From 182f16d2a4f59d6a8420803fc202b6a75285465e Mon Sep 17 00:00:00 2001 From: Athanasios Oikonomou Date: Sun, 26 Apr 2020 16:53:49 +0200 Subject: [PATCH 01/10] Add support for armv7ve This commit adds support for ARM armv7ve arch. The extended version of the ARMv7-A architecture with support for virtualization. --- make-linux.mk | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/make-linux.mk b/make-linux.mk index 9fd4f7b95..eff3a50ed 100644 --- a/make-linux.mk +++ b/make-linux.mk @@ -205,6 +205,11 @@ ifeq ($(CC_MACH),armv7hl) override DEFS+=-DZT_NO_TYPE_PUNNING ZT_USE_ARM32_NEON_ASM_CRYPTO=1 endif +ifeq ($(CC_MACH),armv7ve) + ZT_ARCHITECTURE=3 + override DEFS+=-DZT_NO_TYPE_PUNNING + ZT_USE_ARM32_NEON_ASM_CRYPTO=1 +endif ifeq ($(CC_MACH),arm64) ZT_ARCHITECTURE=4 override DEFS+=-DZT_NO_TYPE_PUNNING From d2db307bee4891a4b1744ae205c794fd0ce56f98 Mon Sep 17 00:00:00 2001 From: Gleb Panov Date: Wed, 29 Apr 2020 13:51:28 +0300 Subject: [PATCH 02/10] Add lines to enable Elbrus (https://en.wikipedia.org/wiki/Elbrus-8S) microprocessor architecture. No changes in code, only in build procedure (recognise relevant ARCH output. --- make-linux.mk | 3 +++ 1 file changed, 3 insertions(+) diff --git a/make-linux.mk b/make-linux.mk index d48697067..39ffbe73e 100644 --- a/make-linux.mk +++ b/make-linux.mk @@ -146,6 +146,9 @@ endif ifeq ($(CC_MACH),ppc64el) ZT_ARCHITECTURE=8 endif +ifeq ($(CC_MACH),e2k) + ZT_ARCHITECTURE=2 +endif ifeq ($(CC_MACH),i386) ZT_ARCHITECTURE=1 endif From ffebcd247fcc5fec9aee85c26da581cee8a09d72 Mon Sep 17 00:00:00 2001 From: Suad Halilovic Date: Thu, 16 Jul 2020 18:31:56 +0200 Subject: [PATCH 03/10] 2020/07/16, Minor optmizations --- CMakeLists.txt | 1 + controller/EmbeddedNetworkController.cpp | 14 +++++++------- controller/LFDB.cpp | 8 ++++---- node/IncomingPacket.cpp | 2 +- node/Peer.cpp | 2 +- node/Topology.cpp | 4 ++-- one.cpp | 8 ++++---- osdep/Binder.hpp | 4 ++-- osdep/OSUtils.cpp | 2 +- service/OneService.cpp | 18 +++++++++--------- service/SoftwareUpdater.cpp | 4 ++-- 11 files changed, 34 insertions(+), 33 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index fff7808e1..b22ae7d77 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -5,6 +5,7 @@ project (zerotiercore) set (PROJ_DIR ${PROJECT_SOURCE_DIR}) set (ZT_DEFS -std=c++11) +set (CMAKE_EXPORT_COMPILE_COMMANDS ON) file(GLOB core_src_glob ${PROJ_DIR}/node/*.cpp) add_library(zerotiercore STATIC ${core_src_glob}) diff --git a/controller/EmbeddedNetworkController.cpp b/controller/EmbeddedNetworkController.cpp index e0e2a3eae..e5db6eca1 100644 --- a/controller/EmbeddedNetworkController.cpp +++ b/controller/EmbeddedNetworkController.cpp @@ -97,7 +97,7 @@ static json _renderRule(ZT_VirtualNetworkRule &rule) break; } - if (r.size() == 0) { + if (r.empty()) { switch(rt) { case ZT_NETWORK_RULE_MATCH_SOURCE_ZEROTIER_ADDRESS: r["type"] = "MATCH_SOURCE_ZEROTIER_ADDRESS"; @@ -239,7 +239,7 @@ static json _renderRule(ZT_VirtualNetworkRule &rule) break; } - if (r.size() > 0) { + if (!r.empty()) { r["not"] = ((rule.t & 0x80) != 0); r["or"] = ((rule.t & 0x40) != 0); } @@ -554,7 +554,7 @@ unsigned int EmbeddedNetworkController::handleControlPlaneHttpGET( std::string &responseBody, std::string &responseContentType) { - if ((path.size() > 0)&&(path[0] == "network")) { + if ((!path.empty())&&(path[0] == "network")) { if ((path.size() >= 2)&&(path[1].length() == 16)) { const uint64_t nwid = Utils::hexStrToU64(path[1].c_str()); @@ -1227,11 +1227,11 @@ void EmbeddedNetworkController::_request( Utils::hex(nwid,nwids); _db.get(nwid,network,identity.address().toInt(),member,ns); - if ((!network.is_object())||(network.size() == 0)) { + if ((!network.is_object())||(network.empty())) { _sender->ncSendError(nwid,requestPacketId,identity.address(),NetworkController::NC_ERROR_OBJECT_NOT_FOUND); return; } - const bool newMember = ((!member.is_object())||(member.size() == 0)); + const bool newMember = ((!member.is_object())||(member.empty())); DB::initMember(member); { @@ -1437,11 +1437,11 @@ void EmbeddedNetworkController::_request( std::map< uint64_t,json * >::const_iterator ctmp = capsById.find(capId); if (ctmp != capsById.end()) { json *cap = ctmp->second; - if ((cap)&&(cap->is_object())&&(cap->size() > 0)) { + if ((cap)&&(cap->is_object())&&(!cap->empty())) { ZT_VirtualNetworkRule capr[ZT_MAX_CAPABILITY_RULES]; unsigned int caprc = 0; json &caprj = (*cap)["rules"]; - if ((caprj.is_array())&&(caprj.size() > 0)) { + if ((caprj.is_array())&&(!caprj.empty())) { for(unsigned long j=0;j= ZT_MAX_CAPABILITY_RULES) break; diff --git a/controller/LFDB.cpp b/controller/LFDB.cpp index d11b77a07..03265347f 100644 --- a/controller/LFDB.cpp +++ b/controller/LFDB.cpp @@ -190,10 +190,10 @@ LFDB::LFDB(const Identity &myId,const char *path,const char *lfOwnerPrivate,cons if (resp) { if (resp->status == 200) { nlohmann::json results(OSUtils::jsonParse(resp->body)); - if ((results.is_array())&&(results.size() > 0)) { + if ((results.is_array())&&(!results.empty())) { for(std::size_t ri=0;ri 0)) { + if ((rset.is_array())&&(!rset.empty())) { nlohmann::json &result = rset[0]; if (result.is_object()) { @@ -258,10 +258,10 @@ LFDB::LFDB(const Identity &myId,const char *path,const char *lfOwnerPrivate,cons if (resp) { if (resp->status == 200) { nlohmann::json results(OSUtils::jsonParse(resp->body)); - if ((results.is_array())&&(results.size() > 0)) { + if ((results.is_array())&&(!results.empty())) { for(std::size_t ri=0;ri 0)) { + if ((rset.is_array())&&(!rset.empty())) { nlohmann::json &result = rset[0]; if (result.is_object()) { diff --git a/node/IncomingPacket.cpp b/node/IncomingPacket.cpp index 331446ced..d6f6d951c 100644 --- a/node/IncomingPacket.cpp +++ b/node/IncomingPacket.cpp @@ -427,7 +427,7 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,void *tPtr,const bool if ((planetWorldId)&&(RR->topology->planetWorldTimestamp() > planetWorldTimestamp)&&(planetWorldId == RR->topology->planetWorldId())) { RR->topology->planet().serialize(outp,false); } - if (moonIdsAndTimestamps.size() > 0) { + if (!moonIdsAndTimestamps.empty()) { std::vector moons(RR->topology->moons()); for(std::vector::const_iterator m(moons.begin());m!=moons.end();++m) { for(std::vector< std::pair >::const_iterator i(moonIdsAndTimestamps.begin());i!