2013-07-04 20:56:19 +00:00
/*
2015-02-17 21:11:34 +00:00
* ZeroTier One - Network Virtualization Everywhere
2016-01-12 22:04:55 +00:00
* Copyright ( C ) 2011 - 2016 ZeroTier , Inc . https : //www.zerotier.com/
2013-07-04 20:56:19 +00:00
*
* This program is free software : you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation , either version 3 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
# include <stdio.h>
# include <stdlib.h>
2013-08-12 20:57:34 +00:00
2013-07-04 20:56:19 +00:00
# include <algorithm>
# include <utility>
# include <stdexcept>
2015-04-03 20:14:37 +00:00
# include "../version.h"
# include "../include/ZeroTierOne.h"
2013-08-13 01:25:36 +00:00
2015-04-03 20:14:37 +00:00
# include "Constants.hpp"
2015-04-03 23:52:53 +00:00
# include "RuntimeEnvironment.hpp"
2013-07-04 20:56:19 +00:00
# include "Switch.hpp"
# include "Node.hpp"
# include "InetAddress.hpp"
# include "Topology.hpp"
# include "Peer.hpp"
2015-07-28 18:28:47 +00:00
# include "SelfAwareness.hpp"
2015-04-03 23:52:53 +00:00
# include "Packet.hpp"
2015-10-21 00:22:53 +00:00
# include "Cluster.hpp"
2013-07-04 20:56:19 +00:00
namespace ZeroTier {
2015-07-07 17:06:05 +00:00
# ifdef ZT_TRACE
static const char * etherTypeName ( const unsigned int etherType )
{
switch ( etherType ) {
case ZT_ETHERTYPE_IPV4 : return " IPV4 " ;
case ZT_ETHERTYPE_ARP : return " ARP " ;
case ZT_ETHERTYPE_RARP : return " RARP " ;
case ZT_ETHERTYPE_ATALK : return " ATALK " ;
case ZT_ETHERTYPE_AARP : return " AARP " ;
case ZT_ETHERTYPE_IPX_A : return " IPX_A " ;
case ZT_ETHERTYPE_IPX_B : return " IPX_B " ;
case ZT_ETHERTYPE_IPV6 : return " IPV6 " ;
}
return " UNKNOWN " ;
}
# endif // ZT_TRACE
2013-07-04 20:56:19 +00:00
Switch : : Switch ( const RuntimeEnvironment * renv ) :
2015-07-13 15:33:02 +00:00
RR ( renv ) ,
2015-09-04 22:35:43 +00:00
_lastBeaconResponse ( 0 ) ,
_outstandingWhoisRequests ( 32 ) ,
_lastUniteAttempt ( 8 ) // only really used on root servers and upstreams, and it'll grow there just fine
2013-07-04 20:56:19 +00:00
{
}
Switch : : ~ Switch ( )
{
}
2015-09-24 23:21:36 +00:00
void Switch : : onRemotePacket ( const InetAddress & localAddr , const InetAddress & fromAddr , const void * data , unsigned int len )
2013-07-04 20:56:19 +00:00
{
try {
2016-03-18 21:16:07 +00:00
const uint64_t now = RR - > node - > now ( ) ;
2016-09-01 22:43:07 +00:00
SharedPtr < Path > path ( RR - > topology - > getPath ( localAddr , fromAddr ) ) ;
path - > received ( now ) ;
2015-07-13 15:33:02 +00:00
if ( len = = 13 ) {
/* LEGACY: before VERB_PUSH_DIRECT_PATHS, peers used broadcast
* announcements on the LAN to solve the ' same network problem . ' We
* no longer send these , but we ' ll listen for them for a while to
* locate peers with versions < 1.0 .4 . */
2016-03-18 21:16:07 +00:00
2015-07-13 15:33:02 +00:00
Address beaconAddr ( reinterpret_cast < const char * > ( data ) + 8 , 5 ) ;
if ( beaconAddr = = RR - > identity . address ( ) )
return ;
2016-11-22 18:54:58 +00:00
if ( ! RR - > node - > shouldUsePathForZeroTierTraffic ( beaconAddr , localAddr , fromAddr ) )
2016-01-11 23:57:58 +00:00
return ;
2015-07-13 15:33:02 +00:00
SharedPtr < Peer > peer ( RR - > topology - > getPeer ( beaconAddr ) ) ;
if ( peer ) { // we'll only respond to beacons from known peers
if ( ( now - _lastBeaconResponse ) > = 2500 ) { // limit rate of responses
_lastBeaconResponse = now ;
Packet outp ( peer - > address ( ) , RR - > identity . address ( ) , Packet : : VERB_NOP ) ;
2015-12-22 00:15:39 +00:00
outp . armor ( peer - > key ( ) , true ) ;
2016-09-01 22:43:07 +00:00
path - > send ( RR , outp . data ( ) , outp . size ( ) , now ) ;
2015-07-13 15:33:02 +00:00
}
}
2016-03-18 21:16:07 +00:00
2016-09-01 20:45:32 +00:00
} else if ( len > ZT_PROTO_MIN_FRAGMENT_LENGTH ) { // SECURITY: min length check is important since we do some C-style stuff below!
2016-03-18 21:16:07 +00:00
if ( reinterpret_cast < const uint8_t * > ( data ) [ ZT_PACKET_FRAGMENT_IDX_FRAGMENT_INDICATOR ] = = ZT_PACKET_FRAGMENT_INDICATOR ) {
// Handle fragment ----------------------------------------------------
Packet : : Fragment fragment ( data , len ) ;
2016-03-18 21:32:48 +00:00
const Address destination ( fragment . destination ( ) ) ;
2016-03-18 21:16:07 +00:00
if ( destination ! = RR - > identity . address ( ) ) {
2017-01-27 22:05:09 +00:00
if ( ( ! RR - > topology - > amRoot ( ) ) & & ( ! path - > trustEstablished ( now ) ) )
return ;
2016-09-13 21:27:18 +00:00
2016-03-18 21:16:07 +00:00
if ( fragment . hops ( ) < ZT_RELAY_MAX_HOPS ) {
fragment . incrementHops ( ) ;
// Note: we don't bother initiating NAT-t for fragments, since heads will set that off.
// It wouldn't hurt anything, just redundant and unnecessary.
SharedPtr < Peer > relayTo = RR - > topology - > getPeer ( destination ) ;
2016-09-02 20:33:56 +00:00
if ( ( ! relayTo ) | | ( ! relayTo - > sendDirect ( fragment . data ( ) , fragment . size ( ) , now , false ) ) ) {
2016-03-18 21:32:48 +00:00
# ifdef ZT_ENABLE_CLUSTER
2016-03-18 21:16:07 +00:00
if ( RR - > cluster ) {
2017-02-01 20:00:25 +00:00
RR - > cluster - > relayViaCluster ( Address ( ) , destination , fragment . data ( ) , fragment . size ( ) , false ) ;
2016-03-18 21:16:07 +00:00
return ;
}
2016-03-18 21:32:48 +00:00
# endif
2016-03-18 21:16:07 +00:00
2016-11-18 00:31:58 +00:00
// Don't know peer or no direct path -- so relay via someone upstream
relayTo = RR - > topology - > getUpstreamPeer ( ) ;
2016-03-18 21:16:07 +00:00
if ( relayTo )
2016-09-02 20:33:56 +00:00
relayTo - > sendDirect ( fragment . data ( ) , fragment . size ( ) , now , true ) ;
2016-03-18 21:16:07 +00:00
}
} else {
TRACE ( " dropped relay [fragment](%s) -> %s, max hops exceeded " , fromAddr . toString ( ) . c_str ( ) , destination . toString ( ) . c_str ( ) ) ;
}
} else {
// Fragment looks like ours
const uint64_t fragmentPacketId = fragment . packetId ( ) ;
const unsigned int fragmentNumber = fragment . fragmentNumber ( ) ;
const unsigned int totalFragments = fragment . totalFragments ( ) ;
if ( ( totalFragments < = ZT_MAX_PACKET_FRAGMENTS ) & & ( fragmentNumber < ZT_MAX_PACKET_FRAGMENTS ) & & ( fragmentNumber > 0 ) & & ( totalFragments > 1 ) ) {
// Fragment appears basically sane. Its fragment number must be
// 1 or more, since a Packet with fragmented bit set is fragment 0.
