2013-07-11 20:19:06 +00:00
/*
* ZeroTier One - Global Peer to Peer Ethernet
* Copyright ( C ) 2012 - 2013 ZeroTier Networks LLC
*
* This program is free software : you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation , either version 3 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program . If not , see < http : //www.gnu.org/licenses/>.
*
* - -
*
* ZeroTier may be used and distributed under the terms of the GPLv3 , which
* are available at : http : //www.gnu.org/licenses/gpl-3.0.html
*
* If you would like to embed ZeroTier into a commercial application or
* redistribute it in a modified binary form , please contact ZeroTier Networks
* LLC . Start here : http : //www.zerotier.com/
*/
2013-10-02 17:50:42 +00:00
# include <stdio.h>
# include <string.h>
# include <stdlib.h>
2013-09-13 19:47:00 +00:00
# include "../version.h"
2013-08-02 21:17:34 +00:00
# include "Constants.hpp"
2013-10-01 20:01:36 +00:00
# include "Defaults.hpp"
2013-07-11 20:19:06 +00:00
# include "RuntimeEnvironment.hpp"
# include "Topology.hpp"
# include "PacketDecoder.hpp"
# include "Switch.hpp"
2013-07-11 21:52:04 +00:00
# include "Peer.hpp"
2013-07-12 02:06:25 +00:00
# include "NodeConfig.hpp"
2013-08-02 21:17:34 +00:00
# include "Service.hpp"
2013-10-01 20:01:36 +00:00
# include "Demarc.hpp"
2013-07-11 20:19:06 +00:00
namespace ZeroTier {
bool PacketDecoder : : tryDecode ( const RuntimeEnvironment * _r )
{
2013-07-11 21:52:04 +00:00
if ( ( ! encrypted ( ) ) & & ( verb ( ) = = Packet : : VERB_HELLO ) ) {
// Unencrypted HELLOs are handled here since they are used to
2013-09-25 14:55:27 +00:00
// populate our identity cache in the first place. _doHELLO() is special
// in that it contains its own authentication logic.
2013-07-12 02:06:25 +00:00
TRACE ( " HELLO from %s(%s) " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
2013-07-11 22:15:51 +00:00
return _doHELLO ( _r ) ;
}
2013-07-12 02:06:25 +00:00
SharedPtr < Peer > peer = _r - > topology - > getPeer ( source ( ) ) ;
2013-07-11 21:52:04 +00:00
if ( peer ) {
2013-09-25 14:55:27 +00:00
// Resume saved intermediate decode state?
2013-08-05 16:16:25 +00:00
if ( _step = = DECODE_WAITING_FOR_MULTICAST_FRAME_ORIGINAL_SENDER_LOOKUP ) {
// In this state we have already authenticated and decrypted the
// packet and are waiting for the lookup of the original sender
// for a multicast frame. So check to see if we've got it.
2013-07-12 02:06:25 +00:00
return _doMULTICAST_FRAME ( _r , peer ) ;
2013-10-16 21:47:26 +00:00
} else if ( _step = = DECODE_WAITING_FOR_NETWORK_MEMBERSHIP_CERTIFICATE_SIGNER_LOOKUP ) {
// In this state we have already authenticated and decoded the
// packet and we're waiting for the identity of the cert's signer.
return _doNETWORK_MEMBERSHIP_CERTIFICATE ( _r , peer ) ;
2013-07-12 02:06:25 +00:00
}
2013-09-25 14:55:27 +00:00
if ( ! dearmor ( peer - > key ( ) ) ) {
TRACE ( " dropped packet from %s(%s), MAC authentication failed (size: %u) " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , size ( ) ) ;
2013-07-11 21:52:04 +00:00
return true ;
}
2013-07-11 22:15:51 +00:00
if ( ! uncompress ( ) ) {
2013-07-12 02:06:25 +00:00
TRACE ( " dropped packet from %s(%s), compressed data invalid " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
2013-07-11 21:52:04 +00:00
return true ;
}
2013-07-12 02:06:25 +00:00
Packet : : Verb v = verb ( ) ;
2013-08-05 16:16:25 +00:00
// Once a packet is determined to be basically valid, it can be used
// to passively learn a new network path to the sending peer. It
// also results in statistics updates.
2013-07-12 02:06:25 +00:00
peer - > onReceive ( _r , _localPort , _remoteAddress , hops ( ) , v , Utils : : now ( ) ) ;
2013-07-11 22:15:51 +00:00
2013-07-12 02:06:25 +00:00
switch ( v ) {
2013-07-11 21:52:04 +00:00
case Packet : : VERB_NOP :
2013-07-12 02:06:25 +00:00
TRACE ( " NOP from %s(%s) " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
2013-07-11 22:15:51 +00:00
return true ;
2013-07-11 21:52:04 +00:00
case Packet : : VERB_HELLO :
2013-09-25 14:55:27 +00:00
return _doHELLO ( _r ) ; // legal, but why? :)
2013-07-11 21:52:04 +00:00
case Packet : : VERB_ERROR :
2013-07-12 02:06:25 +00:00
return _doERROR ( _r , peer ) ;
2013-07-11 21:52:04 +00:00
case Packet : : VERB_OK :
2013-07-12 02:06:25 +00:00
return _doOK ( _r , peer ) ;
2013-07-11 21:52:04 +00:00
case Packet : : VERB_WHOIS :
2013-07-12 02:06:25 +00:00
return _doWHOIS ( _r , peer ) ;
2013-07-11 21:52:04 +00:00
case Packet : : VERB_RENDEZVOUS :
2013-07-12 02:06:25 +00:00
return _doRENDEZVOUS ( _r , peer ) ;
2013-07-11 21:52:04 +00:00
case Packet : : VERB_FRAME :
2013-07-12 02:06:25 +00:00
return _doFRAME ( _r , peer ) ;
2013-10-17 10:41:52 +00:00
case Packet : : VERB_BRIDGED_FRAME :
return _doBRIDGED_FRAME ( _r , peer ) ;
2013-07-11 21:52:04 +00:00
case Packet : : VERB_MULTICAST_FRAME :
2013-07-12 02:06:25 +00:00
return _doMULTICAST_FRAME ( _r , peer ) ;
2013-09-27 20:03:13 +00:00
case Packet : : VERB_MULTICAST_LIKE :
return _doMULTICAST_LIKE ( _r , peer ) ;
2013-07-29 20:18:29 +00:00
case Packet : : VERB_NETWORK_MEMBERSHIP_CERTIFICATE :
return _doNETWORK_MEMBERSHIP_CERTIFICATE ( _r , peer ) ;
2013-07-29 17:56:20 +00:00
case Packet : : VERB_NETWORK_CONFIG_REQUEST :
return _doNETWORK_CONFIG_REQUEST ( _r , peer ) ;
case Packet : : VERB_NETWORK_CONFIG_REFRESH :
return _doNETWORK_CONFIG_REFRESH ( _r , peer ) ;
2013-07-11 21:52:04 +00:00
default :
// This might be something from a new or old version of the protocol.
2013-09-16 17:02:10 +00:00
// Technically it passed MAC so the packet is still valid, but we
2013-07-11 21:52:04 +00:00
// ignore it.
2013-07-12 02:06:25 +00:00
TRACE ( " ignored unrecognized verb %.2x from %s(%s) " , ( unsigned int ) v , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
2013-07-11 22:15:51 +00:00
return true ;
2013-07-11 21:52:04 +00:00
}
} else {
2013-08-05 16:16:25 +00:00
_step = DECODE_WAITING_FOR_SENDER_LOOKUP ; // should already be this...