=moonIdsAndTimestamps.end();++i) { diff --git a/node/Peer.cpp b/node/Peer.cpp index c70e89d71..35b35559f 100644 --- a/node/Peer.cpp +++ b/node/Peer.cpp @@ -198,7 +198,7 @@ void Peer::received( if (sinceLastPush >= ((hops == 0) ? ZT_DIRECT_PATH_PUSH_INTERVAL_HAVEPATH : ZT_DIRECT_PATH_PUSH_INTERVAL)) { _lastDirectPathPushSent = now; std::vector pathsToPush(RR->node->directPaths()); - if (pathsToPush.size() > 0) { + if (!pathsToPush.empty()) { std::vector::const_iterator p(pathsToPush.begin()); while (p != pathsToPush.end()) { Packet *const outp = new Packet(_id.address(),RR->identity.address(),Packet::VERB_PUSH_DIRECT_PATHS); diff --git a/node/Topology.cpp b/node/Topology.cpp index 01a81fccc..ab70220a1 100644 --- a/node/Topology.cpp +++ b/node/Topology.cpp @@ -183,7 +183,7 @@ bool Topology::isProhibitedEndpoint(const Address &ztaddr,const InetAddress &ipa if (std::find(_upstreamAddresses.begin(),_upstreamAddresses.end(),ztaddr) != _upstreamAddresses.end()) { for(std::vector::const_iterator r(_planet.roots().begin());r!=_planet.roots().end();++r) { if (r->identity.address() == ztaddr) { - if (r->stableEndpoints.size() == 0) + if (r->stableEndpoints.empty()) return false; // no stable endpoints specified, so allow dynamic paths for(std::vector::const_iterator e(r->stableEndpoints.begin());e!=r->stableEndpoints.end();++e) { if (ipaddr.ipsEqual(*e)) @@ -194,7 +194,7 @@ bool Topology::isProhibitedEndpoint(const Address &ztaddr,const InetAddress &ipa for(std::vector::const_iterator m(_moons.begin());m!=_moons.end();++m) { for(std::vector::const_iterator r(m->roots().begin());r!=m->roots().end();++r) { if (r->identity.address() == ztaddr) { - if (r->stableEndpoints.size() == 0) + if (r->stableEndpoints.empty()) return false; // no stable endpoints specified, so allow dynamic paths for(std::vector::const_iterator e(r->stableEndpoints.begin());e!=r->stableEndpoints.end();++e) { if (ipaddr.ipsEqual(*e)) diff --git a/one.cpp b/one.cpp index 06d56e7ae..88731285a 100644 --- a/one.cpp +++ b/one.cpp @@ -739,7 +739,7 @@ static int cli(int argc,char **argv) int addressCountOfType = 0; for (int k = 0; k().find(".") != std::string::npos) + if ((arg2 == "ip4" && addr.get().find('.') != std::string::npos) || ((arg2.find("ip6") == 0) && addr.get().find(":") != std::string::npos) || (arg2 == "ip") ) { @@ -754,19 +754,19 @@ static int cli(int argc,char **argv) if (arg2.find("ip6p") == 0) { if (arg2 == "ip6plane") { if (addr.get().find("fc") == 0) { - aa.append(addr.get().substr(0,addr.get().find("/"))); + aa.append(addr.get().substr(0,addr.get().find('/'))); if (k < addressCountOfType-1) aa.append("\n"); } } if (arg2 == "ip6prefix") { if (addr.get().find("fc") == 0) { - aa.append(addr.get().substr(0,addr.get().find("/")).substr(0,24)); + aa.append(addr.get().substr(0,addr.get().find('/')).substr(0,24)); if (k < addressCountOfType-1) aa.append("\n"); } } } else { - aa.append(addr.get().substr(0,addr.get().find("/"))); + aa.append(addr.get().substr(0,addr.get().find('/'))); if (k < addressCountOfType-1) aa.append("\n"); } } diff --git a/osdep/Binder.hpp b/osdep/Binder.hpp index 660e6f0c3..1d703d810 100644 --- a/osdep/Binder.hpp +++ b/osdep/Binder.hpp @@ -234,7 +234,7 @@ public: } // Get IPv4 addresses for each device - if (ifnames.size() > 0) { + if (!ifnames.empty()) { const int controlfd = (int)socket(AF_INET,SOCK_DGRAM,0); struct ifconf configuration; configuration.ifc_len = 0; @@ -276,7 +276,7 @@ public: if (controlfd > 0) close(controlfd); } - const bool gotViaProc = (localIfAddrs.size() > 0); + const bool gotViaProc = (!localIfAddrs.empty()); #else const bool gotViaProc = false; #endif diff --git a/osdep/OSUtils.cpp b/osdep/OSUtils.cpp index 0299b12bc..4d9a2bb5e 100644 --- a/osdep/OSUtils.cpp +++ b/osdep/OSUtils.cpp @@ -351,7 +351,7 @@ std::vector OSUtils::split(const char *s,const char *const sep,cons else if ((buf.size() <= 0)&&((quotTmp = strchr(quot,*s)))) quoteState = *quotTmp; else if (strchr(sep,*s)) { - if (buf.size() > 0) { + if (!buf.empty()) { fields.push_back(buf); buf.clear(); } // else skip runs of separators diff --git a/service/OneService.cpp b/service/OneService.cpp index 97ba1a362..e5da3eabe 100644 --- a/service/OneService.cpp +++ b/service/OneService.cpp @@ -1016,7 +1016,7 @@ public: } // Set trusted paths if there are any - if (ppc.size() > 0) { + if (!ppc.empty()) { for(std::map::iterator i(ppc.begin());i!=ppc.end();++i) _node->setPhysicalPathConfiguration(reinterpret_cast(&(i->first)),&(i->second)); } @@ -1132,7 +1132,7 @@ public: * URL encoding, and /'s in URL args will screw it up. But the only URL args * it really uses in ?jsonp=funcionName, and otherwise it just takes simple * paths to simply-named resources. */ - if (ps.size() > 0) { + if (!ps.empty()) { std::size_t qpos = ps[ps.size() - 1].find('?'); if (qpos != std::string::npos) { std::string args(ps[ps.size() - 1].substr(qpos + 1)); @@ -1165,12 +1165,12 @@ public: // Authenticate via Synology's built-in cgi script if (!isAuth) { int synotoken_pos = path.find("SynoToken"); - int argpos = path.find("?"); + int argpos = path.find('?'); if(synotoken_pos != std::string::npos && argpos != std::string::npos) { std::string cookie = path.substr(argpos+1, synotoken_pos-(argpos+1)); std::string synotoken = path.substr(synotoken_pos); - std::string cookie_val = cookie.substr(cookie.find("=")+1); - std::string synotoken_val = synotoken.substr(synotoken.find("=")+1); + std::string cookie_val = cookie.substr(cookie.find('=')+1); + std::string synotoken_val = synotoken.substr(synotoken.find('=')+1); // Set necessary env for auth script std::map::const_iterator ah2(headers.find("x-forwarded-for")); setenv("HTTP_COOKIE", cookie_val.c_str(), true); @@ -1661,7 +1661,7 @@ public: if (!n.settings.allowManaged) return false; - if (n.settings.allowManagedWhitelist.size() > 0) { + if (!n.settings.allowManagedWhitelist.empty()) { bool allowed = false; for (InetAddress addr : n.settings.allowManagedWhitelist) { if (addr.containsAddress(target) && addr.netmaskBits() <= target.netmaskBits()) { @@ -1932,7 +1932,7 @@ public: bool allow; { Mutex::Lock _l(_localConfig_m); - if (_allowManagementFrom.size() == 0) { + if (_allowManagementFrom.empty()) { allow = (tc->remoteAddr.ipScope() == InetAddress::IP_SCOPE_LOOPBACK); } else { allow = false; @@ -2113,7 +2113,7 @@ public: Dictionary<4096> nc; nc.load(nlcbuf.c_str()); Buffer<1024> allowManaged; - if (nc.get("allowManaged", allowManaged) && allowManaged.size() != 0) { + if (nc.get("allowManaged", allowManaged) && !allowManaged.empty()) { std::string addresses (allowManaged.begin(), allowManaged.size()); if (allowManaged.size() <= 5) { // untidy parsing for backward compatibility if (allowManaged[0] == '1' || allowManaged[0] == 't' || allowManaged[0] == 'T') { @@ -2671,7 +2671,7 @@ public: lh = &_v6Hints; else return 0; const std::vector *l = lh->get(ztaddr); - if ((l)&&(l->size() > 0)) { + if ((l)&&(!l->empty())) { memcpy(result,&((*l)[(unsigned long)_node->prng() % l->size()]),sizeof(struct sockaddr_storage)); return 1; } else return 0; diff --git a/service/SoftwareUpdater.cpp b/service/SoftwareUpdater.cpp index 5800f860f..cec2c6c5c 100644 --- a/service/SoftwareUpdater.cpp +++ b/service/SoftwareUpdater.cpp @@ -161,7 +161,7 @@ void SoftwareUpdater::handleSoftwareUpdateUserMessage(uint64_t origin,const void if (v == VERB_GET_LATEST) { - if (_dist.size() > 0) { + if (!