2013-07-04 20:56:19 +00:00
|
|
|
/*
|
2015-02-17 21:11:34 +00:00
|
|
|
* ZeroTier One - Network Virtualization Everywhere
|
2016-01-12 22:04:55 +00:00
|
|
|
* Copyright (C) 2011-2016 ZeroTier, Inc. https://www.zerotier.com/
|
2013-07-04 20:56:19 +00:00
|
|
|
*
|
|
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
*/
|
|
|
|
|
|
2013-08-06 04:05:39 +00:00
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <string.h>
|
2013-07-29 17:56:20 +00:00
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <math.h>
|
|
|
|
|
|
2014-04-07 22:39:33 +00:00
|
|
|
#include "Constants.hpp"
|
2016-08-05 22:02:01 +00:00
|
|
|
#include "../version.h"
|
2013-10-18 16:01:48 +00:00
|
|
|
#include "Network.hpp"
|
2013-07-29 17:56:20 +00:00
|
|
|
#include "RuntimeEnvironment.hpp"
|
2016-08-05 22:02:01 +00:00
|
|
|
#include "MAC.hpp"
|
|
|
|
|
#include "Address.hpp"
|
|
|
|
|
#include "InetAddress.hpp"
|
2013-07-04 20:56:19 +00:00
|
|
|
#include "Switch.hpp"
|
2013-10-16 21:47:26 +00:00
|
|
|
#include "Buffer.hpp"
|
2016-08-05 22:02:01 +00:00
|
|
|
#include "Packet.hpp"
|
2015-04-15 22:12:09 +00:00
|
|
|
#include "NetworkController.hpp"
|
2015-10-27 22:00:16 +00:00
|
|
|
#include "Node.hpp"
|
2016-08-04 17:18:33 +00:00
|
|
|
#include "Peer.hpp"
|
2013-07-04 20:56:19 +00:00
|
|
|
|
|
|
|
|
namespace ZeroTier {
|
|
|
|
|
|
2016-08-10 21:27:52 +00:00
|
|
|
#ifdef ZT_TRACE
|
|
|
|
|
static const char *_rtn(const ZT_VirtualNetworkRuleType rt)
|
|
|
|
|
{
|
|
|
|
|
switch(rt) {
|
|
|
|
|
case ZT_NETWORK_RULE_ACTION_DROP: return "ACTION_DROP";
|
|
|
|
|
case ZT_NETWORK_RULE_ACTION_ACCEPT: return "ACTION_ACCEPT";
|
|
|
|
|
case ZT_NETWORK_RULE_ACTION_TEE: return "ACTION_TEE";
|
|
|
|
|
case ZT_NETWORK_RULE_ACTION_REDIRECT: return "ACTION_REDIRECT";
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_SOURCE_ZEROTIER_ADDRESS: return "MATCH_SOURCE_ZEROTIER_ADDRESS";
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_DEST_ZEROTIER_ADDRESS: return "MATCH_DEST_ZEROTIER_ADDRESS";
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_VLAN_ID: return "MATCH_VLAN_ID";
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_VLAN_PCP: return "MATCH_VLAN_PCP";
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_VLAN_DEI: return "MATCH_VLAN_DEI";
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_ETHERTYPE: return "MATCH_ETHERTYPE";
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_MAC_SOURCE: return "MATCH_MAC_SOURCE";
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_MAC_DEST: return "MATCH_MAC_DEST";
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_IPV4_SOURCE: return "MATCH_IPV4_SOURCE";
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_IPV4_DEST: return "MATCH_IPV4_DEST";
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_IPV6_SOURCE: return "MATCH_IPV6_SOURCE";
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_IPV6_DEST: return "MATCH_IPV6_DEST";
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_IP_TOS: return "MATCH_IP_TOS";
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_IP_PROTOCOL: return "MATCH_IP_PROTOCOL";
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_IP_SOURCE_PORT_RANGE: return "MATCH_IP_SOURCE_PORT_RANGE";
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_IP_DEST_PORT_RANGE: return "MATCH_IP_DEST_PORT_RANGE";
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_CHARACTERISTICS: return "MATCH_CHARACTERISTICS";
|
|
|
|
|
default: return "BAD_RULE_TYPE";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif // ZT_TRACE
|
|
|
|
|
|
2016-08-05 22:02:01 +00:00
|
|
|
// Returns true if packet appears valid; pos and proto will be set
|
|
|
|
|
static bool _ipv6GetPayload(const uint8_t *frameData,unsigned int frameLen,unsigned int &pos,unsigned int &proto)
|
|
|
|
|
{
|
|
|
|
|
if (frameLen < 40)
|
|
|
|
|
return false;
|
|
|
|
|
pos = 40;
|
|
|
|
|
proto = frameData[6];
|
|
|
|
|
while (pos <= frameLen) {
|
|
|
|
|
switch(proto) {
|
|
|
|
|
case 0: // hop-by-hop options
|
|
|
|
|
case 43: // routing
|
|
|
|
|
case 60: // destination options
|
|
|
|
|
case 135: // mobility options
|
|
|
|
|
if ((pos + 8) > frameLen)
|
|
|
|
|
return false; // invalid!
|
|
|
|
|
proto = frameData[pos];
|
|
|
|
|
pos += ((unsigned int)frameData[pos + 1] * 8) + 8;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
//case 44: // fragment -- we currently can't parse these and they are deprecated in IPv6 anyway
|
|
|
|
|
//case 50:
|
|
|
|
|
//case 51: // IPSec ESP and AH -- we have to stop here since this is encrypted stuff
|
|
|
|
|
default:
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false; // overflow == invalid
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-10 21:27:52 +00:00
|
|
|
//#define FILTER_TRACE TRACE
|
|
|
|
|
#define FILTER_TRACE(f,...) {}
|
|
|
|
|
|
2016-08-08 23:50:00 +00:00
|
|
|
// 0 == no match, -1 == match/drop, 1 == match/accept
|
|
|
|
|
static int _doZtFilter(
|
2016-08-05 22:02:01 +00:00
|
|
|
const RuntimeEnvironment *RR,
|
2016-08-23 01:06:46 +00:00
|
|
|
const NetworkConfig &nconf,
|
2016-08-05 22:02:01 +00:00
|
|
|
const bool inbound,
|
|
|
|
|
const Address &ztSource,
|
|
|
|
|
const Address &ztDest,
|
|
|
|
|
const MAC &macSource,
|
|
|
|
|
const MAC &macDest,
|
|
|
|
|
const uint8_t *frameData,
|
|
|
|
|
const unsigned int frameLen,
|
|
|
|
|
const unsigned int etherType,
|
|
|
|
|
const unsigned int vlanId,
|
|
|
|
|
const ZT_VirtualNetworkRule *rules,
|
|
|
|
|
const unsigned int ruleCount,
|
|
|
|
|
const Tag *localTags,
|
|
|
|
|
const unsigned int localTagCount,
|
|
|
|
|
const uint32_t *remoteTagIds,
|
|
|
|
|
const uint32_t *remoteTagValues,
|
|
|
|
|
const unsigned int remoteTagCount,
|
|
|
|
|
const Tag **relevantLocalTags, // pointer array must be at least [localTagCount] in size
|
|
|
|
|
unsigned int &relevantLocalTagCount)
|
|
|
|
|
{
|
|
|
|
|
// For each set of rules we start by assuming that they match (since no constraints
|
|
|
|
|
// yields a 'match all' rule).
|
|
|
|
|
uint8_t thisSetMatches = 1;
|
|
|
|
|
|
|
|
|
|
for(unsigned int rn=0;rn<ruleCount;++rn) {
|
|
|
|
|
const ZT_VirtualNetworkRuleType rt = (ZT_VirtualNetworkRuleType)(rules[rn].t & 0x7f);
|
|
|
|
|
uint8_t thisRuleMatches = 0;
|
|
|
|
|
|
|
|
|
|
switch(rt) {
|
|
|
|
|
// Actions -------------------------------------------------------------
|
|
|
|
|
|
2016-08-08 23:50:00 +00:00
|
|
|
// An action is performed if thisSetMatches is true, and if not
|
|
|
|
|
// (or if the action is non-terminating) we start a new set of rules.