2013-07-12 02:06:25 +00:00
_r - > sw - > requestWhois ( source ( ) ) ;
2013-07-11 21:52:04 +00:00
return false ;
}
2013-07-11 22:15:51 +00:00
}
2013-07-11 21:52:04 +00:00
2013-07-12 02:06:25 +00:00
bool PacketDecoder : : _doERROR ( const RuntimeEnvironment * _r , const SharedPtr < Peer > & peer )
2013-07-11 22:15:51 +00:00
{
try {
2013-07-12 02:06:25 +00:00
Packet : : Verb inReVerb = ( Packet : : Verb ) ( * this ) [ ZT_PROTO_VERB_ERROR_IDX_IN_RE_VERB ] ;
Packet : : ErrorCode errorCode = ( Packet : : ErrorCode ) ( * this ) [ ZT_PROTO_VERB_ERROR_IDX_ERROR_CODE ] ;
TRACE ( " ERROR %s from %s(%s) in-re %s " , Packet : : errorString ( errorCode ) , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , Packet : : verbString ( inReVerb ) ) ;
2013-09-27 20:03:13 +00:00
switch ( errorCode ) {
case Packet : : ERROR_OBJ_NOT_FOUND :
if ( inReVerb = = Packet : : VERB_WHOIS ) {
2013-10-16 21:47:26 +00:00
if ( _r - > topology - > isSupernode ( source ( ) ) )
_r - > sw - > cancelWhoisRequest ( Address ( field ( ZT_PROTO_VERB_ERROR_IDX_PAYLOAD , ZT_ADDRESS_LENGTH ) , ZT_ADDRESS_LENGTH ) ) ;
2013-10-17 09:37:01 +00:00
} else if ( inReVerb = = Packet : : VERB_NETWORK_CONFIG_REQUEST ) {
SharedPtr < Network > network ( _r - > nc - > network ( at < uint64_t > ( ZT_PROTO_VERB_ERROR_IDX_PAYLOAD ) ) ) ;
if ( ( network ) & & ( network - > controller ( ) = = source ( ) ) )
network - > forceStatusTo ( Network : : NETWORK_NOT_FOUND ) ;
2013-09-27 20:03:13 +00:00
}
break ;
case Packet : : ERROR_IDENTITY_COLLISION :
// TODO: if it comes from a supernode, regenerate a new identity
2013-10-16 21:47:26 +00:00
// if (_r->topology->isSupernode(source())) {}
2013-09-27 20:03:13 +00:00
break ;
2013-10-16 21:47:26 +00:00
case Packet : : ERROR_NEED_MEMBERSHIP_CERTIFICATE : {
SharedPtr < Network > network ( _r - > nc - > network ( at < uint64_t > ( ZT_PROTO_VERB_ERROR_IDX_PAYLOAD ) ) ) ;
if ( network )
network - > pushMembershipCertificate ( source ( ) , true , Utils : : now ( ) ) ;
} break ;
2013-10-17 09:37:01 +00:00
case Packet : : ERROR_NETWORK_ACCESS_DENIED : {
SharedPtr < Network > network ( _r - > nc - > network ( at < uint64_t > ( ZT_PROTO_VERB_ERROR_IDX_PAYLOAD ) ) ) ;
if ( ( network ) & & ( network - > controller ( ) = = source ( ) ) )
network - > forceStatusTo ( Network : : NETWORK_ACCESS_DENIED ) ;
} break ;
2013-09-27 20:03:13 +00:00
default :
break ;
}
2013-07-11 22:15:51 +00:00
} catch ( std : : exception & ex ) {
2013-07-12 02:06:25 +00:00
TRACE ( " dropped ERROR from %s(%s): unexpected exception: %s " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , ex . what ( ) ) ;
2013-07-11 22:15:51 +00:00
} catch ( . . . ) {
2013-07-12 02:06:25 +00:00
TRACE ( " dropped ERROR from %s(%s): unexpected exception: (unknown) " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
2013-07-11 22:15:51 +00:00
}
2013-07-12 02:06:25 +00:00
return true ;
2013-07-11 21:52:04 +00:00
}
2013-07-11 22:15:51 +00:00
bool PacketDecoder : : _doHELLO ( const RuntimeEnvironment * _r )
2013-07-11 21:52:04 +00:00
{
try {
2013-10-05 14:19:12 +00:00
unsigned int protoVersion = ( * this ) [ ZT_PROTO_VERB_HELLO_IDX_PROTOCOL_VERSION ] ;
2013-07-12 02:06:25 +00:00
unsigned int vMajor = ( * this ) [ ZT_PROTO_VERB_HELLO_IDX_MAJOR_VERSION ] ;
unsigned int vMinor = ( * this ) [ ZT_PROTO_VERB_HELLO_IDX_MINOR_VERSION ] ;
unsigned int vRevision = at < uint16_t > ( ZT_PROTO_VERB_HELLO_IDX_REVISION ) ;
uint64_t timestamp = at < uint64_t > ( ZT_PROTO_VERB_HELLO_IDX_TIMESTAMP ) ;
Identity id ( * this , ZT_PROTO_VERB_HELLO_IDX_IDENTITY ) ;
2013-07-11 21:52:04 +00:00
2013-10-05 14:19:12 +00:00
if ( protoVersion ! = ZT_PROTO_VERSION ) {
TRACE ( " dropped HELLO from %s(%s): protocol version mismatch (%u, expected %u) " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , protoVersion , ( unsigned int ) ZT_PROTO_VERSION ) ;
2013-07-12 02:06:25 +00:00
return true ;
2013-07-11 21:52:04 +00:00
}
2013-10-05 14:19:12 +00:00
if ( ! id . locallyValidate ( ) ) {
TRACE ( " dropped HELLO from %s(%s): identity invalid " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
2013-07-12 02:06:25 +00:00
return true ;
2013-07-11 21:52:04 +00:00
}
2013-10-21 18:12:00 +00:00
// Do we already have this peer?
2013-10-05 14:19:12 +00:00
SharedPtr < Peer > peer ( _r - > topology - > getPeer ( id . address ( ) ) ) ;
if ( peer ) {
2013-10-21 18:12:00 +00:00
// Check to make sure this isn't a colliding identity (different key,
// but same address). The odds are spectacularly low but it could happen.
// Could also be a sign of someone doing something nasty.
2013-10-05 14:19:12 +00:00
if ( peer - > identity ( ) ! = id ) {
unsigned char key [ ZT_PEER_SECRET_KEY_LENGTH ] ;
if ( _r - > identity . agree ( id , key , ZT_PEER_SECRET_KEY_LENGTH ) ) {
TRACE ( " rejected HELLO from %s(%s): address already claimed " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
Packet outp ( source ( ) , _r - > identity . address ( ) , Packet : : VERB_ERROR ) ;
outp . append ( ( unsigned char ) Packet : : VERB_HELLO ) ;
outp . append ( packetId ( ) ) ;
outp . append ( ( unsigned char ) Packet : : ERROR_IDENTITY_COLLISION ) ;
outp . armor ( key , true ) ;
_r - > demarc - > send ( _localPort , _remoteAddress , outp . data ( ) , outp . size ( ) , - 1 ) ;
}
return true ;
2013-10-16 21:47:26 +00:00
} // else continue and send OK since we already know thee...
} else {
2013-10-21 18:12:00 +00:00
// If we don't have a peer record on file, check the identity cache (if
// we have one) to see if we have a cached identity. Then check that for
// collision before adding a new peer.
Identity alreadyHaveCachedId ( _r - > topology - > getIdentity ( id . address ( ) ) ) ;
if ( ( alreadyHaveCachedId ) & & ( id ! = alreadyHaveCachedId ) ) {
unsigned char key [ ZT_PEER_SECRET_KEY_LENGTH ] ;
if ( _r - > identity . agree ( id , key , ZT_PEER_SECRET_KEY_LENGTH ) ) {
TRACE ( " rejected HELLO from %s(%s): address already claimed " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
Packet outp ( source ( ) , _r - > identity . address ( ) , Packet : : VERB_ERROR ) ;
outp . append ( ( unsigned char ) Packet : : VERB_HELLO ) ;
outp . append ( packetId ( ) ) ;
outp . append ( ( unsigned char ) Packet : : ERROR_IDENTITY_COLLISION ) ;
outp . armor ( key , true ) ;
_r - > demarc - > send ( _localPort , _remoteAddress , outp . data ( ) , outp . size ( ) , - 1 ) ;
}
return true ;
}
// Learn a new peer if it's new. This also adds it to the identity
// cache if that's enabled.