_dist.empty()) { const nlohmann::json *latest = (const nlohmann::json *)0; const std::string expectedSigner = OSUtils::jsonString(req[ZT_SOFTWARE_UPDATE_JSON_EXPECT_SIGNED_BY],""); unsigned int bestVMaj = rvMaj; @@ -241,7 +241,7 @@ void SoftwareUpdater::handleSoftwareUpdateUserMessage(uint64_t origin,const void } break; case VERB_GET_DATA: - if ((len >= 21)&&(_dist.size() > 0)) { + if ((len >= 21)&&(!_dist.empty())) { unsigned long idx = (unsigned long)*(reinterpret_cast(data) + 17) << 24; idx |= (unsigned long)*(reinterpret_cast(data) + 18) << 16; idx |= (unsigned long)*(reinterpret_cast(data) + 19) << 8; From c1f4168d2f847161ca051b047c9fec91bbd10599 Mon Sep 17 00:00:00 2001 From: Suad Halilovic Date: Thu, 16 Jul 2020 18:38:04 +0200 Subject: [PATCH 04/10] 2020/07/16, Minor optmizations --- CMakeLists.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index b22ae7d77..fff7808e1 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -5,7 +5,6 @@ project (zerotiercore) set (PROJ_DIR ${PROJECT_SOURCE_DIR}) set (ZT_DEFS -std=c++11) -set (CMAKE_EXPORT_COMPILE_COMMANDS ON) file(GLOB core_src_glob ${PROJ_DIR}/node/*.cpp) add_library(zerotiercore STATIC ${core_src_glob}) From 93ffd75b02f4605cff5f3c200966d956cb53034f Mon Sep 17 00:00:00 2001 From: Vincent Milum Jr Date: Sat, 21 Nov 2020 13:30:31 -0800 Subject: [PATCH 05/10] Add ZT_NO_UNALIGNED_ACCESS for ARMv6/7 on FreeBSD Unaligned access caused SIGBUS errors on ARMv6 and ARMv7 targets under FreeBSD. This was also the cause of the repeating TAP devices. Each time the SIGBUS happened, the service would auto-restart itself, create a new TAP device, and then crash again. The particular place causing the SIGBUS was: https://github.com/zerotier/ZeroTierOne/blob/master/node/Utils.hpp#L695 --- make-bsd.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/make-bsd.mk b/make-bsd.mk index da7a60125..06c188090 100644 --- a/make-bsd.mk +++ b/make-bsd.mk @@ -65,7 +65,7 @@ ifeq ($(CC_MACH),armhf) endif ifeq ($(CC_MACH),armv6) ZT_ARCHITECTURE=3 - override DEFS+=-DZT_NO_TYPE_PUNNING + override DEFS+=-DZT_NO_TYPE_PUNNING -DZT_NO_UNALIGNED_ACCESS ZT_USE_ARM32_NEON_ASM_SALSA2012=1 endif ifeq ($(CC_MACH),armv6zk) @@ -80,7 +80,7 @@ ifeq ($(CC_MACH),armv6kz) endif ifeq ($(CC_MACH),armv7) ZT_ARCHITECTURE=3 - override DEFS+=-DZT_NO_TYPE_PUNNING -DZT_AES_NO_ACCEL + override DEFS+=-DZT_NO_TYPE_PUNNING -DZT_AES_NO_ACCEL -DZT_NO_UNALIGNED_ACCESS ZT_USE_ARM32_NEON_ASM_SALSA2012=1 endif ifeq ($(CC_MACH),arm64) From 70b1b4ecc7304f4690697fd7b7b625343fdcc643 Mon Sep 17 00:00:00 2001 From: Grant Limberg Date: Wed, 25 Nov 2020 09:49:58 -0800 Subject: [PATCH 06/10] Buffer<> has no .empty() method --- service/OneService.