|
|
|
|
|
|
2016-08-05 22:02:01 +00:00
|
|
|
case ZT_NETWORK_RULE_ACTION_DROP:
|
|
|
|
|
if (thisSetMatches) {
|
2016-08-08 23:50:00 +00:00
|
|
|
return -1; // match, drop packet
|
2016-08-05 22:02:01 +00:00
|
|
|
} else {
|
2016-08-10 21:27:52 +00:00
|
|
|
thisRuleMatches = 1;
|
2016-08-08 23:50:00 +00:00
|
|
|
thisSetMatches = 1; // no match, evaluate next set
|
2016-08-05 22:02:01 +00:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case ZT_NETWORK_RULE_ACTION_ACCEPT:
|
|
|
|
|
if (thisSetMatches) {
|
2016-08-08 23:50:00 +00:00
|
|
|
return 1; // match, accept packet
|
2016-08-05 22:02:01 +00:00
|
|
|
} else {
|
2016-08-10 21:27:52 +00:00
|
|
|
thisRuleMatches = 1;
|
2016-08-08 23:50:00 +00:00
|
|
|
thisSetMatches = 1; // no match, evaluate next set
|
2016-08-05 22:02:01 +00:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case ZT_NETWORK_RULE_ACTION_TEE:
|
|
|
|
|
case ZT_NETWORK_RULE_ACTION_REDIRECT: {
|
|
|
|
|
Packet outp(Address(rules[rn].v.zt),RR->identity.address(),Packet::VERB_EXT_FRAME);
|
2016-08-23 01:06:46 +00:00
|
|
|
outp.append(nconf.networkId);
|
2016-08-05 22:02:01 +00:00
|
|
|
outp.append((uint8_t)((rt == ZT_NETWORK_RULE_ACTION_REDIRECT) ? 0x04 : 0x02));
|
|
|
|
|
macDest.appendTo(outp);
|
|
|
|
|
macSource.appendTo(outp);
|
|
|
|
|
outp.append((uint16_t)etherType);
|
|
|
|
|
outp.append(frameData,frameLen);
|
|
|
|
|
outp.compress();
|
2016-08-09 22:45:26 +00:00
|
|
|
RR->sw->send(outp,true);
|
2016-08-05 22:02:01 +00:00
|
|
|
|
|
|
|
|
if (rt == ZT_NETWORK_RULE_ACTION_REDIRECT) {
|
2016-08-08 23:50:00 +00:00
|
|
|
return -1; // match, drop packet (we redirected it)
|
2016-08-05 22:02:01 +00:00
|
|
|
} else {
|
2016-08-10 21:27:52 +00:00
|
|
|
thisRuleMatches = 1;
|
2016-08-08 23:50:00 +00:00
|
|
|
thisSetMatches = 1; // TEE does not terminate evaluation
|
2016-08-05 22:02:01 +00:00
|
|
|
}
|
|
|
|
|
} break;
|
|
|
|
|
|
|
|
|
|
// Rules ---------------------------------------------------------------
|
|
|
|
|
|
2016-08-08 23:50:00 +00:00
|
|
|
// thisSetMatches is the binary AND of the result of all rules in a set
|
|
|
|
|
|
2016-08-05 22:02:01 +00:00
|
|
|
case ZT_NETWORK_RULE_MATCH_SOURCE_ZEROTIER_ADDRESS:
|
2016-08-10 21:27:52 +00:00
|
|
|
FILTER_TRACE("FILTER[%u] %s param0=%.10llx",rn,_rtn(rt),rules[rn].v.zt);
|
2016-08-05 22:02:01 +00:00
|
|
|
thisRuleMatches = (uint8_t)(rules[rn].v.zt == ztSource.toInt());
|
|
|
|
|
break;
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_DEST_ZEROTIER_ADDRESS:
|
2016-08-10 21:27:52 +00:00
|
|
|
FILTER_TRACE("FILTER[%u] %s param0=%.10llx",rn,_rtn(rt),rules[rn].v.zt);
|
2016-08-05 22:02:01 +00:00
|
|
|
thisRuleMatches = (uint8_t)(rules[rn].v.zt == ztDest.toInt());
|
|
|
|
|
break;
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_VLAN_ID:
|
2016-08-10 21:27:52 +00:00
|
|
|
FILTER_TRACE("FILTER[%u] %s param0=%u",rn,_rtn(rt),(unsigned int)rules[rn].v.vlanId);
|
2016-08-05 22:02:01 +00:00
|
|
|
thisRuleMatches = (uint8_t)(rules[rn].v.vlanId == (uint16_t)vlanId);
|
|
|
|
|
break;
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_VLAN_PCP:
|
|
|
|
|
// NOT SUPPORTED YET
|
2016-08-10 21:27:52 +00:00
|
|
|
FILTER_TRACE("FILTER[%u] %s param0=%u",rn,_rtn(rt),(unsigned int)rules[rn].v.vlanPcp);
|
2016-08-05 22:02:01 +00:00
|
|
|
thisRuleMatches = (uint8_t)(rules[rn].v.vlanPcp == 0);
|
|
|
|
|
break;
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_VLAN_DEI:
|
|
|
|
|
// NOT SUPPORTED YET
|
2016-08-10 21:27:52 +00:00
|
|
|
FILTER_TRACE("FILTER[%u] %s param0=%u",rn,_rtn(rt),(unsigned int)rules[rn].v.vlanDei);
|
2016-08-05 22:02:01 +00:00
|
|
|
thisRuleMatches = (uint8_t)(rules[rn].v.vlanDei == 0);
|
|
|
|
|
break;
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_ETHERTYPE:
|
2016-08-10 21:27:52 +00:00
|
|
|
FILTER_TRACE("FILTER[%u] %s param0=%u etherType=%u",rn,_rtn(rt),(unsigned int)rules[rn].v.etherType,etherType);
|
2016-08-05 22:02:01 +00:00
|
|
|
thisRuleMatches = (uint8_t)(rules[rn].v.etherType == (uint16_t)etherType);
|
|
|
|
|
break;
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_MAC_SOURCE:
|
2016-08-10 21:27:52 +00:00
|
|
|
FILTER_TRACE("FILTER[%u] %s param0=%.12llx",rn,_rtn(rt),rules[rn].v.mac);
|
2016-08-05 22:02:01 +00:00
|
|
|
thisRuleMatches = (uint8_t)(MAC(rules[rn].v.mac,6) == macSource);
|
|
|
|
|
break;
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_MAC_DEST:
|
2016-08-10 21:27:52 +00:00
|
|
|
FILTER_TRACE("FILTER[%u] %s param0=%.12llx",rn,_rtn(rt),rules[rn].v.mac);
|
2016-08-05 22:02:01 +00:00
|
|
|
thisRuleMatches = (uint8_t)(MAC(rules[rn].v.mac,6) == macDest);
|
|
|
|
|
break;
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_IPV4_SOURCE:
|
2016-08-10 21:27:52 +00:00
|
|
|
FILTER_TRACE("FILTER[%u] %s param0=%s",rn,_rtn(rt),InetAddress((const void *)&(rules[rn].v.ipv4.ip),4,rules[rn].v.ipv4.mask).toString().c_str());
|
2016-08-05 22:02:01 +00:00
|
|
|
if ((etherType == ZT_ETHERTYPE_IPV4)&&(frameLen >= 20)) {
|
|
|
|
|
thisRuleMatches = (uint8_t)(InetAddress((const void *)&(rules[rn].v.ipv4.ip),4,rules[rn].v.ipv4.mask).containsAddress(InetAddress((const void *)(frameData + 12),4,0)));
|
|
|
|
|
} else {
|
|
|
|
|
thisRuleMatches = 0;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_IPV4_DEST:
|
2016-08-10 21:27:52 +00:00
|
|
|
FILTER_TRACE("FILTER[%u] %s param0=%s",rn,_rtn(rt),InetAddress((const void *)&(rules[rn].v.ipv4.ip),4,rules[rn].v.ipv4.mask).toString().c_str());
|
2016-08-05 22:02:01 +00:00
|
|
|
if ((etherType == ZT_ETHERTYPE_IPV4)&&(frameLen >= 20)) {
|
|
|
|
|
thisRuleMatches = (uint8_t)(InetAddress((const void *)&(rules[rn].v.ipv4.ip),4,rules[rn].v.ipv4.mask).containsAddress(InetAddress((const void *)(frameData + 16),4,0)));
|
|
|
|
|
} else {
|
|
|
|
|
thisRuleMatches = 0;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_IPV6_SOURCE:
|
2016-08-10 21:27:52 +00:00
|
|
|
FILTER_TRACE("FILTER[%u] %s param0=%s",rn,_rtn(rt),InetAddress((const void *)rules[rn].v.ipv6.ip,16,rules[rn].v.ipv6.mask).toString().c_str());
|
2016-08-05 22:02:01 +00:00
|
|
|
if ((etherType == ZT_ETHERTYPE_IPV6)&&(frameLen >= 40)) {
|
|
|
|
|
thisRuleMatches = (uint8_t)(InetAddress((const void *)rules[rn].v.ipv6.ip,16,rules[rn].v.ipv6.mask).containsAddress(InetAddress((const void *)(frameData + 8),16,0)));
|
|
|
|
|
} else {
|
|
|
|
|
thisRuleMatches = 0;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_IPV6_DEST:
|
2016-08-10 21:27:52 +00:00
|
|
|
FILTER_TRACE("FILTER[%u] %s param0=%s",rn,_rtn(rt),InetAddress((const void *)rules[rn].v.ipv6.ip,16,rules[rn].v.ipv6.mask).toString().c_str());
|
2016-08-05 22:02:01 +00:00
|
|
|
if ((etherType == ZT_ETHERTYPE_IPV6)&&(frameLen >= 40)) {
|
|
|
|
|
thisRuleMatches = (uint8_t)(InetAddress((const void *)rules[rn].v.ipv6.ip,16,rules[rn].v.ipv6.mask).containsAddress(InetAddress((const void *)(frameData + 24),16,0)));