// Total fragments must be more than 1, otherwise why are we
// seeing a Packet::Fragment?
Mutex : : Lock _l ( _rxQueue_m ) ;
2016-04-06 23:28:40 +00:00
RXQueueEntry * const rq = _findRXQueueEntry ( now , fragmentPacketId ) ;
2016-03-18 21:16:07 +00:00
if ( ( ! rq - > timestamp ) | | ( rq - > packetId ! = fragmentPacketId ) ) {
// No packet found, so we received a fragment without its head.
//TRACE("fragment (%u/%u) of %.16llx from %s",fragmentNumber + 1,totalFragments,fragmentPacketId,fromAddr.toString().c_str());
rq - > timestamp = now ;
rq - > packetId = fragmentPacketId ;
rq - > frags [ fragmentNumber - 1 ] = fragment ;
rq - > totalFragments = totalFragments ; // total fragment count is known
rq - > haveFragments = 1 < < fragmentNumber ; // we have only this fragment
rq - > complete = false ;
} else if ( ! ( rq - > haveFragments & ( 1 < < fragmentNumber ) ) ) {
// We have other fragments and maybe the head, so add this one and check
//TRACE("fragment (%u/%u) of %.16llx from %s",fragmentNumber + 1,totalFragments,fragmentPacketId,fromAddr.toString().c_str());
rq - > frags [ fragmentNumber - 1 ] = fragment ;
rq - > totalFragments = totalFragments ;
if ( Utils : : countBits ( rq - > haveFragments | = ( 1 < < fragmentNumber ) ) = = totalFragments ) {
// We have all fragments -- assemble and process full Packet
//TRACE("packet %.16llx is complete, assembling and processing...",fragmentPacketId);
for ( unsigned int f = 1 ; f < totalFragments ; + + f )
rq - > frag0 . append ( rq - > frags [ f - 1 ] . payload ( ) , rq - > frags [ f - 1 ] . payloadLength ( ) ) ;
2016-08-04 18:40:38 +00:00
if ( rq - > frag0 . tryDecode ( RR ) ) {
2016-03-18 21:16:07 +00:00
rq - > timestamp = 0 ; // packet decoded, free entry
} else {
rq - > complete = true ; // set complete flag but leave entry since it probably needs WHOIS or something
}
}
} // else this is a duplicate fragment, ignore
}
}
// --------------------------------------------------------------------
} else if ( len > = ZT_PROTO_MIN_PACKET_LENGTH ) { // min length check is important!
// Handle packet head -------------------------------------------------
// See packet format in Packet.hpp to understand this
const uint64_t packetId = (
( ( ( uint64_t ) reinterpret_cast < const uint8_t * > ( data ) [ 0 ] ) < < 56 ) |
( ( ( uint64_t ) reinterpret_cast < const uint8_t * > ( data ) [ 1 ] ) < < 48 ) |
( ( ( uint64_t ) reinterpret_cast < const uint8_t * > ( data ) [ 2 ] ) < < 40 ) |
( ( ( uint64_t ) reinterpret_cast < const uint8_t * > ( data ) [ 3 ] ) < < 32 ) |
( ( ( uint64_t ) reinterpret_cast < const uint8_t * > ( data ) [ 4 ] ) < < 24 ) |
( ( ( uint64_t ) reinterpret_cast < const uint8_t * > ( data ) [ 5 ] ) < < 16 ) |
( ( ( uint64_t ) reinterpret_cast < const uint8_t * > ( data ) [ 6 ] ) < < 8 ) |
( ( uint64_t ) reinterpret_cast < const uint8_t * > ( data ) [ 7 ] )
) ;
const Address destination ( reinterpret_cast < const uint8_t * > ( data ) + 8 , ZT_ADDRESS_LENGTH ) ;
const Address source ( reinterpret_cast < const uint8_t * > ( data ) + 13 , ZT_ADDRESS_LENGTH ) ;
//TRACE("<< %.16llx %s -> %s (size: %u)",(unsigned long long)packet->packetId(),source.toString().c_str(),destination.toString().c_str(),packet->size());
if ( destination ! = RR - > identity . address ( ) ) {
2017-01-27 22:05:09 +00:00
if ( ( ! RR - > topology - > amRoot ( ) ) & & ( ! path - > trustEstablished ( now ) ) )
return ;
2016-09-13 21:27:18 +00:00
2016-03-18 21:16:07 +00:00
Packet packet ( data , len ) ;
if ( packet . hops ( ) < ZT_RELAY_MAX_HOPS ) {
packet . incrementHops ( ) ;
SharedPtr < Peer > relayTo = RR - > topology - > getPeer ( destination ) ;
2016-09-02 20:33:56 +00:00
if ( ( relayTo ) & & ( ( relayTo - > sendDirect ( packet . data ( ) , packet . size ( ) , now , false ) ) ) ) {
2016-03-18 21:16:07 +00:00
Mutex : : Lock _l ( _lastUniteAttempt_m ) ;
uint64_t & luts = _lastUniteAttempt [ _LastUniteKey ( source , destination ) ] ;
if ( ( now - luts ) > = ZT_MIN_UNITE_INTERVAL ) {
luts = now ;
2016-11-18 00:59:04 +00:00
_unite ( source , destination ) ;
2016-03-18 21:16:07 +00:00
}
} else {
2016-03-18 22:06:45 +00:00
# ifdef ZT_ENABLE_CLUSTER
2017-02-01 22:05:13 +00:00
if ( ( RR - > cluster ) & & ( source ! = RR - > identity . address ( ) ) ) {
2016-03-18 21:16:07 +00:00
bool shouldUnite ;
{
Mutex : : Lock _l ( _lastUniteAttempt_m ) ;
uint64_t & luts = _lastUniteAttempt [ _LastUniteKey ( source , destination ) ] ;
shouldUnite = ( ( now - luts ) > = ZT_MIN_UNITE_INTERVAL ) ;
if ( shouldUnite )
luts = now ;
}
2017-02-01 20:00:25 +00:00
RR - > cluster - > relayViaCluster ( source , destination , packet . data ( ) , packet . size ( ) , shouldUnite ) ;
2016-03-18 21:16:07 +00:00
return ;
}
2016-03-18 22:06:45 +00:00
# endif
2016-11-18 00:31:58 +00:00
relayTo = RR - > topology - > getUpstreamPeer ( & source , 1 , true ) ;
2016-03-18 21:16:07 +00:00
if ( relayTo )
2016-09-02 20:33:56 +00:00
relayTo - > sendDirect ( packet . data ( ) , packet . size ( ) , now , true ) ;
2016-03-18 21:16:07 +00:00
}
} else {
TRACE ( " dropped relay %s(%s) -> %s, max hops exceeded " , packet . source ( ) . toString ( ) . c_str ( ) , fromAddr . toString ( ) . c_str ( ) , destination . toString ( ) . c_str ( ) ) ;
}
} else if ( ( reinterpret_cast < const uint8_t * > ( data ) [ ZT_PACKET_IDX_FLAGS ] & ZT_PROTO_FLAG_FRAGMENTED ) ! = 0 ) {
// Packet is the head of a fragmented packet series
Mutex : : Lock _l ( _rxQueue_m ) ;
2016-04-06 23:28:40 +00:00
RXQueueEntry * const rq = _findRXQueueEntry ( now , packetId ) ;
2016-03-18 21:16:07 +00:00
if ( ( ! rq - > timestamp ) | | ( rq - > packetId ! = packetId ) ) {
// If we have no other fragments yet, create an entry and save the head
//TRACE("fragment (0/?) of %.16llx from %s",pid,fromAddr.toString().c_str());
rq - > timestamp = now ;
rq - > packetId = packetId ;
2016-09-02 18:51:33 +00:00
rq - > frag0 . init ( data , len , path , now ) ;
2016-03-18 21:16:07 +00:00
rq - > totalFragments = 0 ;
rq - > haveFragments = 1 ;
rq - > complete = false ;
} else if ( ! ( rq - > haveFragments & 1 ) ) {