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service/OneService.cpp b/service/OneService.cpp index abf068b4e..99a608a6a 100644 --- a/service/OneService.cpp +++ b/service/OneService.cpp @@ -2386,7 +2386,7 @@ public: Dictionary<4096> nc; nc.load(nlcbuf.c_str()); Buffer<1024> allowManaged; - if (nc.get("allowManaged", allowManaged) && !allowManaged.empty()) { + if (nc.get("allowManaged", allowManaged) && !allowManaged.size() == 0) { std::string addresses (allowManaged.begin(), allowManaged.size()); if (allowManaged.size() <= 5) { // untidy parsing for backward compatibility if (allowManaged[0] == '1' || allowManaged[0] == 't' || allowManaged[0] == 'T') { From 0456a712959ae082e5a4357dd04f0bc11f4f21ae Mon Sep 17 00:00:00 2001 From: Grant Limberg Date: Wed, 25 Nov 2020 11:05:36 -0800 Subject: [PATCH 07/10] Windows feedback loop fix --- osdep/Binder.hpp | 4 +- service/OneService.cpp | 87 +++++++++++++++++++++++------------------- 2 files changed, 51 insertions(+), 40 deletions(-) diff --git a/osdep/Binder.hpp b/osdep/Binder.hpp index 4b783e5fa..c52f303b9 100644 --- a/osdep/Binder.hpp +++ b/osdep/Binder.hpp @@ -136,7 +136,9 @@ public: PIP_ADAPTER_UNICAST_ADDRESS ua = a->FirstUnicastAddress; while (ua) { InetAddress ip(ua->Address.lpSockaddr); - if (ifChecker.shouldBindInterface("",ip)) { + char strBuf[128] = { 0 }; + wcstombs(strBuf, a->FriendlyName, sizeof(strBuf)); + if (ifChecker.shouldBindInterface(strBuf,ip)) { switch(ip.ipScope()) { default: break; case InetAddress::IP_SCOPE_PSEUDOPRIVATE: diff --git a/service/OneService.cpp b/service/OneService.cpp index 99a608a6a..3f135b17b 100644 --- a/service/OneService.cpp +++ b/service/OneService.cpp @@ -2932,9 +2932,9 @@ public: return 1; } - inline int nodePathLookupFunction(uint64_t ztaddr,int family,struct sockaddr_storage *result) + inline int nodePathLookupFunction(uint64_t ztaddr, int family, struct sockaddr_storage* result) { - const Hashtable< uint64_t,std::vector > *lh = (const Hashtable< uint64_t,std::vector > *)0; + const Hashtable< uint64_t, std::vector >* lh = (const Hashtable< uint64_t, std::vector > *)0; if (family < 0) lh = (_node->prng() & 1) ? &_v4Hints : &_v6Hints; else if (family == AF_INET) @@ -2942,19 +2942,20 @@ public: else if (family == AF_INET6) lh = &_v6Hints; else return 0; - const std::vector *l = lh->get(ztaddr); - if ((l)&&(!l->empty())) { - memcpy(result,&((*l)[(unsigned long)_node->prng() % l->size()]),sizeof(struct sockaddr_storage)); + const std::vector* l = lh->get(ztaddr); + if ((l) && (!l->empty())) { + memcpy(result, &((*l)[(unsigned long)_node->prng() % l->size()]), sizeof(struct sockaddr_storage)); return 1; - } else return 0; + } + else return 0; } - inline void tapFrameHandler(uint64_t nwid,const MAC &from,const MAC &to,unsigned int etherType,unsigned int vlanId,const void *data,unsigned int len) + inline void tapFrameHandler(uint64_t nwid, const MAC& from, const MAC& to, unsigned int etherType, unsigned int vlanId, const void* data, unsigned int len) { - _node->processVirtualNetworkFrame((void *)0,OSUtils::now(),nwid,from.toInt(),to.toInt(),etherType,vlanId,data,len,&_nextBackgroundTaskDeadline); + _node->processVirtualNetworkFrame((void*)0, OSUtils::now(), nwid, from.toInt(), to.toInt(), etherType, vlanId, data, len, &_nextBackgroundTaskDeadline); } - inline void onHttpRequestToServer(TcpConnection *tc) + inline void onHttpRequestToServer(TcpConnection* tc) { char tmpn[4096]; std::string data; @@ -2965,29 +2966,31 @@ public: // phyOnTcpData(). If we made it here the source IP is okay. try { - scode = handleControlPlaneHttpRequest(tc->remoteAddr,tc->parser.method,tc->url,tc->headers,tc->readq,data,contentType); - } catch (std::exception &exc) { - fprintf(stderr,"WARNING: unexpected exception processing control HTTP request: %s" ZT_EOL_S,exc.what()); + scode = handleControlPlaneHttpRequest(tc->remoteAddr, tc->parser.method, tc->url, tc->headers, tc->readq, data, contentType); + } + catch (std::exception& exc) { + fprintf(stderr, "WARNING: unexpected exception processing control HTTP request: %s" ZT_EOL_S, exc.what()); scode = 500; - } catch ( ... ) { - fprintf(stderr,"WARNING: unexpected exception processing control HTTP request: unknown exception" ZT_EOL_S); + } + catch (...) { + fprintf(stderr, "WARNING: unexpected exception processing control HTTP request: unknown exception" ZT_EOL_S); scode = 500; } - const char *scodestr; - switch(scode) { - case 200: scodestr = "OK"; break; - case 400: scodestr = "Bad Request"; break; - case 401: scodestr = "Unauthorized"; break; - case 403: scodestr = "Forbidden"; break; - case 404: scodestr = "Not Found"; break; - case 500: scodestr = "Internal Server Error"; break; - case 501: scodestr = "Not Implemented"; break; - case 503: scodestr = "Service Unavailable"; break; - default: scodestr = "Error"; break; + const char* scodestr; + switch (scode) { + case 200: scodestr = "OK"; break; + case 400: scodestr = "Bad Request"; break; + case 401: scodestr = "Unauthorized"; break; + case 403: scodestr = "Forbidden"; break; + case 404: scodestr = "Not Found"; break; + case 500: scodestr = "Internal Server Error"; break; + case 501: scodestr = "Not Implemented"; break; + case 503: scodestr = "Service Unavailable"; break; + default: scodestr = "Error"; break; } - OSUtils::ztsnprintf(tmpn,sizeof(tmpn),"HTTP/1.1 %.3u %s\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: %s\r\nContent-Length: %lu\r\nConnection: close\r\n\r\n", + OSUtils::ztsnprintf(tmpn, sizeof(tmpn), "HTTP/1.1 %.3u %s\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: %s\r\nContent-Length: %lu\r\nConnection: close\r\n\r\n", scode, scodestr, contentType.c_str(), @@ -2999,30 +3002,36 @@ public: tc->writeq.append(data); } - _phy.setNotifyWritable(tc->sock,true); + _phy.setNotifyWritable(tc->sock, true); } - inline void onHttpResponseFromClient(TcpConnection *tc) + inline void onHttpResponseFromClient(TcpConnection* tc) { _phy.close(tc->sock); } - bool shouldBindInterface(const char *ifname,const InetAddress &ifaddr) + bool shouldBindInterface(const char* ifname, const InetAddress& ifaddr) { #if defined(__linux__) || defined(linux) || defined(__LINUX__) || defined(__linux) - if ((ifname[0] == 'l')&&(ifname[1] == 'o')) return false; // loopback - if ((ifname[0] == 'z')&&(ifname[1] == 't')) return false; // sanity check: zt# - if ((ifname[0] == 't')&&(ifname[1] == 'u')&&(ifname[2] == 'n')) return false; // tun# is probably an OpenVPN tunnel or similar - if ((ifname[0] == 't')&&(ifname[1] == 'a')&&(ifname[2] == 'p')) return false; // tap# is probably an OpenVPN tunnel or similar + if ((ifname[0] == 'l') && (ifname[1] == 'o')) return false; // loopback + if ((ifname[0] == 'z') && (ifname[1] == 't')) return false; // sanity check: zt# + if ((ifname[0] == 't') && (ifname[1] == 'u') && (ifname[2] == 'n')) return false; // tun# is probably an OpenVPN tunnel or similar + if ((ifname[0] == 't') && (ifname[1] == 'a') && (ifname[2] == 'p')) return