From 3c655a4b8479a8c4a332cc4f36315c7841da34e7 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Wed, 15 Jun 2016 15:46:57 -0700 Subject: [PATCH] Default route ready to test on Mac. --- make-mac.mk | 2 +- node/InetAddress.hpp | 8 +- osdep/ManagedRoute.cpp | 163 +++++++++++++++++++-------------------- osdep/ManagedRoute.hpp | 71 +++++++++-------- service/ControlPlane.cpp | 22 ------ service/OneService.cpp | 96 +++++++++++++++-------- 6 files changed, 188 insertions(+), 174 deletions(-) diff --git a/make-mac.mk b/make-mac.mk index aaa960e2e..c63f2545d 100644 --- a/make-mac.mk +++ b/make-mac.mk @@ -62,7 +62,7 @@ ifeq ($(ZT_DEBUG),1) # C25519 in particular is almost UNUSABLE in heavy testing without it. ext/lz4/lz4.o node/Salsa20.o node/SHA512.o node/C25519.o node/Poly1305.o: CFLAGS = -Wall -O2 -g -pthread $(INCLUDES) $(DEFS) else - CFLAGS?=-Ofast -fstack-protector + CFLAGS?=-Ofast -fstack-protector-strong CFLAGS+=$(ARCH_FLAGS) -Wall -flto -fPIE -pthread -mmacosx-version-min=10.7 -DNDEBUG -Wno-unused-private-field $(INCLUDES) $(DEFS) STRIP=strip endif diff --git a/node/InetAddress.hpp b/node/InetAddress.hpp index 1d171ba7e..8abf1c04d 100644 --- a/node/InetAddress.hpp +++ b/node/InetAddress.hpp @@ -245,18 +245,18 @@ struct InetAddress : public sockaddr_storage /** * @return True if this network/netmask route describes a default route (e.g. 0.0.0.0/0) */ - inline bool isDefaultRoute() + inline bool isDefaultRoute() const { switch(ss_family) { case AF_INET: - return ( (reinterpret_cast(this)->sin_addr.s_addr == 0) && (reinterpret_cast(this)->sin_port == 0) ); + return ( (reinterpret_cast(this)->sin_addr.s_addr == 0) && (reinterpret_cast(this)->sin_port == 0) ); case AF_INET6: - const uint8_t *ipb = reinterpret_cast(reinterpret_cast(this)->sin6_addr.s6_addr); + const uint8_t *ipb = reinterpret_cast(reinterpret_cast(this)->sin6_addr.s6_addr); for(int i=0;i<16;++i) { if (ipb[i]) return false; } - return (reinterpret_cast(this)->sin6_port == 0); + return (reinterpret_cast(this)->sin6_port == 0); } return false; } diff --git a/osdep/ManagedRoute.cpp b/osdep/ManagedRoute.cpp index c31f6dd05..0afac440a 100644 --- a/osdep/ManagedRoute.cpp +++ b/osdep/ManagedRoute.cpp @@ -263,11 +263,15 @@ static void _routeCmd(const char *op,const InetAddress &target,const InetAddress #endif // __WINDOWS__ -------------------------------------------------------- +#ifndef ZT_ROUTING_SUPPORT_FOUND +#error ManagedRoute.cpp has no support for managing routes on this platform! You'll need to check and see if one of the existing ones will work and make sure proper defines are set, or write one. Please do a Github pull request if you do this for a new OS! +#endif + } // anonymous namespace bool ManagedRoute::sync() { - if (this->target.isDefaultRoute()) { + if (_target.isDefaultRoute()) { /* In ZeroTier we use a forked-route trick to override the default * with a more specific one while leaving the original system route * intact. We also create a shadow more specific route to the @@ -276,52 +280,68 @@ bool ManagedRoute::sync() * done *slightly* differently on different platforms. */ InetAddress leftt,rightt; - _forkTarget(this->target,leftt,rightt); + _forkTarget(_target,leftt,rightt); #ifdef __BSD__ // ------------------------------------------------------------ - InetAddress systemVia; - char systemDevice[128]; + // Get system default route information + InetAddress newSystemVia; + char newSystemDevice[128]; + newSystemDevice[0] = (char)0; int systemMetric = 9999999; - systemDevice[0] = (char)0; - - std::vector<_RTE> rtes(_getRTEs(this->target,false)); + std::vector<_RTE> rtes(_getRTEs(_target,false)); for(std::vector<_RTE>::iterator r(rtes.begin());r!