|
|
|
|
|
} else {
|
|
|
|
|
thisRuleMatches = 0;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_IP_TOS:
|
2016-08-10 21:27:52 +00:00
|
|
|
FILTER_TRACE("FILTER[%u] %s param0=%u",rn,_rtn(rt),(unsigned int)rules[rn].v.ipTos);
|
2016-08-05 22:02:01 +00:00
|
|
|
if ((etherType == ZT_ETHERTYPE_IPV4)&&(frameLen >= 20)) {
|
|
|
|
|
thisRuleMatches = (uint8_t)(rules[rn].v.ipTos == ((frameData[1] & 0xfc) >> 2));
|
|
|
|
|
} else if ((etherType == ZT_ETHERTYPE_IPV6)&&(frameLen >= 40)) {
|
|
|
|
|
const uint8_t trafficClass = ((frameData[0] << 4) & 0xf0) | ((frameData[1] >> 4) & 0x0f);
|
|
|
|
|
thisRuleMatches = (uint8_t)(rules[rn].v.ipTos == ((trafficClass & 0xfc) >> 2));
|
|
|
|
|
} else {
|
|
|
|
|
thisRuleMatches = 0;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_IP_PROTOCOL:
|
2016-08-10 21:27:52 +00:00
|
|
|
FILTER_TRACE("FILTER[%u] %s param0=%u",rn,_rtn(rt),(unsigned int)rules[rn].v.ipProtocol);
|
2016-08-05 22:02:01 +00:00
|
|
|
if ((etherType == ZT_ETHERTYPE_IPV4)&&(frameLen >= 20)) {
|
|
|
|
|
thisRuleMatches = (uint8_t)(rules[rn].v.ipProtocol == frameData[9]);
|
|
|
|
|
} else if (etherType == ZT_ETHERTYPE_IPV6) {
|
|
|
|
|
unsigned int pos = 0,proto = 0;
|
|
|
|
|
if (_ipv6GetPayload(frameData,frameLen,pos,proto)) {
|
|
|
|
|
thisRuleMatches = (uint8_t)(rules[rn].v.ipProtocol == (uint8_t)proto);
|
|
|
|
|
} else {
|
|
|
|
|
thisRuleMatches = 0;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
thisRuleMatches = 0;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_IP_SOURCE_PORT_RANGE:
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_IP_DEST_PORT_RANGE:
|
|
|
|
|
if ((etherType == ZT_ETHERTYPE_IPV4)&&(frameLen >= 20)) {
|
|
|
|
|
const unsigned int headerLen = 4 * (frameData[0] & 0xf);
|
|
|
|
|
int p = -1;
|
|
|
|
|
switch(frameData[9]) { // IP protocol number
|
|
|
|
|
// All these start with 16-bit source and destination port in that order
|
|
|
|
|
case 0x06: // TCP
|
|
|
|
|
case 0x11: // UDP
|
|
|
|
|
case 0x84: // SCTP
|
|
|
|
|
case 0x88: // UDPLite
|
|
|
|
|
if (frameLen > (headerLen + 4)) {
|
|
|
|
|
unsigned int pos = headerLen + ((rt == ZT_NETWORK_RULE_MATCH_IP_DEST_PORT_RANGE) ? 2 : 0);
|
|
|
|
|
p = (int)frameData[pos++] << 8;
|
|
|
|
|
p |= (int)frameData[pos];
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
2016-08-10 21:27:52 +00:00
|
|
|
FILTER_TRACE("FILTER[%u] %s param0=%u param1=%u port==%u proto==%u etherType=%u (IPv4)",rn,_rtn(rt),(unsigned int)rules[rn].v.port[0],(unsigned int)rules[rn].v.port[1],p,(unsigned int)frameData[9],etherType);
|
2016-08-05 22:02:01 +00:00
|
|
|
thisRuleMatches = (p > 0) ? (uint8_t)((p >= (int)rules[rn].v.port[0])&&(p <= (int)rules[rn].v.port[1])) : (uint8_t)0;
|
|
|
|
|
} else if (etherType == ZT_ETHERTYPE_IPV6) {
|
|
|
|
|
unsigned int pos = 0,proto = 0;
|
|
|
|
|
if (_ipv6GetPayload(frameData,frameLen,pos,proto)) {
|
|
|
|
|
int p = -1;
|
|
|
|
|
switch(proto) { // IP protocol number
|
|
|
|
|
// All these start with 16-bit source and destination port in that order
|
|
|
|
|
case 0x06: // TCP
|
|
|
|
|
case 0x11: // UDP
|
|
|
|
|
case 0x84: // SCTP
|
|
|
|
|
case 0x88: // UDPLite
|
|
|
|
|
if (frameLen > (pos + 4)) {
|
|
|
|
|
if (rt == ZT_NETWORK_RULE_MATCH_IP_DEST_PORT_RANGE) pos += 2;
|
|
|
|
|
p = (int)frameData[pos++] << 8;
|
|
|
|
|
p |= (int)frameData[pos];
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
2016-08-10 21:27:52 +00:00
|
|
|
FILTER_TRACE("FILTER[%u] %s param0=%u param1=%u port==%u proto=%u etherType=%u (IPv6)",rn,_rtn(rt),(unsigned int)rules[rn].v.port[0],(unsigned int)rules[rn].v.port[1],p,proto,etherType);
|
2016-08-05 22:02:01 +00:00
|
|
|
thisRuleMatches = (p > 0) ? (uint8_t)((p >= (int)rules[rn].v.port[0])&&(p <= (int)rules[rn].v.port[1])) : (uint8_t)0;
|
|
|
|
|
} else {
|
2016-08-10 21:27:52 +00:00
|
|
|
FILTER_TRACE("FILTER[%u] %s param0=%u param1=%u port=0 proto=0 etherType=%u (IPv6 parse failed)",rn,_rtn(rt),(unsigned int)rules[rn].v.port[0],(unsigned int)rules[rn].v.port[1],etherType);
|
2016-08-05 22:02:01 +00:00
|
|
|
thisRuleMatches = 0;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2016-08-10 21:27:52 +00:00
|
|
|
FILTER_TRACE("FILTER[%u] %s param0=%u param1=%u port=0 proto=0 etherType=%u (not IPv4 or IPv6)",rn,_rtn(rt),(unsigned int)rules[rn].v.port[0],(unsigned int)rules[rn].v.port[1],etherType);
|
2016-08-05 22:02:01 +00:00
|
|
|
thisRuleMatches = 0;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_CHARACTERISTICS: {
|
|
|
|
|
uint64_t cf = (inbound) ? ZT_RULE_PACKET_CHARACTERISTICS_INBOUND : 0ULL;
|
|
|
|
|
if ((etherType == ZT_ETHERTYPE_IPV4)&&(frameLen >= 20)&&(frameData[9] == 0x06)) {
|
|
|
|
|
const unsigned int headerLen = 4 * (frameData[0] & 0xf);
|
|
|
|
|
cf |= (uint64_t)frameData[headerLen + 13];
|
|
|
|
|
cf |= (((uint64_t)(frameData[headerLen + 12] & 0x0f)) << 8);
|
|
|
|
|
} else if (etherType == ZT_ETHERTYPE_IPV6) {
|
|
|
|
|
unsigned int pos = 0,proto = 0;
|
|
|
|
|
if (_ipv6GetPayload(frameData,frameLen,pos,proto)) {
|
|
|
|
|
if ((proto == 0x06)&&(frameLen > (pos + 14))) {
|
|
|
|
|
cf |= (uint64_t)frameData[pos + 13];
|
|
|
|
|
cf |= (((uint64_t)(frameData[pos + 12] & 0x0f)) << 8);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-08-10 21:27:52 +00:00
|
|
|
FILTER_TRACE("FILTER[%u] %s param0=%.16llx param1=%.16llx actual=%.16llx",rn,_rtn(rt),rules[rn].v.characteristics[0],rules[rn].v.characteristics[1],cf);
|
2016-08-05 22:02:01 +00:00
|
|
|
thisRuleMatches = (uint8_t)((cf & rules[rn].v.characteristics[0]) == rules[rn].v.characteristics[1]);
|
|
|
|
|
} break;
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_FRAME_SIZE_RANGE:
|
2016-08-10 21:27:52 +00:00
|
|
|
FILTER_TRACE("FILTER[%u] %s param0=%u param1=%u",rn,_rtn(rt),(unsigned int)rules[rn].v.frameSize[0],(unsigned int)rules[rn].v.frameSize[1]);
|
2016-08-05 22:02:01 +00:00
|
|
|
thisRuleMatches = (uint8_t)((frameLen >= (unsigned int)rules[rn].v.frameSize[0])&&(frameLen <= (unsigned int)rules[rn].v.frameSize[1]));
|
|
|
|
|
break;
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_TAGS_SAMENESS:
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_TAGS_BITWISE_AND:
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_TAGS_BITWISE_OR:
|
|
|
|
|
case ZT_NETWORK_RULE_MATCH_TAGS_BITWISE_XOR: {
|
2016-08-10 21:27:52 +00:00
|
|
|
FILTER_TRACE("FILTER[%u] %s param0=%u",rn,_rtn(rt),(unsigned int)rules[rn].v.tag.value);
|
2016-08-05 22:02:01 +00:00
|
|
|
const Tag *lt = (const Tag *)0;
|
|
|
|
|
for(unsigned int i=0;i<localTagCount;++i) {
|
|
|
|
|
if (rules[rn].v.tag.id == localTags[i].id()) {
|
|
|
|
|
lt = &(localTags[i]);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (!lt) {
|
|
|
|
|
thisRuleMatches = 0;
|
|
|
|
|
} else {
|
|
|
|
|
const uint32_t *rtv = (const uint32_t *)0;
|
|
|
|
|
for(unsigned int i=0;i<remoteTagCount;++i) {
|
|
|
|
|