2013-10-16 21:47:26 +00:00
peer = _r - > topology - > addPeer ( SharedPtr < Peer > ( new Peer ( _r - > identity , id ) ) ) ;
}
2013-10-05 14:19:12 +00:00
peer - > onReceive ( _r , _localPort , _remoteAddress , hops ( ) , Packet : : VERB_HELLO , Utils : : now ( ) ) ;
peer - > setRemoteVersion ( vMajor , vMinor , vRevision ) ;
Packet outp ( source ( ) , _r - > identity . address ( ) , Packet : : VERB_OK ) ;
outp . append ( ( unsigned char ) Packet : : VERB_HELLO ) ;
outp . append ( packetId ( ) ) ;
outp . append ( timestamp ) ;
outp . append ( ( unsigned char ) ZT_PROTO_VERSION ) ;
outp . append ( ( unsigned char ) ZEROTIER_ONE_VERSION_MAJOR ) ;
outp . append ( ( unsigned char ) ZEROTIER_ONE_VERSION_MINOR ) ;
outp . append ( ( uint16_t ) ZEROTIER_ONE_VERSION_REVISION ) ;
outp . armor ( peer - > key ( ) , true ) ;
_r - > demarc - > send ( _localPort , _remoteAddress , outp . data ( ) , outp . size ( ) , - 1 ) ;
2013-07-11 21:52:04 +00:00
} catch ( std : : exception & ex ) {
2013-07-12 02:06:25 +00:00
TRACE ( " dropped HELLO from %s(%s): %s " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , ex . what ( ) ) ;
2013-07-11 22:15:51 +00:00
} catch ( . . . ) {
2013-07-12 02:06:25 +00:00
TRACE ( " dropped HELLO from %s(%s): unexpected exception " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
2013-07-11 22:15:51 +00:00
}
2013-07-12 02:06:25 +00:00
return true ;
2013-07-11 22:15:51 +00:00
}
2013-07-12 02:06:25 +00:00
bool PacketDecoder : : _doOK ( const RuntimeEnvironment * _r , const SharedPtr < Peer > & peer )
2013-07-11 22:15:51 +00:00
{
try {
2013-07-12 02:06:25 +00:00
Packet : : Verb inReVerb = ( Packet : : Verb ) ( * this ) [ ZT_PROTO_VERB_OK_IDX_IN_RE_VERB ] ;
2013-10-16 21:47:26 +00:00
//TRACE("%s(%s): OK(%s)",source().toString().c_str(),_remoteAddress.toString().c_str(),Packet::verbString(inReVerb));
2013-07-11 22:15:51 +00:00
switch ( inReVerb ) {
2013-07-12 02:06:25 +00:00
case Packet : : VERB_HELLO : {
2013-07-11 22:15:51 +00:00
// OK from HELLO permits computation of latency.
2013-07-12 02:06:25 +00:00
unsigned int latency = std : : min ( ( unsigned int ) ( Utils : : now ( ) - at < uint64_t > ( ZT_PROTO_VERB_HELLO__OK__IDX_TIMESTAMP ) ) , ( unsigned int ) 0xffff ) ;
2013-09-27 20:03:13 +00:00
unsigned int vMajor = ( * this ) [ ZT_PROTO_VERB_HELLO__OK__IDX_MAJOR_VERSION ] ;
unsigned int vMinor = ( * this ) [ ZT_PROTO_VERB_HELLO__OK__IDX_MINOR_VERSION ] ;
unsigned int vRevision = at < uint16_t > ( ZT_PROTO_VERB_HELLO__OK__IDX_REVISION ) ;
TRACE ( " %s(%s): OK(HELLO), latency: %u, version %u.%u.%u " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , latency , vMajor , vMinor , vRevision ) ;
2013-07-12 02:06:25 +00:00
peer - > setLatency ( _remoteAddress , latency ) ;
2013-09-27 20:03:13 +00:00
peer - > setRemoteVersion ( vMajor , vMinor , vRevision ) ;
2013-07-12 02:06:25 +00:00
} break ;
2013-08-05 16:16:25 +00:00
case Packet : : VERB_WHOIS : {
2013-10-05 14:19:12 +00:00
// Right now only supernodes are allowed to send OK(WHOIS) to prevent
// poisoning attacks. Further decentralization will require some other
// kind of trust mechanism.
2013-08-05 16:16:25 +00:00
if ( _r - > topology - > isSupernode ( source ( ) ) ) {
2013-10-05 14:19:12 +00:00
Identity id ( * this , ZT_PROTO_VERB_WHOIS__OK__IDX_IDENTITY ) ;
if ( id . locallyValidate ( ) )
_r - > sw - > doAnythingWaitingForPeer ( _r - > topology - > addPeer ( SharedPtr < Peer > ( new Peer ( _r - > identity , id ) ) ) ) ;
2013-08-05 16:16:25 +00:00
}
} break ;
2013-08-03 16:53:46 +00:00
case Packet : : VERB_NETWORK_CONFIG_REQUEST : {
SharedPtr < Network > nw ( _r - > nc - > network ( at < uint64_t > ( ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST__OK__IDX_NETWORK_ID ) ) ) ;
if ( ( nw ) & & ( nw - > controller ( ) = = source ( ) ) ) {
2013-08-23 14:54:45 +00:00
// OK(NETWORK_CONFIG_REQUEST) is only accepted from a network's
// controller.
2013-08-03 16:53:46 +00:00
unsigned int dictlen = at < uint16_t > ( ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST__OK__IDX_DICT_LEN ) ;
std : : string dict ( ( const char * ) field ( ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST__OK__IDX_DICT , dictlen ) , dictlen ) ;
if ( dict . length ( ) ) {
2013-10-18 17:20:34 +00:00
nw - > setConfiguration ( Dictionary ( dict ) ) ;
2013-09-11 20:49:01 +00:00
TRACE ( " got network configuration for network %.16llx from %s " , ( unsigned long long ) nw - > id ( ) , source ( ) . toString ( ) . c_str ( ) ) ;
2013-08-03 16:53:46 +00:00
}
}
} break ;
2013-10-16 21:47:26 +00:00
default : break ;
2013-07-11 22:15:51 +00:00
}
} catch ( std : : exception & ex ) {
2013-07-12 02:06:25 +00:00
TRACE ( " dropped OK from %s(%s): unexpected exception: %s " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , ex . what ( ) ) ;
2013-07-11 22:15:51 +00:00
} catch ( . . . ) {
2013-07-12 02:06:25 +00:00
TRACE ( " dropped OK from %s(%s): unexpected exception: (unknown) " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
2013-07-11 22:15:51 +00:00
}
2013-07-12 02:06:25 +00:00
return true ;
2013-07-11 22:15:51 +00:00
}
2013-07-12 02:06:25 +00:00
bool PacketDecoder : : _doWHOIS ( const RuntimeEnvironment * _r , const SharedPtr < Peer > & peer )
2013-07-11 22:15:51 +00:00
{
2013-07-12 02:06:25 +00:00
if ( payloadLength ( ) = = ZT_ADDRESS_LENGTH ) {
2013-10-21 18:22:02 +00:00
Identity id ( _r - > topology - > getIdentity ( Address ( payload ( ) , ZT_ADDRESS_LENGTH ) ) ) ;
if ( id ) {
2013-07-12 02:06:25 +00:00
Packet outp ( source ( ) , _r - > identity . address ( ) , Packet : : VERB_OK ) ;
2013-07-11 22:15:51 +00:00
outp . append ( ( unsigned char ) Packet : : VERB_WHOIS ) ;
2013-07-12 02:06:25 +00:00
outp . append ( packetId ( ) ) ;
2013-10-21 18:22:02 +00:00
id . serialize ( outp , false ) ;
2013-09-27 20:03:13 +00:00
outp . armor ( peer - > key ( ) , true ) ;
2013-07-12 02:06:25 +00:00
_r - > demarc - > send ( _localPort , _remoteAddress , outp . data ( ) , outp . size ( ) , - 1 ) ;
2013-10-03 18:38:07 +00:00
//TRACE("sent WHOIS response to %s for %s",source().toString().c_str(),Address(payload(),ZT_ADDRESS_LENGTH).toString().c_str());
2013-07-11 22:15:51 +00:00
} else {
2013-07-12 02:06:25 +00:00
Packet outp ( source ( ) , _r - > identity . address ( ) , Packet : : VERB_ERROR ) ;
2013-07-11 22:15:51 +00:00
outp . append ( ( unsigned char ) Packet : : VERB_WHOIS ) ;
2013-07-12 02:06:25 +00:00
outp . append ( packetId ( ) ) ;
2013-08-13 01:25:36 +00:00
outp . append ( ( unsigned char ) Packet : : ERROR_OBJ_NOT_FOUND ) ;
2013-07-12 02:06:25 +00:00
outp . append ( payload ( ) , ZT_ADDRESS_LENGTH ) ;
2013-09-27 20:03:13 +00:00
outp . armor ( peer - > key ( ) , true ) ;
2013-07-12 02:06:25 +00:00
_r - > demarc - > send ( _localPort , _remoteAddress , outp . data ( ) , outp . size ( ) , - 1 ) ;
2013-10-03 18:38:07 +00:00
//TRACE("sent WHOIS ERROR to %s for %s (not found)",source().toString().c_str(),Address(payload(),ZT_ADDRESS_LENGTH).toString().c_str());
2013-07-11 22:15:51 +00:00
}
} else {
2013-07-12 02:06:25 +00:00
TRACE ( " dropped WHOIS from %s(%s): missing or invalid address " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
2013-07-11 22:15:51 +00:00
}
2013-07-12 02:06:25 +00:00
return true ;
2013-07-11 22:15:51 +00:00
}
2013-07-12 02:06:25 +00:00
bool PacketDecoder : : _doRENDEZVOUS ( const RuntimeEnvironment * _r , const SharedPtr < Peer > & peer )
2013-07-11 22:15:51 +00:00
{
try {
2013-08-06 14:39:20 +00:00
/*
* At the moment , we only obey RENDEZVOUS if it comes from a designated
* supernode . If relay offloading is implemented to scale the net , this
* will need reconsideration .