// If we have other fragments but no head, see if we are complete with the head
if ( ( rq - > totalFragments > 1 ) & & ( Utils : : countBits ( rq - > haveFragments | = 1 ) = = rq - > totalFragments ) ) {
// We have all fragments -- assemble and process full Packet
//TRACE("packet %.16llx is complete, assembling and processing...",pid);
2016-09-01 22:43:07 +00:00
rq - > frag0 . init ( data , len , path , now ) ;
2016-03-18 21:16:07 +00:00
for ( unsigned int f = 1 ; f < rq - > totalFragments ; + + f )
rq - > frag0 . append ( rq - > frags [ f - 1 ] . payload ( ) , rq - > frags [ f - 1 ] . payloadLength ( ) ) ;
2016-08-04 18:40:38 +00:00
if ( rq - > frag0 . tryDecode ( RR ) ) {
2016-03-18 21:16:07 +00:00
rq - > timestamp = 0 ; // packet decoded, free entry
} else {
rq - > complete = true ; // set complete flag but leave entry since it probably needs WHOIS or something
}
} else {
// Still waiting on more fragments, but keep the head
2016-09-01 22:43:07 +00:00
rq - > frag0 . init ( data , len , path , now ) ;
2016-03-18 21:16:07 +00:00
}
} // else this is a duplicate head, ignore
} else {
// Packet is unfragmented, so just process it
2016-09-01 22:43:07 +00:00
IncomingPacket packet ( data , len , path , now ) ;
2016-08-04 18:40:38 +00:00
if ( ! packet . tryDecode ( RR ) ) {
2016-03-18 21:16:07 +00:00
Mutex : : Lock _l ( _rxQueue_m ) ;
RXQueueEntry * rq = & ( _rxQueue [ ZT_RX_QUEUE_SIZE - 1 ] ) ;
unsigned long i = ZT_RX_QUEUE_SIZE - 1 ;
while ( ( i ) & & ( rq - > timestamp ) ) {
RXQueueEntry * tmp = & ( _rxQueue [ - - i ] ) ;
if ( tmp - > timestamp < rq - > timestamp )
rq = tmp ;
}
rq - > timestamp = now ;
rq - > packetId = packetId ;
rq - > frag0 = packet ;
rq - > totalFragments = 1 ;
rq - > haveFragments = 1 ;
rq - > complete = true ;
}
}
// --------------------------------------------------------------------
2015-04-03 20:14:37 +00:00
}
2013-07-04 20:56:19 +00:00
}
} catch ( std : : exception & ex ) {
2013-07-13 18:45:39 +00:00
TRACE ( " dropped packet from %s: unexpected exception: %s " , fromAddr . toString ( ) . c_str ( ) , ex . what ( ) ) ;
2013-07-04 20:56:19 +00:00
} catch ( . . . ) {
2013-07-13 18:45:39 +00:00
TRACE ( " dropped packet from %s: unexpected exception: (unknown) " , fromAddr . toString ( ) . c_str ( ) ) ;
2013-07-04 20:56:19 +00:00
}
}
2015-04-08 02:31:11 +00:00
void Switch : : onLocalEthernet ( const SharedPtr < Network > & network , const MAC & from , const MAC & to , unsigned int etherType , unsigned int vlanId , const void * data , unsigned int len )
2013-07-04 20:56:19 +00:00
{
2016-04-12 19:49:46 +00:00
if ( ! network - > hasConfig ( ) )
2013-10-18 17:20:34 +00:00
return ;
2014-06-14 00:49:33 +00:00
// Check if this packet is from someone other than the tap -- i.e. bridged in
2016-10-05 17:12:06 +00:00
bool fromBridged ;
if ( ( fromBridged = ( from ! = network - > mac ( ) ) ) ) {
2016-04-12 19:49:46 +00:00
if ( ! network - > config ( ) . permitsBridging ( RR - > identity . address ( ) ) ) {
2015-04-08 23:49:21 +00:00
TRACE ( " %.16llx: %s -> %s %s not forwarded, bridging disabled or this peer not a bridge " , network - > id ( ) , from . toString ( ) . c_str ( ) , to . toString ( ) . c_str ( ) , etherTypeName ( etherType ) ) ;
2014-06-14 00:49:33 +00:00
return ;
}
}
if ( to . isMulticast ( ) ) {
2016-09-21 04:21:34 +00:00
MulticastGroup multicastGroup ( to , 0 ) ;
2014-03-26 04:38:54 +00:00
2014-06-14 00:49:33 +00:00
if ( to . isBroadcast ( ) ) {
2015-11-03 18:46:41 +00:00
if ( ( etherType = = ZT_ETHERTYPE_ARP ) & & ( len > = 28 ) & & ( ( ( ( const uint8_t * ) data ) [ 2 ] = = 0x08 ) & & ( ( ( const uint8_t * ) data ) [ 3 ] = = 0x00 ) & & ( ( ( const uint8_t * ) data ) [ 4 ] = = 6 ) & & ( ( ( const uint8_t * ) data ) [ 5 ] = = 4 ) & & ( ( ( const uint8_t * ) data ) [ 7 ] = = 0x01 ) ) ) {
/* IPv4 ARP is one of the few special cases that we impose upon what is
* otherwise a straightforward Ethernet switch emulation . Vanilla ARP
* is dumb old broadcast and simply doesn ' t scale . ZeroTier multicast
* groups have an additional field called ADI ( additional distinguishing
* information ) which was added specifically for ARP though it could
* be used for other things too . We then take ARP broadcasts and turn
* them into multicasts by stuffing the IP address being queried into
* the 32 - bit ADI field . In practice this uses our multicast pub / sub
* system to implement a kind of extended / distributed ARP table . */
2016-09-21 04:21:34 +00:00
multicastGroup = MulticastGroup : : deriveMulticastGroupForAddressResolution ( InetAddress ( ( ( const unsigned char * ) data ) + 24 , 4 , 0 ) ) ;
2016-04-12 19:49:46 +00:00
} else if ( ! network - > config ( ) . enableBroadcast ( ) ) {
2014-06-14 00:49:33 +00:00
// Don't transmit broadcasts if this network doesn't want them
2015-04-03 23:52:53 +00:00
TRACE ( " %.16llx: dropped broadcast since ff:ff:ff:ff:ff:ff is not enabled " , network - > id ( ) ) ;
2014-05-23 21:32:31 +00:00
return ;
2013-09-27 20:03:13 +00:00
}
2015-11-03 18:46:41 +00:00
} else if ( ( etherType = = ZT_ETHERTYPE_IPV6 ) & & ( len > = ( 40 + 8 + 16 ) ) ) {
2016-06-24 11:54:05 +00:00
// IPv6 NDP emulation for certain very special patterns of private IPv6 addresses -- if enabled
2016-06-24 05:41:14 +00:00
if ( ( network - > config ( ) . ndpEmulation ( ) ) & & ( reinterpret_cast < const uint8_t * > ( data ) [ 6 ] = = 0x3a ) & & ( reinterpret_cast < const uint8_t * > ( data ) [ 40 ] = = 0x87 ) ) { // ICMPv6 neighbor solicitation
Address v6EmbeddedAddress ;
const uint8_t * const pkt6 = reinterpret_cast < const uint8_t * > ( data ) + 40 + 8 ;
const uint8_t * my6 = ( const uint8_t * ) 0 ;
2016-06-24 12:21:25 +00:00
// ZT-RFC4193 address: fdNN:NNNN:NNNN:NNNN:NN99:93DD:DDDD:DDDD / 88 (one /128 per actual host)
2016-06-24 05:41:14 +00:00
2016-06-24 12:21:25 +00:00
// ZT-6PLANE address: fcXX:XXXX:XXDD:DDDD:DDDD:####:####:#### / 40 (one /80 per actual host)
2016-06-24 11:54:05 +00:00
// (XX - lower 32 bits of network ID XORed with higher 32 bits)
// For these to work, we must have a ZT-managed address assigned in one of the
// above formats, and the query must match its prefix.
