2015-01-06 21:45:10 +00:00
/*
2015-02-17 21:11:34 +00:00
* ZeroTier One - Network Virtualization Everywhere
* Copyright ( C ) 2011 - 2015 ZeroTier , Inc .
2015-01-06 21:45:10 +00:00
*
* This program is free software : you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation , either version 3 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
# include <stdint.h>
# include <stdio.h>
# include <stdlib.h>
# include <string.h>
# include <time.h>
2016-11-03 19:10:50 +00:00
# ifndef _WIN32
2015-01-06 21:45:10 +00:00
# include <sys/time.h>
2016-11-03 19:10:50 +00:00
# endif
2015-01-06 21:45:10 +00:00
# include <sys/types.h>
2015-01-08 22:27:55 +00:00
# include <algorithm>
# include <utility>
2015-02-24 22:17:57 +00:00
# include <stdexcept>
2015-04-22 01:37:17 +00:00
# include <set>
2016-08-12 18:30:27 +00:00
# include <map>
2015-01-08 22:27:55 +00:00
2015-04-17 22:21:53 +00:00
# include "../include/ZeroTierOne.h"
# include "../node/Constants.hpp"
2016-08-17 17:42:32 +00:00
# include "EmbeddedNetworkController.hpp"
2015-10-06 22:56:18 +00:00
# include "../node/Node.hpp"
2015-02-24 22:17:57 +00:00
# include "../node/Utils.hpp"
# include "../node/CertificateOfMembership.hpp"
# include "../node/NetworkConfig.hpp"
2016-06-16 23:05:57 +00:00
# include "../node/Dictionary.hpp"
2015-04-21 23:41:35 +00:00
# include "../node/InetAddress.hpp"
# include "../node/MAC.hpp"
# include "../node/Address.hpp"
2015-10-06 22:56:18 +00:00
2016-08-12 18:30:27 +00:00
using json = nlohmann : : json ;
2015-03-17 21:54:13 +00:00
2015-05-15 16:41:45 +00:00
// API version reported via JSON control plane
2016-08-12 18:30:27 +00:00
# define ZT_NETCONF_CONTROLLER_API_VERSION 3
2015-05-15 16:41:45 +00:00
2016-06-28 19:44:47 +00:00
// Number of requests to remember in member history
2016-08-30 01:10:02 +00:00
# define ZT_NETCONF_DB_MEMBER_HISTORY_LENGTH 24
2016-06-28 19:44:47 +00:00
2016-02-04 22:39:43 +00:00
// Min duration between requests for an address/nwid combo to prevent floods
# define ZT_NETCONF_MIN_REQUEST_PERIOD 1000
2015-07-23 17:10:17 +00:00
2016-02-04 20:17:55 +00:00
// Nodes are considered active if they've queried in less than this long
2016-09-30 00:59:27 +00:00
# define ZT_NETCONF_NODE_ACTIVE_THRESHOLD (ZT_NETWORK_AUTOCONF_DELAY * 2)
2016-02-04 02:10:56 +00:00
2015-01-06 21:45:10 +00:00
namespace ZeroTier {
2016-08-18 20:47:02 +00:00
// Get JSON values as unsigned integers, strings, or booleans, doing type conversion if possible
2016-08-18 00:37:37 +00:00
static uint64_t _jI ( const json & jv , const uint64_t dfl )
{
if ( jv . is_number ( ) ) {
return ( uint64_t ) jv ;
} else if ( jv . is_string ( ) ) {
std : : string s = jv ;
return Utils : : strToU64 ( s . c_str ( ) ) ;
} else if ( jv . is_boolean ( ) ) {
return ( ( bool ) jv ? 1ULL : 0ULL ) ;
}
return dfl ;
}
static bool _jB ( const json & jv , const bool dfl )
{
if ( jv . is_boolean ( ) ) {
return ( bool ) jv ;
} else if ( jv . is_number ( ) ) {
return ( ( uint64_t ) jv > 0ULL ) ;
} else if ( jv . is_string ( ) ) {
std : : string s = jv ;
if ( s . length ( ) > 0 ) {
switch ( s [ 0 ] ) {
case ' t ' :
case ' T ' :
case ' 1 ' :
return true ;
}
}
return false ;
}
return dfl ;
}
static std : : string _jS ( const json & jv , const char * dfl )
{
if ( jv . is_string ( ) ) {
return jv ;
} else if ( jv . is_number ( ) ) {
2016-08-18 20:47:02 +00:00
char tmp [ 64 ] ;
Utils : : snprintf ( tmp , sizeof ( tmp ) , " %llu " , ( uint64_t ) jv ) ;
return tmp ;
2016-08-18 00:37:37 +00:00
} else if ( jv . is_boolean ( ) ) {
return ( ( bool ) jv ? std : : string ( " 1 " ) : std : : string ( " 0 " ) ) ;
}
return std : : string ( ( dfl ) ? dfl : " " ) ;
}
2016-08-16 21:05:17 +00:00
static json _renderRule ( ZT_VirtualNetworkRule & rule )
2016-08-16 01:49:50 +00:00
{
char tmp [ 128 ] ;
2016-08-16 21:05:17 +00:00
json r = json : : object ( ) ;
2016-10-11 19:00:16 +00:00
const ZT_VirtualNetworkRuleType rt = ( ZT_VirtualNetworkRuleType ) ( rule . t & 0x3f ) ;
switch ( rt ) {
2016-08-16 01:49:50 +00:00
case ZT_NETWORK_RULE_ACTION_DROP :
r [ " type " ] = " ACTION_DROP " ;
break ;
case ZT_NETWORK_RULE_ACTION_ACCEPT :
r [ " type " ] = " ACTION_ACCEPT " ;
break ;
case ZT_NETWORK_RULE_ACTION_TEE :
r [ " type " ] = " ACTION_TEE " ;
2016-08-24 20:37:57 +00:00
r [ " address " ] = Address ( rule . v . fwd . address ) . toString ( ) ;
2016-08-30 00:48:36 +00:00
r [ " flags " ] = ( unsigned int ) rule . v . fwd . flags ;
r [ " length " ] = ( unsigned int ) rule . v . fwd . length ;
2016-08-16 01:49:50 +00:00
break ;
2016-09-23 23:08:38 +00:00
case ZT_NETWORK_RULE_ACTION_WATCH :
r [ " type " ] = " ACTION_WATCH " ;
r [ " address " ] = Address ( rule . v . fwd . address ) . toString ( ) ;
r [ " flags " ] = ( unsigned int ) rule . v . fwd . flags ;
r [ " length " ] = ( unsigned int ) rule . v . fwd . length ;
break ;
2016-08-16 01:49:50 +00:00
case ZT_NETWORK_RULE_ACTION_REDIRECT :
r [ " type " ] = " ACTION_REDIRECT " ;
2016-08-24 20:37:57 +00:00
r [ " address " ] = Address ( rule . v . fwd . address ) . toString ( ) ;
2016-08-30 00:48:36 +00:00
r [ " flags " ] = ( unsigned int ) rule . v . fwd . flags ;
2016-08-16 01:49:50 +00:00
break ;
2016-08-25 20:31:23 +00:00
case ZT_NETWORK_RULE_ACTION_DEBUG_LOG :
r [ " type " ] = " ACTION_DEBUG_LOG " ;
break ;
2016-10-11 19:00:16 +00:00
default :
2016-08-16 01:49:50 +00:00
break ;
2016-10-11 19:00:16 +00:00
}
if ( r . size ( ) = = 0 ) {
switch ( rt ) {
case ZT_NETWORK_RULE_MATCH_SOURCE_ZEROTIER_ADDRESS :
r [ " type " ] = " MATCH_SOURCE_ZEROTIER_ADDRESS " ;
r [ " zt " ] = Address ( rule . v . zt ) . toString ( ) ;
break ;
case ZT_NETWORK_RULE_MATCH_DEST_ZEROTIER_ADDRESS :
r [ " type " ] = " MATCH_DEST_ZEROTIER_ADDRESS " ;
r [ " zt " ] = Address ( rule . v . zt ) . toString ( ) ;
break ;
case ZT_NETWORK_RULE_MATCH_VLAN_ID :
r [ " type " ] = " MATCH_VLAN_ID " ;
r [ " vlanId " ] = ( unsigned int ) rule . v . vlanId ;
break ;
case ZT_NETWORK_RULE_MATCH_VLAN_PCP :
r [ " type " ] = " MATCH_VLAN_PCP " ;
r [ " vlanPcp " ] = ( unsigned int ) rule . v . vlanPcp ;
break ;
case ZT_NETWORK_RULE_MATCH_VLAN_DEI :
r [ " type " ] = " MATCH_VLAN_DEI " ;
r [ " vlanDei " ] = ( unsigned int ) rule . v . vlanDei ;
break ;
case ZT_NETWORK_RULE_MATCH_MAC_SOURCE :
r [ " type " ] = " MATCH_MAC_SOURCE " ;
Utils : : snprintf ( tmp , sizeof ( tmp ) , " %.2x:%.2x:%.2x:%.2x:%.2x:%.2x " , ( unsigned int ) rule . v . mac [ 0 ] , ( unsigned int ) rule . v . mac [ 1 ] , ( unsigned int ) rule . v . mac [ 2 ] , ( unsigned int ) rule . v . mac [ 3 ] , ( unsigned int ) rule . v . mac [ 4 ] , ( unsigned int ) rule . v . mac [ 5 ] ) ;
r [ " mac " ] = tmp ;
break ;
case ZT_NETWORK_RULE_MATCH_MAC_DEST :
r [ " type " ] = " MATCH_MAC_DEST " ;
Utils : : snprintf ( tmp , sizeof ( tmp ) , " %.2x:%.2x:%.2x:%.2x:%.2x:%.2x " , ( unsigned int ) rule . v . mac [ 0 ] , ( unsigned int ) rule . v . mac [ 1 ] , ( unsigned int ) rule . v . mac [ 2 ] , ( unsigned int ) rule . v . mac [ 3 ] , ( unsigned int ) rule . v . mac [ 4 ] , ( unsigned int ) rule . v . mac [ 5 ] ) ;
r [ " mac " ] = tmp ;
break ;
case ZT_NETWORK_RULE_MATCH_IPV4_SOURCE :
r [ " type " ] = " MATCH_IPV4_SOURCE " ;
r [ " ip " ] = InetAddress ( & ( rule . v . ipv4 . ip ) , 4 , ( unsigned int ) rule . v . ipv4 . mask ) . toString ( ) ;
break ;
case ZT_NETWORK_RULE_MATCH_IPV4_DEST :
r [ " type " ] = " MATCH_IPV4_DEST " ;
r [ " ip " ] = InetAddress ( & ( rule . v . ipv4 . ip ) , 4 , ( unsigned int ) rule . v . ipv4 . mask ) . toString ( ) ;
break ;
case ZT_NETWORK_RULE_MATCH_IPV6_SOURCE :
r [ " type " ] = " MATCH_IPV6_SOURCE " ;
r [ " ip " ] = InetAddress ( rule . v . ipv6 . ip , 16 , ( unsigned int ) rule . v . ipv6 . mask ) . toString ( ) ;
break ;
case ZT_NETWORK_RULE_MATCH_IPV6_DEST :
r [ " type " ] = " MATCH_IPV6_DEST " ;
r [ " ip " ] = InetAddress ( rule . v . ipv6 . ip , 16 , ( unsigned int ) rule . v . ipv6 . mask ) . toString ( ) ;
break ;
case ZT_NETWORK_RULE_MATCH_IP_TOS :
r [ " type " ] = " MATCH_IP_TOS " ;
r [ " ipTos " ] = ( unsigned int ) rule . v . ipTos ;
break ;
case ZT_NETWORK_RULE_MATCH_IP_PROTOCOL :
r [ " type " ] = " MATCH_IP_PROTOCOL " ;
r [ " ipProtocol " ] = ( unsigned int ) rule . v . ipProtocol ;
break ;
case ZT_NETWORK_RULE_MATCH_ETHERTYPE :
r [ " type " ] = " MATCH_ETHERTYPE " ;
r [ " etherType " ] = ( unsigned int ) rule . v . etherType ;
break ;
case ZT_NETWORK_RULE_MATCH_ICMP :
r [ " type " ] = " MATCH_ICMP " ;
2016-10-13 21:14:46 +00:00
r [ " icmpType " ] = ( unsigned int ) rule . v . icmp . type ;
2016-10-11 19:00:16 +00:00
if ( ( rule . v . icmp . flags & 0x01 ) ! = 0 )
2016-10-13 21:14:46 +00:00
r [ " icmpCode " ] = ( unsigned int ) rule . v . icmp . code ;
else r [ " icmpCode " ] = json ( ) ;
2016-10-11 19:00:16 +00:00
break ;
case ZT_NETWORK_RULE_MATCH_IP_SOURCE_PORT_RANGE :
r [ " type " ] = " MATCH_IP_SOURCE_PORT_RANGE " ;
r [ " start " ] = ( unsigned int ) rule . v . port [ 0 ] ;
r [ " end " ] = ( unsigned int ) rule . v . port [ 1 ] ;
break ;
case ZT_NETWORK_RULE_MATCH_IP_DEST_PORT_RANGE :
r [ " type " ] = " MATCH_IP_DEST_PORT_RANGE " ;
r [ " start " ] = ( unsigned int ) rule . v . port [ 0 ] ;
r [ " end " ] = ( unsigned int ) rule . v . port [ 1 ] ;
break ;
case ZT_NETWORK_RULE_MATCH_CHARACTERISTICS :
r [ " type " ] = " MATCH_CHARACTERISTICS " ;
Utils : : snprintf ( tmp , sizeof ( tmp ) , " %.16llx " , rule . v . characteristics ) ;
r [ " mask " ] = tmp ;
break ;
case ZT_NETWORK_RULE_MATCH_FRAME_SIZE_RANGE :
r [ " type " ] = " MATCH_FRAME_SIZE_RANGE " ;
r [ " start " ] = ( unsigned int ) rule . v . frameSize [ 0 ] ;
r [ " end " ] = ( unsigned int ) rule . v . frameSize [ 1 ] ;
break ;
case ZT_NETWORK_RULE_MATCH_RANDOM :
r [ " type " ] = " MATCH_RANDOM " ;
r [ " probability " ] = ( unsigned long ) rule . v . randomProbability ;
break ;
case ZT_NETWORK_RULE_MATCH_TAGS_DIFFERENCE :
r [ " type " ] = " MATCH_TAGS_DIFFERENCE " ;
r [ " id " ] = rule . v . tag . id ;
r [ " value " ] = rule . v . tag . value ;
break ;
case ZT_NETWORK_RULE_MATCH_TAGS_BITWISE_AND :
r [ " type " ] = " MATCH_TAGS_BITWISE_AND " ;
r [ " id " ] = rule . v . tag . id ;
r [ " value " ] = rule . v . tag . value ;
break ;
case ZT_NETWORK_RULE_MATCH_TAGS_BITWISE_OR :
r [ " type " ] = " MATCH_TAGS_BITWISE_OR " ;
r [ " id " ] = rule . v . tag . id ;
