ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2024-12-20 21:43:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Replace certificate based gating of multicast like/gather with a simpler more efficient method, fix some minor issues with request based com/cert push, and clean up some other random stuff.

Browse Source
This commit is contained in:
Adam Ierymenko 2019-03-21 16:18:49 -07:00
parent 63ec19674c
commit 39e1021f62
6 changed files with 368 additions and 448 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
node/Address.hpp
View File

@ -54,28 +54,16 @@ public:
* @param bits Raw address -- 5 bytes, big-endian byte order * @param bits Raw address -- 5 bytes, big-endian byte order
* @param len Length of array * @param len Length of array
*/ */
Address(const void *bits,unsigned int len) Address(const void *bits,unsigned int len) { setTo(bits,len); }
{
setTo(bits,len);
}
inline Address &operator=(const Address &a) inline Address &operator=(const Address &a) { _a = a._a; return *this; }
{ inline Address &operator=(const uint64_t a) { _a = (a & 0xffffffffffULL); return *this; }
_a = a._a;
return *this;
}
inline Address &operator=(const uint64_t a)
{
_a = (a & 0xffffffffffULL);
return *this;
}
/** /**
* @param bits Raw address -- 5 bytes, big-endian byte order * @param bits Raw address -- 5 bytes, big-endian byte order
* @param len Length of array * @param len Length of array
*/ */
inline void setTo(const void *bits,unsigned int len) inline void setTo(const void *bits,const unsigned int len)
{ {
if (len < ZT_ADDRESS_LENGTH) { if (len < ZT_ADDRESS_LENGTH) {
_a = 0; _a = 0;
@ -94,7 +82,7 @@ public:
* @param bits Buffer to hold 5-byte address in big-endian byte order * @param bits Buffer to hold 5-byte address in big-endian byte order
* @param len Length of array * @param len Length of array
*/ */
inline void copyTo(void *bits,unsigned int len) const inline void copyTo(void *const bits,const unsigned int len) const
{ {
if (len < ZT_ADDRESS_LENGTH) if (len < ZT_ADDRESS_LENGTH)
return; return;
@ -125,37 +113,23 @@ public:
/** /**
* @return Integer containing address (0 to 2^40) * @return Integer containing address (0 to 2^40)
*/ */
inline uint64_t toInt() const inline uint64_t toInt() const { return _a; }
{
return _a;
}
/** /**
* @return Hash code for use with Hashtable * @return Hash code for use with Hashtable
*/ */
inline unsigned long hashCode() const inline unsigned long hashCode() const { return (unsigned long)_a; }
{
return (unsigned long)_a;
}
/** /**
* @return Hexadecimal string * @return Hexadecimal string
*/ */
inline char *toString(char buf[11]) const inline char *toString(char buf[11]) const { return Utils::hex10(_a,buf); }
{
return Utils::hex10(_a,buf);
}
/** /**
* @return True if this address is not zero * @return True if this address is not zero
*/ */
inline operator bool() const { return (_a != 0); } inline operator bool() const { return (_a != 0); }
/**
* Set to null/zero
*/
inline void zero() { _a = 0; }
/** /**
* Check if this address is reserved * Check if this address is reserved
* *
@ -165,16 +139,15 @@ public:
* *
* @return True if address is reserved and may not be used * @return True if address is reserved and may not be used
*/ */
inline bool isReserved() const inline bool isReserved() const { return ((!_a)||((_a >> 32) == ZT_ADDRESS_RESERVED_PREFIX)); }
{
return ((!_a)||((_a >> 32) == ZT_ADDRESS_RESERVED_PREFIX));
}
/** /**
* @param i Value from 0 to 4 (inclusive) * @param i Value from 0 to 4 (inclusive)
* @return Byte at said position (address interpreted in big-endian order) * @return Byte at said position (address interpreted in big-endian order)
*/ */
inline unsigned char operator[](unsigned int i) const { return (unsigned char)((_a >> (32 - (i * 8))) & 0xff); } inline uint8_t operator[](unsigned int i) const { return (uint8_t)(_a >> (32 - (i * 8))); }
inline void zero() { _a = 0; }
inline bool operator==(const uint64_t &a) const { return (_a == (a & 0xffffffffffULL)); } inline bool operator==(const uint64_t &a) const { return (_a == (a & 0xffffffffffULL)); }
inline bool operator!=(const uint64_t &a) const { return (_a != (a & 0xffffffffffULL)); } inline bool operator!=(const uint64_t &a) const { return (_a != (a & 0xffffffffffULL)); }