2016-05-06 23:13:11 +00:00
for ( unsigned int sipk = 0 ; sipk < network - > config ( ) . staticIpCount ; + + sipk ) {
2016-06-24 11:54:05 +00:00
const InetAddress * const sip = & ( network - > config ( ) . staticIps [ sipk ] ) ;
if ( sip - > ss_family = = AF_INET6 ) {
2016-06-24 05:41:14 +00:00
my6 = reinterpret_cast < const uint8_t * > ( reinterpret_cast < const struct sockaddr_in6 * > ( & ( * sip ) ) - > sin6_addr . s6_addr ) ;
2016-06-24 11:54:05 +00:00
const unsigned int sipNetmaskBits = Utils : : ntoh ( ( uint16_t ) reinterpret_cast < const struct sockaddr_in6 * > ( & ( * sip ) ) - > sin6_port ) ;
2016-06-24 12:21:25 +00:00
if ( ( sipNetmaskBits = = 88 ) & & ( my6 [ 0 ] = = 0xfd ) & & ( my6 [ 9 ] = = 0x99 ) & & ( my6 [ 10 ] = = 0x93 ) ) { // ZT-RFC4193 /88 ???
2015-11-03 18:46:41 +00:00
unsigned int ptr = 0 ;
while ( ptr ! = 11 ) {
if ( pkt6 [ ptr ] ! = my6 [ ptr ] )
break ;
+ + ptr ;
}
2016-06-24 12:21:25 +00:00
if ( ptr = = 11 ) { // prefix match!
2016-06-24 05:41:14 +00:00
v6EmbeddedAddress . setTo ( pkt6 + ptr , 5 ) ;
break ;
}
2016-06-24 12:21:25 +00:00
} else if ( sipNetmaskBits = = 40 ) { // ZT-6PLANE /40 ???
2016-06-24 11:54:05 +00:00
const uint32_t nwid32 = ( uint32_t ) ( ( network - > id ( ) ^ ( network - > id ( ) > > 32 ) ) & 0xffffffff ) ;
2016-06-24 12:21:25 +00:00
if ( ( my6 [ 0 ] = = 0xfc ) & & ( my6 [ 1 ] = = ( uint8_t ) ( ( nwid32 > > 24 ) & 0xff ) ) & & ( my6 [ 2 ] = = ( uint8_t ) ( ( nwid32 > > 16 ) & 0xff ) ) & & ( my6 [ 3 ] = = ( uint8_t ) ( ( nwid32 > > 8 ) & 0xff ) ) & & ( my6 [ 4 ] = = ( uint8_t ) ( nwid32 & 0xff ) ) ) {
2016-06-24 11:54:05 +00:00
unsigned int ptr = 0 ;
while ( ptr ! = 5 ) {
if ( pkt6 [ ptr ] ! = my6 [ ptr ] )
break ;
+ + ptr ;
}
2016-06-24 12:21:25 +00:00
if ( ptr = = 5 ) { // prefix match!
2016-06-24 11:54:05 +00:00
v6EmbeddedAddress . setTo ( pkt6 + ptr , 5 ) ;
2016-06-24 05:41:14 +00:00
break ;
2016-06-24 11:54:05 +00:00
}
2015-11-03 18:46:41 +00:00
}
}
}
}
2016-06-24 05:41:14 +00:00
if ( ( v6EmbeddedAddress ) & & ( v6EmbeddedAddress ! = RR - > identity . address ( ) ) ) {
const MAC peerMac ( v6EmbeddedAddress , network - > id ( ) ) ;
TRACE ( " IPv6 NDP emulation: %.16llx: forging response for %s/%s " , network - > id ( ) , v6EmbeddedAddress . toString ( ) . c_str ( ) , peerMac . toString ( ) . c_str ( ) ) ;
uint8_t adv [ 72 ] ;
adv [ 0 ] = 0x60 ; adv [ 1 ] = 0x00 ; adv [ 2 ] = 0x00 ; adv [ 3 ] = 0x00 ;
adv [ 4 ] = 0x00 ; adv [ 5 ] = 0x20 ;
adv [ 6 ] = 0x3a ; adv [ 7 ] = 0xff ;
for ( int i = 0 ; i < 16 ; + + i ) adv [ 8 + i ] = pkt6 [ i ] ;
for ( int i = 0 ; i < 16 ; + + i ) adv [ 24 + i ] = my6 [ i ] ;
adv [ 40 ] = 0x88 ; adv [ 41 ] = 0x00 ;
adv [ 42 ] = 0x00 ; adv [ 43 ] = 0x00 ; // future home of checksum
adv [ 44 ] = 0x60 ; adv [ 45 ] = 0x00 ; adv [ 46 ] = 0x00 ; adv [ 47 ] = 0x00 ;
for ( int i = 0 ; i < 16 ; + + i ) adv [ 48 + i ] = pkt6 [ i ] ;
adv [ 64 ] = 0x02 ; adv [ 65 ] = 0x01 ;
adv [ 66 ] = peerMac [ 0 ] ; adv [ 67 ] = peerMac [ 1 ] ; adv [ 68 ] = peerMac [ 2 ] ; adv [ 69 ] = peerMac [ 3 ] ; adv [ 70 ] = peerMac [ 4 ] ; adv [ 71 ] = peerMac [ 5 ] ;
uint16_t pseudo_ [ 36 ] ;
uint8_t * const pseudo = reinterpret_cast < uint8_t * > ( pseudo_ ) ;
for ( int i = 0 ; i < 32 ; + + i ) pseudo [ i ] = adv [ 8 + i ] ;
pseudo [ 32 ] = 0x00 ; pseudo [ 33 ] = 0x00 ; pseudo [ 34 ] = 0x00 ; pseudo [ 35 ] = 0x20 ;
pseudo [ 36 ] = 0x00 ; pseudo [ 37 ] = 0x00 ; pseudo [ 38 ] = 0x00 ; pseudo [ 39 ] = 0x3a ;
for ( int i = 0 ; i < 32 ; + + i ) pseudo [ 40 + i ] = adv [ 40 + i ] ;
uint32_t checksum = 0 ;
for ( int i = 0 ; i < 36 ; + + i ) checksum + = Utils : : hton ( pseudo_ [ i ] ) ;
while ( ( checksum > > 16 ) ) checksum = ( checksum & 0xffff ) + ( checksum > > 16 ) ;
checksum = ~ checksum ;
adv [ 42 ] = ( checksum > > 8 ) & 0xff ;
adv [ 43 ] = checksum & 0xff ;
RR - > node - > putFrame ( network - > id ( ) , network - > userPtr ( ) , peerMac , from , ZT_ETHERTYPE_IPV6 , 0 , adv , 72 ) ;
2016-06-24 11:54:05 +00:00
return ; // NDP emulation done. We have forged a "fake" reply, so no need to send actual NDP query.
} // else no NDP emulation
} // else no NDP emulation
2014-06-14 00:49:33 +00:00
}
2013-09-12 16:11:21 +00:00
2016-09-28 19:21:08 +00:00
// Check this after NDP emulation, since that has to be allowed in exactly this case
if ( network - > config ( ) . multicastLimit = = 0 ) {
TRACE ( " %.16llx: dropped multicast: not allowed on network " , network - > id ( ) ) ;
return ;
}
2014-06-21 19:19:10 +00:00
/* Learn multicast groups for bridged-in hosts.
* Note that some OSes , most notably Linux , do this for you by learning
* multicast addresses on bridge interfaces and subscribing each slave .