r [ " value " ] = rule . v . tag . value ;
break ;
case ZT_NETWORK_RULE_MATCH_TAGS_BITWISE_XOR :
r [ " type " ] = " MATCH_TAGS_BITWISE_XOR " ;
r [ " id " ] = rule . v . tag . id ;
r [ " value " ] = rule . v . tag . value ;
break ;
case ZT_NETWORK_RULE_MATCH_TAGS_EQUAL :
r [ " type " ] = " MATCH_TAGS_EQUAL " ;
r [ " id " ] = rule . v . tag . id ;
r [ " value " ] = rule . v . tag . value ;
break ;
default :
break ;
}
if ( r . size ( ) > 0 ) {
2016-10-05 23:38:42 +00:00
r [ " not " ] = ( ( rule . t & 0x80 ) ! = 0 ) ;
2016-10-11 19:00:16 +00:00
r [ " or " ] = ( ( rule . t & 0x40 ) ! = 0 ) ;
}
2016-08-16 01:49:50 +00:00
}
2016-10-11 19:00:16 +00:00
2016-08-16 01:49:50 +00:00
return r ;
}
2016-08-25 23:08:40 +00:00
static bool _parseRule ( json & r , ZT_VirtualNetworkRule & rule )
2016-08-16 01:49:50 +00:00
{
2016-08-25 23:08:40 +00:00
if ( ! r . is_object ( ) )
2016-08-16 21:05:17 +00:00
return false ;
2016-10-11 19:00:16 +00:00
2016-08-24 20:37:57 +00:00
const std : : string t ( _jS ( r [ " type " ] , " " ) ) ;
2016-08-16 01:49:50 +00:00
memset ( & rule , 0 , sizeof ( ZT_VirtualNetworkRule ) ) ;
2016-10-11 19:00:16 +00:00
2016-08-18 00:37:37 +00:00
if ( _jB ( r [ " not " ] , false ) )
2016-08-16 01:49:50 +00:00
rule . t = 0x80 ;
else rule . t = 0x00 ;
2016-10-11 19:00:16 +00:00
if ( _jB ( r [ " or " ] , false ) )
rule . t | = 0x40 ;
2016-08-16 01:49:50 +00:00
if ( t = = " ACTION_DROP " ) {
rule . t | = ZT_NETWORK_RULE_ACTION_DROP ;
return true ;
} else if ( t = = " ACTION_ACCEPT " ) {
rule . t | = ZT_NETWORK_RULE_ACTION_ACCEPT ;
return true ;
} else if ( t = = " ACTION_TEE " ) {
rule . t | = ZT_NETWORK_RULE_ACTION_TEE ;
2016-08-24 20:37:57 +00:00
rule . v . fwd . address = Utils : : hexStrToU64 ( _jS ( r [ " address " ] , " 0 " ) . c_str ( ) ) & 0xffffffffffULL ;
rule . v . fwd . flags = ( uint32_t ) ( _jI ( r [ " flags " ] , 0ULL ) & 0xffffffffULL ) ;
rule . v . fwd . length = ( uint16_t ) ( _jI ( r [ " length " ] , 0ULL ) & 0xffffULL ) ;
2016-08-16 01:49:50 +00:00
return true ;
2016-09-23 23:08:38 +00:00
} else if ( t = = " ACTION_WATCH " ) {
rule . t | = ZT_NETWORK_RULE_ACTION_WATCH ;
rule . v . fwd . address = Utils : : hexStrToU64 ( _jS ( r [ " address " ] , " 0 " ) . c_str ( ) ) & 0xffffffffffULL ;
rule . v . fwd . flags = ( uint32_t ) ( _jI ( r [ " flags " ] , 0ULL ) & 0xffffffffULL ) ;
rule . v . fwd . length = ( uint16_t ) ( _jI ( r [ " length " ] , 0ULL ) & 0xffffULL ) ;
return true ;
2016-08-16 01:49:50 +00:00
} else if ( t = = " ACTION_REDIRECT " ) {
rule . t | = ZT_NETWORK_RULE_ACTION_REDIRECT ;
2016-12-23 02:26:43 +00:00
rule . v . fwd . address = Utils : : hexStrToU64 ( _jS ( r [ " address " ] , " 0 " ) . c_str ( ) ) & 0xffffffffffULL ;
2016-08-24 20:37:57 +00:00
rule . v . fwd . flags = ( uint32_t ) ( _jI ( r [ " flags " ] , 0ULL ) & 0xffffffffULL ) ;
2016-08-16 01:49:50 +00:00
return true ;
2016-08-25 20:31:23 +00:00
} else if ( t = = " ACTION_DEBUG_LOG " ) {
rule . t | = ZT_NETWORK_RULE_ACTION_DEBUG_LOG ;
return true ;
2016-08-16 01:49:50 +00:00
} else if ( t = = " MATCH_SOURCE_ZEROTIER_ADDRESS " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_SOURCE_ZEROTIER_ADDRESS ;
2016-08-18 00:37:37 +00:00
rule . v . zt = Utils : : hexStrToU64 ( _jS ( r [ " zt " ] , " 0 " ) . c_str ( ) ) & 0xffffffffffULL ;
2016-08-16 01:49:50 +00:00
return true ;
} else if ( t = = " MATCH_DEST_ZEROTIER_ADDRESS " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_DEST_ZEROTIER_ADDRESS ;
2016-08-18 00:37:37 +00:00
rule . v . zt = Utils : : hexStrToU64 ( _jS ( r [ " zt " ] , " 0 " ) . c_str ( ) ) & 0xffffffffffULL ;
2016-08-16 01:49:50 +00:00
return true ;
} else if ( t = = " MATCH_VLAN_ID " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_VLAN_ID ;
2016-08-18 00:37:37 +00:00
rule . v . vlanId = ( uint16_t ) ( _jI ( r [ " vlanId " ] , 0ULL ) & 0xffffULL ) ;
2016-08-16 01:49:50 +00:00
return true ;
} else if ( t = = " MATCH_VLAN_PCP " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_VLAN_PCP ;
2016-08-18 00:37:37 +00:00
rule . v . vlanPcp = ( uint8_t ) ( _jI ( r [ " vlanPcp " ] , 0ULL ) & 0xffULL ) ;
2016-08-16 01:49:50 +00:00
return true ;
} else if ( t = = " MATCH_VLAN_DEI " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_VLAN_DEI ;
2016-08-18 00:37:37 +00:00
rule . v . vlanDei = ( uint8_t ) ( _jI ( r [ " vlanDei " ] , 0ULL ) & 0xffULL ) ;
2016-08-16 01:49:50 +00:00
return true ;
} else if ( t = = " MATCH_MAC_SOURCE " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_MAC_SOURCE ;
2016-08-18 00:37:37 +00:00
const std : : string mac ( _jS ( r [ " mac " ] , " 0 " ) ) ;
2016-08-16 01:49:50 +00:00
Utils : : unhex ( mac . c_str ( ) , ( unsigned int ) mac . length ( ) , rule . v . mac , 6 ) ;
return true ;
} else if ( t = = " MATCH_MAC_DEST " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_MAC_DEST ;
2016-08-18 00:37:37 +00:00
const std : : string mac ( _jS ( r [ " mac " ] , " 0 " ) ) ;
2016-08-16 01:49:50 +00:00
Utils : : unhex ( mac . c_str ( ) , ( unsigned int ) mac . length ( ) , rule . v . mac , 6 ) ;
return true ;
} else if ( t = = " MATCH_IPV4_SOURCE " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_IPV4_SOURCE ;
2016-08-18 00:37:37 +00:00
InetAddress ip ( _jS ( r [ " ip " ] , " 0.0.0.0 " ) ) ;
2016-08-16 01:49:50 +00:00
rule . v . ipv4 . ip = reinterpret_cast < struct sockaddr_in * > ( & ip ) - > sin_addr . s_addr ;
rule . v . ipv4 . mask = Utils : : ntoh ( reinterpret_cast < struct sockaddr_in * > ( & ip ) - > sin_port ) & 0xff ;
if ( rule . v . ipv4 . mask > 32 ) rule . v . ipv4 . mask = 32 ;
return true ;
} else if ( t = = " MATCH_IPV4_DEST " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_IPV4_DEST ;
2016-08-18 00:37:37 +00:00
InetAddress ip ( _jS ( r [ " ip " ] , " 0.0.0.0 " ) ) ;
2016-08-16 01:49:50 +00:00
rule . v . ipv4 . ip = reinterpret_cast < struct sockaddr_in * > ( & ip ) - > sin_addr . s_addr ;
rule . v . ipv4 . mask = Utils : : ntoh ( reinterpret_cast < struct sockaddr_in * > ( & ip ) - > sin_port ) & 0xff ;
if ( rule . v . ipv4 . mask > 32 ) rule . v . ipv4 . mask = 32 ;
return true ;
} else if ( t = = " MATCH_IPV6_SOURCE " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_IPV6_SOURCE ;
2016-08-18 00:37:37 +00:00
InetAddress ip ( _jS ( r [ " ip " ] , " ::0 " ) ) ;
2016-08-16 01:49:50 +00:00
memcpy ( rule . v . ipv6 . ip , reinterpret_cast < struct sockaddr_in6 * > ( & ip ) - > sin6_addr . s6_addr , 16 ) ;
rule . v . ipv6 . mask = Utils : : ntoh ( reinterpret_cast < struct sockaddr_in6 * > ( & ip ) - > sin6_port ) & 0xff ;
if ( rule . v . ipv6 . mask > 128 ) rule . v . ipv6 . mask = 128 ;
return true ;
} else if ( t = = " MATCH_IPV6_DEST " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_IPV6_DEST ;
2016-08-18 00:37:37 +00:00
InetAddress ip ( _jS ( r [ " ip " ] , " ::0 " ) ) ;
2016-08-16 01:49:50 +00:00
memcpy ( rule . v . ipv6 . ip , reinterpret_cast < struct sockaddr_in6 * > ( & ip ) - > sin6_addr . s6_addr , 16 ) ;
rule . v . ipv6 . mask = Utils : : ntoh ( reinterpret_cast < struct sockaddr_in6 * > ( & ip ) - > sin6_port ) & 0xff ;
if ( rule . v . ipv6 . mask > 128 ) rule . v . ipv6 . mask = 128 ;
return true ;
} else if ( t = = " MATCH_IP_TOS " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_IP_TOS ;
2016-08-18 00:37:37 +00:00
rule . v . ipTos = ( uint8_t ) ( _jI ( r [ " ipTos " ] , 0ULL ) & 0xffULL ) ;
2016-08-16 01:49:50 +00:00
return true ;
} else if ( t = = " MATCH_IP_PROTOCOL " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_IP_PROTOCOL ;
2016-08-18 00:37:37 +00:00
rule . v . ipProtocol = ( uint8_t ) ( _jI ( r [ " ipProtocol " ] , 0ULL ) & 0xffULL ) ;
2016-08-16 01:49:50 +00:00
return true ;
2016-10-11 19:00:16 +00:00
} else if ( t = = " MATCH_ETHERTYPE " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_ETHERTYPE ;
rule . v . etherType = ( uint16_t ) ( _jI ( r [ " etherType " ] , 0ULL ) & 0xffffULL ) ;
return true ;
2016-08-31 21:01:15 +00:00
} else if ( t = = " MATCH_ICMP " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_ICMP ;
2016-10-13 21:14:46 +00:00
rule . v . icmp . type = ( uint8_t ) ( _jI ( r [ " icmpType " ] , 0ULL ) & 0xffULL ) ;
json & code = r [ " icmpCode " ] ;
2016-08-31 21:01:15 +00:00
if ( code . is_null ( ) ) {
rule . v . icmp . code = 0 ;
rule . v . icmp . flags = 0x00 ;
} else {
rule . v . icmp . code = ( uint8_t ) ( _jI ( code , 0ULL ) & 0xffULL ) ;
rule . v . icmp . flags = 0x01 ;
}
return true ;
2016-08-16 01:49:50 +00:00
} else if ( t = = " MATCH_IP_SOURCE_PORT_RANGE " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_IP_SOURCE_PORT_RANGE ;
2016-08-18 00:37:37 +00:00
rule . v . port [ 0 ] = ( uint16_t ) ( _jI ( r [ " start " ] , 0ULL ) & 0xffffULL ) ;
rule . v . port [ 1 ] = ( uint16_t ) ( _jI ( r [ " end " ] , ( uint64_t ) rule . v . port [ 0 ] ) & 0xffffULL ) ;
2016-08-16 01:49:50 +00:00
return true ;
} else if ( t = = " MATCH_IP_DEST_PORT_RANGE " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_IP_DEST_PORT_RANGE ;
2016-08-18 00:37:37 +00:00
rule . v . port [ 0 ] = ( uint16_t ) ( _jI ( r [ " start " ] , 0ULL ) & 0xffffULL ) ;
rule . v . port [ 1 ] = ( uint16_t ) ( _jI ( r [ " end " ] , ( uint64_t ) rule . v . port [ 0 ] ) & 0xffffULL ) ;
2016-08-16 01:49:50 +00:00
return true ;
} else if ( t = = " MATCH_CHARACTERISTICS " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_CHARACTERISTICS ;
if ( r . count ( " mask " ) ) {
2016-10-05 19:54:46 +00:00
json & v = r [ " mask " ] ;
2016-08-16 21:05:17 +00:00
if ( v . is_number ( ) ) {
2016-10-05 19:54:46 +00:00
rule . v . characteristics = v ;
2016-08-16 21:05:17 +00:00
} else {
std : : string tmp = v ;
2016-10-05 19:54:46 +00:00
rule . v . characteristics = Utils : : hexStrToU64 ( tmp . c_str ( ) ) ;
2016-08-16 21:05:17 +00:00
}
2016-08-16 01:49:50 +00:00
}
return true ;
} else if ( t = = " MATCH_FRAME_SIZE_RANGE " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_FRAME_SIZE_RANGE ;
2016-08-18 00:37:37 +00:00
rule . v . frameSize [ 0 ] = ( uint16_t ) ( _jI ( r [ " start " ] , 0ULL ) & 0xffffULL ) ;
rule . v . frameSize [ 1 ] = ( uint16_t ) ( _jI ( r [ " end " ] , ( uint64_t ) rule . v . frameSize [ 0 ] ) & 0xffffULL ) ;
2016-08-16 01:49:50 +00:00
return true ;
2016-09-30 21:07:00 +00:00
