ADI tuples:
  364. while ((ptr + 18) <= size()) {
  365. uint64_t nwid = at<uint64_t>(ptr); ptr += 8;
  366. SharedPtr<Network> network(_r->nc->network(nwid));
  367. if (network) {
  368. if (network->isAllowed(source())) {
  369. MAC mac(field(ptr,6)); ptr += 6;
  370. uint32_t adi = at<uint32_t>(ptr); ptr += 4;
  371. TRACE("peer %s likes multicast group %s:%.8lx on network %llu",source().toString().c_str(),mac.toString().c_str(),(unsigned long)adi,nwid);
  372. _r->multicaster->likesMulticastGroup(nwid,MulticastGroup(mac,adi),source(),now);
  373. ++numAccepted;
  374. } else {
  375. TRACE("ignored MULTICAST_LIKE from %s(%s): not a member of closed network %llu",source().toString().c_str(),_remoteAddress.toString().c_str(),nwid);
  376. }
  377. } else {
  378. TRACE("ignored MULTICAST_LIKE from %s(%s): network %llu unknown or we are not a member",source().toString().c_str(),_remoteAddress.toString().c_str(),nwid);
  379. }
  380. }
  381. Packet outp(source(),_r->identity.address(),Packet::VERB_OK);
  382. outp.append((unsigned char)Packet::VERB_MULTICAST_LIKE);
  383. outp.append(packetId());
  384. outp.append((uint16_t)numAccepted);
  385. outp.encrypt(peer->cryptKey());
  386. outp.hmacSet(peer->macKey());
  387. _r->demarc->send(_localPort,_remoteAddress,outp.data(),outp.size(),-1);
  388. } catch (std::exception &ex) {
  389. TRACE("dropped MULTICAST_LIKE from %s(%s): unexpected exception: %s",source().toString().c_str(),_remoteAddress.toString().c_str(),ex.what());
  390. } catch ( ... ) {
  391. TRACE("dropped MULTICAST_LIKE from %s(%s): unexpected exception: (unknown)",source().toString().c_str(),_remoteAddress.toString().c_str());
  392. }
  393. return true;
  394. }
  395. bool PacketDecoder::_doMULTICAST_FRAME(const RuntimeEnvironment *_r,const SharedPtr<Peer> &peer)
  396. {
  397. try {
  398. SharedPtr<Network> network(_r->nc->network(at<uint64_t>(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_NETWORK_ID)));
  399. if (network) {
  400. if (network->isAllowed(source())) {
  401. if (size() > ZT_PROTO_VERB_MULTICAST_FRAME_IDX_PAYLOAD) {
  402. Address originalSubmitterAddress(field(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_SUBMITTER_ADDRESS,ZT_ADDRESS_LENGTH));
  403. MAC fromMac(field(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_SOURCE_MAC,6));
  404. MulticastGroup mg(MAC(field(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_DESTINATION_MAC,6)),at<uint32_t>(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_ADI));
  405. unsigned int hops = (*this)[ZT_PROTO_VERB_MULTICAST_FRAME_IDX_HOP_COUNT];
  406. unsigned int etherType = at<uint16_t>(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_ETHERTYPE);
  407. unsigned int datalen = at<uint16_t>(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_PAYLOAD_LENGTH);
  408. unsigned int signaturelen = at<uint16_t>(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_SIGNATURE_LENGTH);
  409. unsigned char *dataAndSignature = field(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_PAYLOAD,datalen + signaturelen);
  410. bool isDuplicate = _r->multicaster->checkAndUpdateMulticastHistory(fromMac,mg,dataAndSignature,datalen,network->id(),Utils::now());
  411. if (originalSubmitterAddress == _r->identity.address()) {
  412. // Technically should not happen, since the original submitter is
  413. // excluded from consideration as a propagation recipient.
  414. TRACE("dropped boomerang MULTICAST_FRAME received from %s(%s)",source().toString().c_str(),_remoteAddress.toString().c_str());
  415. } else if ((!isDuplicate)||(_r->topology->isSupernode(_r->identity.address()))) {
  416. // If I am a supernode, I will repeatedly propagate duplicates. That's
  417. // because supernodes are used to bridge sparse multicast groups. Non-
  418. // supernodes will ignore duplicates completely.