=rtes.end();++r) { if (r->via) { - if ((!systemVia)||(r->metric < systemMetric)) { - systemVia = r->via; - Utils::scopy(systemDevice,sizeof(systemDevice),r->device); + if ((!newSystemVia)||(r->metric < systemMetric)) { + newSystemVia = r->via; + Utils::scopy(_systemDevice,sizeof(_systemDevice),r->device); systemMetric = r->metric; } } } - - if (!systemDevice[0]) { - rtes = _getRTEs(systemVia,true); + if (!newSystemDevice[0]) { + rtes = _getRTEs(newSystemVia,true); for(std::vector<_RTE>::iterator r(rtes.begin());r!=rtes.end();++r) { - if (r->device[0]) - Utils::scopy(systemDevice,sizeof(systemDevice),r->device); + if (r->device[0]) { + Utils::scopy(newSystemDevice,sizeof(newSystemDevice),r->device); + break; + } } } - - if ((!systemVia)||(!systemDevice[0])) + if ((!newSystemVia)||(!newSystemDevice[0])) return false; - _routeCmd("add",leftt,systemVia,systemDevice,(const char *)0); - _routeCmd("change",leftt,systemVia,systemDevice,(const char *)0); - _routeCmd("add",rightt,systemVia,systemDevice,(const char *)0); - _routeCmd("change",rightt,systemVia,systemDevice,(const char *)0); + // If system default route has changed or hasn't been shadowed yet, update shadow + if ((_systemVia != newSystemVia)||(!strcmp(_systemDevice,newSystemDevice))) { + if ((_systemVia)&&(_systemDevice[0])) { + _routeCmd("delete",leftt,_systemVia,_systemDevice,(const char *)0); + _routeCmd("delete",rightt,_systemVia,_systemDevice,(const char *)0); + } - if (this->via) { - _routeCmd("add",leftt,this->via,(const char *)0,(const char *)0); - _routeCmd("change",leftt,this->via,(const char *)0,(const char *)0); - _routeCmd("add",rightt,this->via,(const char *)0,(const char *)0); - _routeCmd("change",rightt,this->via,(const char *)0,(const char *)0); - } else if ((this->device)&&(this->device[0])) { - _routeCmd("add",leftt,this->via,(const char *)0,this->device); - _routeCmd("change",leftt,this->via,(const char *)0,this->device); - _routeCmd("add",rightt,this->via,(const char *)0,this->device); - _routeCmd("change",rightt,this->via,(const char *)0,this->device); + _systemVia = newSystemVia; + Utils::scopy(_systemDevice,sizeof(_systemDevice),newSystemDevice); + + _routeCmd("add",leftt,_systemVia,_systemDevice,(const char *)0); + _routeCmd("change",leftt,_systemVia,_systemDevice,(const char *)0); + _routeCmd("add",rightt,_systemVia,_systemDevice,(const char *)0); + _routeCmd("change",rightt,_systemVia,_systemDevice,(const char *)0); + } + + // Apply overriding routes + if (!_applied) { + if (_via) { + _routeCmd("add",leftt,_via,(const char *)0,(const char *)0); + _routeCmd("change",leftt,_via,(const char *)0,(const char *)0); + _routeCmd("add",rightt,_via,(const char *)0,(const char *)0); + _routeCmd("change",rightt,_via,(const char *)0,(const char *)0); + } else if (_device[0]) { + _routeCmd("add",leftt,_via,(const char *)0,_device); + _routeCmd("change",leftt,_via,(const char *)0,_device); + _routeCmd("add",rightt,_via,(const char *)0,_device); + _routeCmd("change",rightt,_via,(const char *)0,_device); + } + + _applied = true; } #endif // __BSD__ ------------------------------------------------------------ @@ -357,59 +377,32 @@ bool ManagedRoute::sync() void ManagedRoute::remove() { - if (!this->applied) - return; + if (_applied) { + if (_target.isDefaultRoute()) { + /* In ZeroTier we use a forked-route trick to override the default + * with a more specific one while leaving the original system route + * intact. We also create a shadow more specific route to the + * original gateway that is device-bound so that ZeroTier's device + * bound ports go via the physical Internet link. This has to be + * done *slightly* differently on different platforms. */ - if (this->target.isDefaultRoute()) { - /* In ZeroTier we use a forked-route trick to override the default - * with a more specific one while leaving the original system route - * intact. We also create a shadow more specific route to the - * original gateway that is device-bound so that ZeroTier's device - * bound ports go via the physical Internet link. This has to be - * done *slightly* differently on different platforms. */ - - InetAddress leftt,rightt; - _forkTarget(this->target,leftt,rightt); + InetAddress leftt,rightt; + _forkTarget(_target,leftt,rightt); #ifdef __BSD__ // ------------------------------------------------------------ - InetAddress systemVia; - char systemDevice[128]; - int systemMetric = 9999999; - systemDevice[0] = (char)0; - - std::vector<_RTE> rtes(_getRTEs(this->target,false)); - for(std::vector<_RTE>::iterator r(rtes.begin());r!