*
* The reason is that RENDEZVOUS could technically be used to cause a
* peer to send a weird encrypted UDP packet to an arbitrary IP : port .
* The sender of RENDEZVOUS has no control over the content of this
* packet , but it ' s still maybe something we want to not allow just
* anyone to order due to possible DDOS or network forensic implications .
* So if we diversify relays , we ' ll need some way of deciding whether the
2013-08-23 14:54:45 +00:00
* sender is someone we should trust with a RENDEZVOUS hint .
2013-08-06 14:39:20 +00:00
*/
2013-08-05 16:16:25 +00:00
if ( _r - > topology - > isSupernode ( source ( ) ) ) {
Address with ( field ( ZT_PROTO_VERB_RENDEZVOUS_IDX_ZTADDRESS , ZT_ADDRESS_LENGTH ) , ZT_ADDRESS_LENGTH ) ;
SharedPtr < Peer > withPeer ( _r - > topology - > getPeer ( with ) ) ;
if ( withPeer ) {
unsigned int port = at < uint16_t > ( ZT_PROTO_VERB_RENDEZVOUS_IDX_PORT ) ;
unsigned int addrlen = ( * this ) [ ZT_PROTO_VERB_RENDEZVOUS_IDX_ADDRLEN ] ;
if ( ( port > 0 ) & & ( ( addrlen = = 4 ) | | ( addrlen = = 16 ) ) ) {
InetAddress atAddr ( field ( ZT_PROTO_VERB_RENDEZVOUS_IDX_ADDRESS , addrlen ) , addrlen , port ) ;
TRACE ( " RENDEZVOUS from %s says %s might be at %s, starting NAT-t " , source ( ) . toString ( ) . c_str ( ) , with . toString ( ) . c_str ( ) , atAddr . toString ( ) . c_str ( ) ) ;
_r - > sw - > contact ( withPeer , atAddr ) ;
} else {
TRACE ( " dropped corrupt RENDEZVOUS from %s(%s) (bad address or port) " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
}
2013-07-11 22:15:51 +00:00
} else {
2013-08-05 16:16:25 +00:00
TRACE ( " ignored RENDEZVOUS from %s(%s) to meet unknown peer %s " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , with . toString ( ) . c_str ( ) ) ;
2013-07-11 22:15:51 +00:00
}
} else {
2013-08-05 16:16:25 +00:00
TRACE ( " ignored RENDEZVOUS from %s(%s): source not supernode " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
2013-07-11 22:15:51 +00:00
}
} catch ( std : : exception & ex ) {
2013-07-12 02:06:25 +00:00
TRACE ( " dropped RENDEZVOUS from %s(%s): %s " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , ex . what ( ) ) ;
2013-07-11 22:15:51 +00:00
} catch ( . . . ) {
2013-07-12 02:06:25 +00:00
TRACE ( " dropped RENDEZVOUS from %s(%s): unexpected exception " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
2013-07-11 22:15:51 +00:00
}
2013-07-12 02:06:25 +00:00
return true ;
2013-07-11 22:15:51 +00:00
}
2013-07-12 02:06:25 +00:00
bool PacketDecoder : : _doFRAME ( const RuntimeEnvironment * _r , const SharedPtr < Peer > & peer )
2013-07-11 22:15:51 +00:00
{
try {
2013-07-12 02:06:25 +00:00
SharedPtr < Network > network ( _r - > nc - > network ( at < uint64_t > ( ZT_PROTO_VERB_FRAME_IDX_NETWORK_ID ) ) ) ;
2013-07-11 22:15:51 +00:00
if ( network ) {
2013-07-12 02:06:25 +00:00
if ( network - > isAllowed ( source ( ) ) ) {
unsigned int etherType = at < uint16_t > ( ZT_PROTO_VERB_FRAME_IDX_ETHERTYPE ) ;
2013-10-18 17:20:34 +00:00
if ( network - > config ( ) - > permitsEtherType ( etherType ) ) {
2013-07-12 02:06:25 +00:00
network - > tap ( ) . put ( source ( ) . toMAC ( ) , network - > tap ( ) . mac ( ) , etherType , data ( ) + ZT_PROTO_VERB_FRAME_IDX_PAYLOAD , size ( ) - ZT_PROTO_VERB_FRAME_IDX_PAYLOAD ) ;
2013-08-28 20:01:27 +00:00
} else if ( size ( ) > ZT_PROTO_VERB_FRAME_IDX_PAYLOAD ) {
TRACE ( " dropped FRAME from %s: ethernet type %u not allowed on network %.16llx " , source ( ) . toString ( ) . c_str ( ) , etherType , ( unsigned long long ) network - > id ( ) ) ;
2013-07-11 22:15:51 +00:00
}
2013-09-27 20:03:13 +00:00
// Source moves "closer" to us in multicast propagation priority when
// we receive unicast frames from it. This is called "implicit social
// ordering" in other docs.