* But in that case this does no harm , as the sets are just merged . */
2014-06-14 00:49:33 +00:00
if ( fromBridged )
2016-09-21 04:21:34 +00:00
network - > learnBridgedMulticastGroup ( multicastGroup , RR - > node - > now ( ) ) ;
2014-05-23 21:32:31 +00:00
2016-09-21 04:21:34 +00:00
//TRACE("%.16llx: MULTICAST %s -> %s %s %u",network->id(),from.toString().c_str(),multicastGroup.toString().c_str(),etherTypeName(etherType),len);
2014-06-18 15:25:30 +00:00
2016-08-31 23:50:22 +00:00
// First pass sets noTee to false, but noTee is set to true in OutboundMulticast to prevent duplicates.
2016-08-24 22:26:18 +00:00
if ( ! network - > filterOutgoingPacket ( false , RR - > identity . address ( ) , Address ( ) , from , to , ( const uint8_t * ) data , len , etherType , vlanId ) ) {
2016-08-09 00:33:26 +00:00
TRACE ( " %.16llx: %s -> %s %s packet not sent: filterOutgoingPacket() returned false " , network - > id ( ) , from . toString ( ) . c_str ( ) , to . toString ( ) . c_str ( ) , etherTypeName ( etherType ) ) ;
2016-07-25 23:51:10 +00:00
return ;
}
2014-10-01 19:41:48 +00:00
RR - > mc - > send (
2016-05-06 23:13:11 +00:00
network - > config ( ) . multicastLimit ,
2015-06-02 00:50:44 +00:00
RR - > node - > now ( ) ,
2014-10-01 19:41:48 +00:00
network - > id ( ) ,
2016-09-27 19:22:25 +00:00
network - > config ( ) . disableCompression ( ) ,
2016-04-12 19:49:46 +00:00
network - > config ( ) . activeBridges ( ) ,
2016-09-21 04:21:34 +00:00
multicastGroup ,
2014-10-10 00:58:31 +00:00
( fromBridged ) ? from : MAC ( ) ,
2014-10-01 19:41:48 +00:00
etherType ,
2015-04-08 22:26:45 +00:00
data ,
len ) ;
2016-10-05 17:12:06 +00:00
} else if ( to = = network - > mac ( ) ) {
// Destination is this node, so just reinject it
RR - > node - > putFrame ( network - > id ( ) , network - > userPtr ( ) , from , to , etherType , vlanId , data , len ) ;
2016-08-24 22:26:18 +00:00
} else if ( to [ 0 ] = = MAC : : firstOctetForNetwork ( network - > id ( ) ) ) {
2015-04-15 20:09:20 +00:00
// Destination is another ZeroTier peer on the same network
2014-06-21 19:19:10 +00:00
2015-07-07 17:00:34 +00:00
Address toZT ( to . toAddress ( network - > id ( ) ) ) ; // since in-network MACs are derived from addresses and network IDs, we can reverse this
2015-10-01 18:11:52 +00:00
SharedPtr < Peer > toPeer ( RR - > topology - > getPeer ( toZT ) ) ;
2016-07-25 23:51:10 +00:00
2016-08-24 22:26:18 +00:00
if ( ! network - > filterOutgoingPacket ( false , RR - > identity . address ( ) , toZT , from , to , ( const uint8_t * ) data , len , etherType , vlanId ) ) {
2016-08-09 00:33:26 +00:00
TRACE ( " %.16llx: %s -> %s %s packet not sent: filterOutgoingPacket() returned false " , network - > id ( ) , from . toString ( ) . c_str ( ) , to . toString ( ) . c_str ( ) , etherTypeName ( etherType ) ) ;
2016-07-25 23:51:10 +00:00
return ;
}
2016-08-09 00:33:26 +00:00
if ( fromBridged ) {
2015-07-07 17:00:34 +00:00
Packet outp ( toZT , RR - > identity . address ( ) , Packet : : VERB_EXT_FRAME ) ;
outp . append ( network - > id ( ) ) ;
2016-08-09 00:33:26 +00:00
outp . append ( ( unsigned char ) 0x00 ) ;
2015-07-07 17:00:34 +00:00
to . appendTo ( outp ) ;
from . appendTo ( outp ) ;
outp . append ( ( uint16_t ) etherType ) ;
outp . append ( data , len ) ;
2016-09-27 19:22:25 +00:00
if ( ! network - > config ( ) . disableCompression ( ) )
outp . compress ( ) ;
2016-08-09 22:45:26 +00:00
send ( outp , true ) ;
2013-07-04 20:56:19 +00:00
} else {
2015-07-07 17:00:34 +00:00
Packet outp ( toZT , RR - > identity . address ( ) , Packet : : VERB_FRAME ) ;
outp . append ( network - > id ( ) ) ;
outp . append ( ( uint16_t ) etherType ) ;
outp . append ( data , len ) ;
2016-09-27 19:22:25 +00:00
if ( ! network - > config ( ) . disableCompression ( ) )
outp . compress ( ) ;
2016-08-09 22:45:26 +00:00
send ( outp , true ) ;
2013-07-04 20:56:19 +00:00
}
2014-06-21 16:01:26 +00:00
2015-07-07 17:00:34 +00:00
//TRACE("%.16llx: UNICAST: %s -> %s etherType==%s(%.4x) vlanId==%u len==%u fromBridged==%d includeCom==%d",network->id(),from.toString().c_str(),to.toString().c_str(),etherTypeName(etherType),etherType,vlanId,len,(int)fromBridged,(int)includeCom);
2016-08-24 22:26:18 +00:00
} else {
2014-09-30 15:38:03 +00:00
// Destination is bridged behind a remote peer
2014-06-21 19:19:10 +00:00
2016-08-24 22:26:18 +00:00
// We filter with a NULL destination ZeroTier address first. Filtrations
// for each ZT destination are also done below. This is the same rationale
// and design as for multicast.