=rtes.end();++r) { - if (r->via) { - if ((!systemVia)||(r->metric < systemMetric)) { - systemVia = r->via; - Utils::scopy(systemDevice,sizeof(systemDevice),r->device); - systemMetric = r->metric; - } + if ((_systemVia)&&(_systemDevice[0])) { + _routeCmd("delete",leftt,_systemVia,_systemDevice,(const char *)0); + _routeCmd("delete",rightt,_systemVia,_systemDevice,(const char *)0); } - } - if (!systemDevice[0]) { - rtes = _getRTEs(systemVia,true); - for(std::vector<_RTE>::iterator r(rtes.begin());r!=rtes.end();++r) { - if (r->device[0]) - Utils::scopy(systemDevice,sizeof(systemDevice),r->device); + if (_via) { + _routeCmd("delete",leftt,_via,(const char *)0,(const char *)0); + _routeCmd("delete",rightt,_via,(const char *)0,(const char *)0); + } else if (_device[0]) { + _routeCmd("delete",leftt,_via,(const char *)0,_device); + _routeCmd("delete",rightt,_via,(const char *)0,_device); } - } - - if ((!systemVia)||(!systemDevice[0])) - return false; - - _routeCmd("delete",leftt,systemVia,systemDevice,(const char *)0); - _routeCmd("delete",rightt,systemVia,systemDevice,(const char *)0); - - if (this->via) { - _routeCmd("delete",leftt,this->via,(const char *)0,(const char *)0); - _routeCmd("delete",rightt,this->via,(const char *)0,(const char *)0); - } else if ((this->device)&&(this->device[0])) { - _routeCmd("delete",leftt,this->via,(const char *)0,this->device); - _routeCmd("delete",rightt,this->via,(const char *)0,this->device); - } #endif // __BSD__ ------------------------------------------------------------ @@ -421,9 +414,9 @@ void ManagedRoute::remove() #endif // __WINDOWS__ -------------------------------------------------------- - } else { + } else { - // TODO + // TODO #ifdef __BSD__ // ------------------------------------------------------------ @@ -437,15 +430,19 @@ void ManagedRoute::remove() #endif // __WINDOWS__ -------------------------------------------------------- + } } + + _target.zero(); + _via.zero(); + _systemVia.zero(); + _device[0] = (char)0; + _systemDevice[0] = (char)0; + _applied = false; } } // namespace ZeroTier -#ifndef ZT_ROUTING_SUPPORT_FOUND -#error ManagedRoute.cpp has no support for managing routes on this platform! You'll need to check and see if one of the existing ones will work and make sure proper defines are set, or write one. Please do a Github pull request if you do this for a new OS! -#endif - /* int main(int argc,char **argv) { diff --git a/osdep/ManagedRoute.hpp b/osdep/ManagedRoute.hpp index 081d516d3..86468a45c 100644 --- a/osdep/ManagedRoute.hpp +++ b/osdep/ManagedRoute.hpp @@ -18,12 +18,11 @@ namespace ZeroTier { class ManagedRoute { public: - ManagedRoute() : - target(), - via(), - applied(false) + ManagedRoute() { - device[0] = (char)0; + _device[0] = (char)0; + _systemDevice[0] = (char)0; + _applied = false; } ~ManagedRoute() @@ -31,7 +30,24 @@ public: this->remove(); } + ManagedRoute(const ManagedRoute &r) + { + *this = r; + } + + inline ManagedRoute &operator=(const ManagedRoute &r) + { + if ((!_applied)&&(!r._applied)) { + memcpy(this,&r,sizeof(ManagedRoute)); // InetAddress is memcpy'able + } else { + throw std::runtime_error("Applied ManagedRoute is non-copyable!"); + } + return *this; + } + /** + * Initialize object and set route + * * @param target Route target (e.g. 0.0.0.0/0 for default) * @param via Route next L3 hop or NULL InetAddress if local * @param device Device name/ID if 'via' is null and route is local, otherwise ignored @@ -39,13 +55,12 @@ public: */ inline bool set(const InetAddress &target,const InetAddress &via,const char *device) { - if ((!via)&&((!device)||(!device[0]))) + if ((!