} else if ( t = = " MATCH_RANDOM " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_RANDOM ;
rule . v . randomProbability = ( uint32_t ) ( _jI ( r [ " probability " ] , 0ULL ) & 0xffffffffULL ) ;
2016-12-23 00:57:45 +00:00
return true ;
2016-08-31 21:14:58 +00:00
} else if ( t = = " MATCH_TAGS_DIFFERENCE " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_TAGS_DIFFERENCE ;
2016-08-18 00:37:37 +00:00
rule . v . tag . id = ( uint32_t ) ( _jI ( r [ " id " ] , 0ULL ) & 0xffffffffULL ) ;
rule . v . tag . value = ( uint32_t ) ( _jI ( r [ " value " ] , 0ULL ) & 0xffffffffULL ) ;
2016-08-16 01:49:50 +00:00
return true ;
} else if ( t = = " MATCH_TAGS_BITWISE_AND " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_TAGS_BITWISE_AND ;
2016-08-18 00:37:37 +00:00
rule . v . tag . id = ( uint32_t ) ( _jI ( r [ " id " ] , 0ULL ) & 0xffffffffULL ) ;
rule . v . tag . value = ( uint32_t ) ( _jI ( r [ " value " ] , 0ULL ) & 0xffffffffULL ) ;
2016-08-16 01:49:50 +00:00
return true ;
} else if ( t = = " MATCH_TAGS_BITWISE_OR " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_TAGS_BITWISE_OR ;
2016-08-18 00:37:37 +00:00
rule . v . tag . id = ( uint32_t ) ( _jI ( r [ " id " ] , 0ULL ) & 0xffffffffULL ) ;
rule . v . tag . value = ( uint32_t ) ( _jI ( r [ " value " ] , 0ULL ) & 0xffffffffULL ) ;
2016-08-16 01:49:50 +00:00
return true ;
} else if ( t = = " MATCH_TAGS_BITWISE_XOR " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_TAGS_BITWISE_XOR ;
2016-08-18 00:37:37 +00:00
rule . v . tag . id = ( uint32_t ) ( _jI ( r [ " id " ] , 0ULL ) & 0xffffffffULL ) ;
rule . v . tag . value = ( uint32_t ) ( _jI ( r [ " value " ] , 0ULL ) & 0xffffffffULL ) ;
2016-08-16 01:49:50 +00:00
return true ;
2016-10-05 23:38:42 +00:00
} else if ( t = = " MATCH_TAGS_EQUAL " ) {
rule . t | = ZT_NETWORK_RULE_MATCH_TAGS_EQUAL ;
rule . v . tag . id = ( uint32_t ) ( _jI ( r [ " id " ] , 0ULL ) & 0xffffffffULL ) ;
rule . v . tag . value = ( uint32_t ) ( _jI ( r [ " value " ] , 0ULL ) & 0xffffffffULL ) ;
return true ;
2016-08-16 01:49:50 +00:00
}
2016-10-11 19:00:16 +00:00
2016-08-16 01:49:50 +00:00
return false ;
}
2016-12-15 23:08:47 +00:00
EmbeddedNetworkController : : EmbeddedNetworkController ( Node * node , const char * dbPath , FILE * feed ) :
2016-11-10 21:57:01 +00:00
_threadsStarted ( false ) ,
2016-12-15 23:08:47 +00:00
_db ( dbPath , feed ) ,
2016-11-04 22:18:31 +00:00
_node ( node )
2015-01-06 21:45:10 +00:00
{
2016-08-16 21:05:17 +00:00
OSUtils : : mkdir ( dbPath ) ;
2016-08-18 19:59:48 +00:00
OSUtils : : lockDownFile ( dbPath , true ) ; // networks might contain auth tokens, etc., so restrict directory permissions
2015-01-06 21:45:10 +00:00
}
2016-08-17 17:42:32 +00:00
EmbeddedNetworkController : : ~ EmbeddedNetworkController ( )
2015-01-06 21:45:10 +00:00
{
2016-11-10 21:57:01 +00:00
Mutex : : Lock _l ( _threads_m ) ;
if ( _threadsStarted ) {
for ( int i = 0 ; i < ( ZT_EMBEDDEDNETWORKCONTROLLER_BACKGROUND_THREAD_COUNT * 2 ) ; + + i )
_queue . post ( ( _RQEntry * ) 0 ) ;
for ( int i = 0 ; i < ZT_EMBEDDEDNETWORKCONTROLLER_BACKGROUND_THREAD_COUNT ; + + i )
Thread : : join ( _threads [ i ] ) ;
}
2015-01-06 21:45:10 +00:00
}
2016-11-10 19:54:47 +00:00
void EmbeddedNetworkController : : init ( const Identity & signingId , Sender * sender )
2015-01-06 21:45:10 +00:00
{
2016-11-10 19:54:47 +00:00
this - > _sender = sender ;
this - > _signingId = signingId ;
}
void EmbeddedNetworkController : : request (
uint64_t nwid ,
const InetAddress & fromAddr ,
uint64_t requestPacketId ,
const Identity & identity ,
const Dictionary < ZT_NETWORKCONFIG_METADATA_DICT_CAPACITY > & metaData )
{
if ( ( ( ! _signingId ) | | ( ! _signingId . hasPrivate ( ) ) ) | | ( _signingId . address ( ) . toInt ( ) ! = ( nwid > > 24 ) ) | | ( ! _sender ) )
return ;
2016-06-28 00:14:47 +00:00
2016-11-04 22:18:31 +00:00
{
2016-11-10 21:57:01 +00:00
Mutex : : Lock _l ( _threads_m ) ;
if ( ! _threadsStarted ) {
for ( int i = 0 ; i < ZT_EMBEDDEDNETWORKCONTROLLER_BACKGROUND_THREAD_COUNT ; + + i )
_threads [ i ] = Thread : : start ( this ) ;
}
_threadsStarted = true ;
2016-11-04 22:18:31 +00:00
}
2016-11-10 19:54:47 +00:00
2016-11-10 21:57:01 +00:00
_RQEntry * qe = new _RQEntry ;
qe - > nwid = nwid ;
qe - > requestPacketId = requestPacketId ;
qe - > fromAddr = fromAddr ;
qe - > identity = identity ;
qe - > metaData = metaData ;
_queue . post ( qe ) ;
}
2016-11-10 19:54:47 +00:00
2016-11-10 21:57:01 +00:00
unsigned int EmbeddedNetworkController : : handleControlPlaneHttpGET (
const std : : vector < std : : string > & path ,
const std : : map < std : : string , std : : string > & urlArgs ,
const std : : map < std : : string , std : : string > & headers ,
const std : : string & body ,
std : : string & responseBody ,
std : : string & responseContentType )
{
if ( ( path . size ( ) > 0 ) & & ( path [ 0 ] = = " network " ) ) {
2016-06-28 00:14:47 +00:00
2016-11-10 21:57:01 +00:00
if ( ( path . size ( ) > = 2 ) & & ( path [ 1 ] . length ( ) = = 16 ) ) {
const uint64_t nwid = Utils : : hexStrToU64 ( path [ 1 ] . c_str ( ) ) ;
char nwids [ 24 ] ;
Utils : : snprintf ( nwids , sizeof ( nwids ) , " %.16llx " , ( unsigned long long ) nwid ) ;
json network ;
{
Mutex : : Lock _l ( _db_m ) ;
network = _db . get ( " network " , nwids , 0 ) ;
2016-06-28 00:14:47 +00:00
}
2016-11-10 21:57:01 +00:00
if ( ! network . size ( ) )
return 404 ;
2016-06-28 00:14:47 +00:00
2016-11-10 21:57:01 +00:00
if ( path . size ( ) > = 3 ) {
2016-08-16 23:46:08 +00:00
2016-11-10 21:57:01 +00:00
if ( path [ 2 ] = = " member " ) {
2016-09-15 20:17:37 +00:00
2016-11-10 21:57:01 +00:00
if ( path . size ( ) > = 4 ) {
const uint64_t address = Utils : : hexStrToU64 ( path [ 3 ] . c_str ( ) ) ;
2016-09-15 20:17:37 +00:00
2016-11-10 21:57:01 +00:00
json member ;
{
Mutex : : Lock _l ( _db_m ) ;
member = _db . get ( " network " , nwids , " member " , Address ( address ) . toString ( ) , 0 ) ;
}
if ( ! member . size ( ) )
return 404 ;
2016-09-15 20:17:37 +00:00
2016-11-10 21:57:01 +00:00
_addMemberNonPersistedFields ( member , OSUtils : : now ( ) ) ;
responseBody = member . dump ( 2 ) ;
responseContentType = " application/json " ;
return 200 ;
} else {
Mutex : : Lock _l ( _db_m ) ;
responseBody = " { " ;
std : : string pfx ( std : : string ( " network/ " ) + nwids + " member/ " ) ;
_db . filter ( pfx , 120000 , [ & responseBody ] ( const std : : string & n , const json & member ) {
if ( member . size ( ) > 0 ) {
responseBody . append ( ( responseBody . length ( ) = = 1 ) ? " \" " : " , \" " ) ;
responseBody . append ( _jS ( member [ " id " ] , " " ) ) ;
responseBody . append ( " \" : " ) ;
responseBody . append ( _jS ( member [ " revision " ] , " 0 " ) ) ;
2016-08-17 20:54:32 +00:00
}
2016-11-10 21:57:01 +00:00
return true ; // never delete
} ) ;
responseBody . push_back ( ' } ' ) ;
responseContentType = " application/json " ;
return 200 ;
2016-08-17 20:54:32 +00:00
}
2016-11-10 21:57:01 +00:00
} else if ( ( path [ 2 ] = = " test " ) & & ( path . size ( ) > = 4 ) ) {
2016-08-17 20:54:32 +00:00
2016-11-10 21:57:01 +00:00
Mutex : : Lock _l ( _circuitTests_m ) ;
std : : map < uint64_t , _CircuitTestEntry > : : iterator cte ( _circuitTests . find ( Utils : : hexStrToU64 ( path [ 3 ] . c_str ( ) ) ) ) ;
if ( ( cte ! = _circuitTests . end ( ) ) & & ( cte - > second . test ) ) {
2016-06-28 00:14:47 +00:00
2016-11-10 21:57:01 +00:00
responseBody = " [ " ;
responseBody . append ( cte - > second . jsonResults ) ;
responseBody . push_back ( ' ] ' ) ;
responseContentType = " application/json " ;
2016-11-08 20:41:27 +00:00
2016-11-10 21:57:01 +00:00
return 200 ;
2016-06-28 00:14:47 +00:00
2016-11-10 21:57:01 +00:00
} // else 404
2016-08-17 20:41:45 +00:00
2016-11-10 21:57:01 +00:00
} // else 404
2016-08-18 19:59:48 +00:00
2016-11-10 21:57:01 +00:00
} else {
2016-08-23 20:02:59 +00:00
2016-11-10 21:57:01 +00:00
const uint64_t now = OSUtils : : now ( ) ;
_NetworkMemberInfo nmi ;
_getNetworkMemberInfo ( now , nwid , nmi ) ;
_addNetworkNonPersistedFields ( network , now , nmi ) ;
responseBody = network . dump ( 2 ) ;
responseContentType = " application/json " ;
return 200 ;
2016-08-16 23:46:08 +00:00
2016-11-10 21:57:01 +00:00
}
} else if ( path . size ( ) = = 1 ) {
2016-06-28 00:14:47 +00:00
2016-11-10 21:57:01 +00:00
std : : set < std : : string > networkIds ;
{
Mutex : : Lock _l ( _db_m ) ;
_db . filter ( " network/ " , 120000 , [ & networkIds ] ( const std : : string & n , const json & obj ) {
if ( n . length ( ) = = ( 16 + 8 ) )
networkIds . insert ( n . substr ( 8 ) ) ;
return true ; // do not delete
} ) ;
2016-11-10 20:33:09 +00:00
}
2016-08-19 01:18:50 +00:00
2016-11-10 21:57:01 +00:00
responseBody . push_back ( ' [ ' ) ;
for ( std : : set < std : : string > : : iterator i ( networkIds . begin ( ) ) ; i ! = networkIds . end ( ) ; + + i ) {
responseBody . append ( ( responseBody . length ( ) = = 1 ) ? " \" " : " , \" " ) ;
responseBody . append ( * i ) ;
responseBody . append ( " \" " ) ;
2016-08-19 01:18:50 +00:00
}
2016-11-10 21:57:01 +00:00
responseBody . push_back ( ' ] ' ) ;
responseContentType = " application/json " ;
return 200 ;
2016-08-19 01:18:50 +00:00
2016-11-10 21:57:01 +00:00
} // else 404
2016-08-19 01:18:50 +00:00
2016-11-10 21:57:01 +00:00
} else {
2016-06-28 00:14:47 +00:00
2016-11-10 21:57:01 +00:00
char tmp [ 4096 ] ;
Utils : : snprintf ( tmp , sizeof ( tmp ) , " { \n \t \" controller \" : true, \n \t \" apiVersion \" : %d, \n \t \" clock \" : %llu \n } \n " , ZT_NETCONF_CONTROLLER_API_VERSION , ( unsigned long long ) OSUtils : : now ( ) ) ;
responseBody = tmp ;
responseContentType = " application/json " ;
return 200 ;
2016-08-25 23:08:40 +00:00
2016-08-18 19:59:48 +00:00
}
2016-11-10 21:57:01 +00:00
return 404 ;
}
2016-07-07 23:28:43 +00:00
2016-11-10 21:57:01 +00:00
unsigned int EmbeddedNetworkController : : handleControlPlaneHttpPOST (
const std : : vector < std : : string > & path ,
const std : : map < std : : string , std : : string > & urlArgs ,
const std : : map < std : : string , std : : string > & headers ,
const std : : string & body ,
std : : string & responseBody ,
std : : string & responseContentType )
{
if ( path . empty ( ) )
return 404 ;
2016-07-07 23:28:43 +00:00
2016-11-10 21:57:01 +00:00
json b ;
try {
b = json : : parse ( body ) ;