70
node/C25519.cpp
View File

@ -2003,25 +2003,6 @@ extern "C" void ed25519_amd64_asm_sign(const unsigned char *sk,const unsigned ch
namespace ZeroTier { namespace ZeroTier {
#ifdef ZT_CONTROLLER
struct C25519CacheKey
{
uint64_t messageDigest[4];
uint64_t publicKey[4];
inline unsigned long hashCode() const { return (unsigned long)(messageDigest[0] ^ publicKey[0]); }
inline bool operator==(const C25519CacheKey &k) const { return (memcmp(this,&k,sizeof(C25519CacheKey)) == 0); }
inline bool operator!=(const C25519CacheKey &k) const { return (memcmp(this,&k,sizeof(C25519CacheKey)) != 0); }
};
struct C25519CacheValue
{
uint64_t signature[12];
uint64_t timestamp;
};
static uint64_t _ed25519TimestampCounter = 0;
static Hashtable<C25519CacheKey,C25519CacheValue> _ed25519Cache;
static Mutex _ed25519CacheLock;
#endif
void C25519::agree(const C25519::Private &mine,const C25519::Public &their,void *keybuf,unsigned int keylen) void C25519::agree(const C25519::Private &mine,const C25519::Public &their,void *keybuf,unsigned int keylen)
{ {
unsigned char rawkey[32]; unsigned char rawkey[32];
@ -2043,21 +2024,6 @@ void C25519::sign(const C25519::Private &myPrivate,const C25519::Public &myPubli
unsigned char digest[64]; // we sign the first 32 bytes of SHA-512(msg) unsigned char digest[64]; // we sign the first 32 bytes of SHA-512(msg)
SHA512::hash(digest,msg,len); SHA512::hash(digest,msg,len);
#ifdef ZT_CONTROLLER
C25519CacheKey ck;
ZT_FAST_MEMCPY(ck.messageDigest,digest,32);
ZT_FAST_MEMCPY(ck.publicKey,myPublic.data + 32,32);
C25519CacheValue *cv = (C25519CacheValue *)0;
{
Mutex::Lock l(_ed25519CacheLock);
cv = _ed25519Cache.get(ck);
}
if (cv) {
ZT_FAST_MEMCPY(signature,cv->signature,ZT_C25519_SIGNATURE_LEN);
return;
}
#endif
#ifdef ZT_USE_FAST_X64_ED25519 #ifdef ZT_USE_FAST_X64_ED25519
ed25519_amd64_asm_sign(myPrivate.data + 32,myPublic.data + 32,digest,(unsigned char *)signature); ed25519_amd64_asm_sign(myPrivate.data + 32,myPublic.data + 32,digest,(unsigned char *)signature);
#else #else
@ -2103,28 +2069,6 @@ void C25519::sign(const C25519::Private &myPrivate,const C25519::Public &myPubli
for(unsigned int i=0;i<32;i++) for(unsigned int i=0;i<32;i++)
sig[32 + i] = s[i]; sig[32 + i] = s[i];
#endif #endif
#ifdef ZT_CONTROLLER
C25519CacheValue cvn;
memcpy(cvn.signature,signature,ZT_C25519_SIGNATURE_LEN);
{
Mutex::Lock l(_ed25519CacheLock);
if (_ed25519Cache.size() > 1048576) {
const uint64_t before = _ed25519TimestampCounter - ((1048576 / 3) * 2);
Hashtable< C25519CacheKey,C25519CacheValue >::Iterator i(_ed25519Cache);
C25519CacheKey *ik = (C25519CacheKey *)0;
C25519CacheValue *iv = (C25519CacheValue *)0;
while (i.next(ik,iv)) {
if (iv->timestamp < before)
_ed25519Cache.erase(*ik);
}
}
cvn.timestamp = ++_ed25519TimestampCounter;
_ed25519Cache.set(ck,cvn);
}
#endif
} }
bool C25519::verify(const C25519::Public &their,const void *msg,unsigned int len,const void *signature) bool C25519::verify(const C25519::Public &their,const void *msg,unsigned int len,const void *signature)
@ -2135,20 +2079,6 @@ bool C25519::verify(const C25519::Public &their,const void *msg,unsigned int len
if (!Utils::secureEq(sig + 64,digest,32)) if (!Utils::secureEq(sig + 64,digest,32))
return false; return false;
#ifdef ZT_CONTROLLER
C25519CacheKey ck;
ZT_FAST_MEMCPY(ck.messageDigest,digest,32);
ZT_FAST_MEMCPY(ck.publicKey,their.data + 32,32);
C25519CacheValue *cv = (C25519CacheValue *)0;
{
Mutex::Lock l(_ed25519CacheLock);
cv = _ed25519Cache.get(ck);
}
if (cv) {
return Utils::secureEq(cv->signature,signature,ZT_C25519_SIGNATURE_LEN);
}
#endif
unsigned char t2[32]; unsigned char t2[32];
ge25519 get1, get2; ge25519 get1, get2;
sc25519 schram, scs; sc25519 schram, scs;