_r - > mc - > bringCloser ( network - > id ( ) , source ( ) ) ;
2013-07-11 22:15:51 +00:00
} else {
2013-07-12 02:06:25 +00:00
TRACE ( " dropped FRAME from %s(%s): not a member of closed network %llu " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , network - > id ( ) ) ;
2013-09-27 20:03:13 +00:00
Packet outp ( source ( ) , _r - > identity . address ( ) , Packet : : VERB_ERROR ) ;
outp . append ( ( unsigned char ) Packet : : VERB_FRAME ) ;
outp . append ( packetId ( ) ) ;
2013-10-07 19:21:40 +00:00
outp . append ( ( unsigned char ) Packet : : ERROR_NEED_MEMBERSHIP_CERTIFICATE ) ;
2013-09-27 20:03:13 +00:00
outp . append ( network - > id ( ) ) ;
outp . armor ( peer - > key ( ) , true ) ;
_r - > demarc - > send ( _localPort , _remoteAddress , outp . data ( ) , outp . size ( ) , - 1 ) ;
2013-07-11 22:15:51 +00:00
}
} else {
2013-07-12 02:06:25 +00:00
TRACE ( " dropped FRAME from %s(%s): network %llu unknown " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , at < uint64_t > ( ZT_PROTO_VERB_FRAME_IDX_NETWORK_ID ) ) ;
2013-07-11 22:15:51 +00:00
}
} catch ( std : : exception & ex ) {
2013-07-12 02:06:25 +00:00
TRACE ( " dropped FRAME from %s(%s): unexpected exception: %s " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , ex . what ( ) ) ;
2013-07-11 22:15:51 +00:00
} catch ( . . . ) {
2013-07-12 02:06:25 +00:00
TRACE ( " dropped FRAME from %s(%s): unexpected exception: (unknown) " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
2013-07-11 22:15:51 +00:00
}
2013-07-12 02:06:25 +00:00
return true ;
2013-07-11 22:15:51 +00:00
}
2013-10-17 10:41:52 +00:00
bool PacketDecoder : : _doBRIDGED_FRAME ( const RuntimeEnvironment * _r , const SharedPtr < Peer > & peer )
2013-07-11 22:15:51 +00:00
{
2013-09-27 20:03:13 +00:00
// TODO: bridging is not implemented yet
2013-07-12 02:06:25 +00:00
return true ;
2013-07-11 22:15:51 +00:00
}
2013-09-25 21:41:49 +00:00
bool PacketDecoder : : _doMULTICAST_FRAME ( const RuntimeEnvironment * _r , const SharedPtr < Peer > & peer )
{
try {
2013-09-26 21:45:19 +00:00
Address origin ( Address ( field ( ZT_PROTO_VERB_MULTICAST_FRAME_IDX_ORIGIN , ZT_PROTO_VERB_MULTICAST_FRAME_LEN_ORIGIN ) , ZT_ADDRESS_LENGTH ) ) ;
SharedPtr < Peer > originPeer ( _r - > topology - > getPeer ( origin ) ) ;
if ( ! originPeer ) {
2013-09-30 15:05:35 +00:00
// We must have the origin's identity in order to authenticate a multicast
2013-09-26 21:45:19 +00:00
_r - > sw - > requestWhois ( origin ) ;
2013-09-25 21:41:49 +00:00
_step = DECODE_WAITING_FOR_MULTICAST_FRAME_ORIGINAL_SENDER_LOOKUP ; // causes processing to come back here
return false ;
}
2013-09-26 21:45:19 +00:00
2013-10-02 17:50:42 +00:00
// These fields change
2013-10-01 20:01:36 +00:00
unsigned int depth = at < uint16_t > ( ZT_PROTO_VERB_MULTICAST_FRAME_IDX_PROPAGATION_DEPTH ) ;
2013-10-02 17:50:42 +00:00
unsigned char * const fifo = field ( ZT_PROTO_VERB_MULTICAST_FRAME_IDX_PROPAGATION_FIFO , ZT_PROTO_VERB_MULTICAST_FRAME_LEN_PROPAGATION_FIFO ) ;
unsigned char * const bloom = field ( ZT_PROTO_VERB_MULTICAST_FRAME_IDX_PROPAGATION_BLOOM , ZT_PROTO_VERB_MULTICAST_FRAME_LEN_PROPAGATION_BLOOM ) ;
// These fields don't -- they're signed by the original sender
// const unsigned int flags = (*this)[ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FLAGS];
const uint64_t nwid = at < uint64_t > ( ZT_PROTO_VERB_MULTICAST_FRAME_IDX_NETWORK_ID ) ;
const uint16_t bloomNonce = at < uint16_t > ( ZT_PROTO_VERB_MULTICAST_FRAME_IDX_PROPAGATION_BLOOM_NONCE ) ;
const unsigned int prefixBits = ( * this ) [ ZT_PROTO_VERB_MULTICAST_FRAME_IDX_PROPAGATION_PREFIX_BITS ] ;
const unsigned int prefix = ( * this ) [ ZT_PROTO_VERB_MULTICAST_FRAME_IDX_PROPAGATION_PREFIX ] ;
const uint64_t guid = at < uint64_t > ( ZT_PROTO_VERB_MULTICAST_FRAME_IDX_GUID ) ;
const MAC sourceMac ( field ( ZT_PROTO_VERB_MULTICAST_FRAME_IDX_SOURCE_MAC , ZT_PROTO_VERB_MULTICAST_FRAME_LEN_SOURCE_MAC ) ) ;
const MulticastGroup dest ( MAC ( field ( ZT_PROTO_VERB_MULTICAST_FRAME_IDX_DEST_MAC , ZT_PROTO_VERB_MULTICAST_FRAME_LEN_DEST_MAC ) ) , at < uint32_t > ( ZT_PROTO_VERB_MULTICAST_FRAME_IDX_DEST_ADI ) ) ;
const unsigned int etherType = at < uint16_t > ( ZT_PROTO_VERB_MULTICAST_FRAME_IDX_ETHERTYPE ) ;
const unsigned int frameLen = at < uint16_t > ( ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FRAME_LEN ) ;
const unsigned char * const frame = field ( ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FRAME , frameLen ) ;
const unsigned int signatureLen = at < uint16_t > ( ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FRAME + frameLen ) ;
const unsigned char * const signature = field ( ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FRAME + frameLen + 2 , signatureLen ) ;
2013-10-16 21:47:26 +00:00
// Check multicast signature to verify original sender
2013-10-02 17:50:42 +00:00
const unsigned int signedPartLen = ( ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FRAME - ZT_PROTO_VERB_MULTICAST_FRAME_IDX__START_OF_SIGNED_PORTION ) + frameLen ;
2013-09-27 20:03:13 +00:00
if ( ! originPeer - > identity ( ) . verify ( field ( ZT_PROTO_VERB_MULTICAST_FRAME_IDX__START_OF_SIGNED_PORTION , signedPartLen ) , signedPartLen , signature , signatureLen ) ) {
2013-09-26 21:45:19 +00:00
TRACE ( " dropped MULTICAST_FRAME from %s(%s): failed signature verification, claims to be from %s " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , origin . toString ( ) . c_str ( ) ) ;
return true ;
}
2013-10-16 21:47:26 +00:00
// Security check to prohibit multicasts that are really Ethernet unicasts
if ( ! dest . mac ( ) . isMulticast ( ) ) {
TRACE ( " dropped MULTICAST_FRAME from %s(%s): %s is not a multicast/broadcast address " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , dest . mac ( ) . toString ( ) . c_str ( ) ) ;
return true ;
}
2013-10-01 20:01:36 +00:00
# ifdef ZT_TRACE_MULTICAST
2013-10-17 19:20:43 +00:00
char mct [ 1024 ] , mctdepth [ 1024 ] ;
2013-10-03 18:38:07 +00:00
unsigned int startingFifoItems = 0 ;
for ( unsigned int i = 0 ; i < ZT_PROTO_VERB_MULTICAST_FRAME_LEN_PROPAGATION_FIFO ; i + = ZT_ADDRESS_LENGTH ) {
if ( Utils : : isZero ( fifo + i , ZT_ADDRESS_LENGTH ) )
break ;
else + + startingFifoItems ;
}
2013-10-17 19:20:43 +00:00
for ( unsigned int i = 0 ; i < depth ; + + i )
mctdepth [ i ] = ' ' ;
mctdepth [ depth ] = 0 ;
Utils : : snprintf ( mct , sizeof ( mct ) ,
" %.16llx %.2u %.3u%s %c %s <- %s via %s len:%u fifosize:%u " ,
guid ,
prefix ,
depth ,
mctdepth ,
( _r - > topology - > amSupernode ( ) ? ' S ' : ' - ' ) ,
_r - > identity . address ( ) . toString ( ) . c_str ( ) ,
origin . toString ( ) . c_str ( ) ,
source ( ) . toString ( ) . c_str ( ) ,
frameLen ,
startingFifoItems ) ;
2013-10-01 20:01:36 +00:00
_r - > demarc - > send ( Demarc : : ANY_PORT , ZT_DEFAULTS . multicastTraceWatcher , mct , strlen ( mct ) , - 1 ) ;
# endif
2013-09-30 17:51:56 +00:00
unsigned int maxDepth = ZT_MULTICAST_GLOBAL_MAX_DEPTH ;
2013-10-07 21:00:53 +00:00
SharedPtr < Network > network ( _r - > nc - > network ( nwid ) ) ;
2013-09-26 21:45:19 +00:00
2013-09-30 15:05:35 +00:00
if ( ( origin = = _r - > identity . address ( ) ) | | ( _r - > mc - > deduplicate ( nwid , guid ) ) ) {
2013-10-16 21:47:26 +00:00
// Ordinary nodes will drop duplicates. Supernodes keep propagating
2013-09-30 15:05:35 +00:00
// them since they're used as hubs to link disparate clusters of
// members of the same multicast group.
if ( ! _r - > topology - > amSupernode ( ) ) {
2013-10-03 18:53:15 +00:00
# ifdef ZT_TRACE_MULTICAST
2013-10-17 19:20:43 +00:00
Utils : : snprintf ( mct , sizeof ( mct ) ,
" %.16llx %.2u %.3u%s %c %s dropped: duplicate " ,
guid ,
prefix ,
depth ,
mctdepth ,
( _r - > topology - > amSupernode ( ) ? ' S ' : ' - ' ) ,
_r - > identity . address ( ) . toString ( ) . c_str ( ) ) ;
2013-10-03 18:53:15 +00:00
_r - > demarc - > send ( Demarc : : ANY_PORT , ZT_DEFAULTS . multicastTraceWatcher , mct , strlen ( mct ) , - 1 ) ;
# endif
2013-09-30 15:05:35 +00:00
TRACE ( " dropped MULTICAST_FRAME from %s(%s): duplicate " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
return true ;
}
} else {
2013-10-16 21:47:26 +00:00
// If we are actually a member of this network (will just about always
// be the case unless we're a supernode), check to see if we should
// inject the packet. This also gives us an opportunity to check things
// like multicast bandwidth constraints.