if ( ! b . is_object ( ) ) {
responseBody = " { \" message \" : \" body is not a JSON object \" } " ;
responseContentType = " application/json " ;
return 400 ;
2016-07-07 22:42:10 +00:00
}
2016-11-10 21:57:01 +00:00
} catch ( . . . ) {
responseBody = " { \" message \" : \" body JSON is invalid \" } " ;
responseContentType = " application/json " ;
return 400 ;
2016-08-16 23:46:08 +00:00
}
2016-11-10 21:57:01 +00:00
const uint64_t now = OSUtils : : now ( ) ;
2016-06-28 00:14:47 +00:00
2016-11-10 21:57:01 +00:00
if ( path [ 0 ] = = " network " ) {
2016-08-16 23:46:08 +00:00
2016-11-10 21:57:01 +00:00
if ( ( path . size ( ) > = 2 ) & & ( path [ 1 ] . length ( ) = = 16 ) ) {
uint64_t nwid = Utils : : hexStrToU64 ( path [ 1 ] . c_str ( ) ) ;
char nwids [ 24 ] ;
Utils : : snprintf ( nwids , sizeof ( nwids ) , " %.16llx " , ( unsigned long long ) nwid ) ;
2016-07-07 22:42:10 +00:00
2016-11-10 21:57:01 +00:00
if ( path . size ( ) > = 3 ) {
2016-07-07 22:42:10 +00:00
2016-11-10 21:57:01 +00:00
if ( ( path . size ( ) = = 4 ) & & ( path [ 2 ] = = " member " ) & & ( path [ 3 ] . length ( ) = = 10 ) ) {
uint64_t address = Utils : : hexStrToU64 ( path [ 3 ] . c_str ( ) ) ;
char addrs [ 24 ] ;
Utils : : snprintf ( addrs , sizeof ( addrs ) , " %.10llx " , ( unsigned long long ) address ) ;
2016-07-07 22:42:10 +00:00
2016-11-10 21:57:01 +00:00
json member ;
{
Mutex : : Lock _l ( _db_m ) ;
member = _db . get ( " network " , nwids , " member " , Address ( address ) . toString ( ) , 0 ) ;
2016-06-28 00:14:47 +00:00
}
2016-11-10 21:57:01 +00:00
json origMember ( member ) ; // for detecting changes
_initMember ( member ) ;
2016-08-16 23:46:08 +00:00
try {
2016-08-18 19:59:48 +00:00
if ( b . count ( " activeBridge " ) ) member [ " activeBridge " ] = _jB ( b [ " activeBridge " ] , false ) ;
2016-08-25 00:05:43 +00:00
if ( b . count ( " noAutoAssignIps " ) ) member [ " noAutoAssignIps " ] = _jB ( b [ " noAutoAssignIps " ] , false ) ;
2016-08-17 17:25:25 +00:00
2016-08-23 20:02:59 +00:00
if ( b . count ( " authorized " ) ) {
const bool newAuth = _jB ( b [ " authorized " ] , false ) ;
2016-09-15 20:17:37 +00:00
if ( newAuth ! = _jB ( member [ " authorized " ] , false ) ) {
member [ " authorized " ] = newAuth ;
2016-11-15 22:06:25 +00:00
member [ ( ( newAuth ) ? " lastAuthorizedTime " : " lastDeauthorizedTime " ) ] = now ;
2016-09-15 20:17:37 +00:00
json ah ;
ah [ " a " ] = newAuth ;
ah [ " by " ] = " api " ;
ah [ " ts " ] = now ;
ah [ " ct " ] = json ( ) ;
ah [ " c " ] = json ( ) ;
member [ " authHistory " ] . push_back ( ah ) ;
2016-08-23 20:02:59 +00:00
}
}
2016-08-16 23:46:08 +00:00
if ( b . count ( " ipAssignments " ) ) {
2016-11-04 22:18:31 +00:00
json & ipa = b [ " ipAssignments " ] ;
2016-08-16 23:46:08 +00:00
if ( ipa . is_array ( ) ) {
json mipa ( json : : array ( ) ) ;
for ( unsigned long i = 0 ; i < ipa . size ( ) ; + + i ) {
std : : string ips = ipa [ i ] ;
InetAddress ip ( ips ) ;
if ( ( ip . ss_family = = AF_INET ) | | ( ip . ss_family = = AF_INET6 ) ) {
mipa . push_back ( ip . toIpString ( ) ) ;
2015-09-10 21:47:04 +00:00
}
}
2016-08-16 23:46:08 +00:00
member [ " ipAssignments " ] = mipa ;
2015-09-10 21:47:04 +00:00
}
}
2016-08-18 21:37:56 +00:00
if ( b . count ( " tags " ) ) {
2016-11-04 22:18:31 +00:00
json & tags = b [ " tags " ] ;
2016-08-18 21:37:56 +00:00
if ( tags . is_array ( ) ) {
std : : map < uint64_t , uint64_t > mtags ;
for ( unsigned long i = 0 ; i < tags . size ( ) ; + + i ) {
2016-11-04 23:23:41 +00:00
json & tag = tags [ i ] ;
2016-08-18 21:37:56 +00:00
if ( ( tag . is_array ( ) ) & & ( tag . size ( ) = = 2 ) )
mtags [ _jI ( tag [ 0 ] , 0ULL ) & 0xffffffffULL ] = _jI ( tag [ 1 ] , 0ULL ) & 0xffffffffULL ;
}
json mtagsa = json : : array ( ) ;
for ( std : : map < uint64_t , uint64_t > : : iterator t ( mtags . begin ( ) ) ; t ! = mtags . end ( ) ; + + t ) {
json ta = json : : array ( ) ;
ta . push_back ( t - > first ) ;
ta . push_back ( t - > second ) ;
mtagsa . push_back ( ta ) ;
}
member [ " tags " ] = mtagsa ;
}
}
if ( b . count ( " capabilities " ) ) {
2016-11-04 22:18:31 +00:00
json & capabilities = b [ " capabilities " ] ;
2016-08-18 21:37:56 +00:00
if ( capabilities . is_array ( ) ) {
json mcaps = json : : array ( ) ;
for ( unsigned long i = 0 ; i < capabilities . size ( ) ; + + i ) {
mcaps . push_back ( _jI ( capabilities [ i ] , 0ULL ) ) ;
}
std : : sort ( mcaps . begin ( ) , mcaps . end ( ) ) ;
mcaps . erase ( std : : unique ( mcaps . begin ( ) , mcaps . end ( ) ) , mcaps . end ( ) ) ;
member [ " capabilities " ] = mcaps ;
}
}
2016-08-16 23:46:08 +00:00
} catch ( . . . ) {
2016-08-25 23:08:40 +00:00
responseBody = " { \" message \" : \" exception while processing parameters in JSON body \" } " ;
responseContentType = " application/json " ;
2016-08-16 23:46:08 +00:00
return 400 ;
2015-09-10 21:47:04 +00:00
}
2015-01-07 01:16:54 +00:00
2016-08-16 23:46:08 +00:00
member [ " id " ] = addrs ;
member [ " address " ] = addrs ; // legacy
member [ " nwid " ] = nwids ;
2015-01-07 01:16:54 +00:00
2016-11-10 20:54:43 +00:00
if ( member ! = origMember ) {
member [ " lastModified " ] = now ;
json & revj = member [ " revision " ] ;
member [ " revision " ] = ( revj . is_number ( ) ? ( ( uint64_t ) revj + 1ULL ) : 1ULL ) ;
{
Mutex : : Lock _l ( _db_m ) ;
_db . put ( " network " , nwids , " member " , Address ( address ) . toString ( ) , member ) ;
}
_pushMemberUpdate ( now , nwid , member ) ;
2016-08-25 18:26:45 +00:00
}
2016-08-18 19:59:48 +00:00
// Add non-persisted fields
2016-08-23 23:05:10 +00:00
member [ " clock " ] = now ;
2016-08-18 19:59:48 +00:00
2016-08-16 23:46:08 +00:00
responseBody = member . dump ( 2 ) ;
responseContentType = " application/json " ;
return 200 ;
2015-10-08 20:25:38 +00:00
} else if ( ( path . size ( ) = = 3 ) & & ( path [ 2 ] = = " test " ) ) {
2016-08-16 21:05:17 +00:00
Mutex : : Lock _l ( _circuitTests_m ) ;
2015-10-08 20:25:38 +00:00
ZT_CircuitTest * test = ( ZT_CircuitTest * ) malloc ( sizeof ( ZT_CircuitTest ) ) ;
memset ( test , 0 , sizeof ( ZT_CircuitTest ) ) ;
Utils : : getSecureRandom ( & ( test - > testId ) , sizeof ( test - > testId ) ) ;
test - > credentialNetworkId = nwid ;
test - > ptr = ( void * ) this ;
2016-08-16 23:46:08 +00:00
json hops = b [ " hops " ] ;
if ( hops . is_array ( ) ) {
for ( unsigned long i = 0 ; i < hops . size ( ) ; + + i ) {
2016-11-04 23:23:41 +00:00
json & hops2 = hops [ i ] ;
2016-08-16 23:46:08 +00:00
if ( hops2 . is_array ( ) ) {
for ( unsigned long j = 0 ; j < hops2 . size ( ) ; + + j ) {
2016-08-17 17:25:25 +00:00
std : : string s = hops2 [ j ] ;
test - > hops [ test - > hopCount ] . addresses [ test - > hops [ test - > hopCount ] . breadth + + ] = Utils : : hexStrToU64 ( s . c_str ( ) ) & 0xffffffffffULL ;
2015-10-08 20:25:38 +00:00
}
2016-08-16 23:46:08 +00:00
} else if ( hops2 . is_string ( ) ) {
2016-08-17 17:25:25 +00:00
std : : string s = hops2 ;
test - > hops [ test - > hopCount ] . addresses [ test - > hops [ test - > hopCount ] . breadth + + ] = Utils : : hexStrToU64 ( s . c_str ( ) ) & 0xffffffffffULL ;
2015-10-08 20:25:38 +00:00
}
}
}
2016-08-18 00:37:37 +00:00
test - > reportAtEveryHop = ( _jB ( b [ " reportAtEveryHop " ] , true ) ? 1 : 0 ) ;
2015-10-08 20:25:38 +00:00
if ( ! test - > hopCount ) {
: : free ( ( void * ) test ) ;
2016-08-25 23:08:40 +00:00
responseBody = " { \" message \" : \" a test must contain at least one hop \" } " ;
responseContentType = " application/json " ;
2016-08-16 23:46:08 +00:00
return 400 ;
2015-10-08 20:25:38 +00:00
}
test - > timestamp = OSUtils : : now ( ) ;
2016-01-26 20:42:44 +00:00
_CircuitTestEntry & te = _circuitTests [ test - > testId ] ;
te . test = test ;
te . jsonResults = " " ;
2016-08-25 17:46:03 +00:00
if ( _node )
_node - > circuitTestBegin ( test , & ( EmbeddedNetworkController : : _circuitTestCallback ) ) ;
else return 500 ;
2015-10-08 20:25:38 +00:00
2016-02-05 00:09:26 +00:00
char json [ 1024 ] ;
Utils : : snprintf ( json , sizeof ( json ) , " { \" testId \" : \" %.16llx \" } " , test - > testId ) ;
responseBody = json ;
responseContentType = " application/json " ;
2015-10-08 20:25:38 +00:00
return 200 ;
2016-08-16 21:05:17 +00:00
2015-09-10 21:47:04 +00:00
} // else 404
2015-01-08 22:27:55 +00:00
2015-09-10 21:47:04 +00:00
} else {
2016-08-16 01:49:50 +00:00
// POST to network ID
2015-01-08 22:27:55 +00:00
2016-11-04 22:18:31 +00:00
json network ;
{
Mutex : : Lock _l ( _db_m ) ;
// Magic ID ending with ______ picks a random unused network ID
if ( path [ 1 ] . substr ( 10 ) = = " ______ " ) {
nwid = 0 ;
uint64_t nwidPrefix = ( Utils : : hexStrToU64 ( path [ 1 ] . substr ( 0 , 10 ) . c_str ( ) ) < < 24 ) & 0xffffffffff000000ULL ;
uint64_t nwidPostfix = 0 ;
for ( unsigned long k = 0 ; k < 100000 ; + + k ) { // sanity limit on trials
Utils : : getSecureRandom ( & nwidPostfix , sizeof ( nwidPostfix ) ) ;
uint64_t tryNwid = nwidPrefix | ( nwidPostfix & 0xffffffULL ) ;
if ( ( tryNwid & 0xffffffULL ) = = 0ULL ) tryNwid | = 1ULL ;
Utils : : snprintf ( nwids , sizeof ( nwids ) , " %.16llx " , ( unsigned long long ) tryNwid ) ;
if ( _db . get ( " network " , nwids , 120000 ) . size ( ) < = 0 ) {
nwid = tryNwid ;
break ;
}
2016-08-16 01:49:50 +00:00
}
2016-11-04 22:18:31 +00:00
if ( ! nwid )
return 503 ;
2016-08-16 01:49:50 +00:00
}
2016-11-04 22:18:31 +00:00
network = _db . get ( " network " , nwids , 0 ) ;
}
2016-11-10 20:54:43 +00:00
json origNetwork ( network ) ; // for detecting changes
2016-08-18 21:37:56 +00:00
_initNetwork ( network ) ;
2016-08-16 01:49:50 +00:00
try {
2016-08-18 00:37:37 +00:00
if ( b . count ( " name " ) ) network [ " name " ] = _jS ( b [ " name " ] , " " ) ;
if ( b . count ( " private " ) ) network [ " private " ] = _jB ( b [ " private " ] , true ) ;
if ( b . count ( " enableBroadcast " ) ) network [ " enableBroadcast " ] = _jB ( b [ " enableBroadcast " ] , false ) ;
if ( b . count ( " allowPassiveBridging " ) ) network [ " allowPassiveBridging " ] = _jB ( b [ " allowPassiveBridging " ] , false ) ;
if ( b . count ( " multicastLimit " ) ) network [ " multicastLimit " ] = _jI ( b [ " multicastLimit " ] , 32ULL ) ;
2016-08-16 01:49:50 +00:00
if ( b . count ( " v4AssignMode " ) ) {
2016-09-30 20:04:26 +00:00
json nv4m ;