if ( ! network - > filterOutgoingPacket ( false , RR - > identity . address ( ) , Address ( ) , from , to , ( const uint8_t * ) data , len , etherType , vlanId ) ) {
TRACE ( " %.16llx: %s -> %s %s packet not sent: filterOutgoingPacket() returned false " , network - > id ( ) , from . toString ( ) . c_str ( ) , to . toString ( ) . c_str ( ) , etherTypeName ( etherType ) ) ;
return ;
}
2014-06-21 19:19:10 +00:00
Address bridges [ ZT_MAX_BRIDGE_SPAM ] ;
unsigned int numBridges = 0 ;
2015-07-06 19:46:27 +00:00
/* Create an array of up to ZT_MAX_BRIDGE_SPAM recipients for this bridged frame. */
2014-06-21 19:19:10 +00:00
bridges [ 0 ] = network - > findBridgeTo ( to ) ;
2016-04-12 19:49:46 +00:00
std : : vector < Address > activeBridges ( network - > config ( ) . activeBridges ( ) ) ;
if ( ( bridges [ 0 ] ) & & ( bridges [ 0 ] ! = RR - > identity . address ( ) ) & & ( network - > config ( ) . permitsBridging ( bridges [ 0 ] ) ) ) {
2015-07-06 19:46:27 +00:00
/* We have a known bridge route for this MAC, send it there. */
2014-06-21 19:19:10 +00:00
+ + numBridges ;
2016-04-12 19:49:46 +00:00
} else if ( ! activeBridges . empty ( ) ) {
2014-06-21 19:19:10 +00:00
/* If there is no known route, spam to up to ZT_MAX_BRIDGE_SPAM active
2015-07-06 19:46:27 +00:00
* bridges . If someone responds , we ' ll learn the route . */
2016-04-12 19:49:46 +00:00
std : : vector < Address > : : const_iterator ab ( activeBridges . begin ( ) ) ;
if ( activeBridges . size ( ) < = ZT_MAX_BRIDGE_SPAM ) {
2014-06-21 19:19:10 +00:00
// If there are <= ZT_MAX_BRIDGE_SPAM active bridges, spam them all
2016-04-12 19:49:46 +00:00
while ( ab ! = activeBridges . end ( ) ) {
2015-07-07 17:00:34 +00:00
bridges [ numBridges + + ] = * ab ;
2014-06-21 19:19:10 +00:00
+ + ab ;
}
} else {
// Otherwise pick a random set of them
while ( numBridges < ZT_MAX_BRIDGE_SPAM ) {
2016-04-12 19:49:46 +00:00
if ( ab = = activeBridges . end ( ) )
ab = activeBridges . begin ( ) ;
if ( ( ( unsigned long ) RR - > node - > prng ( ) % ( unsigned long ) activeBridges . size ( ) ) = = 0 ) {
2015-07-07 17:00:34 +00:00
bridges [ numBridges + + ] = * ab ;
2014-06-21 19:19:10 +00:00
+ + ab ;
} else + + ab ;
}
2014-06-14 00:49:33 +00:00
}
}
2014-06-21 19:19:10 +00:00
for ( unsigned int b = 0 ; b < numBridges ; + + b ) {
2016-08-24 22:26:18 +00:00
if ( network - > filterOutgoingPacket ( true , RR - > identity . address ( ) , bridges [ b ] , from , to , ( const uint8_t * ) data , len , etherType , vlanId ) ) {
Packet outp ( bridges [ b ] , RR - > identity . address ( ) , Packet : : VERB_EXT_FRAME ) ;
outp . append ( network - > id ( ) ) ;
outp . append ( ( uint8_t ) 0x00 ) ;
to . appendTo ( outp ) ;
from . appendTo ( outp ) ;
outp . append ( ( uint16_t ) etherType ) ;
outp . append ( data , len ) ;
2016-09-27 19:22:25 +00:00
if ( ! network - > config ( ) . disableCompression ( ) )
outp . compress ( ) ;
2016-08-24 22:26:18 +00:00
send ( outp , true ) ;
} else {
TRACE ( " %.16llx: %s -> %s %s packet not sent: filterOutgoingPacket() returned false " , network - > id ( ) , from . toString ( ) . c_str ( ) , to . toString ( ) . c_str ( ) , etherTypeName ( etherType ) ) ;
}
2014-06-21 15:59:08 +00:00
}
2013-07-04 20:56:19 +00:00
}
}
2017-02-01 20:00:25 +00:00
void Switch : : send ( Packet & packet , bool encrypt )
2013-07-04 20:56:19 +00:00
{
2014-09-24 20:53:03 +00:00
if ( packet . destination ( ) = = RR - > identity . address ( ) ) {
2013-07-13 02:07:48 +00:00
TRACE ( " BUG: caught attempt to send() to self, ignored " ) ;
return ;
}
2016-08-09 22:45:26 +00:00
if ( ! _trySend ( packet , encrypt ) ) {
2013-07-11 20:19:06 +00:00
Mutex : : Lock _l ( _txQueue_m ) ;
2016-08-09 22:45:26 +00:00
_txQueue . push_back ( TXQueueEntry ( packet . destination ( ) , RR - > node - > now ( ) , packet , encrypt ) ) ;
2013-07-04 20:56:19 +00:00
}
}
2013-07-11 21:52:04 +00:00
void Switch : : requestWhois ( const Address & addr )
2013-07-11 20:19:06 +00:00
{
2013-10-03 18:38:07 +00:00
bool inserted = false ;
2013-07-11 21:52:04 +00:00
{
Mutex : : Lock _l ( _outstandingWhoisRequests_m ) ;
2015-09-04 22:35:43 +00:00
WhoisRequest & r = _outstandingWhoisRequests [ addr ] ;
if ( r . lastSent ) {
r . retries = 0 ; // reset retry count if entry already existed, but keep waiting and retry again after normal timeout
} else {
r . lastSent = RR - > node - > now ( ) ;
inserted = true ;
}
2013-07-11 21:52:04 +00:00
}
2013-10-03 18:38:07 +00:00
if ( inserted )
_sendWhoisRequest ( addr , ( const Address * ) 0 , 0 ) ;
2013-07-11 20:19:06 +00:00
}
2013-07-12 02:06:25 +00:00
void Switch : : doAnythingWaitingForPeer ( const SharedPtr < Peer > & peer )
2013-07-04 20:56:19 +00:00
{
2014-08-19 17:09:21 +00:00
{ // cancel pending WHOIS since we now know this peer
2013-07-11 21:52:04 +00:00
Mutex : : Lock _l ( _outstandingWhoisRequests_m ) ;
_outstandingWhoisRequests . erase ( peer - > address ( ) ) ;
}
2014-08-19 17:09:21 +00:00
{ // finish processing any packets waiting on peer's public key / identity
2013-07-11 21:52:04 +00:00
Mutex : : Lock _l ( _rxQueue_m ) ;
2016-03-18 21:16:07 +00:00
unsigned long i = ZT_RX_QUEUE_SIZE ;
while ( i ) {
RXQueueEntry * rq = & ( _rxQueue [ - - i ] ) ;
if ( ( rq - > timestamp ) & & ( rq - > complete ) ) {
2016-08-04 18:40:38 +00:00
if ( rq - > frag0 . tryDecode ( RR ) )
2016-03-18 21:16:07 +00:00
rq - > timestamp = 0 ;
}
2013-07-11 21:52:04 +00:00
}
}
2014-08-19 17:09:21 +00:00
{ // finish sending any packets waiting on peer's public key / identity
2013-07-11 21:52:04 +00:00
Mutex : : Lock _l ( _txQueue_m ) ;
2015-09-04 21:56:39 +00:00
for ( std : : list < TXQueueEntry > : : iterator txi ( _txQueue . begin ( ) ) ; txi ! = _txQueue . end ( ) ; ) {
if ( txi - > dest = = peer - > address ( ) ) {
2016-08-09 22:45:26 +00:00
if ( _trySend ( txi - > packet , txi - > encrypt ) )
2015-09-04 21:56:39 +00:00
_txQueue . erase ( txi + + ) ;
else + + txi ;
} else + + txi ;
2013-07-11 20:19:06 +00:00
}
}
}
2013-07-04 20:56:19 +00:00
2015-04-08 02:31:11 +00:00
unsigned long Switch : : doTimerTasks ( uint64_t now )
2014-09-24 20:45:58 +00:00
{
2015-04-08 02:31:11 +00:00
unsigned long nextDelay = 0xffffffff ; // ceiling delay, caller will cap to minimum
2014-09-24 20:45:58 +00:00
2015-04-03 23:52:53 +00:00
{ // Retry outstanding WHOIS requests
2014-09-24 20:45:58 +00:00
Mutex : : Lock _l ( _outstandingWhoisRequests_m ) ;
2015-09-04 22:35:43 +00:00
Hashtable < Address , WhoisRequest > : : Iterator i ( _outstandingWhoisRequests ) ;
Address * a = ( Address * ) 0 ;
WhoisRequest * r = ( WhoisRequest * ) 0 ;
while ( i . next ( a , r ) ) {
const unsigned long since = ( unsigned long ) ( now - r - > lastSent ) ;
2014-09-24 20:45:58 +00:00
if ( since > = ZT_WHOIS_RETRY_DELAY ) {
2015-09-04 22:35:43 +00:00
if ( r - > retries > = ZT_MAX_WHOIS_RETRIES ) {
TRACE ( " WHOIS %s timed out " , a - > toString ( ) . c_str ( ) ) ;
_outstandingWhoisRequests . erase ( * a ) ;
2014-09-24 20:45:58 +00:00
} else {
2015-09-04 22:35:43 +00:00
r - > lastSent = now ;
r - > peersConsulted [ r - > retries ] = _sendWhoisRequest ( * a , r - > peersConsulted , r - > retries ) ;
+ + r - > retries ;
TRACE ( " WHOIS %s (retry %u) " , a - > toString ( ) . c_str ( ) , r - > retries ) ;
2014-09-24 20:45:58 +00:00
nextDelay = std : : min ( nextDelay , ( unsigned long ) ZT_WHOIS_RETRY_DELAY ) ;
}
2015-04-03 23:52:53 +00:00
} else {
nextDelay = std : : min ( nextDelay , ZT_WHOIS_RETRY_DELAY - since ) ;
}
2014-09-24 20:45:58 +00:00
}
}
2015-04-03 23:52:53 +00:00
{ // Time out TX queue packets that never got WHOIS lookups or other info.