  419. SharedPtr<Peer> originalSubmitter(_r->topology->getPeer(originalSubmitterAddress));
  420. if (!originalSubmitter) {
  421. TRACE("requesting WHOIS on original multicast frame submitter %s",originalSubmitterAddress.toString().c_str());
  422. _r->sw->requestWhois(originalSubmitterAddress);
  423. _step = DECODE_STEP_WAITING_FOR_ORIGINAL_SUBMITTER_LOOKUP;
  424. return false;
  425. } else if (Multicaster::verifyMulticastPacket(originalSubmitter->identity(),network->id(),fromMac,mg,etherType,dataAndSignature,datalen,dataAndSignature + datalen,signaturelen)) {
  426. if (!isDuplicate)
  427. network->tap().put(fromMac,mg.mac(),etherType,dataAndSignature,datalen);
  428. if (++hops < ZT_MULTICAST_PROPAGATION_DEPTH) {
  429. Multicaster::MulticastBloomFilter bloom(field(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_BLOOM_FILTER,ZT_PROTO_VERB_MULTICAST_FRAME_BLOOM_FILTER_SIZE_BYTES));
  430. SharedPtr<Peer> propPeers[ZT_MULTICAST_PROPAGATION_BREADTH];
  431. unsigned int np = _r->multicaster->pickNextPropagationPeers(
  432. *(_r->topology),
  433. network->id(),
  434. mg,
  435. originalSubmitterAddress,
  436. source(),
  437. bloom,
  438. ZT_MULTICAST_PROPAGATION_BREADTH,
  439. propPeers,
  440. Utils::now());
  441. (*this)[ZT_PROTO_VERB_MULTICAST_FRAME_IDX_HOP_COUNT] = hops;
  442. compress();
  443. for(unsigned int i=0;i<np;++i) {
  444. TRACE("propagating multicast from original node %s via %s toward %s",originalSubmitterAddress.toString().c_str(),source().toString().c_str(),propPeers[i]->address().toString().c_str());
  445. // Re-use this packet to re-send multicast frame to everyone
  446. // downstream from us.
  447. newInitializationVector();
  448. setDestination(propPeers[i]->address());
  449. _r->sw->send(*this,true);
  450. }
  451. } else {
  452. TRACE("terminating MULTICAST_FRAME propagation from %s(%s): max depth reached",source().toString().c_str(),_remoteAddress.toString().c_str());
  453. }
  454. } else {
  455. LOG("rejected MULTICAST_FRAME from %s(%s) due to failed signature check (claims original sender %s)",source().toString().c_str(),_remoteAddress.toString().c_str(),originalSubmitterAddress.toString().c_str());
  456. }
  457. } else {
  458. TRACE("dropped redundant MULTICAST_FRAME from %s(%s)",source().toString().c_str(),_remoteAddress.toString().c_str());
  459. }
  460. } else {
  461. TRACE("dropped MULTICAST_FRAME from %s(%s): invalid short packet",source().toString().c_str(),_remoteAddress.toString().c_str());
  462. }
  463. } else {
  464. TRACE("dropped MULTICAST_FRAME from %s(%s): not a member of closed network %llu",source().toString().c_str(),_remoteAddress.toString().c_str(),network->id());
  465. }
  466. } else {
  467. TRACE("dropped MULTICAST_FRAME from %s(%s): network %llu unknown or we are not a member",source().toString().c_str(),_remoteAddress.toString().c_str(),at<uint64_t>(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_NETWORK_ID));
  468. }
  469. } catch (std::exception &ex) {
  470. TRACE("dropped MULTICAST_FRAME from %s(%s): unexpected exception: %s",source().toString().c_str(),_remoteAddress.toString().c_str(),ex.what());
  471. } catch ( ... ) {
  472. TRACE("dropped MULTICAST_FRAME from %s(%s): unexpected exception: (unknown)",source().toString().c_str(),_remoteAddress.toString().c_str());
  473. }
  474. return true;
  475. }
  476. } // namespace ZeroTier