json & v4m = b [ " v4AssignMode " ] ;
if ( v4m . is_string ( ) ) { // backward compatibility
nv4m [ " zt " ] = ( _jS ( v4m , " " ) = = " zt " ) ;
} else if ( v4m . is_object ( ) ) {
nv4m [ " zt " ] = _jB ( v4m [ " zt " ] , false ) ;
} else nv4m [ " zt " ] = false ;
network [ " v4AssignMode " ] = nv4m ;
2016-08-16 01:49:50 +00:00
}
if ( b . count ( " v6AssignMode " ) ) {
2016-09-30 20:04:26 +00:00
json nv6m ;
json & v6m = b [ " v6AssignMode " ] ;
2016-08-16 01:49:50 +00:00
if ( ! nv6m . is_object ( ) ) nv6m = json : : object ( ) ;
2016-09-30 20:04:26 +00:00
if ( v6m . is_string ( ) ) { // backward compatibility
2016-11-18 23:49:28 +00:00
std : : vector < std : : string > v6ms ( OSUtils : : split ( _jS ( v6m , " " ) . c_str ( ) , " , " , " " , " " ) ) ;
2016-09-30 20:04:26 +00:00
std : : sort ( v6ms . begin ( ) , v6ms . end ( ) ) ;
v6ms . erase ( std : : unique ( v6ms . begin ( ) , v6ms . end ( ) ) , v6ms . end ( ) ) ;
2016-08-26 21:16:55 +00:00
nv6m [ " rfc4193 " ] = false ;
nv6m [ " zt " ] = false ;
nv6m [ " 6plane " ] = false ;
2016-09-30 20:04:26 +00:00
for ( std : : vector < std : : string > : : iterator i ( v6ms . begin ( ) ) ; i ! = v6ms . end ( ) ; + + i ) {
2016-08-16 01:49:50 +00:00
if ( * i = = " rfc4193 " )
nv6m [ " rfc4193 " ] = true ;
else if ( * i = = " zt " )
nv6m [ " zt " ] = true ;
else if ( * i = = " 6plane " )
nv6m [ " 6plane " ] = true ;
2015-09-10 21:47:04 +00:00
}
2016-09-30 20:04:26 +00:00
} else if ( v6m . is_object ( ) ) {
2016-08-18 00:37:37 +00:00
if ( v6m . count ( " rfc4193 " ) ) nv6m [ " rfc4193 " ] = _jB ( v6m [ " rfc4193 " ] , false ) ;
2016-08-26 21:04:27 +00:00
if ( v6m . count ( " zt " ) ) nv6m [ " zt " ] = _jB ( v6m [ " zt " ] , false ) ;
if ( v6m . count ( " 6plane " ) ) nv6m [ " 6plane " ] = _jB ( v6m [ " 6plane " ] , false ) ;
2016-09-30 20:04:26 +00:00
} else {
nv6m [ " rfc4193 " ] = false ;
nv6m [ " zt " ] = false ;
nv6m [ " 6plane " ] = false ;
2016-08-16 01:49:50 +00:00
}
2016-09-30 20:04:26 +00:00
network [ " v6AssignMode " ] = nv6m ;
2016-08-16 01:49:50 +00:00
}
2015-06-13 09:34:31 +00:00
2016-08-16 01:49:50 +00:00
if ( b . count ( " routes " ) ) {
2016-08-25 23:08:40 +00:00
json & rts = b [ " routes " ] ;
2016-08-16 01:49:50 +00:00
if ( rts . is_array ( ) ) {
2016-08-25 23:08:40 +00:00
json nrts = json : : array ( ) ;
2016-08-16 01:49:50 +00:00
for ( unsigned long i = 0 ; i < rts . size ( ) ; + + i ) {
2016-08-25 23:08:40 +00:00
json & rt = rts [ i ] ;
if ( rt . is_object ( ) ) {
json & target = rt [ " target " ] ;
json & via = rt [ " via " ] ;
if ( target . is_string ( ) ) {
InetAddress t ( target . get < std : : string > ( ) ) ;
InetAddress v ;
if ( via . is_string ( ) ) v . fromString ( via . get < std : : string > ( ) ) ;
if ( ( ( t . ss_family = = AF_INET ) | | ( t . ss_family = = AF_INET6 ) ) & & ( t . netmaskBitsValid ( ) ) ) {
json tmp ;
tmp [ " target " ] = t . toString ( ) ;
if ( v . ss_family = = t . ss_family )
tmp [ " via " ] = v . toIpString ( ) ;
else tmp [ " via " ] = json ( ) ;
nrts . push_back ( tmp ) ;
}
2016-08-16 01:49:50 +00:00
}
}
}
2016-08-25 23:08:40 +00:00
network [ " routes " ] = nrts ;
2016-08-16 01:49:50 +00:00
}
}
2015-03-18 23:10:48 +00:00
2016-08-16 01:49:50 +00:00
if ( b . count ( " ipAssignmentPools " ) ) {
2016-08-25 23:08:40 +00:00
json & ipp = b [ " ipAssignmentPools " ] ;
2016-08-16 01:49:50 +00:00
if ( ipp . is_array ( ) ) {
2016-08-25 23:08:40 +00:00
json nipp = json : : array ( ) ;
2016-08-16 01:49:50 +00:00
for ( unsigned long i = 0 ; i < ipp . size ( ) ; + + i ) {
2016-11-04 23:14:58 +00:00
json & ip = ipp [ i ] ;
2016-08-16 01:49:50 +00:00
if ( ( ip . is_object ( ) ) & & ( ip . count ( " ipRangeStart " ) ) & & ( ip . count ( " ipRangeEnd " ) ) ) {
2016-08-18 00:37:37 +00:00
InetAddress f ( _jS ( ip [ " ipRangeStart " ] , " " ) ) ;
InetAddress t ( _jS ( ip [ " ipRangeEnd " ] , " " ) ) ;
2016-08-16 01:49:50 +00:00
if ( ( ( f . ss_family = = AF_INET ) | | ( f . ss_family = = AF_INET6 ) ) & & ( f . ss_family = = t . ss_family ) ) {
2016-08-25 23:08:40 +00:00
json tmp = json : : object ( ) ;
2016-08-16 01:49:50 +00:00
tmp [ " ipRangeStart " ] = f . toIpString ( ) ;
tmp [ " ipRangeEnd " ] = t . toIpString ( ) ;
nipp . push_back ( tmp ) ;
}
}
}
2016-08-25 23:08:40 +00:00
network [ " ipAssignmentPools " ] = nipp ;
2016-08-16 01:49:50 +00:00
}
2015-09-10 21:47:04 +00:00
}
2015-06-29 21:52:09 +00:00
2016-08-16 01:49:50 +00:00
if ( b . count ( " rules " ) ) {
2016-08-25 23:08:40 +00:00
json & rules = b [ " rules " ] ;
2016-08-16 01:49:50 +00:00
if ( rules . is_array ( ) ) {
2016-08-17 17:25:25 +00:00
json nrules = json : : array ( ) ;
2016-08-16 01:49:50 +00:00
for ( unsigned long i = 0 ; i < rules . size ( ) ; + + i ) {
2016-08-25 23:08:40 +00:00
json & rule = rules [ i ] ;
2016-08-16 01:49:50 +00:00
if ( rule . is_object ( ) ) {
2016-08-17 17:25:25 +00:00
ZT_VirtualNetworkRule ztr ;
2016-08-25 23:08:40 +00:00
if ( _parseRule ( rule , ztr ) )
nrules . push_back ( _renderRule ( ztr ) ) ;
2016-08-16 01:49:50 +00:00
}
}
2016-08-17 17:25:25 +00:00
network [ " rules " ] = nrules ;
2016-08-16 01:49:50 +00:00
}
}
2016-08-17 20:41:45 +00:00
if ( b . count ( " authTokens " ) ) {
2016-08-25 23:08:40 +00:00
json & authTokens = b [ " authTokens " ] ;
2016-08-17 20:41:45 +00:00
if ( authTokens . is_array ( ) ) {
json nat = json : : array ( ) ;
for ( unsigned long i = 0 ; i < authTokens . size ( ) ; + + i ) {
2016-09-15 20:17:37 +00:00
json & token = authTokens [ i ] ;
2016-08-17 20:41:45 +00:00
if ( token . is_object ( ) ) {
std : : string tstr = token [ " token " ] ;
if ( tstr . length ( ) > 0 ) {
json t = json : : object ( ) ;
t [ " token " ] = tstr ;
2016-08-18 00:37:37 +00:00
t [ " expires " ] = _jI ( token [ " expires " ] , 0ULL ) ;
2016-09-15 20:17:37 +00:00
t [ " maxUsesPerMember " ] = _jI ( token [ " maxUsesPerMember " ] , 0ULL ) ;
2016-08-17 20:41:45 +00:00
nat . push_back ( t ) ;
}
}
}
network [ " authTokens " ] = nat ;
}
}
2016-08-18 21:37:56 +00:00
if ( b . count ( " capabilities " ) ) {
2016-08-25 23:08:40 +00:00
json & capabilities = b [ " capabilities " ] ;
2016-08-18 21:37:56 +00:00
if ( capabilities . is_array ( ) ) {
std : : map < uint64_t , json > ncaps ;
for ( unsigned long i = 0 ; i < capabilities . size ( ) ; + + i ) {
2016-08-25 23:08:40 +00:00
json & cap = capabilities [ i ] ;
2016-08-18 21:37:56 +00:00
if ( cap . is_object ( ) ) {
json ncap = json : : object ( ) ;
const uint64_t capId = _jI ( cap [ " id " ] , 0ULL ) ;
ncap [ " id " ] = capId ;
2016-08-25 23:08:40 +00:00
json & rules = cap [ " rules " ] ;
2016-08-18 21:37:56 +00:00
json nrules = json : : array ( ) ;
if ( rules . is_array ( ) ) {
for ( unsigned long i = 0 ; i < rules . size ( ) ; + + i ) {
2016-11-04 23:14:58 +00:00
json & rule = rules [ i ] ;
2016-08-18 21:37:56 +00:00
if ( rule . is_object ( ) ) {
ZT_VirtualNetworkRule ztr ;
2016-08-25 23:08:40 +00:00
if ( _parseRule ( rule , ztr ) )
nrules . push_back ( _renderRule ( ztr ) ) ;
2016-08-18 21:37:56 +00:00
}
}
}
ncap [ " rules " ] = nrules ;
ncaps [ capId ] = ncap ;
}
}
json ncapsa = json : : array ( ) ;
for ( std : : map < uint64_t , json > : : iterator c ( ncaps . begin ( ) ) ; c ! = ncaps . end ( ) ; + + c )
ncapsa . push_back ( c - > second ) ;
network [ " capabilities " ] = ncapsa ;
}
}
2016-08-16 01:49:50 +00:00
} catch ( . . . ) {
2016-08-25 23:08:40 +00:00
responseBody = " { \" message \" : \" exception occurred while parsing body variables \" } " ;
responseContentType = " application/json " ;
2016-08-16 23:46:08 +00:00
return 400 ;
2016-08-16 01:49:50 +00:00
}
2016-08-16 23:46:08 +00:00
network [ " id " ] = nwids ;
network [ " nwid " ] = nwids ; // legacy
2015-09-10 21:47:04 +00:00
2016-11-10 20:54:43 +00:00
if ( network ! = origNetwork ) {
json & revj = network [ " revision " ] ;
network [ " revision " ] = ( revj . is_number ( ) ? ( ( uint64_t ) revj + 1ULL ) : 1ULL ) ;
network [ " lastModified " ] = now ;
{
Mutex : : Lock _l ( _db_m ) ;
_db . put ( " network " , nwids , network ) ;
}
std : : string pfx ( " network/ " ) ; pfx . append ( nwids ) ; pfx . append ( " /member/ " ) ;
_db . filter ( pfx , 120000 , [ this , & now , & nwid ] ( const std : : string & n , const json & obj ) {
_pushMemberUpdate ( now , nwid , obj ) ;
return true ; // do not delete
} ) ;
2016-11-04 22:18:31 +00:00
}
2015-01-07 01:16:54 +00:00
2016-08-18 19:59:48 +00:00
_NetworkMemberInfo nmi ;
_getNetworkMemberInfo ( now , nwid , nmi ) ;
_addNetworkNonPersistedFields ( network , now , nmi ) ;
2016-08-16 21:05:17 +00:00
responseBody = network . dump ( 2 ) ;
responseContentType = " application/json " ;
return 200 ;
} // else 404
2015-01-07 01:16:54 +00:00
2015-09-10 21:47:04 +00:00
} // else 404
2015-01-07 01:16:54 +00:00
2015-09-10 21:47:04 +00:00
} // else 404
2015-01-07 01:16:54 +00:00
2015-09-10 21:47:04 +00:00
return 404 ;
2015-05-17 00:12:29 +00:00
}
2015-04-21 23:41:35 +00:00
2016-08-17 17:42:32 +00:00
unsigned int EmbeddedNetworkController : : handleControlPlaneHttpDELETE (
2015-05-17 00:12:29 +00:00
const std : : vector < std : : string > & path ,
const std : : map < std : : string , std : : string > & urlArgs ,
const std : : map < std : : string , std : : string > & headers ,
const std : : string & body ,
std : : string & responseBody ,
std : : string & responseContentType )
{
if ( path . empty ( ) )
return 404 ;
if ( path [ 0 ] = = " network " ) {
2015-04-21 23:41:35 +00:00
if ( ( path . size ( ) > = 2 ) & & ( path [ 1 ] . length ( ) = = 16 ) ) {
2016-08-12 22:32:45 +00:00
const uint64_t nwid = Utils : : hexStrToU64 ( path [ 1 ] . c_str ( ) ) ;
2016-08-16 21:05:17 +00:00
2016-11-04 22:18:31 +00:00
char nwids [ 24 ] ;
Utils : : snprintf ( nwids , sizeof ( nwids ) , " %.16llx " , nwid ) ;
json network ;
{
Mutex : : Lock _l ( _db_m ) ;
network = _db . get ( " network " , nwids , 0 ) ;
}
2016-11-10 21:57:01 +00:00
if ( ! network . size ( ) )
return 404 ;
if ( path . size ( ) > = 3 ) {
if ( ( path . size ( ) = = 4 ) & & ( path [ 2 ] = = " member " ) & & ( path [ 3 ] . length ( ) = = 10 ) ) {
const uint64_t address = Utils : : hexStrToU64 ( path [ 3 ] . c_str ( ) ) ;
Mutex : : Lock _l ( _db_m ) ;
json member = _db . get ( " network " , nwids , " member " , Address ( address ) . toString ( ) , 0 ) ;