if (rules[rn].v.tag.id == remoteTagIds[i]) {
|
|
|
|
|
rtv = &(remoteTagValues[i]);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (!rtv) {
|
|
|
|
|
thisRuleMatches = 0;
|
|
|
|
|
} else {
|
|
|
|
|
if (rt == ZT_NETWORK_RULE_MATCH_TAGS_SAMENESS) {
|
|
|
|
|
const uint32_t sameness = (lt->value() > *rtv) ? (lt->value() - *rtv) : (*rtv - lt->value());
|
|
|
|
|
thisRuleMatches = (uint8_t)(sameness <= rules[rn].v.tag.value);
|
|
|
|
|
} else if (rt == ZT_NETWORK_RULE_MATCH_TAGS_BITWISE_AND) {
|
|
|
|
|
thisRuleMatches = (uint8_t)((lt->value() & *rtv) <= rules[rn].v.tag.value);
|
|
|
|
|
} else if (rt == ZT_NETWORK_RULE_MATCH_TAGS_BITWISE_OR) {
|
|
|
|
|
thisRuleMatches = (uint8_t)((lt->value() | *rtv) <= rules[rn].v.tag.value);
|
|
|
|
|
} else if (rt == ZT_NETWORK_RULE_MATCH_TAGS_BITWISE_XOR) {
|
|
|
|
|
thisRuleMatches = (uint8_t)((lt->value() ^ *rtv) <= rules[rn].v.tag.value);
|
|
|
|
|
} else { // sanity check, can't really happen
|
|
|
|
|
thisRuleMatches = 0;
|
|
|
|
|
}
|
|
|
|
|
if (thisRuleMatches) {
|
|
|
|
|
relevantLocalTags[relevantLocalTagCount++] = lt;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} break;
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-08 23:50:00 +00:00
|
|
|
// thisSetMatches remains true if the current rule matched (or did NOT match if NOT bit is set)
|
2016-08-05 22:02:01 +00:00
|
|
|
thisSetMatches &= (thisRuleMatches ^ ((rules[rn].t & 0x80) >> 7));
|
|
|
|
|
|
2016-08-10 21:27:52 +00:00
|
|
|
FILTER_TRACE("FILTER[%u] %s/%u thisRuleMatches==%u thisSetMatches==%u",rn,_rtn(rt),(unsigned int)rt,(unsigned int)thisRuleMatches,(unsigned int)thisSetMatches);
|
2016-08-05 22:02:01 +00:00
|
|
|
}
|
|
|
|
|
|
2016-08-08 23:50:00 +00:00
|
|
|
return 0;
|
2016-08-05 22:02:01 +00:00
|
|
|
}
|
|
|
|
|
|
2015-04-06 22:47:57 +00:00
|
|
|
const ZeroTier::MulticastGroup Network::BROADCAST(ZeroTier::MAC(0xffffffffffffULL),0);
|
2014-05-23 22:13:34 +00:00
|
|
|
|
2016-01-12 19:04:35 +00:00
|
|
|
Network::Network(const RuntimeEnvironment *renv,uint64_t nwid,void *uptr) :
|
2015-04-02 02:09:18 +00:00
|
|
|
RR(renv),
|
2016-01-12 21:17:30 +00:00
|
|
|
_uPtr(uptr),
|
2015-04-02 02:09:18 +00:00
|
|
|
_id(nwid),
|
|
|
|
|
_mac(renv->identity.address(),nwid),
|
2015-04-15 20:09:20 +00:00
|
|
|
_portInitialized(false),
|
2016-08-09 20:14:38 +00:00
|
|
|
_inboundConfigPacketId(0),
|
2015-04-02 02:09:18 +00:00
|
|
|
_lastConfigUpdate(0),
|
|
|
|
|
_destroyed(false),
|
2015-04-06 23:52:52 +00:00
|
|
|
_netconfFailure(NETCONF_FAILURE_NONE),
|
|
|
|
|
_portError(0)
|
2013-08-08 14:41:17 +00:00
|
|
|
{
|
2016-08-09 00:33:26 +00:00
|
|
|
char confn[128];
|
2015-04-02 02:09:18 +00:00
|
|
|
Utils::snprintf(confn,sizeof(confn),"networks.d/%.16llx.conf",_id);
|
2015-10-01 18:11:52 +00:00
|
|
|
|
2016-08-23 16:39:38 +00:00
|
|
|
bool gotConf = false;
|
|
|
|
|
Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> *dconf = new Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY>();
|
|
|
|
|
NetworkConfig *nconf = new NetworkConfig();
|
|
|
|
|
try {
|
|
|
|
|
std::string conf(RR->node->dataStoreGet(confn));
|
|
|
|
|
if (conf.length()) {
|
|
|
|
|
dconf->load(conf.c_str());
|
2016-08-23 18:52:10 +00:00
|
|
|
if (nconf->fromDictionary(*dconf)) {
|
2016-08-23 16:39:38 +00:00
|
|
|
this->setConfiguration(*nconf,false);
|
|
|
|
|
_lastConfigUpdate = 0; // we still want to re-request a new config from the network
|
|
|
|
|
gotConf = true;
|
2015-04-02 02:09:18 +00:00
|
|
|
}
|
|
|
|
|
}
|
2016-08-23 16:39:38 +00:00
|
|
|
} catch ( ... ) {} // ignore invalids, we'll re-request
|
|
|
|
|
delete nconf;
|
|
|
|
|
delete dconf;
|
|
|
|
|
|
|
|
|
|
if (!gotConf) {
|
|
|
|
|
// Save a one-byte CR to persist membership while we request a real netconf
|
|
|
|
|
RR->node->dataStorePut(confn,"\n",1,false);
|
2013-08-08 14:41:17 +00:00
|
|
|
}
|
2015-04-02 02:09:18 +00:00
|
|
|
|
2015-04-15 20:09:20 +00:00
|
|
|
if (!_portInitialized) {
|
2015-09-24 23:21:36 +00:00
|
|
|
ZT_VirtualNetworkConfig ctmp;
|
2015-04-15 20:09:20 +00:00
|
|
|
_externalConfig(&ctmp);
|
2016-01-12 21:17:30 +00:00
|
|
|
_portError = RR->node->configureVirtualNetworkPort(_id,&_uPtr,ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_UP,&ctmp);
|
2015-04-15 20:09:20 +00:00
|
|
|
_portInitialized = true;
|
|
|
|
|
}
|
2013-08-08 14:41:17 +00:00
|
|
|
}
|
|
|
|
|
|
2013-08-06 05:28:56 +00:00
|
|
|
Network::~Network()
|
|
|
|
|
{
|
2015-09-24 23:21:36 +00:00
|
|
|
ZT_VirtualNetworkConfig ctmp;
|
2015-04-07 01:27:24 +00:00
|
|
|
_externalConfig(&ctmp);
|
2015-04-06 23:52:52 +00:00
|
|
|
|
2015-04-02 02:15:21 +00:00
|
|
|
char n[128];
|
2014-08-22 00:49:05 +00:00
|
|
|
if (_destroyed) {
|
2016-01-12 21:17:30 +00:00
|
|
|
RR->node->configureVirtualNetworkPort(_id,&_uPtr,ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_DESTROY,&ctmp);
|
2015-04-02 02:09:18 +00:00
|
|
|
Utils::snprintf(n,sizeof(n),"networks.d/%.16llx.conf",_id);
|
|
|
|
|
RR->node->dataStoreDelete(n);
|
2013-08-06 05:28:56 +00:00
|
|
|
} else {
|
2016-01-12 21:17:30 +00:00
|
|
|
RR->node->configureVirtualNetworkPort(_id,&_uPtr,ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_DOWN,&ctmp);
|
2013-08-06 05:28:56 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-05 22:02:01 +00:00
|
|
|
bool Network::filterOutgoingPacket(
|
|
|
|
|
const Address &ztSource,
|
|
|
|
|
const Address &ztDest,
|
|
|
|
|
const MAC &macSource,
|
|
|
|
|
const MAC &macDest,
|
|
|
|
|
const uint8_t *frameData,
|
|
|
|
|
const unsigned int frameLen,
|
|
|
|
|
const unsigned int etherType,
|
|
|
|
|
const unsigned int vlanId)
|
|
|
|
|
{
|
|
|
|
|
uint32_t remoteTagIds[ZT_MAX_NETWORK_TAGS];
|
|
|
|
|
uint32_t remoteTagValues[ZT_MAX_NETWORK_TAGS];
|
|
|
|
|
const Tag *relevantLocalTags[ZT_MAX_NETWORK_TAGS];
|
|
|
|
|
unsigned int relevantLocalTagCount = 0;
|
|
|
|
|
|
|
|
|
|
Mutex::Lock _l(_lock);
|
|
|
|
|
|
|
|
|
|
Membership &m = _memberships[ztDest];
|
|
|
|
|
const unsigned int remoteTagCount = m.getAllTags(_config,remoteTagIds,remoteTagValues,ZT_MAX_NETWORK_TAGS);
|
|
|
|
|
|
2016-08-23 01:06:46 +00:00
|
|
|
switch(_doZtFilter(RR,_config,false,ztSource,ztDest,macSource,macDest,frameData,frameLen,etherType,vlanId,_config.rules,_config.ruleCount,_config.tags,_config.tagCount,remoteTagIds,remoteTagValues,remoteTagCount,relevantLocalTags,relevantLocalTagCount)) {
|
2016-08-08 23:50:00 +00:00
|
|
|
case -1:
|
|
|
|
|
return false;
|
|
|
|
|
case 1:
|
|
|
|
|
m.sendCredentialsIfNeeded(RR,RR->node->now(),ztDest,_config.com,(const Capability *)0,relevantLocalTags,relevantLocalTagCount);
|
|
|
|
|
return true;
|
2016-08-05 22:02:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for(unsigned int c=0;c<_config.capabilityCount;++c) {
|
|
|
|
|
relevantLocalTagCount = 0;
|
2016-08-23 01:06:46 +00:00
|
|
|