_via)&&(!_device[0])) return false; this->remove(); - this->target = target; - this->via = via; - this->applied = true; - Utils::scopy(this->device,sizeof(this->device),device); + _target = target; + _via = via; + Utils::scopy(_device,sizeof(_device),device); return this->sync(); } @@ -60,34 +75,26 @@ public: bool sync(); /** - * Remove and clear this ManagedRoute (also done automatically on destruct) + * Remove and clear this ManagedRoute * - * This does nothing if this ManagedRoute is not set or has already been removed. + * This does nothing if this ManagedRoute is not set or has already been + * removed. If this is not explicitly called it is called automatically on + * destruct. */ void remove(); + inline const InetAddress &target() const { return _target; } + inline const InetAddress &via() const { return _via; } + inline const char *device() const { return _device; } + private: - /* - static inline bool _viaCompare(const InetAddress &v1,const InetAddress &v2) - { - if (v1) { - if (v2) - return v1.ipsEqual(v2); - else return false; - } else if (v2) - return false; - else return true; - } - */ - // non-copyable - ManagedRoute(const ManagedRoute &mr) {} - inline ManagedRoute &operator=(const ManagedRoute &mr) { return *this; } - - InetAddress target; - InetAddress via; - bool applied; - char device[128]; + InetAddress _target; + InetAddress _via; + InetAddress _systemVia; // for route overrides + char _device[128]; + char _systemDevice[128]; // for route overrides + bool _applied; }; } // namespace ZeroTier diff --git a/service/ControlPlane.cpp b/service/ControlPlane.cpp index accbfa353..525327e96 100644 --- a/service/ControlPlane.cpp +++ b/service/ControlPlane.cpp @@ -59,28 +59,6 @@ static std::string _jsonEscape(const char *s) } static std::string _jsonEscape(const std::string &s) { return _jsonEscape(s.c_str()); } -static std::string _jsonEnumerate(const ZT_MulticastGroup *mg,unsigned int count) -{ - std::string buf; - char tmp[128]; - buf.push_back('['); - for(unsigned int i=0;i 0) - buf.push_back(','); - Utils::snprintf(tmp,sizeof(tmp),"\"%.2x:%.2x:%.2x:%.2x:%.2x:%.2x\\/%.8lx\"", - (unsigned int)((mg[i].mac >> 40) & 0xff), - (unsigned int)((mg[i].mac >> 32) & 0xff), - (unsigned int)((mg[i].mac >> 24) & 0xff), - (unsigned int)((mg[i].mac >> 16) & 0xff), - (unsigned int)((mg[i].mac >> 8) & 0xff), - (unsigned int)(mg[i].mac & 0xff), - (unsigned long)(mg[i].adi)); - buf.append(tmp); - } - buf.push_back(']'); - return buf; -} - static std::string _jsonEnumerate(const struct sockaddr_storage *ss,unsigned int count) { std::string buf; diff --git a/service/OneService.cpp b/service/OneService.cpp index da440affc..29916896b 100644 --- a/service/OneService.cpp +++ b/service/OneService.cpp @@ -26,6 +26,7 @@ #include #include #include +#include #include "../version.h" #include "../include/ZeroTierOne.h" @@ -51,7 +52,7 @@ #include "../osdep/BackgroundResolver.hpp" #include "../osdep/PortMapper.hpp" #include "../osdep/Binder.hpp" -#include "../osdep/RoutingTable.hpp" +#include "../osdep/ManagedRoute.hpp" #include "OneService.hpp" #include "ControlPlane.hpp" @@ -527,7 +528,7 @@ public: EthernetTap *tap; std::vector managedIps; - std::vector< std::pair > managedRoutes; // target/via (flags and metric not currently used) + std::list managedRoutes; bool allowManaged; // allow managed addresses and routes bool allowGlobal; // allow global (non-private) IP routes? bool allowDefault; // allow default route? @@ -1257,17 +1258,18 @@ public: case ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_CONFIG_UPDATE: if (n.tap) { // sanity check if (n.allowManaged) { + { // configure managed IP addresses std::vector newManagedIps; for(unsigned int i=0;iassignedAddressCount;++i) { const InetAddress *ii = reinterpret_cast(&(nwc->assignedAddresses[i])); switch(ii->ipScope()) { - case