_db . erase ( " network " , nwids , " member " , Address ( address ) . toString ( ) ) ;
if ( ! member . size ( ) )
return 404 ;
responseBody = member . dump ( 2 ) ;
responseContentType = " application/json " ;
return 200 ;
}
} else {
Mutex : : Lock _l ( _db_m ) ;
std : : string pfx ( " network/ " ) ; pfx . append ( nwids ) ;
_db . filter ( pfx , 120000 , [ ] ( const std : : string & n , const json & obj ) {
return false ; // delete
} ) ;
Mutex : : Lock _l2 ( _nmiCache_m ) ;
_nmiCache . erase ( nwid ) ;
responseBody = network . dump ( 2 ) ;
responseContentType = " application/json " ;
return 200 ;
}
} // else 404
} // else 404
return 404 ;
}
void EmbeddedNetworkController : : threadMain ( )
throw ( )
{
for ( ; ; ) {
_RQEntry * const qe = _queue . get ( ) ;
if ( ! qe ) break ; // enqueue a NULL to terminate threads
try {
_request ( qe - > nwid , qe - > fromAddr , qe - > requestPacketId , qe - > identity , qe - > metaData ) ;
} catch ( . . . ) { }
delete qe ;
}
}
void EmbeddedNetworkController : : _circuitTestCallback ( ZT_Node * node , ZT_CircuitTest * test , const ZT_CircuitTestReport * report )
{
char tmp [ 65535 ] ;
EmbeddedNetworkController * const self = reinterpret_cast < EmbeddedNetworkController * > ( test - > ptr ) ;
if ( ! test )
return ;
if ( ! report )
return ;
Mutex : : Lock _l ( self - > _circuitTests_m ) ;
std : : map < uint64_t , _CircuitTestEntry > : : iterator cte ( self - > _circuitTests . find ( test - > testId ) ) ;
if ( cte = = self - > _circuitTests . end ( ) ) { // sanity check: a circuit test we didn't launch?
self - > _node - > circuitTestEnd ( test ) ;
: : free ( ( void * ) test ) ;
return ;
}
Utils : : snprintf ( tmp , sizeof ( tmp ) ,
" %s{ \n "
" \t \" timestamp \" : %llu, " ZT_EOL_S
" \t \" testId \" : \" %.16llx \" , " ZT_EOL_S
" \t \" upstream \" : \" %.10llx \" , " ZT_EOL_S
" \t \" current \" : \" %.10llx \" , " ZT_EOL_S
" \t \" receivedTimestamp \" : %llu, " ZT_EOL_S
" \t \" sourcePacketId \" : \" %.16llx \" , " ZT_EOL_S
" \t \" flags \" : %llu, " ZT_EOL_S
" \t \" sourcePacketHopCount \" : %u, " ZT_EOL_S
" \t \" errorCode \" : %u, " ZT_EOL_S
" \t \" vendor \" : %d, " ZT_EOL_S
" \t \" protocolVersion \" : %u, " ZT_EOL_S
" \t \" majorVersion \" : %u, " ZT_EOL_S
" \t \" minorVersion \" : %u, " ZT_EOL_S
" \t \" revision \" : %u, " ZT_EOL_S
" \t \" platform \" : %d, " ZT_EOL_S
" \t \" architecture \" : %d, " ZT_EOL_S
" \t \" receivedOnLocalAddress \" : \" %s \" , " ZT_EOL_S
" \t \" receivedFromRemoteAddress \" : \" %s \" " ZT_EOL_S
" } " ,
( ( cte - > second . jsonResults . length ( ) > 0 ) ? " , \n " : " " ) ,
( unsigned long long ) report - > timestamp ,
( unsigned long long ) test - > testId ,
( unsigned long long ) report - > upstream ,
( unsigned long long ) report - > current ,
( unsigned long long ) OSUtils : : now ( ) ,
( unsigned long long ) report - > sourcePacketId ,
( unsigned long long ) report - > flags ,
report - > sourcePacketHopCount ,
report - > errorCode ,
( int ) report - > vendor ,
report - > protocolVersion ,
report - > majorVersion ,
report - > minorVersion ,
report - > revision ,
( int ) report - > platform ,
( int ) report - > architecture ,
reinterpret_cast < const InetAddress * > ( & ( report - > receivedOnLocalAddress ) ) - > toString ( ) . c_str ( ) ,
reinterpret_cast < const InetAddress * > ( & ( report - > receivedFromRemoteAddress ) ) - > toString ( ) . c_str ( ) ) ;
cte - > second . jsonResults . append ( tmp ) ;
}
void EmbeddedNetworkController : : _request (
uint64_t nwid ,
const InetAddress & fromAddr ,
uint64_t requestPacketId ,
const Identity & identity ,
const Dictionary < ZT_NETWORKCONFIG_METADATA_DICT_CAPACITY > & metaData )
{
if ( ( ( ! _signingId ) | | ( ! _signingId . hasPrivate ( ) ) ) | | ( _signingId . address ( ) . toInt ( ) ! = ( nwid > > 24 ) ) | | ( ! _sender ) )
return ;
const uint64_t now = OSUtils : : now ( ) ;
if ( requestPacketId ) {
Mutex : : Lock _l ( _lastRequestTime_m ) ;
uint64_t & lrt = _lastRequestTime [ std : : pair < uint64_t , uint64_t > ( identity . address ( ) . toInt ( ) , nwid ) ] ;
if ( ( now - lrt ) < = ZT_NETCONF_MIN_REQUEST_PERIOD )
return ;
lrt = now ;
}
char nwids [ 24 ] ;
Utils : : snprintf ( nwids , sizeof ( nwids ) , " %.16llx " , nwid ) ;
json network ;
json member ;
{
Mutex : : Lock _l ( _db_m ) ;
network = _db . get ( " network " , nwids , 0 ) ;
member = _db . get ( " network " , nwids , " member " , identity . address ( ) . toString ( ) , 0 ) ;
}
if ( ! network . size ( ) ) {
_sender - > ncSendError ( nwid , requestPacketId , identity . address ( ) , NetworkController : : NC_ERROR_OBJECT_NOT_FOUND ) ;
return ;
}
json origMember ( member ) ; // for detecting modification later
_initMember ( member ) ;
{
std : : string haveIdStr ( _jS ( member [ " identity " ] , " " ) ) ;
if ( haveIdStr . length ( ) > 0 ) {
// If we already know this member's identity perform a full compare. This prevents
// a "collision" from being able to auth onto our network in place of an already
// known member.
try {
if ( Identity ( haveIdStr . c_str ( ) ) ! = identity ) {
_sender - > ncSendError ( nwid , requestPacketId , identity . address ( ) , NetworkController : : NC_ERROR_ACCESS_DENIED ) ;
return ;
}
} catch ( . . . ) {
_sender - > ncSendError ( nwid , requestPacketId , identity . address ( ) , NetworkController : : NC_ERROR_ACCESS_DENIED ) ;
return ;
}
} else {
// If we do not yet know this member's identity, learn it.
member [ " identity " ] = identity . toString ( false ) ;
}
}
// These are always the same, but make sure they are set
member [ " id " ] = identity . address ( ) . toString ( ) ;
member [ " address " ] = member [ " id " ] ;
member [ " nwid " ] = nwids ;
// Determine whether and how member is authorized
const char * authorizedBy = ( const char * ) 0 ;
2016-11-15 22:06:25 +00:00
bool autoAuthorized = false ;
json autoAuthCredentialType , autoAuthCredential ;
2016-11-10 21:57:01 +00:00
if ( _jB ( member [ " authorized " ] , false ) ) {
authorizedBy = " memberIsAuthorized " ;
} else if ( ! _jB ( network [ " private " ] , true ) ) {
authorizedBy = " networkIsPublic " ;
2016-11-15 22:06:25 +00:00
if ( ! member . count ( " authorized " ) )
autoAuthorized = true ;
2016-11-10 21:57:01 +00:00
} else {
char presentedAuth [ 512 ] ;
if ( metaData . get ( ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_AUTH , presentedAuth , sizeof ( presentedAuth ) ) > 0 ) {
presentedAuth [ 511 ] = ( char ) 0 ; // sanity check
// Check for bearer token presented by member
if ( ( strlen ( presentedAuth ) > 6 ) & & ( ! strncmp ( presentedAuth , " token: " , 6 ) ) ) {
const char * const presentedToken = presentedAuth + 6 ;
json & authTokens = network [ " authTokens " ] ;
if ( authTokens . is_array ( ) ) {
for ( unsigned long i = 0 ; i < authTokens . size ( ) ; + + i ) {
json & token = authTokens [ i ] ;
if ( token . is_object ( ) ) {
const uint64_t expires = _jI ( token [ " expires " ] , 0ULL ) ;
const uint64_t maxUses = _jI ( token [ " maxUsesPerMember " ] , 0ULL ) ;
std : : string tstr = _jS ( token [ " token " ] , " " ) ;
if ( ( ( expires = = 0ULL ) | | ( expires > now ) ) & & ( tstr = = presentedToken ) ) {
bool usable = ( maxUses = = 0 ) ;
if ( ! usable ) {
uint64_t useCount = 0 ;
json & ahist = member [ " authHistory " ] ;
if ( ahist . is_array ( ) ) {
for ( unsigned long j = 0 ; j < ahist . size ( ) ; + + j ) {
json & ah = ahist [ j ] ;
if ( ( _jS ( ah [ " ct " ] , " " ) = = " token " ) & & ( _jS ( ah [ " c " ] , " " ) = = tstr ) & & ( _jB ( ah [ " a " ] , false ) ) )
+ + useCount ;
}
}
usable = ( useCount < maxUses ) ;
}
if ( usable ) {
authorizedBy = " token " ;
2016-11-15 22:06:25 +00:00
autoAuthorized = true ;
autoAuthCredentialType = " token " ;
autoAuthCredential = tstr ;
2016-11-10 21:57:01 +00:00
}
}
}
}
}
}
}
}
2016-11-15 22:06:25 +00:00
// If we auto-authorized, update member record
if ( ( autoAuthorized ) & & ( authorizedBy ) ) {
member [ " authorized " ] = true ;
member [ " lastAuthorizedTime " ] = now ;
json ah ;
ah [ " a " ] = true ;
ah [ " by " ] = authorizedBy ;
ah [ " ts " ] = now ;
ah [ " ct " ] = autoAuthCredentialType ;
ah [ " c " ] = autoAuthCredential ;
member [ " authHistory " ] . push_back ( ah ) ;
json & revj = member [ " revision " ] ;
member [ " revision " ] = ( revj . is_number ( ) ? ( ( uint64_t ) revj + 1ULL ) : 1ULL ) ;
}
2016-11-10 21:57:01 +00:00
// Log this request
if ( requestPacketId ) { // only log if this is a request, not for generated pushes
json rlEntry = json : : object ( ) ;
rlEntry [ " ts " ] = now ;
rlEntry [ " authorized " ] = ( authorizedBy ) ? true : false ;
rlEntry [ " authorizedBy " ] = ( authorizedBy ) ? authorizedBy : " " ;
rlEntry [ " clientMajorVersion " ] = metaData . getUI ( ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_MAJOR_VERSION , 0 ) ;
rlEntry [ " clientMinorVersion " ] = metaData . getUI ( ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_MINOR_VERSION , 0 ) ;
rlEntry [ " clientRevision " ] = metaData . getUI ( ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_REVISION , 0 ) ;
rlEntry [ " clientProtocolVersion " ] = metaData . getUI ( ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_PROTOCOL_VERSION , 0 ) ;
if ( fromAddr )
rlEntry [ " fromAddr " ] = fromAddr . toString ( ) ;
json recentLog = json : : array ( ) ;
recentLog . push_back ( rlEntry ) ;
json & oldLog = member [ " recentLog " ] ;
if ( oldLog . is_array ( ) ) {
for ( unsigned long i = 0 ; i < oldLog . size ( ) ; + + i ) {
recentLog . push_back ( oldLog [ i ] ) ;
if ( recentLog . size ( ) > = ZT_NETCONF_DB_MEMBER_HISTORY_LENGTH )
break ;
}
}
member [ " recentLog " ] = recentLog ;
// Also only do this on real requests
member [ " lastRequestMetaData " ] = metaData . data ( ) ;
}
// If they are not authorized, STOP!
if ( ! authorizedBy ) {
if ( origMember ! = member ) {
member [ " lastModified " ] = now ;
Mutex : : Lock _l ( _db_m ) ;
_db . put ( " network " , nwids , " member " , identity . address ( ) . toString ( ) , member ) ;
}
_sender - > ncSendError ( nwid , requestPacketId , identity . address ( ) , NetworkController : : NC_ERROR_ACCESS_DENIED ) ;
return ;
}
// -------------------------------------------------------------------------
// If we made it this far, they are authorized.