switch (_doZtFilter(RR,_config,false,ztSource,ztDest,macSource,macDest,frameData,frameLen,etherType,vlanId,_config.capabilities[c].rules(),_config.capabilities[c].ruleCount(),_config.tags,_config.tagCount,remoteTagIds,remoteTagValues,remoteTagCount,relevantLocalTags,relevantLocalTagCount)) {
|
2016-08-08 23:50:00 +00:00
|
|
|
case -1:
|
|
|
|
|
return false;
|
|
|
|
|
case 1:
|
|
|
|
|
m.sendCredentialsIfNeeded(RR,RR->node->now(),ztDest,_config.com,&(_config.capabilities[c]),relevantLocalTags,relevantLocalTagCount);
|
|
|
|
|
return true;
|
2016-08-05 22:02:01 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool Network::filterIncomingPacket(
|
|
|
|
|
const SharedPtr<Peer> &sourcePeer,
|
|
|
|
|
const Address &ztDest,
|
|
|
|
|
const MAC &macSource,
|
|
|
|
|
const MAC &macDest,
|
|
|
|
|
const uint8_t *frameData,
|
|
|
|
|
const unsigned int frameLen,
|
|
|
|
|
const unsigned int etherType,
|
|
|
|
|
const unsigned int vlanId)
|
|
|
|
|
{
|
2016-08-05 22:55:38 +00:00
|
|
|
uint32_t remoteTagIds[ZT_MAX_NETWORK_TAGS];
|
|
|
|
|
uint32_t remoteTagValues[ZT_MAX_NETWORK_TAGS];
|
|
|
|
|
const Tag *relevantLocalTags[ZT_MAX_NETWORK_TAGS];
|
|
|
|
|
unsigned int relevantLocalTagCount = 0;
|
|
|
|
|
|
|
|
|
|
Mutex::Lock _l(_lock);
|
|
|
|
|
|
|
|
|
|
Membership &m = _memberships[ztDest];
|
|
|
|
|
const unsigned int remoteTagCount = m.getAllTags(_config,remoteTagIds,remoteTagValues,ZT_MAX_NETWORK_TAGS);
|
|
|
|
|
|
2016-08-23 01:06:46 +00:00
|
|
|
switch (_doZtFilter(RR,_config,true,sourcePeer->address(),ztDest,macSource,macDest,frameData,frameLen,etherType,vlanId,_config.rules,_config.ruleCount,_config.tags,_config.tagCount,remoteTagIds,remoteTagValues,remoteTagCount,relevantLocalTags,relevantLocalTagCount)) {
|
2016-08-08 23:50:00 +00:00
|
|
|
case -1:
|
|
|
|
|
return false;
|
|
|
|
|
case 1:
|
|
|
|
|
return true;
|
2016-08-05 22:55:38 +00:00
|
|
|
}
|
|
|
|
|
|
2016-08-08 23:50:00 +00:00
|
|
|
Membership::CapabilityIterator mci(m);
|
|
|
|
|
const Capability *c;
|
2016-08-23 01:06:46 +00:00
|
|
|
while ((c = mci.next(_config))) {
|
2016-08-08 23:50:00 +00:00
|
|
|
relevantLocalTagCount = 0;
|
2016-08-23 01:06:46 +00:00
|
|
|
switch(_doZtFilter(RR,_config,false,sourcePeer->address(),ztDest,macSource,macDest,frameData,frameLen,etherType,vlanId,c->rules(),c->ruleCount(),_config.tags,_config.tagCount,remoteTagIds,remoteTagValues,remoteTagCount,relevantLocalTags,relevantLocalTagCount)) {
|
2016-08-08 23:50:00 +00:00
|
|
|
case -1:
|
|
|
|
|
return false;
|
|
|
|
|
case 1:
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-08-05 22:55:38 +00:00
|
|
|
|
|
|
|
|
return false;
|
2016-08-05 22:02:01 +00:00
|
|
|
}
|
|
|
|
|
|
2015-04-07 02:41:55 +00:00
|
|
|
bool Network::subscribedToMulticastGroup(const MulticastGroup &mg,bool includeBridgedGroups) const
|
|
|
|
|
{
|
|
|
|
|
Mutex::Lock _l(_lock);
|
|
|
|
|
if (std::binary_search(_myMulticastGroups.begin(),_myMulticastGroups.end(),mg))
|
|
|
|
|
return true;
|
|
|
|
|
else if (includeBridgedGroups)
|
2015-09-04 20:42:19 +00:00
|
|
|
return _multicastGroupsBehindMe.contains(mg);
|
2015-04-07 02:41:55 +00:00
|
|
|
else return false;
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-07 01:27:24 +00:00
|
|
|
void Network::multicastSubscribe(const MulticastGroup &mg)
|
2014-06-13 21:06:34 +00:00
|
|
|
{
|
2015-04-15 20:09:20 +00:00
|
|
|
{
|
|
|
|
|
Mutex::Lock _l(_lock);
|
|
|
|
|
if (std::binary_search(_myMulticastGroups.begin(),_myMulticastGroups.end(),mg))
|
|
|
|
|
return;
|
|
|
|
|
_myMulticastGroups.push_back(mg);
|
|
|
|
|
std::sort(_myMulticastGroups.begin(),_myMulticastGroups.end());
|
|
|
|
|
}
|
2015-04-08 02:35:16 +00:00
|
|
|
_announceMulticastGroups();
|
2015-04-07 01:27:24 +00:00
|
|
|
}
|
2014-10-04 01:27:42 +00:00
|
|
|
|
2015-04-07 01:27:24 +00:00
|
|
|
void Network::multicastUnsubscribe(const MulticastGroup &mg)
|
|
|
|
|
{
|
2015-04-07 01:28:18 +00:00
|
|
|
Mutex::Lock _l(_lock);
|
|
|
|
|
std::vector<MulticastGroup> nmg;
|
|
|
|
|
for(std::vector<MulticastGroup>::const_iterator i(_myMulticastGroups.begin());i!=_myMulticastGroups.end();++i) {
|
|
|
|
|
if (*i != mg)
|
|
|
|
|
nmg.push_back(*i);
|
2014-10-04 01:27:42 +00:00
|
|
|
}
|
2015-04-07 01:28:18 +00:00
|
|
|
if (nmg.size() != _myMulticastGroups.size())
|
|
|
|
|
_myMulticastGroups.swap(nmg);
|
2015-04-07 01:27:24 +00:00
|
|
|
}
|
2014-10-04 01:27:42 +00:00
|
|
|
|
2015-10-01 18:37:02 +00:00
|
|
|
bool Network::tryAnnounceMulticastGroupsTo(const SharedPtr<Peer> &peer)
|
|
|
|
|
{
|
|
|
|
|
Mutex::Lock _l(_lock);
|
2015-10-23 21:50:07 +00:00
|
|
|
if (
|
|
|
|
|
(_isAllowed(peer)) ||
|
|
|
|
|
(peer->address() == this->controller()) ||
|
2016-08-04 19:14:13 +00:00
|
|
|
(RR->topology->isUpstream(peer->identity()))
|
2015-10-23 21:50:07 +00:00
|
|
|
) {
|
2016-04-19 19:09:35 +00:00
|
|
|
_announceMulticastGroupsTo(peer,_allMulticastGroups());
|
2015-10-23 21:50:07 +00:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
2015-10-01 18:37:02 +00:00
|
|
|
}
|
|
|
|
|
|
2016-04-12 19:11:34 +00:00
|
|
|
bool Network::applyConfiguration(const NetworkConfig &conf)
|
2013-07-29 17:56:20 +00:00
|
|
|
{
|
2015-04-15 20:09:20 +00:00
|
|
|
if (_destroyed) // sanity check
|
2014-08-22 00:49:05 +00:00
|
|
|
return false;
|
2013-09-04 13:27:56 +00:00
|
|
|
try {
|
2016-05-06 23:13:11 +00:00
|
|
|
if ((conf.networkId == _id)&&(conf.issuedTo == RR->identity.address())) {
|
2015-09-24 23:21:36 +00:00
|
|
|
ZT_VirtualNetworkConfig ctmp;
|
2015-04-15 20:09:20 +00:00
|
|
|
bool portInitialized;
|
|
|
|
|
{
|
|
|
|
|
Mutex::Lock _l(_lock);
|
|
|
|
|
_config = conf;
|
|
|
|
|
_lastConfigUpdate = RR->node->now();
|
|
|
|
|
_netconfFailure = NETCONF_FAILURE_NONE;
|
|
|
|
|
_externalConfig(&ctmp);
|
|
|
|
|
portInitialized = _portInitialized;
|
|
|
|
|
_portInitialized = true;
|
|
|
|
|
}
|
2016-01-12 21:17:30 +00:00
|
|
|
_portError = RR->node->configureVirtualNetworkPort(_id,&_uPtr,(portInitialized) ? ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_CONFIG_UPDATE : ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_UP,&ctmp);
|
2014-01-28 07:13:36 +00:00
|
|
|
return true;
|
2013-10-18 16:01:48 +00:00
|
|
|
} else {
|
2015-04-08 23:49:21 +00:00
|
|
|
TRACE("ignored invalid configuration for network %.16llx (configuration contains mismatched network ID or issued-to address)",(unsigned long long)_id);
|
2013-08-06 04:05:39 +00:00
|
|
|
}
|
2013-10-18 16:01:48 +00:00
|
|
|
} catch (std::exception &exc) {
|
2015-04-08 23:49:21 +00:00
|
|
|
TRACE("ignored invalid configuration for network %.16llx (%s)",(unsigned long long)_id,exc.what());
|
2013-09-04 13:27:56 +00:00
|
|
|
} catch ( ... ) {
|
2015-04-08 23:49:21 +00:00
|
|
|
TRACE("ignored invalid configuration for network %.16llx (unknown exception)",(unsigned long long)_id);
|
2013-07-30 15:14:53 +00:00
|
|
|
}
|
2014-01-28 07:13:36 +00:00
|
|
|
return false;