IP_SCOPE_NONE: - case IP_SCOPE_MULTICAST: - case IP_SCOPE_LOOPBACK: - case IP_SCOPE_LINK_LOCAL: + case InetAddress::IP_SCOPE_NONE: + case InetAddress::IP_SCOPE_MULTICAST: + case InetAddress::IP_SCOPE_LOOPBACK: + case InetAddress::IP_SCOPE_LINK_LOCAL: break; // ignore these -- they shouldn't appear here - case IP_SCOPE_GLOBAL: + case InetAddress::IP_SCOPE_GLOBAL: if (!n.allowGlobal) continue; // skip global IP ranges if we haven't given this network permission to assign them // else fall through for PSEUDOPRIVATE, SHARED, PRIVATE @@ -1294,46 +1296,76 @@ public: n.managedIps.swap(newManagedIps); } + { // configure managed routes - std::vector< std::pair > newManagedRoutes; + const std::string tapdev(n.tap->deviceName()); + + for(std::list::iterator mr(n.managedRoutes.begin());mr!=n.managedRoutes.end();) { + bool haveRoute = false; + for(unsigned int i=0;irouteCount;++i) { + const InetAddress *const target = reinterpret_cast(&(nwc->routes[i].target)); + const InetAddress *const via = reinterpret_cast(&(nwc->routes[i].via)); + if (mr->target() == *target) { + if ((via->ss_family == target->ss_family)&&(mr->via() == *via)) { + haveRoute = true; + break; + } else if (tapdev == mr->device()) { + haveRoute = true; + break; + } + } + } + if (haveRoute) { + ++mr; + } else { + n.managedRoutes.erase(mr++); // also removes route via RAII behavior + } + } + for(unsigned int i=0;irouteCount;++i) { - const InetAddress *target = reinterpret_cast(&(nwc->routes[i].target)); - const InetAddress *via = reinterpret_cast(&(nwc->routes[i].via)); + const InetAddress *const target = reinterpret_cast(&(nwc->routes[i].target)); + const InetAddress *const via = reinterpret_cast(&(nwc->routes[i].via)); + + bool haveRoute = false; + for(std::list::iterator mr(n.managedRoutes.begin());mr!=n.managedRoutes.end();++mr) { + if (mr->target() == *target) { + if ((via->ss_family == target->ss_family)&&(mr->via() == *via)) { + haveRoute = true; + break; + } else if (tapdev == mr->device()) { + haveRoute = true; + break; + } + } + } + if (haveRoute) + continue; + + n.managedRoutes.push_back(ManagedRoute()); + if ((target->isDefaultRoute())&&(n.allowDefault)) { - newManagedRoutes.push_back(std::pair(*target,*via)); + if (!n.managedRoutes.back().set(*target,*via,tapdev.c_str())) + n.managedRoutes.pop_back(); } else { switch(target->ipScope()) { - case IP_SCOPE_NONE: - case IP_SCOPE_MULTICAST: - case IP_SCOPE_LOOPBACK: - case IP_SCOPE_LINK_LOCAL: + case InetAddress::IP_SCOPE_NONE: + case InetAddress::IP_SCOPE_MULTICAST: + case InetAddress::IP_SCOPE_LOOPBACK: + case InetAddress::IP_SCOPE_LINK_LOCAL: break; - case IP_SCOPE_GLOBAL: + case InetAddress::IP_SCOPE_GLOBAL: if (!n.allowGlobal) continue; // skip global IP ranges if we haven't given this network permission to assign them // else fall through for PSEUDOPRIVATE, SHARED, PRIVATE default: - newManagedRoutes.push_back(std::pair(*target,*via)); + if (!n.managedRoutes.back().set(*target,*via,tapdev.c_str())) + n.managedRoutes.pop_back(); break; } } } - std::sort(newManagedRoutes.begin(),newManagedRoutes.end()); - newManagedRoutes.erase(std::unique(newManagedRoutes.begin(),newManagedRoutes.end()),newManagedRoutes.end()); - - for(std::vector< std::pair >::iterator mr(newManagedRoutes.begin()),mr!=newManagedRoutes.end();++mr) { - if (std::find(n.managedRoutes.begin(),n.managedRoutes.end(),*mr) == n.managedRoutes.end()) { - printf("ADDING ROUTE: %s -> %s\n",mr->first.toString().c_str(),mr->second.toString().c_str()); - } - } - for(std::vector< std::pair >::iterator mr(n.managedRoutes.begin());mr!=n.managedRoutes.end();++mr) { - if (std::find(newManagedRoutes.begin(),newManagedRoutes.end(),*mr) != newManagedRoutes.end()) { - printf("REMOVING ROUTE: %s -> %s\n",mr->first.toString().c_str(),mr->second.toString().c_str()); - } - } - - n.managedRoutes.swap(newManagedRoutes); } + } } else { _nets.erase(nwid);