2014-09-24 20:45:58 +00:00
Mutex : : Lock _l ( _txQueue_m ) ;
2015-09-04 21:56:39 +00:00
for ( std : : list < TXQueueEntry > : : iterator txi ( _txQueue . begin ( ) ) ; txi ! = _txQueue . end ( ) ; ) {
2016-08-09 22:45:26 +00:00
if ( _trySend ( txi - > packet , txi - > encrypt ) )
2015-09-04 21:56:39 +00:00
_txQueue . erase ( txi + + ) ;
else if ( ( now - txi - > creationTime ) > ZT_TRANSMIT_QUEUE_TIMEOUT ) {
TRACE ( " TX %s -> %s timed out " , txi - > packet . source ( ) . toString ( ) . c_str ( ) , txi - > packet . destination ( ) . toString ( ) . c_str ( ) ) ;
_txQueue . erase ( txi + + ) ;
} else + + txi ;
2014-09-24 20:45:58 +00:00
}
}
2015-09-04 22:21:22 +00:00
{ // Remove really old last unite attempt entries to keep table size controlled
Mutex : : Lock _l ( _lastUniteAttempt_m ) ;
Hashtable < _LastUniteKey , uint64_t > : : Iterator i ( _lastUniteAttempt ) ;
_LastUniteKey * k = ( _LastUniteKey * ) 0 ;
uint64_t * v = ( uint64_t * ) 0 ;
while ( i . next ( k , v ) ) {
2015-11-02 23:38:53 +00:00
if ( ( now - * v ) > = ( ZT_MIN_UNITE_INTERVAL * 8 ) )
2015-09-04 22:21:22 +00:00
_lastUniteAttempt . erase ( * k ) ;
}
}
2015-04-08 02:31:11 +00:00
return nextDelay ;
2014-09-24 20:45:58 +00:00
}
2013-07-04 20:56:19 +00:00
Address Switch : : _sendWhoisRequest ( const Address & addr , const Address * peersAlreadyConsulted , unsigned int numPeersAlreadyConsulted )
{
2016-11-18 00:31:58 +00:00
SharedPtr < Peer > upstream ( RR - > topology - > getUpstreamPeer ( peersAlreadyConsulted , numPeersAlreadyConsulted , false ) ) ;
2016-09-09 15:43:58 +00:00
if ( upstream ) {
Packet outp ( upstream - > address ( ) , RR - > identity . address ( ) , Packet : : VERB_WHOIS ) ;
2013-07-25 17:24:39 +00:00
addr . appendTo ( outp ) ;
2016-09-09 15:43:58 +00:00
RR - > node - > expectReplyTo ( outp . packetId ( ) ) ;
send ( outp , true ) ;
2013-07-04 20:56:19 +00:00
}
return Address ( ) ;
}
2017-02-01 20:00:25 +00:00
bool Switch : : _trySend ( Packet & packet , bool encrypt )
2013-07-04 20:56:19 +00:00
{
2017-02-01 20:00:25 +00:00
SharedPtr < Path > viaPath ;
const uint64_t now = RR - > node - > now ( ) ;
const Address destination ( packet . destination ( ) ) ;
2017-02-01 21:52:53 +00:00
2017-02-01 20:00:25 +00:00
# ifdef ZT_ENABLE_CLUSTER
2017-02-01 21:20:51 +00:00
uint64_t clusterMostRecentTs = 0 ;
2017-02-01 20:00:25 +00:00
int clusterMostRecentMemberId = - 1 ;
2017-02-01 20:32:06 +00:00
uint8_t clusterPeerSecret [ ZT_PEER_SECRET_KEY_LENGTH ] ;
2017-02-01 21:52:53 +00:00
if ( RR - > cluster )
clusterMostRecentMemberId = RR - > cluster - > checkSendViaCluster ( destination , clusterMostRecentTs , clusterPeerSecret ) ;
2017-02-01 20:00:25 +00:00
# endif
2013-07-04 20:56:19 +00:00
2017-02-01 20:00:25 +00:00
const SharedPtr < Peer > peer ( RR - > topology - > getPeer ( destination ) ) ;
if ( peer ) {
2016-11-22 22:23:13 +00:00
/* First get the best path, and if it's dead (and this is not a root)
* we attempt to re - activate that path but this packet will flow
* upstream . If the path comes back alive , it will be used in the future .
* For roots we don ' t do the alive check since roots are not required
* to send heartbeats " down " and because we have to at least try to
* go somewhere . */
2016-09-07 18:13:17 +00:00
2017-02-01 20:00:25 +00:00
viaPath = peer - > getBestPath ( now , false ) ;
2017-01-27 21:27:52 +00:00
if ( ( viaPath ) & & ( ! viaPath - > alive ( now ) ) & & ( ! RR - > topology - > isUpstream ( peer - > identity ( ) ) ) ) {
2017-02-01 21:52:53 +00:00
# ifdef ZT_ENABLE_CLUSTER
if ( ( clusterMostRecentMemberId < 0 ) | | ( viaPath - > lastIn ( ) > clusterMostRecentTs ) ) {
# endif
if ( ( now - viaPath - > lastOut ( ) ) > std : : max ( ( now - viaPath - > lastIn ( ) ) * 4 , ( uint64_t ) ZT_PATH_MIN_REACTIVATE_INTERVAL ) ) {
peer - > attemptToContactAt ( viaPath - > localAddress ( ) , viaPath - > address ( ) , now ) ;
viaPath - > sent ( now ) ;
}
# ifdef ZT_ENABLE_CLUSTER
}
# endif
2016-09-02 20:55:33 +00:00
viaPath . zero ( ) ;
}
2017-02-01 20:00:25 +00:00
# ifdef ZT_ENABLE_CLUSTER
2017-02-01 21:20:51 +00:00
if ( clusterMostRecentMemberId > = 0 ) {
if ( ( viaPath ) & & ( viaPath - > lastIn ( ) < clusterMostRecentTs ) )
viaPath . zero ( ) ;
} else if ( ! viaPath ) {
# else
if ( ! viaPath ) {
2017-02-01 21:52:53 +00:00
# endif
2017-02-01 21:20:51 +00:00
peer - > tryMemorizedPath ( now ) ; // periodically attempt memorized or statically defined paths, if any are known
2017-02-01 21:52:53 +00:00
const SharedPtr < Peer > relay ( RR - > topology - > getUpstreamPeer ( ) ) ;
if ( ( ! relay ) | | ( ! ( viaPath = relay - > getBestPath ( now , false ) ) ) ) {
if ( ! ( viaPath = peer - > getBestPath ( now , true ) ) )
return false ;
}
# ifdef ZT_ENABLE_CLUSTER
}
# else
2016-04-19 19:09:35 +00:00
}
2017-02-01 21:20:51 +00:00
# endif
2017-02-01 20:00:25 +00:00
} else {
2017-02-01 20:51:52 +00:00
# ifdef ZT_ENABLE_CLUSTER
if ( clusterMostRecentMemberId < 0 ) {
# else
requestWhois ( destination ) ;
return false ; // if we are not in cluster mode, there is no way we can send without knowing the peer directly
# endif
# ifdef ZT_ENABLE_CLUSTER
}
2017-02-01 20:00:25 +00:00
# endif
}
2015-07-07 17:00:34 +00:00
2017-02-01 20:00:25 +00:00
unsigned int chunkSize = std : : min ( packet . size ( ) , ( unsigned int ) ZT_UDP_DEFAULT_PAYLOAD_MTU ) ;
packet . setFragmented ( chunkSize < packet . size ( ) ) ;
2013-07-04 20:56:19 +00:00
2017-02-01 20:32:06 +00:00
# ifdef ZT_ENABLE_CLUSTER
const uint64_t trustedPathId = ( viaPath ) ? RR - > topology - > getOutboundPathTrust ( viaPath - > address ( ) ) : 0 ;