2013-09-30 15:05:35 +00:00
if ( network ) {
2013-10-18 17:20:34 +00:00
SharedPtr < NetworkConfig > nconf ( network - > config2 ( ) ) ;
if ( nconf ) {
maxDepth = std : : min ( ( unsigned int ) ZT_MULTICAST_GLOBAL_MAX_DEPTH , nconf - > multicastDepth ( ) ) ;
if ( ! maxDepth )
maxDepth = ZT_MULTICAST_GLOBAL_MAX_DEPTH ;
if ( ! network - > isAllowed ( origin ) ) {
TRACE ( " didn't inject MULTICAST_FRAME from %s(%s) into %.16llx: sender %s not allowed or we don't have a certificate " , source ( ) . toString ( ) . c_str ( ) , nwid , _remoteAddress . toString ( ) . c_str ( ) , origin . toString ( ) . c_str ( ) ) ;
// Tell them we need a certificate
Packet outp ( source ( ) , _r - > identity . address ( ) , Packet : : VERB_ERROR ) ;
outp . append ( ( unsigned char ) Packet : : VERB_FRAME ) ;
outp . append ( packetId ( ) ) ;
outp . append ( ( unsigned char ) Packet : : ERROR_NEED_MEMBERSHIP_CERTIFICATE ) ;
outp . append ( nwid ) ;
outp . armor ( peer - > key ( ) , true ) ;
_r - > demarc - > send ( _localPort , _remoteAddress , outp . data ( ) , outp . size ( ) , - 1 ) ;
// We do not terminate here, since if the member just has an out of
// date cert or hasn't sent us a cert yet we still want to propagate
// the message so multicast keeps working downstream.
} else if ( ( ! nconf - > permitsBridging ( origin ) ) & & ( ! origin . wouldHaveMac ( sourceMac ) ) ) {
// This *does* terminate propagation, since it's technically a
// security violation of the network's bridging policy. But if we
// were to keep propagating it wouldn't hurt anything, just waste
// bandwidth as everyone else would reject it too.
2013-10-17 19:20:43 +00:00
# ifdef ZT_TRACE_MULTICAST
2013-10-18 17:20:34 +00:00
Utils : : snprintf ( mct , sizeof ( mct ) ,
" %.16llx %.2u %.3u%s %c %s dropped: bridging not allowed " ,
guid ,
prefix ,
depth ,
mctdepth ,
( _r - > topology - > amSupernode ( ) ? ' S ' : ' - ' ) ,
_r - > identity . address ( ) . toString ( ) . c_str ( ) ) ;
_r - > demarc - > send ( Demarc : : ANY_PORT , ZT_DEFAULTS . multicastTraceWatcher , mct , strlen ( mct ) , - 1 ) ;
2013-10-17 19:20:43 +00:00
# endif
2013-10-18 20:27:07 +00:00
TRACE ( " dropped MULTICAST_FRAME from %s(%s) into %.16llx: source mac %s doesn't belong to %s, and bridging is not supported on network " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , nwid , sourceMac . toString ( ) . c_str ( ) , origin . toString ( ) . c_str ( ) ) ;
2013-10-18 17:20:34 +00:00
return true ;
} else if ( ! nconf - > permitsEtherType ( etherType ) ) {
// Ditto for this-- halt propagation if this is for an ethertype
// this network doesn't allow. Same principle as bridging test.
2013-10-17 19:20:43 +00:00
# ifdef ZT_TRACE_MULTICAST
2013-10-18 17:20:34 +00:00
Utils : : snprintf ( mct , sizeof ( mct ) ,
" %.16llx %.2u %.3u%s %c %s dropped: ethertype not allowed " ,
guid ,
prefix ,
depth ,
mctdepth ,
( _r - > topology - > amSupernode ( ) ? ' S ' : ' - ' ) ,
_r - > identity . address ( ) . toString ( ) . c_str ( ) ) ;
_r - > demarc - > send ( Demarc : : ANY_PORT , ZT_DEFAULTS . multicastTraceWatcher , mct , strlen ( mct ) , - 1 ) ;
2013-10-17 19:20:43 +00:00
# endif
2013-10-18 17:20:34 +00:00
TRACE ( " dropped MULTICAST_FRAME from %s(%s) into %.16llx: ethertype %u is not allowed " , source ( ) . toString ( ) . c_str ( ) , nwid , _remoteAddress . toString ( ) . c_str ( ) , etherType ) ;
return true ;
} else if ( ! network - > updateAndCheckMulticastBalance ( origin , dest , frameLen ) ) {
// Rate limits can only be checked by members of this network, but
// there should be enough of them that over-limit multicasts get
// their propagation aborted.
2013-10-16 21:47:26 +00:00
# ifdef ZT_TRACE_MULTICAST
2013-10-18 17:20:34 +00:00
Utils : : snprintf ( mct , sizeof ( mct ) ,
" %.16llx %.2u %.3u%s %c %s dropped: rate limits exceeded " ,
guid ,
prefix ,
depth ,
mctdepth ,
( _r - > topology - > amSupernode ( ) ? ' S ' : ' - ' ) ,
_r - > identity . address ( ) . toString ( ) . c_str ( ) ) ;
_r - > demarc - > send ( Demarc : : ANY_PORT , ZT_DEFAULTS . multicastTraceWatcher , mct , strlen ( mct ) , - 1 ) ;
2013-10-16 21:47:26 +00:00
# endif
2013-10-18 17:20:34 +00:00
TRACE ( " dropped MULTICAST_FRAME from %s(%s): rate limits exceeded for sender %s " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , origin . toString ( ) . c_str ( ) ) ;
return true ;
} else {
network - > tap ( ) . put ( sourceMac , dest . mac ( ) , etherType , frame , frameLen ) ;
}
2013-09-30 15:05:35 +00:00
}
2013-09-27 20:03:13 +00:00
}
2013-09-25 21:41:49 +00:00
}
2013-08-28 20:01:27 +00:00
2013-09-30 15:05:35 +00:00
if ( depth = = 0xffff ) {
2013-10-03 18:53:15 +00:00
# ifdef ZT_TRACE_MULTICAST
2013-10-17 19:20:43 +00:00
Utils : : snprintf ( mct , sizeof ( mct ) ,
" %.16llx %.2u %.3u%s %c %s not forwarding: depth == 0xffff (do not forward) " ,
guid ,
prefix ,
depth ,
mctdepth ,
( _r - > topology - > amSupernode ( ) ? ' S ' : ' - ' ) ,
_r - > identity . address ( ) . toString ( ) . c_str ( ) ) ;
2013-10-03 18:53:15 +00:00
_r - > demarc - > send ( Demarc : : ANY_PORT , ZT_DEFAULTS . multicastTraceWatcher , mct , strlen ( mct ) , - 1 ) ;
# endif
2013-09-30 15:05:35 +00:00
TRACE ( " not forwarding MULTICAST_FRAME from %s(%s): depth == 0xffff (do not forward) " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