|
2013-07-29 17:56:20 +00:00
|
|
|
}
|
|
|
|
|
|
2016-06-16 19:28:43 +00:00
|
|
|
int Network::setConfiguration(const NetworkConfig &nconf,bool saveToDisk)
|
2014-10-03 23:14:34 +00:00
|
|
|
{
|
|
|
|
|
try {
|
2015-01-06 01:47:59 +00:00
|
|
|
{
|
|
|
|
|
Mutex::Lock _l(_lock);
|
2016-06-16 19:28:43 +00:00
|
|
|
if (_config == nconf)
|
2015-01-09 21:35:20 +00:00
|
|
|
return 1; // OK config, but duplicate of what we already have
|
2015-01-06 01:47:59 +00:00
|
|
|
}
|
2016-06-16 19:28:43 +00:00
|
|
|
if (applyConfiguration(nconf)) {
|
2014-10-03 23:14:34 +00:00
|
|
|
if (saveToDisk) {
|
2016-06-16 19:28:43 +00:00
|
|
|
char n[64];
|
2015-04-02 02:09:18 +00:00
|
|
|
Utils::snprintf(n,sizeof(n),"networks.d/%.16llx.conf",_id);
|
2016-06-21 14:32:58 +00:00
|
|
|
Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> d;
|
2016-06-16 19:28:43 +00:00
|
|
|
if (nconf.toDictionary(d,false))
|
|
|
|
|
RR->node->dataStorePut(n,(const void *)d.data(),d.sizeBytes(),true);
|
2014-10-03 23:14:34 +00:00
|
|
|
}
|
2015-01-06 01:47:59 +00:00
|
|
|
return 2; // OK and configuration has changed
|
2014-10-03 23:14:34 +00:00
|
|
|
}
|
|
|
|
|
} catch ( ... ) {
|
2016-04-26 15:20:03 +00:00
|
|
|
TRACE("ignored invalid configuration for network %.16llx",(unsigned long long)_id);
|
2014-10-03 23:14:34 +00:00
|
|
|
}
|
2015-01-06 01:47:59 +00:00
|
|
|
return 0;
|
2014-10-03 23:14:34 +00:00
|
|
|
}
|
|
|
|
|
|
2016-08-09 20:14:38 +00:00
|
|
|
void Network::handleInboundConfigChunk(const uint64_t inRePacketId,const void *data,unsigned int chunkSize,unsigned int chunkIndex,unsigned int totalSize)
|
|
|
|
|
{
|
|
|
|
|
std::string newConfig;
|
2016-08-10 20:41:22 +00:00
|
|
|
if ((_inboundConfigPacketId == inRePacketId)&&(totalSize < ZT_NETWORKCONFIG_DICT_CAPACITY)&&((chunkIndex + chunkSize) <= totalSize)) {
|
2016-08-09 20:14:38 +00:00
|
|
|
Mutex::Lock _l(_lock);
|
2016-08-10 20:41:22 +00:00
|
|
|
|
2016-08-09 20:14:38 +00:00
|
|
|
_inboundConfigChunks[chunkIndex].append((const char *)data,chunkSize);
|
2016-08-10 20:41:22 +00:00
|
|
|
|
2016-08-09 20:14:38 +00:00
|
|
|
unsigned int totalWeHave = 0;
|
|
|
|
|
for(std::map<unsigned int,std::string>::iterator c(_inboundConfigChunks.begin());c!=_inboundConfigChunks.end();++c)
|
|
|
|
|
totalWeHave += (unsigned int)c->second.length();
|
2016-08-10 20:41:22 +00:00
|
|
|
|
2016-08-09 20:14:38 +00:00
|
|
|
if (totalWeHave == totalSize) {
|
|
|
|
|
TRACE("have all chunks for network config request %.16llx, assembling...",inRePacketId);
|
|
|
|
|
for(std::map<unsigned int,std::string>::iterator c(_inboundConfigChunks.begin());c!=_inboundConfigChunks.end();++c)
|
|
|
|
|
newConfig.append(c->second);
|
|
|
|
|
_inboundConfigPacketId = 0;
|
|
|
|
|
_inboundConfigChunks.clear();
|
|
|
|
|
} else if (totalWeHave > totalSize) {
|
|
|
|
|
_inboundConfigPacketId = 0;
|
|
|
|
|
_inboundConfigChunks.clear();
|
|
|
|
|
}
|
2016-08-10 20:41:22 +00:00
|
|
|
} else {
|
|
|
|
|
return;
|
2016-08-09 20:14:38 +00:00
|
|
|
}
|
|
|
|
|
|
2016-08-10 20:41:22 +00:00
|
|
|
if ((newConfig.length() > 0)&&(newConfig.length() < ZT_NETWORKCONFIG_DICT_CAPACITY)) {
|
|
|
|
|
Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> *dict = new Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY>(newConfig.c_str());
|
|
|
|
|
NetworkConfig *nc = new NetworkConfig();
|
|
|
|
|
try {
|
|
|
|
|
Identity controllerId(RR->topology->getIdentity(this->controller()));
|
|
|
|
|
if (controllerId) {
|
2016-08-23 18:52:10 +00:00
|
|
|
if (nc->fromDictionary(*dict)) {
|
2016-08-10 20:41:22 +00:00
|
|
|
this->setConfiguration(*nc,true);
|
|
|
|
|
} else {
|
|
|
|
|
TRACE("error parsing new config with length %u: deserialization of NetworkConfig failed (certificate error?)",(unsigned int)newConfig.length());
|
2016-08-09 20:14:38 +00:00
|
|
|
}
|
|
|
|
|
}
|
2016-08-10 20:41:22 +00:00
|
|
|
delete nc;
|
|
|
|
|
delete dict;
|
|
|
|
|
} catch ( ... ) {
|
|
|
|
|
TRACE("error parsing new config with length %u: unexpected exception",(unsigned int)newConfig.length());
|
|
|
|
|
delete nc;
|
|
|
|
|
delete dict;
|
|
|
|
|
throw;
|
2016-08-09 20:14:38 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-07-29 17:56:20 +00:00
|
|
|
void Network::requestConfiguration()
|
|
|
|
|
{
|
2016-08-09 15:32:42 +00:00
|
|
|
Dictionary<ZT_NETWORKCONFIG_METADATA_DICT_CAPACITY> rmd;
|
2016-06-16 19:28:43 +00:00
|
|
|
rmd.add(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_VERSION,(uint64_t)ZT_NETWORKCONFIG_VERSION);
|
|
|
|
|
rmd.add(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_PROTOCOL_VERSION,(uint64_t)ZT_PROTO_VERSION);
|
|
|
|
|
rmd.add(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_MAJOR_VERSION,(uint64_t)ZEROTIER_ONE_VERSION_MAJOR);
|
|
|
|
|
rmd.add(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_MINOR_VERSION,(uint64_t)ZEROTIER_ONE_VERSION_MINOR);
|
|
|
|
|
rmd.add(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_REVISION,(uint64_t)ZEROTIER_ONE_VERSION_REVISION);
|
2016-08-04 01:04:08 +00:00
|
|
|
rmd.add(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_MAX_NETWORK_RULES,(uint64_t)ZT_MAX_NETWORK_RULES);
|
2016-08-09 15:32:42 +00:00
|
|
|
rmd.add(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_MAX_NETWORK_CAPABILITIES,(uint64_t)ZT_MAX_NETWORK_CAPABILITIES);
|
2016-08-04 01:04:08 +00:00
|
|
|
rmd.add(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_MAX_CAPABILITY_RULES,(uint64_t)ZT_MAX_CAPABILITY_RULES);
|
2016-08-09 15:32:42 +00:00
|
|
|
rmd.add(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_MAX_NETWORK_TAGS,(uint64_t)ZT_MAX_NETWORK_TAGS);
|
2016-08-23 16:39:38 +00:00
|
|
|
rmd.add(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_FLAGS,(uint64_t)0);
|
2016-06-16 19:28:43 +00:00
|
|
|
|
2014-09-24 20:53:03 +00:00
|
|
|
if (controller() == RR->identity.address()) {
|
2015-04-15 22:12:09 +00:00
|
|
|
if (RR->localNetworkController) {
|
2016-06-16 19:28:43 +00:00
|
|
|
NetworkConfig nconf;
|
|
|
|
|
switch(RR->localNetworkController->doNetworkConfigRequest(InetAddress(),RR->identity,RR->identity,_id,rmd,nconf)) {
|
2016-05-06 23:13:11 +00:00
|
|
|
case NetworkController::NETCONF_QUERY_OK:
|
2016-06-16 19:28:43 +00:00
|
|
|
this->setConfiguration(nconf,true);
|
2016-05-06 23:13:11 +00:00
|
|
|
return;
|
2015-04-15 22:12:09 +00:00
|
|
|
case NetworkController::NETCONF_QUERY_OBJECT_NOT_FOUND:
|
2015-04-02 02:09:18 +00:00
|
|
|
this->setNotFound();
|
|
|
|
|
return;
|
2015-04-15 22:12:09 +00:00
|
|
|
case NetworkController::NETCONF_QUERY_ACCESS_DENIED:
|
2015-04-02 02:09:18 +00:00
|
|
|
this->setAccessDenied();
|
|
|
|
|
return;
|
|
|
|
|
default:
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
this->setNotFound();
|
|
|
|
|
return;
|
|
|
|
|
}
|
2013-08-05 20:06:16 +00:00
|
|
|
}
|
2013-09-24 21:35:05 +00:00
|
|
|
|
2015-04-15 22:12:09 +00:00
|
