diff --git a/node/IncomingPacket.cpp b/node/IncomingPacket.cpp index ca6094182..aea110d5b 100644 --- a/node/IncomingPacket.cpp +++ b/node/IncomingPacket.cpp @@ -465,12 +465,13 @@ bool IncomingPacket::_doWHOIS(const RuntimeEnvironment *RR,const SharedPtr { try { if (payloadLength() == ZT_ADDRESS_LENGTH) { - Identity queried(RR->topology->getIdentity(Address(payload(),ZT_ADDRESS_LENGTH))); - if (queried) { + const Address addr(payload(),ZT_ADDRESS_LENGTH); + const Identity id(RR->topology->getIdentity(addr)); + if (id) { Packet outp(peer->address(),RR->identity.address(),Packet::VERB_OK); outp.append((unsigned char)Packet::VERB_WHOIS); outp.append(packetId()); - queried.serialize(outp,false); + id.serialize(outp,false); outp.armor(peer->key(),true); RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size()); } else { @@ -478,6 +479,10 @@ bool IncomingPacket::_doWHOIS(const RuntimeEnvironment *RR,const SharedPtr if (RR->cluster) RR->cluster->sendDistributedQuery(*this); #endif + if (!RR->topology->amRoot()) { + RR->sw->requestWhois(addr); + return false; // packet parse will be attempted again if we get a reply from upstream + } } } else { TRACE("dropped WHOIS from %s(%s): missing or invalid address",source().toString().c_str(),_remoteAddress.toString().c_str()); @@ -492,7 +497,7 @@ bool IncomingPacket::_doWHOIS(const RuntimeEnvironment *RR,const SharedPtr bool IncomingPacket::_doRENDEZVOUS(const RuntimeEnvironment *RR,const SharedPtr &peer) { try { - if (RR->topology->isUpstream(peer->identity())) { + if (RR->topology->isUpstream(peer->identity())) { // only upstream peers can tell us to rendezvous, otherwise this opens a potential amplification attack vector const Address with(field(ZT_PROTO_VERB_RENDEZVOUS_IDX_ZTADDRESS,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH); const SharedPtr withPeer(RR->topology->getPeer(with)); if (withPeer) { @@ -501,7 +506,7 @@ bool IncomingPacket::_doRENDEZVOUS(const RuntimeEnvironment *RR,const SharedPtr< if ((port > 0)&&((addrlen == 4)||(addrlen == 16))) { peer->received(_localAddress,_remoteAddress,hops(),packetId(),Packet::VERB_RENDEZVOUS,0,Packet::VERB_NOP); - InetAddress atAddr(field(ZT_PROTO_VERB_RENDEZVOUS_IDX_ADDRESS,addrlen),addrlen,port); + const InetAddress atAddr(field(ZT_PROTO_VERB_RENDEZVOUS_IDX_ADDRESS,addrlen),addrlen,port); TRACE("RENDEZVOUS from %s says %s might be at %s, starting NAT-t",peer->address().toString().c_str(),with.toString().c_str(),atAddr.toString().c_str()); if (RR->node->shouldUsePathForZeroTierTraffic(_localAddress,atAddr)) RR->sw->rendezvous(withPeer,_localAddress,atAddr); diff --git a/node/Network.cpp b/node/Network.cpp index d9ad7838d..485a598be 100644 --- a/node/Network.cpp +++ b/node/Network.cpp @@ -50,10 +50,6 @@ Network::Network(const RuntimeEnvironment *renv,uint64_t nwid,void *uptr) : { char confn[128],mcdbn[128]; Utils::snprintf(confn,sizeof(confn),"networks.d/%.16llx.conf",_id); - Utils::snprintf(mcdbn,sizeof(mcdbn),"networks.d/%.16llx.mcerts",_id); - - // These files are no longer used, so clean them. - RR->node->dataStoreDelete(mcdbn); if (_id == ZT_TEST_NETWORK_ID) { applyConfiguration(NetworkConfig::createTestNetworkConfig(RR->identity.address())); @@ -144,7 +140,7 @@ bool Network::tryAnnounceMulticastGroupsTo(const SharedPtr &peer) if ( (_isAllowed(peer)) || (peer->address() == this->controller()) || - (RR->topology->isRoot(peer->identity())) + (RR->topology->isUpstream(peer->identity())) ) { _announceMulticastGroupsTo(peer,_allMulticastGroups()); return true;