19
node/IncomingPacket.cpp
View File

@ -761,9 +761,24 @@ bool IncomingPacket::_doECHO(const RuntimeEnvironment *RR,void *tPtr,const Share
bool IncomingPacket::_doMULTICAST_LIKE(const RuntimeEnvironment *RR,void *tPtr,const SharedPtr<Peer> &peer) bool IncomingPacket::_doMULTICAST_LIKE(const RuntimeEnvironment *RR,void *tPtr,const SharedPtr<Peer> &peer)
{ {
const int64_t now = RR->node->now(); const int64_t now = RR->node->now();
bool authorized = false;
uint64_t lastNwid = 0;
// Packet contains a series of 18-byte network,MAC,ADI tuples // Packet contains a series of 18-byte network,MAC,ADI tuples
for(unsigned int ptr=ZT_PACKET_IDX_PAYLOAD;ptr<size();ptr+=18) for(unsigned int ptr=ZT_PACKET_IDX_PAYLOAD;ptr<size();ptr+=18) {
RR->mc->add(tPtr,now,at<uint64_t>(ptr),MulticastGroup(MAC(field(ptr + 8,6),6),at<uint32_t>(ptr + 14)),peer->address()); const uint64_t nwid = at<uint64_t>(ptr);
if (nwid != lastNwid) {
lastNwid = nwid;
SharedPtr<Network> network(RR->node->network(nwid));
if (network)
authorized = network->gate(tPtr,peer);
if (!authorized)
authorized = ((RR->topology->amUpstream())||(RR->node->localControllerHasAuthorized(now,nwid,peer->address())));
}
if (authorized)
RR->mc->add(tPtr,now,nwid,MulticastGroup(MAC(field(ptr + 8,6),6),at<uint32_t>(ptr + 14)),peer->address());
}
peer->received(tPtr,_path,hops(),packetId(),payloadLength(),Packet::VERB_MULTICAST_LIKE,0,Packet::VERB_NOP,false,0); peer->received(tPtr,_path,hops(),packetId(),payloadLength(),Packet::VERB_MULTICAST_LIKE,0,Packet::VERB_NOP,false,0);
return true; return true;
} }

2
node/Membership.hpp
View File

@ -196,7 +196,7 @@ private:
} }
template<typename C> template<typename C>
void _cleanCredImpl(const NetworkConfig &nconf,Hashtable<uint32_t,C> &remoteCreds) inline void _cleanCredImpl(const NetworkConfig &nconf,Hashtable<uint32_t,C> &remoteCreds)
{ {
uint32_t *k = (uint32_t *)0; uint32_t *k = (uint32_t *)0;
C *v = (C *)0; C *v = (C *)0;

2
node/Node.cpp
View File

@ -270,11 +270,13 @@ ZT_ResultCode Node::processBackgroundTasks(void *tptr,int64_t now,volatile int64
RR->topology->getUpstreamsToContact(alwaysContact); RR->topology->getUpstreamsToContact(alwaysContact);
// Uncomment to dump stats // Uncomment to dump stats
/*
for(unsigned int i=0;i<32;i++) { for(unsigned int i=0;i<32;i++) {
if (_stats.inVerbCounts[i] > 0) if (_stats.inVerbCounts[i] > 0)
printf("%.2x\t%12lld %lld\n",i,(unsigned long long)_stats.inVerbCounts[i],(unsigned long long)_stats.inVerbBytes[i]); printf("%.2x\t%12lld %lld\n",i,(unsigned long long)_stats.inVerbCounts[i],(unsigned long long)_stats.inVerbBytes[i]);
} }
printf("\n"); printf("\n");
*/
// Check last receive time on designated upstreams to see if we seem to be online // Check last receive time on designated upstreams to see if we seem to be online
int64_t lastReceivedFromUpstream = 0; int64_t lastReceivedFromUpstream = 0;

2
node/Packet.cpp
View File

@ -989,7 +989,7 @@ bool Packet::compress()
if ((!compressed())&&(size() > (ZT_PACKET_IDX_PAYLOAD + 64))) { // don't bother compressing tiny packets if ((!compressed())&&(size() > (ZT_PACKET_IDX_PAYLOAD + 64))) { // don't bother compressing tiny packets
int pl = (int)(size() - ZT_PACKET_IDX_PAYLOAD); int pl = (int)(size() - ZT_PACKET_IDX_PAYLOAD);
int cl = LZ4_compress_fast(data + ZT_PACKET_IDX_PAYLOAD,buf,pl,ZT_PROTO_MAX_PACKET_LENGTH * 2,2); int cl = LZ4_compress_fast(data + ZT_PACKET_IDX_PAYLOAD,buf,pl,ZT_PROTO_MAX_PACKET_LENGTH * 2,1);
if ((cl > 0)&&(cl < pl)) { if ((cl > 0)&&(cl < pl)) {
data[ZT_PACKET_IDX_VERB] |= (char)ZT_PROTO_VERB_FLAG_COMPRESSED; data[ZT_PACKET_IDX_VERB] |= (char)ZT_PROTO_VERB_FLAG_COMPRESSED;
setSize((unsigned int)cl + ZT_PACKET_IDX_PAYLOAD); setSize((unsigned int)cl + ZT_PACKET_IDX_PAYLOAD);