// -------------------------------------------------------------------------
NetworkConfig nc ;
_NetworkMemberInfo nmi ;
_getNetworkMemberInfo ( now , nwid , nmi ) ;
2016-11-15 22:26:05 +00:00
uint64_t credentialtmd = ZT_NETWORKCONFIG_DEFAULT_CREDENTIAL_TIME_MAX_MAX_DELTA ;
if ( now > nmi . mostRecentDeauthTime ) {
// If we recently de-authorized a member, shrink credential TTL/max delta to
// be below the threshold required to exclude it. Cap this to a min/max to
// prevent jitter or absurdly large values.
const uint64_t deauthWindow = now - nmi . mostRecentDeauthTime ;
if ( deauthWindow < ZT_NETWORKCONFIG_DEFAULT_CREDENTIAL_TIME_MIN_MAX_DELTA ) {
credentialtmd = ZT_NETWORKCONFIG_DEFAULT_CREDENTIAL_TIME_MIN_MAX_DELTA ;
} else if ( deauthWindow < ( ZT_NETWORKCONFIG_DEFAULT_CREDENTIAL_TIME_MAX_MAX_DELTA + 5000ULL ) ) {
credentialtmd = deauthWindow - 5000ULL ;
}
}
2016-11-10 21:57:01 +00:00
nc . networkId = nwid ;
nc . type = _jB ( network [ " private " ] , true ) ? ZT_NETWORK_TYPE_PRIVATE : ZT_NETWORK_TYPE_PUBLIC ;
nc . timestamp = now ;
nc . credentialTimeMaxDelta = credentialtmd ;
nc . revision = _jI ( network [ " revision " ] , 0ULL ) ;
nc . issuedTo = identity . address ( ) ;
if ( _jB ( network [ " enableBroadcast " ] , true ) ) nc . flags | = ZT_NETWORKCONFIG_FLAG_ENABLE_BROADCAST ;
if ( _jB ( network [ " allowPassiveBridging " ] , false ) ) nc . flags | = ZT_NETWORKCONFIG_FLAG_ALLOW_PASSIVE_BRIDGING ;
Utils : : scopy ( nc . name , sizeof ( nc . name ) , _jS ( network [ " name " ] , " " ) . c_str ( ) ) ;
nc . multicastLimit = ( unsigned int ) _jI ( network [ " multicastLimit " ] , 32ULL ) ;
for ( std : : set < Address > : : const_iterator ab ( nmi . activeBridges . begin ( ) ) ; ab ! = nmi . activeBridges . end ( ) ; + + ab ) {
nc . addSpecialist ( * ab , ZT_NETWORKCONFIG_SPECIALIST_TYPE_ACTIVE_BRIDGE ) ;
}
json & v4AssignMode = network [ " v4AssignMode " ] ;
json & v6AssignMode = network [ " v6AssignMode " ] ;
json & ipAssignmentPools = network [ " ipAssignmentPools " ] ;
json & routes = network [ " routes " ] ;
json & rules = network [ " rules " ] ;
json & capabilities = network [ " capabilities " ] ;
json & memberCapabilities = member [ " capabilities " ] ;
json & memberTags = member [ " tags " ] ;
if ( metaData . getUI ( ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_RULES_ENGINE_REV , 0 ) < = 0 ) {
// Old versions with no rules engine support get an allow everything rule.
// Since rules are enforced bidirectionally, newer versions *will* still
// enforce rules on the inbound side.
nc . ruleCount = 1 ;
nc . rules [ 0 ] . t = ZT_NETWORK_RULE_ACTION_ACCEPT ;
} else {
if ( rules . is_array ( ) ) {
for ( unsigned long i = 0 ; i < rules . size ( ) ; + + i ) {
if ( nc . ruleCount > = ZT_MAX_NETWORK_RULES )
break ;
if ( _parseRule ( rules [ i ] , nc . rules [ nc . ruleCount ] ) )
+ + nc . ruleCount ;
}
}
if ( ( memberCapabilities . is_array ( ) ) & & ( memberCapabilities . size ( ) > 0 ) & & ( capabilities . is_array ( ) ) ) {
std : : map < uint64_t , json * > capsById ;
for ( unsigned long i = 0 ; i < capabilities . size ( ) ; + + i ) {
json & cap = capabilities [ i ] ;
if ( cap . is_object ( ) )
capsById [ _jI ( cap [ " id " ] , 0ULL ) & 0xffffffffULL ] = & cap ;
}
for ( unsigned long i = 0 ; i < memberCapabilities . size ( ) ; + + i ) {
const uint64_t capId = _jI ( memberCapabilities [ i ] , 0ULL ) & 0xffffffffULL ;
json * cap = capsById [ capId ] ;
if ( ( cap - > is_object ( ) ) & & ( cap - > size ( ) > 0 ) ) {
ZT_VirtualNetworkRule capr [ ZT_MAX_CAPABILITY_RULES ] ;
unsigned int caprc = 0 ;
json & caprj = ( * cap ) [ " rules " ] ;
if ( ( caprj . is_array ( ) ) & & ( caprj . size ( ) > 0 ) ) {
for ( unsigned long j = 0 ; j < caprj . size ( ) ; + + j ) {
if ( caprc > = ZT_MAX_CAPABILITY_RULES )
break ;
if ( _parseRule ( caprj [ j ] , capr [ caprc ] ) )
+ + caprc ;
}
}
nc . capabilities [ nc . capabilityCount ] = Capability ( ( uint32_t ) capId , nwid , now , 1 , capr , caprc ) ;
if ( nc . capabilities [ nc . capabilityCount ] . sign ( _signingId , identity . address ( ) ) )
+ + nc . capabilityCount ;
if ( nc . capabilityCount > = ZT_MAX_NETWORK_CAPABILITIES )
break ;
}
}
}
if ( memberTags . is_array ( ) ) {
std : : map < uint32_t , uint32_t > tagsById ;
for ( unsigned long i = 0 ; i < memberTags . size ( ) ; + + i ) {
json & t = memberTags [ i ] ;
if ( ( t . is_array ( ) ) & & ( t . size ( ) = = 2 ) )
tagsById [ ( uint32_t ) ( _jI ( t [ 0 ] , 0ULL ) & 0xffffffffULL ) ] = ( uint32_t ) ( _jI ( t [ 1 ] , 0ULL ) & 0xffffffffULL ) ;
}
for ( std : : map < uint32_t , uint32_t > : : const_iterator t ( tagsById . begin ( ) ) ; t ! = tagsById . end ( ) ; + + t ) {
if ( nc . tagCount > = ZT_MAX_NETWORK_TAGS )
break ;
nc . tags [ nc . tagCount ] = Tag ( nwid , now , identity . address ( ) , t - > first , t - > second ) ;
if ( nc . tags [ nc . tagCount ] . sign ( _signingId ) )
+ + nc . tagCount ;
}
}
}
if ( routes . is_array ( ) ) {
for ( unsigned long i = 0 ; i < routes . size ( ) ; + + i ) {
if ( nc . routeCount > = ZT_MAX_NETWORK_ROUTES )
break ;
json & route = routes [ i ] ;
json & target = route [ " target " ] ;
json & via = route [ " via " ] ;
if ( target . is_string ( ) ) {
const InetAddress t ( target . get < std : : string > ( ) ) ;
InetAddress v ;
if ( via . is_string ( ) ) v . fromString ( via . get < std : : string > ( ) ) ;
if ( ( t . ss_family = = AF_INET ) | | ( t . ss_family = = AF_INET6 ) ) {
ZT_VirtualNetworkRoute * r = & ( nc . routes [ nc . routeCount ] ) ;
* ( reinterpret_cast < InetAddress * > ( & ( r - > target ) ) ) = t ;
if ( v . ss_family = = t . ss_family )
* ( reinterpret_cast < InetAddress * > ( & ( r - > via ) ) ) = v ;
+ + nc . routeCount ;
}
}
}
}
2015-05-17 00:12:29 +00:00
2016-11-10 21:57:01 +00:00
const bool noAutoAssignIps = _jB ( member [ " noAutoAssignIps " ] , false ) ;
2015-04-21 23:41:35 +00:00
2016-11-10 21:57:01 +00:00
if ( ( v6AssignMode . is_object ( ) ) & & ( ! noAutoAssignIps ) ) {
if ( ( _jB ( v6AssignMode [ " rfc4193 " ] , false ) ) & & ( nc . staticIpCount < ZT_MAX_ZT_ASSIGNED_ADDRESSES ) ) {
nc . staticIps [ nc . staticIpCount + + ] = InetAddress : : makeIpv6rfc4193 ( nwid , identity . address ( ) . toInt ( ) ) ;
nc . flags | = ZT_NETWORKCONFIG_FLAG_ENABLE_IPV6_NDP_EMULATION ;
}
if ( ( _jB ( v6AssignMode [ " 6plane " ] , false ) ) & & ( nc . staticIpCount < ZT_MAX_ZT_ASSIGNED_ADDRESSES ) ) {
nc . staticIps [ nc . staticIpCount + + ] = InetAddress : : makeIpv66plane ( nwid , identity . address ( ) . toInt ( ) ) ;
nc . flags | = ZT_NETWORKCONFIG_FLAG_ENABLE_IPV6_NDP_EMULATION ;
}
}
2016-11-04 22:18:31 +00:00
2016-11-10 21:57:01 +00:00
bool haveManagedIpv4AutoAssignment = false ;
bool haveManagedIpv6AutoAssignment = false ; // "special" NDP-emulated address types do not count
json ipAssignments = member [ " ipAssignments " ] ; // we want to make a copy
if ( ipAssignments . is_array ( ) ) {
for ( unsigned long i = 0 ; i < ipAssignments . size ( ) ; + + i ) {
if ( ! ipAssignments [ i ] . is_string ( ) )
continue ;
std : : string ips = ipAssignments [ i ] ;
InetAddress ip ( ips ) ;
2016-08-16 21:05:17 +00:00
2016-11-10 21:57:01 +00:00
// IP assignments are only pushed if there is a corresponding local route. We also now get the netmask bits from
// this route, ignoring the netmask bits field of the assigned IP itself. Using that was worthless and a source
// of user error / poor UX.
int routedNetmaskBits = 0 ;
for ( unsigned int rk = 0 ; rk < nc . routeCount ; + + rk ) {
if ( ( ! nc . routes [ rk ] . via . ss_family ) & & ( reinterpret_cast < const InetAddress * > ( & ( nc . routes [ rk ] . target ) ) - > containsAddress ( ip ) ) )
routedNetmaskBits = reinterpret_cast < const InetAddress * > ( & ( nc . routes [ rk ] . target ) ) - > netmaskBits ( ) ;
}
if ( routedNetmaskBits > 0 ) {
if ( nc . staticIpCount < ZT_MAX_ZT_ASSIGNED_ADDRESSES ) {
ip . setPort ( routedNetmaskBits ) ;
nc . staticIps [ nc . staticIpCount + + ] = ip ;
2015-09-10 21:47:04 +00:00
}
2016-11-10 21:57:01 +00:00
if ( ip . ss_family = = AF_INET )
haveManagedIpv4AutoAssignment = true ;
else if ( ip . ss_family = = AF_INET6 )
haveManagedIpv6AutoAssignment = true ;
}
}
} else {
ipAssignments = json : : array ( ) ;
}
2016-11-08 00:05:18 +00:00
2016-11-10 21:57:01 +00:00
if ( ( ipAssignmentPools . is_array ( ) ) & & ( ( v6AssignMode . is_object ( ) ) & & ( _jB ( v6AssignMode [ " zt " ] , false ) ) ) & & ( ! haveManagedIpv6AutoAssignment ) & & ( ! noAutoAssignIps ) ) {
for ( unsigned long p = 0 ; ( ( p < ipAssignmentPools . size ( ) ) & & ( ! haveManagedIpv6AutoAssignment ) ) ; + + p ) {
json & pool = ipAssignmentPools [ p ] ;
if ( pool . is_object ( ) ) {
InetAddress ipRangeStart ( _jS ( pool [ " ipRangeStart " ] , " " ) ) ;
InetAddress ipRangeEnd ( _jS ( pool [ " ipRangeEnd " ] , " " ) ) ;
if ( ( ipRangeStart . ss_family = = AF_INET6 ) & & ( ipRangeEnd . ss_family = = AF_INET6 ) ) {
uint64_t s [ 2 ] , e [ 2 ] , x [ 2 ] , xx [ 2 ] ;
memcpy ( s , ipRangeStart . rawIpData ( ) , 16 ) ;
memcpy ( e , ipRangeEnd . rawIpData ( ) , 16 ) ;
s [ 0 ] = Utils : : ntoh ( s [ 0 ] ) ;
s [ 1 ] = Utils : : ntoh ( s [ 1 ] ) ;
e [ 0 ] = Utils : : ntoh ( e [ 0 ] ) ;
e [ 1 ] = Utils : : ntoh ( e [ 1 ] ) ;
x [ 0 ] = s [ 0 ] ;
x [ 1 ] = s [ 1 ] ;
2016-11-08 00:05:18 +00:00
2016-11-10 21:57:01 +00:00
for ( unsigned int trialCount = 0 ; trialCount < 1000 ; + + trialCount ) {
if ( ( trialCount = = 0 ) & & ( e [ 1 ] > s [ 1 ] ) & & ( ( e [ 1 ] - s [ 1 ] ) > = 0xffffffffffULL ) ) {
// First see if we can just cram a ZeroTier ID into the higher 64 bits. If so do that.