return true ;
}
2013-09-30 17:51:56 +00:00
if ( + + depth > maxDepth ) {
2013-10-03 18:53:15 +00:00
# ifdef ZT_TRACE_MULTICAST
2013-10-17 19:20:43 +00:00
Utils : : snprintf ( mct , sizeof ( mct ) ,
" %.16llx %.2u %.3u%s %c %s not forwarding: max propagation depth reached " ,
guid ,
prefix ,
depth ,
mctdepth ,
( _r - > topology - > amSupernode ( ) ? ' S ' : ' - ' ) ,
_r - > identity . address ( ) . toString ( ) . c_str ( ) ) ;
2013-10-03 18:53:15 +00:00
_r - > demarc - > send ( Demarc : : ANY_PORT , ZT_DEFAULTS . multicastTraceWatcher , mct , strlen ( mct ) , - 1 ) ;
# endif
2013-09-30 15:05:35 +00:00
TRACE ( " not forwarding MULTICAST_FRAME from %s(%s): max propagation depth reached " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
2013-09-27 20:03:13 +00:00
return true ;
}
2013-09-26 21:45:19 +00:00
setAt ( ZT_PROTO_VERB_MULTICAST_FRAME_IDX_PROPAGATION_DEPTH , ( uint16_t ) depth ) ;
// New FIFO with room for one extra, since head will be next hop
unsigned char newFifo [ ZT_PROTO_VERB_MULTICAST_FRAME_LEN_PROPAGATION_FIFO + ZT_ADDRESS_LENGTH ] ;
unsigned char * newFifoPtr = newFifo ;
2013-10-02 17:50:42 +00:00
unsigned char * const newFifoEnd = newFifo + sizeof ( newFifo ) ;
// Copy old FIFO into new buffer, terminating at first NULL address
for ( unsigned char * f = fifo , * const fifoEnd = ( fifo + ZT_PROTO_VERB_MULTICAST_FRAME_LEN_PROPAGATION_FIFO ) ; f ! = fifoEnd ; ) {
unsigned char * nf = newFifoPtr ;
unsigned char * e = nf + ZT_ADDRESS_LENGTH ;
unsigned char * ftmp = f ;
unsigned char zeroCheckMask = 0 ;
while ( nf ! = e )
zeroCheckMask | = ( * ( nf + + ) = * ( ftmp + + ) ) ;
if ( zeroCheckMask ) {
f = ftmp ;
newFifoPtr = nf ;
} else break ;
2013-09-25 21:41:49 +00:00
}
2013-08-21 15:45:06 +00:00
2013-09-27 20:03:13 +00:00
// Add any next hops we know about to FIFO
2013-10-03 18:38:07 +00:00
# ifdef ZT_TRACE_MULTICAST
unsigned char * beforeAdd = newFifoPtr ;
# endif
2013-09-27 20:03:13 +00:00
_r - > mc - > getNextHops ( nwid , dest , Multicaster : : AddToPropagationQueue ( & newFifoPtr , newFifoEnd , bloom , bloomNonce , origin , prefixBits , prefix ) ) ;
2013-10-03 18:38:07 +00:00
# ifdef ZT_TRACE_MULTICAST
unsigned int numAdded = ( unsigned int ) ( newFifoPtr - beforeAdd ) / ZT_ADDRESS_LENGTH ;
# endif
2013-09-26 21:45:19 +00:00
// Zero-terminate new FIFO if not completely full
while ( newFifoPtr ! = newFifoEnd )
* ( newFifoPtr + + ) = ( unsigned char ) 0 ;
2013-10-07 21:00:53 +00:00
// If we're forwarding a packet within a private network that we are
2013-10-16 21:47:26 +00:00
// a member of, also propagate our cert if needed. This propagates
// it to everyone including people who will receive this multicast.
2013-10-07 21:00:53 +00:00
if ( network )
network - > pushMembershipCertificate ( newFifo , sizeof ( newFifo ) , false , Utils : : now ( ) ) ;
2013-09-26 21:45:19 +00:00
// First element in newFifo[] is next hop
Address nextHop ( newFifo , ZT_ADDRESS_LENGTH ) ;
2013-09-30 21:10:34 +00:00
if ( ( ! nextHop ) & & ( ! _r - > topology - > amSupernode ( ) ) ) {
2013-09-30 20:31:22 +00:00
SharedPtr < Peer > supernode ( _r - > topology - > getBestSupernode ( & origin , 1 , true ) ) ;
if ( supernode )
nextHop = supernode - > address ( ) ;
}
2013-09-27 20:03:13 +00:00
if ( ( ! nextHop ) | | ( nextHop = = _r - > identity . address ( ) ) ) { // check against our addr is a sanity check
2013-10-03 18:53:15 +00:00
# ifdef ZT_TRACE_MULTICAST
2013-10-17 19:20:43 +00:00
Utils : : snprintf ( mct , sizeof ( mct ) ,
" %.16llx %.2u %.3u%s %c %s not forwarding: no next hop " ,
guid ,
prefix ,
depth ,
mctdepth ,
( _r - > topology - > amSupernode ( ) ? ' S ' : ' - ' ) ,
_r - > identity . address ( ) . toString ( ) . c_str ( ) ) ;
2013-10-03 18:53:15 +00:00
_r - > demarc - > send ( Demarc : : ANY_PORT , ZT_DEFAULTS . multicastTraceWatcher , mct , strlen ( mct ) , - 1 ) ;
# endif
2013-10-03 18:38:07 +00:00
//TRACE("not forwarding MULTICAST_FRAME from %s(%s): no next hop",source().toString().c_str(),_remoteAddress.toString().c_str());
2013-09-27 20:03:13 +00:00
return true ;
2013-07-11 22:15:51 +00:00
}
2013-09-25 21:41:49 +00:00
2013-09-27 20:03:13 +00:00
// The rest of newFifo[] goes back into the packet
memcpy ( fifo , newFifo + ZT_ADDRESS_LENGTH , ZT_PROTO_VERB_MULTICAST_FRAME_LEN_PROPAGATION_FIFO ) ;
2013-10-01 20:01:36 +00:00
# ifdef ZT_TRACE_MULTICAST
2013-10-17 19:20:43 +00:00
Utils : : snprintf ( mct , sizeof ( mct ) ,
" %.16llx %.2u %.3u%s %c %s -> origin %s, sending to next hop %s, +fifosize:%u " ,
guid ,
prefix ,
depth ,
mctdepth ,
( _r - > topology - > amSupernode ( ) ? ' S ' : ' - ' ) ,
_r - > identity . address ( ) . toString ( ) . c_str ( ) ,
origin . toString ( ) . c_str ( ) ,
nextHop . toString ( ) . c_str ( ) ,
numAdded ) ;
2013-10-01 20:01:36 +00:00
_r - > demarc - > send ( Demarc : : ANY_PORT , ZT_DEFAULTS . multicastTraceWatcher , mct , strlen ( mct ) , - 1 ) ;
# endif
2013-09-30 21:10:34 +00:00
2013-09-27 20:03:13 +00:00
// Send to next hop, reusing this packet as scratch space
newInitializationVector ( ) ;
setDestination ( nextHop ) ;
setSource ( _r - > identity . address ( ) ) ;
compress ( ) ; // note: bloom filters and empty FIFOs are highly compressable!