|
|
TRACE("requesting netconf for network %.16llx from controller %s",(unsigned long long)_id,controller().toString().c_str());
|
2015-07-23 16:50:10 +00:00
|
|
|
|
2014-09-24 20:53:03 +00:00
|
|
|
Packet outp(controller(),RR->identity.address(),Packet::VERB_NETWORK_CONFIG_REQUEST);
|
2013-07-30 15:14:53 +00:00
|
|
|
outp.append((uint64_t)_id);
|
2016-06-16 19:28:43 +00:00
|
|
|
const unsigned int rmdSize = rmd.sizeBytes();
|
|
|
|
|
outp.append((uint16_t)rmdSize);
|
|
|
|
|
outp.append((const void *)rmd.data(),rmdSize);
|
2016-08-10 00:00:01 +00:00
|
|
|
if (_config) {
|
|
|
|
|
outp.append((uint64_t)_config.revision);
|
|
|
|
|
outp.append((uint64_t)_config.timestamp);
|
|
|
|
|
} else {
|
|
|
|
|
outp.append((unsigned char)0,16);
|
|
|
|
|
}
|
2016-06-16 19:28:43 +00:00
|
|
|
outp.compress();
|
2016-08-09 22:45:26 +00:00
|
|
|
RR->sw->send(outp,true);
|
2016-08-09 20:14:38 +00:00
|
|
|
|
|
|
|
|
// Expect replies with this in-re packet ID
|
|
|
|
|
_inboundConfigPacketId = outp.packetId();
|
|
|
|
|
_inboundConfigChunks.clear();
|
2013-07-29 17:56:20 +00:00
|
|
|
}
|
|
|
|
|
|
2013-07-29 21:11:00 +00:00
|
|
|
void Network::clean()
|
|
|
|
|
{
|
2015-04-08 22:26:45 +00:00
|
|
|
const uint64_t now = RR->node->now();
|
2014-09-30 23:28:25 +00:00
|
|
|
Mutex::Lock _l(_lock);
|
2014-08-22 00:49:05 +00:00
|
|
|
|
2014-09-30 23:28:25 +00:00
|
|
|
if (_destroyed)
|
|
|
|
|
return;
|
2014-08-22 00:49:05 +00:00
|
|
|
|
2015-09-04 20:42:19 +00:00
|
|
|
{
|
|
|
|
|
Hashtable< MulticastGroup,uint64_t >::Iterator i(_multicastGroupsBehindMe);
|
|
|
|
|
MulticastGroup *mg = (MulticastGroup *)0;
|
|
|
|
|
uint64_t *ts = (uint64_t *)0;
|
|
|
|
|
while (i.next(mg,ts)) {
|
|
|
|
|
if ((now - *ts) > (ZT_MULTICAST_LIKE_EXPIRE * 2))
|
|
|
|
|
_multicastGroupsBehindMe.erase(*mg);
|
|
|
|
|
}
|
2014-06-13 21:06:34 +00:00
|
|
|
}
|
2016-08-05 22:02:01 +00:00
|
|
|
|
|
|
|
|
{
|
|
|
|
|
Address *a = (Address *)0;
|
|
|
|
|
Membership *m = (Membership *)0;
|
|
|
|
|
Hashtable<Address,Membership>::Iterator i(_memberships);
|
|
|
|
|
while (i.next(a,m)) {
|
|
|
|
|
if ((now - m->clean(now)) > ZT_MEMBERSHIP_EXPIRATION_TIME)
|
|
|
|
|
_memberships.erase(*a);
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-06-13 21:06:34 +00:00
|
|
|
}
|
|
|
|
|
|
2014-09-26 19:23:43 +00:00
|
|
|
void Network::learnBridgeRoute(const MAC &mac,const Address &addr)
|
2013-07-04 20:56:19 +00:00
|
|
|
{
|
2014-09-26 19:23:43 +00:00
|
|
|
Mutex::Lock _l(_lock);
|
|
|
|
|
_remoteBridgeRoutes[mac] = addr;
|
2013-10-16 21:47:26 +00:00
|
|
|
|
2015-09-04 20:53:48 +00:00
|
|
|
// Anti-DOS circuit breaker to prevent nodes from spamming us with absurd numbers of bridge routes
|
2014-09-26 19:23:43 +00:00
|
|
|
while (_remoteBridgeRoutes.size() > ZT_MAX_BRIDGE_ROUTES) {
|
2015-09-04 20:53:48 +00:00
|
|
|
Hashtable< Address,unsigned long > counts;
|
2014-09-26 19:23:43 +00:00
|
|
|
Address maxAddr;
|
|
|
|
|
unsigned long maxCount = 0;
|
2015-09-04 20:53:48 +00:00
|
|
|
|
|
|
|
|
MAC *m = (MAC *)0;
|
|
|
|
|
Address *a = (Address *)0;
|
|
|
|
|
|
|
|
|
|
// Find the address responsible for the most entries
|
|
|
|
|
{
|
|
|
|
|
Hashtable<MAC,Address>::Iterator i(_remoteBridgeRoutes);
|
|
|
|
|
while (i.next(m,a)) {
|
|
|
|
|
const unsigned long c = ++counts[*a];
|
|
|
|
|
if (c > maxCount) {
|
|
|
|
|
maxCount = c;
|
|
|
|
|
maxAddr = *a;
|
|
|
|
|
}
|
2014-09-26 19:23:43 +00:00
|
|
|
}
|
|
|
|
|
}
|
2015-09-04 20:53:48 +00:00
|
|
|
|
|
|
|
|
// Kill this address from our table, since it's most likely spamming us
|
|
|
|
|
{
|
|
|
|
|
Hashtable<MAC,Address>::Iterator i(_remoteBridgeRoutes);
|
|
|
|
|
while (i.next(m,a)) {
|
|
|
|
|
if (*a == maxAddr)
|
|
|
|
|
_remoteBridgeRoutes.erase(*m);
|
|
|
|
|
}
|
2014-09-26 19:23:43 +00:00
|
|
|
}
|
2013-07-04 20:56:19 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-07 01:27:24 +00:00
|
|
|
void Network::learnBridgedMulticastGroup(const MulticastGroup &mg,uint64_t now)
|
|
|
|
|
{
|
|
|
|
|
Mutex::Lock _l(_lock);
|
2015-09-04 20:42:19 +00:00
|
|
|
const unsigned long tmp = (unsigned long)_multicastGroupsBehindMe.size();
|
|
|
|
|
_multicastGroupsBehindMe.set(mg,now);
|
2015-04-07 01:27:24 +00:00
|
|
|
if (tmp != _multicastGroupsBehindMe.size())
|
|
|
|
|
_announceMulticastGroups();
|
|
|
|
|
}
|
|
|
|
|
|
2014-09-26 19:23:43 +00:00
|
|
|
void Network::destroy()
|
|
|
|
|
{
|
|
|
|
|
Mutex::Lock _l(_lock);
|
|
|
|
|
_destroyed = true;
|
2013-10-07 21:00:53 +00:00
|
|
|
}
|
|
|
|
|
|
2015-09-24 23:21:36 +00:00
|
|
|
ZT_VirtualNetworkStatus Network::_status() const
|
2015-04-06 23:52:52 +00:00
|
|
|
{
|
|
|
|
|
// assumes _lock is locked
|
|
|
|
|
if (_portError)
|
2015-09-24 23:21:36 +00:00
|
|
|
return ZT_NETWORK_STATUS_PORT_ERROR;
|
2015-04-06 23:52:52 +00:00
|
|
|
switch(_netconfFailure) {
|
|
|
|
|
case NETCONF_FAILURE_ACCESS_DENIED:
|
2015-09-24 23:21:36 +00:00
|
|
|
return ZT_NETWORK_STATUS_ACCESS_DENIED;
|
2015-04-06 23:52:52 +00:00
|
|
|
case NETCONF_FAILURE_NOT_FOUND:
|
2015-09-24 23:21:36 +00:00
|
|
|
return ZT_NETWORK_STATUS_NOT_FOUND;
|
2015-04-06 23:52:52 +00:00
|
|
|
case NETCONF_FAILURE_NONE:
|
2015-09-24 23:21:36 +00:00
|
|
|
return ((_config) ? ZT_NETWORK_STATUS_OK : ZT_NETWORK_STATUS_REQUESTING_CONFIGURATION);
|
2015-04-06 23:52:52 +00:00
|
|
|
default:
|
2015-09-24 23:21:36 +00:00
|
|
|
return ZT_NETWORK_STATUS_PORT_ERROR;
|
2015-04-06 23:52:52 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-24 23:21:36 +00:00
|
|
|
void Network::_externalConfig(ZT_VirtualNetworkConfig *ec) const
|
2015-04-06 23:52:52 +00:00
|
|
|
{
|
|
|
|
|
// assumes _lock is locked
|
|
|
|
|
ec->nwid = _id;
|
2015-04-14 22:16:04 +00:00
|
|
|
ec->mac = _mac.toInt();
|
2015-04-06 23:52:52 +00:00
|
|
|
if (_config)
|
2016-05-06 23:13:11 +00:00
|
|
|
Utils::scopy(ec->name,sizeof(ec->name),_config.name);
|
2015-04-06 23:52:52 +00:00
|
|
|
else ec->name[0] = (char)0;
|
|
|
|
|
ec->status = _status();
|
2016-04-12 19:11:34 +00:00
|
|
|
ec->type = (_config) ? (_config.isPrivate() ? ZT_NETWORK_TYPE_PRIVATE : ZT_NETWORK_TYPE_PUBLIC) : ZT_NETWORK_TYPE_PRIVATE;
|
2015-04-06 23:52:52 +00:00
|
|
|
ec->mtu = ZT_IF_MTU;
|
|
|
|
|
ec->dhcp = 0;
|
2016-04-12 19:16:29 +00:00
|
|
|
std::vector<Address> ab(_config.activeBridges());
|
|
|
|
|
ec->bridge = ((_config.allowPassiveBridging())||(std::find(ab.begin(),ab.end(),RR->identity.address()) != ab.end())) ? 1 : 0;
|
2016-04-12 19:11:34 +00:00
|
|
|
ec->broadcastEnabled = (_config) ? (_config.enableBroadcast() ? 1 : 0) : 0;
|
2015-04-06 23:52:52 +00:00
|
|
|
ec->portError = _portError;
|
2016-05-06 23:13:11 +00:00
|
|
|
ec->netconfRevision = (_config) ? (unsigned long)_config.revision : 0;
|
2015-04-06 23:52:52 +00:00
|
|
|
|
2016-04-12 19:16:29 +00:00
|
|
|
ec->assignedAddressCount = 0;
|
2016-05-06 23:13:11 +00:00
|
|
|