xx [ 0 ] = Utils : : hton ( x [ 0 ] ) ;
xx [ 1 ] = Utils : : hton ( x [ 1 ] + identity . address ( ) . toInt ( ) ) ;
} else {
// Otherwise pick random addresses -- this technically doesn't explore the whole range if the lower 64 bit range is >= 1 but that won't matter since that would be huge anyway
Utils : : getSecureRandom ( ( void * ) xx , 16 ) ;
if ( ( e [ 0 ] > s [ 0 ] ) )
xx [ 0 ] % = ( e [ 0 ] - s [ 0 ] ) ;
else xx [ 0 ] = 0 ;
if ( ( e [ 1 ] > s [ 1 ] ) )
xx [ 1 ] % = ( e [ 1 ] - s [ 1 ] ) ;
else xx [ 1 ] = 0 ;
xx [ 0 ] = Utils : : hton ( x [ 0 ] + xx [ 0 ] ) ;
xx [ 1 ] = Utils : : hton ( x [ 1 ] + xx [ 1 ] ) ;
}
2016-11-09 20:34:20 +00:00
2016-11-10 21:57:01 +00:00
InetAddress ip6 ( ( const void * ) xx , 16 , 0 ) ;
// Check if this IP is within a local-to-Ethernet routed network
int routedNetmaskBits = 0 ;
for ( unsigned int rk = 0 ; rk < nc . routeCount ; + + rk ) {
if ( ( ! nc . routes [ rk ] . via . ss_family ) & & ( nc . routes [ rk ] . target . ss_family = = AF_INET6 ) & & ( reinterpret_cast < const InetAddress * > ( & ( nc . routes [ rk ] . target ) ) - > containsAddress ( ip6 ) ) )
routedNetmaskBits = reinterpret_cast < const InetAddress * > ( & ( nc . routes [ rk ] . target ) ) - > netmaskBits ( ) ;
}
// If it's routed, then try to claim and assign it and if successful end loop
if ( ( routedNetmaskBits > 0 ) & & ( ! nmi . allocatedIps . count ( ip6 ) ) ) {
ipAssignments . push_back ( ip6 . toIpString ( ) ) ;
member [ " ipAssignments " ] = ipAssignments ;
ip6 . setPort ( ( unsigned int ) routedNetmaskBits ) ;
if ( nc . staticIpCount < ZT_MAX_ZT_ASSIGNED_ADDRESSES )
nc . staticIps [ nc . staticIpCount + + ] = ip6 ;
haveManagedIpv6AutoAssignment = true ;
break ;
}
}
}
2015-09-10 21:47:04 +00:00
}
2016-11-10 21:57:01 +00:00
}
}
2015-07-17 00:34:03 +00:00
2016-11-10 21:57:01 +00:00
if ( ( ipAssignmentPools . is_array ( ) ) & & ( ( v4AssignMode . is_object ( ) ) & & ( _jB ( v4AssignMode [ " zt " ] , false ) ) ) & & ( ! haveManagedIpv4AutoAssignment ) & & ( ! noAutoAssignIps ) ) {
for ( unsigned long p = 0 ; ( ( p < ipAssignmentPools . size ( ) ) & & ( ! haveManagedIpv4AutoAssignment ) ) ; + + p ) {
json & pool = ipAssignmentPools [ p ] ;
if ( pool . is_object ( ) ) {
InetAddress ipRangeStartIA ( _jS ( pool [ " ipRangeStart " ] , " " ) ) ;
InetAddress ipRangeEndIA ( _jS ( pool [ " ipRangeEnd " ] , " " ) ) ;
if ( ( ipRangeStartIA . ss_family = = AF_INET ) & & ( ipRangeEndIA . ss_family = = AF_INET ) ) {
uint32_t ipRangeStart = Utils : : ntoh ( ( uint32_t ) ( reinterpret_cast < struct sockaddr_in * > ( & ipRangeStartIA ) - > sin_addr . s_addr ) ) ;
uint32_t ipRangeEnd = Utils : : ntoh ( ( uint32_t ) ( reinterpret_cast < struct sockaddr_in * > ( & ipRangeEndIA ) - > sin_addr . s_addr ) ) ;
if ( ( ipRangeEnd < ipRangeStart ) | | ( ipRangeStart = = 0 ) )
continue ;
uint32_t ipRangeLen = ipRangeEnd - ipRangeStart ;
2015-09-10 21:37:34 +00:00
2016-11-10 21:57:01 +00:00
// Start with the LSB of the member's address
uint32_t ipTrialCounter = ( uint32_t ) ( identity . address ( ) . toInt ( ) & 0xffffffff ) ;
2015-09-10 21:37:34 +00:00
2016-11-10 21:57:01 +00:00
for ( uint32_t k = ipRangeStart , trialCount = 0 ; ( ( k < = ipRangeEnd ) & & ( trialCount < 1000 ) ) ; + + k , + + trialCount ) {
uint32_t ip = ( ipRangeLen > 0 ) ? ( ipRangeStart + ( ipTrialCounter % ipRangeLen ) ) : ipRangeStart ;
+ + ipTrialCounter ;
if ( ( ip & 0x000000ff ) = = 0x000000ff )
continue ; // don't allow addresses that end in .255
2015-10-08 22:44:06 +00:00
2016-11-10 21:57:01 +00:00
// Check if this IP is within a local-to-Ethernet routed network
int routedNetmaskBits = - 1 ;
for ( unsigned int rk = 0 ; rk < nc . routeCount ; + + rk ) {
if ( nc . routes [ rk ] . target . ss_family = = AF_INET ) {
uint32_t targetIp = Utils : : ntoh ( ( uint32_t ) ( reinterpret_cast < const struct sockaddr_in * > ( & ( nc . routes [ rk ] . target ) ) - > sin_addr . s_addr ) ) ;
int targetBits = Utils : : ntoh ( ( uint16_t ) ( reinterpret_cast < const struct sockaddr_in * > ( & ( nc . routes [ rk ] . target ) ) - > sin_port ) ) ;
if ( ( ip & ( 0xffffffff < < ( 32 - targetBits ) ) ) = = targetIp ) {
routedNetmaskBits = targetBits ;
break ;
}
}
}
2015-10-08 22:44:06 +00:00
2016-11-10 21:57:01 +00:00
// If it's routed, then try to claim and assign it and if successful end loop
const InetAddress ip4 ( Utils : : hton ( ip ) , 0 ) ;
if ( ( routedNetmaskBits > 0 ) & & ( ! nmi . allocatedIps . count ( ip4 ) ) ) {
ipAssignments . push_back ( ip4 . toIpString ( ) ) ;
member [ " ipAssignments " ] = ipAssignments ;
if ( nc . staticIpCount < ZT_MAX_ZT_ASSIGNED_ADDRESSES ) {
struct sockaddr_in * const v4ip = reinterpret_cast < struct sockaddr_in * > ( & ( nc . staticIps [ nc . staticIpCount + + ] ) ) ;
v4ip - > sin_family = AF_INET ;
v4ip - > sin_port = Utils : : hton ( ( uint16_t ) routedNetmaskBits ) ;
v4ip - > sin_addr . s_addr = Utils : : hton ( ip ) ;
}
haveManagedIpv4AutoAssignment = true ;
break ;
}
}
}
}
}
}
2015-10-08 22:44:06 +00:00
2016-11-10 21:57:01 +00:00
CertificateOfMembership com ( now , credentialtmd , nwid , identity . address ( ) ) ;
if ( com . sign ( _signingId ) ) {
nc . com = com ;
} else {
_sender - > ncSendError ( nwid , requestPacketId , identity . address ( ) , NetworkController : : NC_ERROR_INTERNAL_SERVER_ERROR ) ;
2016-01-26 20:42:44 +00:00
return ;
2015-10-08 22:44:06 +00:00
}
2016-01-26 20:42:44 +00:00
2016-11-10 21:57:01 +00:00
if ( member ! = origMember ) {
member [ " lastModified " ] = now ;
Mutex : : Lock _l ( _db_m ) ;
_db . put ( " network " , nwids , " member " , identity . address ( ) . toString ( ) , member ) ;
}
2016-01-26 20:42:44 +00:00
2016-11-10 21:57:01 +00:00
_sender - > ncSendConfig ( nwid , requestPacketId , identity . address ( ) , nc , metaData . getUI ( ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_VERSION , 0 ) < 6 ) ;
2015-10-08 20:25:38 +00:00
}
2016-08-18 19:59:48 +00:00
void EmbeddedNetworkController : : _getNetworkMemberInfo ( uint64_t now , uint64_t nwid , _NetworkMemberInfo & nmi )
{
2016-11-04 22:18:31 +00:00
char pfx [ 256 ] ;
Utils : : snprintf ( pfx , sizeof ( pfx ) , " network/%.16llx/member " , nwid ) ;
2016-11-09 20:34:20 +00:00
{
Mutex : : Lock _l ( _nmiCache_m ) ;
std : : map < uint64_t , _NetworkMemberInfo > : : iterator c ( _nmiCache . find ( nwid ) ) ;
if ( ( c ! = _nmiCache . end ( ) ) & & ( ( now - c - > second . nmiTimestamp ) < 1000 ) ) { // a short duration cache but limits CPU use on big networks
nmi = c - > second ;
return ;
}
}
{
Mutex : : Lock _l ( _db_m ) ;
_db . filter ( pfx , 120000 , [ & nmi , & now ] ( const std : : string & n , const json & member ) {
try {
if ( _jB ( member [ " authorized " ] , false ) ) {
+ + nmi . authorizedMemberCount ;
if ( member . count ( " recentLog " ) ) {
const json & mlog = member [ " recentLog " ] ;
if ( ( mlog . is_array ( ) ) & & ( mlog . size ( ) > 0 ) ) {
const json & mlog1 = mlog [ 0 ] ;
if ( mlog1 . is_object ( ) ) {
if ( ( now - _jI ( mlog1 [ " ts " ] , 0ULL ) ) < ZT_NETCONF_NODE_ACTIVE_THRESHOLD )
+ + nmi . activeMemberCount ;
}
2016-11-04 22:18:31 +00:00
}
2016-08-25 23:25:28 +00:00
}
2016-08-18 19:59:48 +00:00
2016-11-09 20:34:20 +00:00
if ( _jB ( member [ " activeBridge " ] , false ) ) {
nmi . activeBridges . insert ( _jS ( member [ " id " ] , " 0000000000 " ) ) ;
}
2016-08-18 19:59:48 +00:00
2016-11-09 20:34:20 +00:00
if ( member . count ( " ipAssignments " ) ) {
const json & mips = member [ " ipAssignments " ] ;
if ( mips . is_array ( ) ) {
for ( unsigned long i = 0 ; i < mips . size ( ) ; + + i ) {
InetAddress mip ( _jS ( mips [ i ] , " " ) ) ;
if ( ( mip . ss_family = = AF_INET ) | | ( mip . ss_family = = AF_INET6 ) )
nmi . allocatedIps . insert ( mip ) ;
}
2016-11-04 22:18:31 +00:00
}
2016-08-25 23:25:28 +00:00
}
2016-11-09 20:34:20 +00:00
} else {
nmi . mostRecentDeauthTime = std : : max ( nmi . mostRecentDeauthTime , _jI ( member [ " lastDeauthorizedTime " ] , 0ULL ) ) ;
2016-08-18 19:59:48 +00:00
}
2016-11-09 20:34:20 +00:00
} catch ( . . . ) { }
return true ;
} ) ;
}
nmi . nmiTimestamp = now ;
{
Mutex : : Lock _l ( _nmiCache_m ) ;
_nmiCache [ nwid ] = nmi ;
}
2016-08-18 19:59:48 +00:00
}
2016-11-10 20:54:43 +00:00
void EmbeddedNetworkController : : _pushMemberUpdate ( uint64_t now , uint64_t nwid , const nlohmann : : json & member )
{
try {
const std : : string idstr = member [ " identity " ] ;
const std : : string mdstr = member [ " lastRequestMetaData " ] ;
if ( ( idstr . length ( ) > 0 ) & & ( mdstr . length ( ) > 0 ) ) {
const Identity id ( idstr ) ;
bool online ;
{
Mutex : : Lock _l ( _lastRequestTime_m ) ;
std : : map < std : : pair < uint64_t , uint64_t > , uint64_t > : : iterator lrt ( _lastRequestTime . find ( std : : pair < uint64_t , uint64_t > ( id . address ( ) . toInt ( ) , nwid ) ) ) ;
online = ( ( lrt ! = _lastRequestTime . end ( ) ) & & ( ( now - lrt - > second ) < ZT_NETWORK_AUTOCONF_DELAY ) ) ;
}
2016-11-18 21:01:45 +00:00
if ( online ) {
Dictionary < ZT_NETWORKCONFIG_METADATA_DICT_CAPACITY > * metaData = new Dictionary < ZT_NETWORKCONFIG_METADATA_DICT_CAPACITY > ( mdstr . c_str ( ) ) ;
try {
this - > request ( nwid , InetAddress ( ) , 0 , id , * metaData ) ;
} catch ( . . . ) { }
delete metaData ;
}
2016-11-10 20:54:43 +00:00
}
} catch ( . . . ) { }
}
2015-01-06 21:45:10 +00:00
} // namespace ZeroTier