_r - > sw - > send ( * this , true ) ;
2013-09-25 21:41:49 +00:00
return true ;
2013-07-11 22:15:51 +00:00
} catch ( std : : exception & ex ) {
2013-07-12 02:06:25 +00:00
TRACE ( " dropped MULTICAST_FRAME from %s(%s): unexpected exception: %s " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , ex . what ( ) ) ;
2013-07-11 21:52:04 +00:00
} catch ( . . . ) {
2013-07-12 02:06:25 +00:00
TRACE ( " dropped MULTICAST_FRAME from %s(%s): unexpected exception: (unknown) " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
2013-07-11 21:52:04 +00:00
}
2013-09-25 21:41:49 +00:00
2013-07-12 02:06:25 +00:00
return true ;
2013-07-11 20:19:06 +00:00
}
2013-09-27 20:03:13 +00:00
bool PacketDecoder : : _doMULTICAST_LIKE ( const RuntimeEnvironment * _r , const SharedPtr < Peer > & peer )
{
try {
Address src ( source ( ) ) ;
2013-10-07 21:00:53 +00:00
uint64_t now = Utils : : now ( ) ;
2013-09-27 20:03:13 +00:00
// Iterate through 18-byte network,MAC,ADI tuples
2013-10-07 21:00:53 +00:00
for ( unsigned int ptr = ZT_PACKET_IDX_PAYLOAD ; ptr < size ( ) ; ptr + = 18 ) {
uint64_t nwid = at < uint64_t > ( ptr ) ;
SharedPtr < Network > network ( _r - > nc - > network ( nwid ) ) ;
if ( ( _r - > topology - > amSupernode ( ) ) | | ( ( network ) & & ( network - > isAllowed ( peer - > address ( ) ) ) ) ) {
_r - > mc - > likesGroup ( nwid , src , MulticastGroup ( MAC ( field ( ptr + 8 , 6 ) ) , at < uint32_t > ( ptr + 14 ) ) , now ) ;
if ( network )
network - > pushMembershipCertificate ( peer - > address ( ) , false , now ) ;
}
2013-09-27 20:03:13 +00:00
}
} catch ( std : : exception & ex ) {
TRACE ( " dropped MULTICAST_LIKE from %s(%s): unexpected exception: %s " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , ex . what ( ) ) ;
} catch ( . . . ) {
TRACE ( " dropped MULTICAST_LIKE from %s(%s): unexpected exception: (unknown) " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
}
return true ;
}
2013-07-29 20:18:29 +00:00
bool PacketDecoder : : _doNETWORK_MEMBERSHIP_CERTIFICATE ( const RuntimeEnvironment * _r , const SharedPtr < Peer > & peer )
2013-07-29 17:56:20 +00:00
{
2013-10-16 21:47:26 +00:00
try {
2013-10-17 10:41:52 +00:00
CertificateOfMembership com ;
unsigned int ptr = ZT_PACKET_IDX_PAYLOAD ;
while ( ptr < size ( ) ) {
ptr + = com . deserialize ( * this , ptr ) ;
if ( ! com . hasRequiredFields ( ) ) {
TRACE ( " dropped NETWORK_MEMBERSHIP_CERTIFICATE from %s(%s): invalid cert: at least one required field is missing " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
return true ;
} else if ( com . signedBy ( ) ) {
SharedPtr < Peer > signer ( _r - > topology - > getPeer ( com . signedBy ( ) ) ) ;
if ( signer ) {
if ( com . verify ( signer - > identity ( ) ) ) {
uint64_t nwid = com . networkId ( ) ;
SharedPtr < Network > network ( _r - > nc - > network ( nwid ) ) ;
if ( network ) {
if ( network - > controller ( ) = = signer ) {
network - > addMembershipCertificate ( com ) ;
return true ;
} else {
TRACE ( " dropped NETWORK_MEMBERSHIP_CERTIFICATE from %s(%s): signer %s is not the controller for network %.16llx " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , signer - > address ( ) . toString ( ) . c_str ( ) , ( unsigned long long ) nwid ) ;
return true ;
}
2013-10-16 21:47:26 +00:00
} else {
2013-10-17 10:41:52 +00:00
TRACE ( " dropped NETWORK_MEMBERSHIP_CERTIFICATE from %s(%s): not a member of network %.16llx " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , ( unsigned long long ) nwid ) ;
2013-10-16 21:47:26 +00:00
return true ;
}
} else {
2013-10-17 10:41:52 +00:00
TRACE ( " dropped NETWORK_MEMBERSHIP_CERTIFICATE from %s(%s): failed signature verification for signer %s " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , signer - > address ( ) . toString ( ) . c_str ( ) ) ;
2013-10-16 21:47:26 +00:00
return true ;
}
} else {
2013-10-17 10:41:52 +00:00
_r - > sw - > requestWhois ( com . signedBy ( ) ) ;
_step = DECODE_WAITING_FOR_NETWORK_MEMBERSHIP_CERTIFICATE_SIGNER_LOOKUP ;
return false ;
2013-10-16 21:47:26 +00:00
}
} else {
2013-10-17 10:41:52 +00:00
TRACE ( " dropped NETWORK_MEMBERSHIP_CERTIFICATE from %s(%s): invalid cert: no signature " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
return true ;
2013-10-16 21:47:26 +00:00
}
}
} catch ( std : : exception & ex ) {
TRACE ( " dropped NETWORK_MEMBERSHIP_CERTIFICATE from %s(%s): unexpected exception: %s " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , ex . what ( ) ) ;
} catch ( . . . ) {
TRACE ( " dropped NETWORK_MEMBERSHIP_CERTIFICATE from %s(%s): unexpected exception: (unknown) " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
}
2013-08-02 21:17:34 +00:00
return true ;
2013-07-29 17:56:20 +00:00
}
bool PacketDecoder : : _doNETWORK_CONFIG_REQUEST ( const RuntimeEnvironment * _r , const SharedPtr < Peer > & peer )
{
2013-08-02 21:17:34 +00:00
try {
uint64_t nwid = at < uint64_t > ( ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST_IDX_NETWORK_ID ) ;
# ifndef __WINDOWS__
if ( _r - > netconfService ) {
2013-08-13 01:25:36 +00:00
char tmp [ 128 ] ;
2013-08-02 21:17:34 +00:00
unsigned int dictLen = at < uint16_t > ( ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST_IDX_DICT_LEN ) ;
Dictionary request ;
2013-08-05 16:16:25 +00:00
if ( dictLen )
request [ " meta " ] = std : : string ( ( const char * ) field ( ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST_IDX_DICT , dictLen ) , dictLen ) ;
2013-08-02 21:17:34 +00:00
request [ " type " ] = " netconf-request " ;
request [ " peerId " ] = peer - > identity ( ) . toString ( false ) ;
2013-08-30 21:05:43 +00:00
Utils : : snprintf ( tmp , sizeof ( tmp ) , " %llx " , ( unsigned long long ) nwid ) ;
2013-08-02 21:17:34 +00:00
request [ " nwid " ] = tmp ;
2013-08-30 21:05:43 +00:00
Utils : : snprintf ( tmp , sizeof ( tmp ) , " %llx " , ( unsigned long long ) packetId ( ) ) ;
2013-08-02 21:17:34 +00:00
request [ " requestId " ] = tmp ;
2013-10-18 13:48:02 +00:00
if ( ! hops ( ) )
request [ " from " ] = _remoteAddress . toString ( ) ;
2013-08-06 05:28:56 +00:00
//TRACE("to netconf:\n%s",request.toString().c_str());
2013-08-02 21:17:34 +00:00
_r - > netconfService - > send ( request ) ;
} else {
# endif // !__WINDOWS__
Packet outp ( source ( ) , _r - > identity . address ( ) , Packet : : VERB_ERROR ) ;
outp . append ( ( unsigned char ) Packet : : VERB_NETWORK_CONFIG_REQUEST ) ;
outp . append ( packetId ( ) ) ;
outp . append ( ( unsigned char ) Packet : : ERROR_UNSUPPORTED_OPERATION ) ;
outp . append ( nwid ) ;
2013-09-27 20:03:13 +00:00
outp . armor ( peer - > key ( ) , true ) ;
2013-08-02 21:17:34 +00:00
_r - > demarc - > send ( _localPort , _remoteAddress , outp . data ( ) , outp . size ( ) , - 1 ) ;
# ifndef __WINDOWS__
}
# endif // !__WINDOWS__
} catch ( std : : exception & exc ) {
TRACE ( " dropped NETWORK_CONFIG_REQUEST from %s(%s): unexpected exception: %s " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , exc . what ( ) ) ;
} catch ( . . . ) {
TRACE ( " dropped NETWORK_CONFIG_REQUEST from %s(%s): unexpected exception: (unknown) " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
}
return true ;
2013-07-29 17:56:20 +00:00
}
bool PacketDecoder : : _doNETWORK_CONFIG_REFRESH ( const RuntimeEnvironment * _r , const SharedPtr < Peer > & peer )
{
2013-08-02 21:17:34 +00:00
try {
2013-10-17 09:37:01 +00:00
unsigned int ptr = ZT_PACKET_IDX_PAYLOAD ;
while ( ( ptr + sizeof ( uint64_t ) ) < = size ( ) ) {
uint64_t nwid = at < uint64_t > ( ptr ) ; ptr + = sizeof ( uint64_t ) ;
SharedPtr < Network > nw ( _r - > nc - > network ( nwid ) ) ;
if ( ( nw ) & & ( source ( ) = = nw - > controller ( ) ) ) // only respond to requests from controller
nw - > requestConfiguration ( ) ;
}
2013-08-02 21:17:34 +00:00
} catch ( std : : exception & exc ) {
TRACE ( " dropped NETWORK_CONFIG_REFRESH from %s(%s): unexpected exception: %s " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) , exc . what ( ) ) ;
} catch ( . . . ) {
TRACE ( " dropped NETWORK_CONFIG_REFRESH from %s(%s): unexpected exception: (unknown) " , source ( ) . toString ( ) . c_str ( ) , _remoteAddress . toString ( ) . c_str ( ) ) ;
}
return true ;
2013-07-29 17:56:20 +00:00
}
2013-07-11 20:19:06 +00:00
} // namespace ZeroTier