for(unsigned int i=0;i<ZT_MAX_ZT_ASSIGNED_ADDRESSES;++i) {
|
|
|
|
|
if (i < _config.staticIpCount) {
|
|
|
|
|
memcpy(&(ec->assignedAddresses[i]),&(_config.staticIps[i]),sizeof(struct sockaddr_storage));
|
2016-04-12 19:16:29 +00:00
|
|
|
++ec->assignedAddressCount;
|
2016-05-06 23:13:11 +00:00
|
|
|
} else {
|
|
|
|
|
memset(&(ec->assignedAddresses[i]),0,sizeof(struct sockaddr_storage));
|
|
|
|
|
}
|
2016-04-12 19:16:29 +00:00
|
|
|
}
|
2016-06-07 19:15:19 +00:00
|
|
|
|
|
|
|
|
ec->routeCount = 0;
|
|
|
|
|
for(unsigned int i=0;i<ZT_MAX_NETWORK_ROUTES;++i) {
|
|
|
|
|
if (i < _config.routeCount) {
|
|
|
|
|
memcpy(&(ec->routes[i]),&(_config.routes[i]),sizeof(ZT_VirtualNetworkRoute));
|
|
|
|
|
++ec->routeCount;
|
|
|
|
|
} else {
|
|
|
|
|
memset(&(ec->routes[i]),0,sizeof(ZT_VirtualNetworkRoute));
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-04-06 23:52:52 +00:00
|
|
|
}
|
|
|
|
|
|
2015-10-01 18:11:52 +00:00
|
|
|
bool Network::_isAllowed(const SharedPtr<Peer> &peer) const
|
2015-05-13 23:55:18 +00:00
|
|
|
{
|
|
|
|
|
// Assumes _lock is locked
|
|
|
|
|
try {
|
2016-08-04 17:18:33 +00:00
|
|
|
if (_config) {
|
|
|
|
|
if (_config.isPublic()) {
|
|
|
|
|
return true;
|
|
|
|
|
} else {
|
2016-08-08 23:50:00 +00:00
|
|
|
const Membership *m = _memberships.get(peer->address());
|
|
|
|
|
if (m)
|
2016-08-04 17:18:33 +00:00
|
|
|
return _config.com.agreesWith(m->com());
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-05-13 23:55:18 +00:00
|
|
|
} catch ( ... ) {
|
2016-08-04 17:18:33 +00:00
|
|
|
TRACE("isAllowed() check failed for peer %s: unexpected exception: unexpected exception",peer->address().toString().c_str());
|
2015-05-13 23:55:18 +00:00
|
|
|
}
|
2016-08-04 17:18:33 +00:00
|
|
|
return false;
|
2015-05-13 23:55:18 +00:00
|
|
|
}
|
|
|
|
|
|
2016-04-19 19:09:35 +00:00
|
|
|
class _MulticastAnnounceAll
|
2015-04-07 01:27:24 +00:00
|
|
|
{
|
|
|
|
|
public:
|
2016-04-19 19:09:35 +00:00
|
|
|
_MulticastAnnounceAll(const RuntimeEnvironment *renv,Network *nw) :
|
2015-04-08 22:26:45 +00:00
|
|
|
_now(renv->node->now()),
|
2015-10-23 21:50:07 +00:00
|
|
|
_controller(nw->controller()),
|
2015-04-07 01:27:24 +00:00
|
|
|
_network(nw),
|
2016-05-06 20:29:10 +00:00
|
|
|
_anchors(nw->config().anchors()),
|
2016-08-04 17:18:33 +00:00
|
|
|
_upstreamAddresses(renv->topology->upstreamAddresses())
|
2015-04-07 01:27:24 +00:00
|
|
|
{}
|
2015-10-23 21:50:07 +00:00
|
|
|
inline void operator()(Topology &t,const SharedPtr<Peer> &p)
|
|
|
|
|
{
|
2016-08-04 17:18:33 +00:00
|
|
|
if ( (_network->_isAllowed(p)) || // FIXME: this causes multicast LIKEs for public networks to get spammed, which isn't terrible but is a bit stupid
|
2016-05-06 20:29:10 +00:00
|
|
|
(p->address() == _controller) ||
|
2016-08-04 17:18:33 +00:00
|
|
|
(std::find(_upstreamAddresses.begin(),_upstreamAddresses.end(),p->address()) != _upstreamAddresses.end()) ||
|
2016-05-06 20:29:10 +00:00
|
|
|
(std::find(_anchors.begin(),_anchors.end(),p->address()) != _anchors.end()) ) {
|
2016-04-19 19:09:35 +00:00
|
|
|
peers.push_back(p);
|
2015-10-23 21:50:07 +00:00
|
|
|
}
|
|
|
|
|
}
|
2016-04-19 19:09:35 +00:00
|
|
|
std::vector< SharedPtr<Peer> > peers;
|
2015-04-07 01:27:24 +00:00
|
|
|
private:
|
2016-04-19 19:09:35 +00:00
|
|
|
const uint64_t _now;
|
|
|
|
|
const Address _controller;
|
|
|
|
|
Network *const _network;
|
2016-05-06 20:29:10 +00:00
|
|
|
const std::vector<Address> _anchors;
|
2016-08-04 17:18:33 +00:00
|
|
|
const std::vector<Address> _upstreamAddresses;
|
2015-04-07 01:27:24 +00:00
|
|
|
};
|
|
|
|
|
void Network::_announceMulticastGroups()
|
|
|
|
|
{
|
2015-05-13 23:55:18 +00:00
|
|
|
// Assumes _lock is locked
|
2016-05-06 20:29:10 +00:00
|
|
|
std::vector<MulticastGroup> allMulticastGroups(_allMulticastGroups());
|
2016-04-19 19:09:35 +00:00
|
|
|
_MulticastAnnounceAll gpfunc(RR,this);
|
|
|
|
|
RR->topology->eachPeer<_MulticastAnnounceAll &>(gpfunc);
|
|
|
|
|
for(std::vector< SharedPtr<Peer> >::const_iterator i(gpfunc.peers.begin());i!=gpfunc.peers.end();++i)
|
|
|
|
|
_announceMulticastGroupsTo(*i,allMulticastGroups);
|
2015-10-23 21:50:07 +00:00
|
|
|
}
|
|
|
|
|
|
2016-08-08 23:50:00 +00:00
|
|
|
void Network::_announceMulticastGroupsTo(const SharedPtr<Peer> &peer,const std::vector<MulticastGroup> &allMulticastGroups)
|
2015-10-23 21:50:07 +00:00
|
|
|
{
|
|
|
|
|
// Assumes _lock is locked
|
|
|
|
|
|
2016-08-04 17:18:33 +00:00
|
|
|
// Anyone we announce multicast groups to will need our COM to authenticate GATHER requests.
|
2015-10-23 21:50:07 +00:00
|
|
|
{
|
2016-08-08 23:50:00 +00:00
|
|
|
Membership *m = _memberships.get(peer->address());
|
|
|
|
|
if (m)
|
|
|
|
|
m->sendCredentialsIfNeeded(RR,RR->node->now(),peer->address(),_config.com,(const Capability *)0,(const Tag **)0,0);
|
2016-08-04 17:18:33 +00:00
|
|
|
}
|
2015-10-23 21:50:07 +00:00
|
|
|
|
2016-08-04 17:18:33 +00:00
|
|
|
Packet outp(peer->address(),RR->identity.address(),Packet::VERB_MULTICAST_LIKE);
|
2015-10-23 21:50:07 +00:00
|
|
|
|
2016-08-04 17:18:33 +00:00
|
|
|
for(std::vector<MulticastGroup>::const_iterator mg(allMulticastGroups.begin());mg!=allMulticastGroups.end();++mg) {
|
|
|
|
|
if ((outp.size() + 24) >= ZT_PROTO_MAX_PACKET_LENGTH) {
|
|
|
|
|
outp.compress();
|
2016-08-09 22:45:26 +00:00
|
|
|
RR->sw->send(outp,true);
|
2016-08-04 17:18:33 +00:00
|
|
|
outp.reset(peer->address(),RR->identity.address(),Packet::VERB_MULTICAST_LIKE);
|
2015-10-23 21:50:07 +00:00
|
|
|
}
|
|
|
|
|
|
2016-08-04 17:18:33 +00:00
|
|
|
// network ID, MAC, ADI
|
|
|
|
|
outp.append((uint64_t)_id);
|
|
|
|
|
mg->mac().appendTo(outp);
|
|
|
|
|
outp.append((uint32_t)mg->adi());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (outp.size() > ZT_PROTO_MIN_PACKET_LENGTH) {
|
|
|
|
|
outp.compress();
|
2016-08-09 22:45:26 +00:00
|
|
|
RR->sw->send(outp,true);
|
2015-10-23 21:50:07 +00:00
|
|
|
}
|
2015-04-07 01:27:24 +00:00
|
|
|
}
|
|
|
|
|
|
2015-10-01 18:37:02 +00:00
|
|
|
std::vector<MulticastGroup> Network::_allMulticastGroups() const
|
|
|
|
|
{
|
|
|
|
|
// Assumes _lock is locked
|
2015-10-23 21:50:07 +00:00
|
|
|
|
2015-10-01 18:37:02 +00:00
|
|
|
std::vector<MulticastGroup> mgs;
|
|
|
|
|
mgs.reserve(_myMulticastGroups.size() + _multicastGroupsBehindMe.size() + 1);
|
|
|
|
|
mgs.insert(mgs.end(),_myMulticastGroups.begin(),_myMulticastGroups.end());
|
|
|
|
|
_multicastGroupsBehindMe.appendKeys(mgs);
|
2016-04-12 19:11:34 +00:00
|
|
|
if ((_config)&&(_config.enableBroadcast()))
|
2015-10-01 18:37:02 +00:00
|
|
|
mgs.push_back(Network::BROADCAST);
|
|
|
|
|
std::sort(mgs.begin(),mgs.end());
|
|
|
|
|
mgs.erase(std::unique(mgs.begin(),mgs.end()),mgs.end());
|
2015-10-23 21:50:07 +00:00
|
|
|
|
2015-10-01 18:37:02 +00:00
|
|
|
return mgs;
|
|
|
|
|
}
|
|
|
|
|
|
2013-07-04 20:56:19 +00:00
|
|
|
} // namespace ZeroTier
|