if ( trustedPathId ) {
packet . setTrusted ( trustedPathId ) ;
} else {
packet . armor ( ( clusterMostRecentMemberId > = 0 ) ? clusterPeerSecret : peer - > key ( ) , encrypt ) ;
}
# else
2017-02-01 20:00:25 +00:00
const uint64_t trustedPathId = RR - > topology - > getOutboundPathTrust ( viaPath - > address ( ) ) ;
if ( trustedPathId ) {
packet . setTrusted ( trustedPathId ) ;
} else {
packet . armor ( peer - > key ( ) , encrypt ) ;
}
2017-02-01 20:32:06 +00:00
# endif
2013-07-04 20:56:19 +00:00
2017-02-01 20:00:25 +00:00
# ifdef ZT_ENABLE_CLUSTER
if ( ( ( viaPath ) & & ( viaPath - > send ( RR , packet . data ( ) , chunkSize , now ) ) ) | | ( ( clusterMostRecentMemberId > = 0 ) & & ( RR - > cluster - > sendViaCluster ( clusterMostRecentMemberId , destination , packet . data ( ) , chunkSize ) ) ) ) {
# else
if ( viaPath - > send ( RR , packet . data ( ) , chunkSize , now ) ) {
# endif
if ( chunkSize < packet . size ( ) ) {
// Too big for one packet, fragment the rest
unsigned int fragStart = chunkSize ;
unsigned int remaining = packet . size ( ) - chunkSize ;
unsigned int fragsRemaining = ( remaining / ( ZT_UDP_DEFAULT_PAYLOAD_MTU - ZT_PROTO_MIN_FRAGMENT_LENGTH ) ) ;
if ( ( fragsRemaining * ( ZT_UDP_DEFAULT_PAYLOAD_MTU - ZT_PROTO_MIN_FRAGMENT_LENGTH ) ) < remaining )
+ + fragsRemaining ;
const unsigned int totalFragments = fragsRemaining + 1 ;
for ( unsigned int fno = 1 ; fno < totalFragments ; + + fno ) {
chunkSize = std : : min ( remaining , ( unsigned int ) ( ZT_UDP_DEFAULT_PAYLOAD_MTU - ZT_PROTO_MIN_FRAGMENT_LENGTH ) ) ;
Packet : : Fragment frag ( packet , fragStart , chunkSize , fno , totalFragments ) ;
# ifdef ZT_ENABLE_CLUSTER
if ( viaPath )
2015-04-03 23:52:53 +00:00
viaPath - > send ( RR , frag . data ( ) , frag . size ( ) , now ) ;
2017-02-01 20:00:25 +00:00
else if ( clusterMostRecentMemberId > = 0 )
RR - > cluster - > sendViaCluster ( clusterMostRecentMemberId , destination , frag . data ( ) , frag . size ( ) ) ;
# else
viaPath - > send ( RR , frag . data ( ) , frag . size ( ) , now ) ;
# endif
fragStart + = chunkSize ;
remaining - = chunkSize ;
2013-07-04 20:56:19 +00:00
}
}
2014-10-29 00:25:34 +00:00
}
2017-02-01 20:00:25 +00:00
return true ;
2013-07-04 20:56:19 +00:00
}
2016-11-18 00:59:04 +00:00
bool Switch : : _unite ( const Address & p1 , const Address & p2 )
{
if ( ( p1 = = RR - > identity . address ( ) ) | | ( p2 = = RR - > identity . address ( ) ) )
return false ;
const uint64_t now = RR - > node - > now ( ) ;
InetAddress * p1a = ( InetAddress * ) 0 ;
InetAddress * p2a = ( InetAddress * ) 0 ;
InetAddress p1v4 , p1v6 , p2v4 , p2v6 , uv4 , uv6 ;
{
const SharedPtr < Peer > p1p ( RR - > topology - > getPeer ( p1 ) ) ;
const SharedPtr < Peer > p2p ( RR - > topology - > getPeer ( p2 ) ) ;
if ( ( ! p1p ) & & ( ! p2p ) ) return false ;
if ( p1p ) p1p - > getBestActiveAddresses ( now , p1v4 , p1v6 ) ;
if ( p2p ) p2p - > getBestActiveAddresses ( now , p2v4 , p2v6 ) ;
}
if ( ( p1v6 ) & & ( p2v6 ) ) {
p1a = & p1v6 ;
p2a = & p2v6 ;
} else if ( ( p1v4 ) & & ( p2v4 ) ) {
p1a = & p1v4 ;
p2a = & p2v4 ;
} else {
SharedPtr < Peer > upstream ( RR - > topology - > getUpstreamPeer ( ) ) ;
if ( ! upstream )
return false ;
upstream - > getBestActiveAddresses ( now , uv4 , uv6 ) ;
if ( ( p1v6 ) & & ( uv6 ) ) {
p1a = & p1v6 ;
p2a = & uv6 ;
} else if ( ( p1v4 ) & & ( uv4 ) ) {
p1a = & p1v4 ;
p2a = & uv4 ;
} else if ( ( p2v6 ) & & ( uv6 ) ) {
p1a = & p2v6 ;
p2a = & uv6 ;
} else if ( ( p2v4 ) & & ( uv4 ) ) {
p1a = & p2v4 ;
p2a = & uv4 ;
} else return false ;
}
TRACE ( " unite: %s(%s) <> %s(%s) " , p1 . toString ( ) . c_str ( ) , p1a - > toString ( ) . c_str ( ) , p2 . toString ( ) . c_str ( ) , p2a - > toString ( ) . c_str ( ) ) ;
/* Tell P1 where to find P2 and vice versa, sending the packets to P1 and
* P2 in randomized order in terms of which gets sent first . This is done
* since in a few cases NAT - t can be sensitive to slight timing differences
* in terms of when the two peers initiate . Normally this is accounted for
* by the nearly - simultaneous RENDEZVOUS kickoff from the relay , but
* given that relay are hosted on cloud providers this can in some
* cases have a few ms of latency between packet departures . By randomizing
* the order we make each attempted NAT - t favor one or the other going
* first , meaning if it doesn ' t succeed the first time it might the second
* and so forth . */
unsigned int alt = ( unsigned int ) RR - > node - > prng ( ) & 1 ;
const unsigned int completed = alt + 2 ;
while ( alt ! = completed ) {
if ( ( alt & 1 ) = = 0 ) {
// Tell p1 where to find p2.
Packet outp ( p1 , RR - > identity . address ( ) , Packet : : VERB_RENDEZVOUS ) ;
outp . append ( ( unsigned char ) 0 ) ;
p2 . appendTo ( outp ) ;
outp . append ( ( uint16_t ) p2a - > port ( ) ) ;
if ( p2a - > isV6 ( ) ) {
outp . append ( ( unsigned char ) 16 ) ;
outp . append ( p2a - > rawIpData ( ) , 16 ) ;
} else {
outp . append ( ( unsigned char ) 4 ) ;
outp . append ( p2a - > rawIpData ( ) , 4 ) ;
}
send ( outp , true ) ;
} else {
// Tell p2 where to find p1.
Packet outp ( p2 , RR - > identity . address ( ) , Packet : : VERB_RENDEZVOUS ) ;
outp . append ( ( unsigned char ) 0 ) ;
p1 . appendTo ( outp ) ;
outp . append ( ( uint16_t ) p1a - > port ( ) ) ;
if ( p1a - > isV6 ( ) ) {
outp . append ( ( unsigned char ) 16 ) ;
outp . append ( p1a - > rawIpData ( ) , 16 ) ;
} else {
outp . append ( ( unsigned char ) 4 ) ;
outp . append ( p1a - > rawIpData ( ) , 4 ) ;
}
send ( outp , true ) ;
}
+ + alt ; // counts up and also flips LSB
}
return true ;
}
2013-07-04 20:56:19 +00:00
} // namespace ZeroTier