false; // tap# is probably an OpenVPN tunnel or similar #endif #ifdef __APPLE__ - if ((ifname[0] == 'f')&&(ifname[1] == 'e')&&(ifname[2] == 't')&&(ifname[3] == 'h')) return false; // ... as is feth# - if ((ifname[0] == 'l')&&(ifname[1] == 'o')) return false; // loopback - if ((ifname[0] == 'z')&&(ifname[1] == 't')) return false; // sanity check: zt# - if ((ifname[0] == 't')&&(ifname[1] == 'u')&&(ifname[2] == 'n')) return false; // tun# is probably an OpenVPN tunnel or similar - if ((ifname[0] == 't')&&(ifname[1] == 'a')&&(ifname[2] == 'p')) return false; // tap# is probably an OpenVPN tunnel or similar - if ((ifname[0] == 'u')&&(ifname[1] == 't')&&(ifname[2] == 'u')&&(ifname[3] == 'n')) return false; // ... as is utun# + if ((ifname[0] == 'f') && (ifname[1] == 'e') && (ifname[2] == 't') && (ifname[3] == 'h')) return false; // ... as is feth# + if ((ifname[0] == 'l') && (ifname[1] == 'o')) return false; // loopback + if ((ifname[0] == 'z') && (ifname[1] == 't')) return false; // sanity check: zt# + if ((ifname[0] == 't') && (ifname[1] == 'u') && (ifname[2] == 'n')) return false; // tun# is probably an OpenVPN tunnel or similar + if ((ifname[0] == 't') && (ifname[1] == 'a') && (ifname[2] == 'p')) return false; // tap# is probably an OpenVPN tunnel or similar + if ((ifname[0] == 'u') && (ifname[1] == 't') && (ifname[2] == 'u') && (ifname[3] == 'n')) return false; // ... as is utun# +#endif +#ifdef _WIN32 + if ((ifname[0] == 'Z') && (ifname[1] == 'e') && (ifname[2] == 'r') && ifname[3] == 'o' && + (ifname[4] == 'T') && (ifname[5] == 'i') && (ifname[6] == 'e') && (ifname[7] == 'r')) { + return false; + } #endif { From 9d66d876f4b7b9f7de46066f3df9296445693700 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Wed, 25 Nov 2020 14:28:41 -0500 Subject: [PATCH 08/10] Likely fix for some alignment issues on ARM. --- node/AES.cpp | 22 ++++++---------------- node/AES_armcrypto.cpp | 17 ++++++++--------- node/Constants.hpp | 7 ++++++- 3 files changed, 20 insertions(+), 26 deletions(-) diff --git a/node/AES.cpp b/node/AES.cpp index 8402fc908..8f2f30d20 100644 --- a/node/AES.cpp +++ b/node/AES.cpp @@ -149,22 +149,12 @@ void AES::GMAC::update(const void *const data, unsigned int len) noexcept } } - if (likely(((uintptr_t)in & 7U) == 0U)) { - while (len >= 16) { - y0 ^= *reinterpret_cast(in); - y1 ^= *reinterpret_cast(in + 8); - in += 16; - s_gfmul(h0, h1, y0, y1); - len -= 16; - } - } else { - while (len >= 16) { - y0 ^= Utils::loadMachineEndian< uint64_t >(in); - y1 ^= Utils::loadMachineEndian< uint64_t >(in + 8); - in += 16; - s_gfmul(h0, h1, y0, y1); - len -= 16; - } + while (len >= 16) { + y0 ^= Utils::loadMachineEndian< uint64_t >(in); + y1 ^= Utils::loadMachineEndian< uint64_t >(in + 8); + in += 16; + s_gfmul(h0, h1, y0, y1); + len -= 16; } _y[0] = y0; diff --git a/node/AES_armcrypto.cpp b/node/AES_armcrypto.cpp index 30a7ec35a..f01304b3b 100644 --- a/node/AES_armcrypto.cpp +++ b/node/AES_armcrypto.cpp @@ -131,7 +131,7 @@ void AES::CTR::p_armCrypt(const uint8_t *in, uint8_t *out, unsigned int len) noe uint8x16_t k14 = _aes.p_k.neon.ek[14]; unsigned int totalLen = _len; - if ((totalLen & 15U)) { + if ((totalLen & 15U) != 0) { for (;;) { if (unlikely(!len)) { vst1q_u8(reinterpret_cast(_ctr), vrev32q_u8(dd)); @@ -140,7 +140,7 @@ void AES::CTR::p_armCrypt(const uint8_t *in, uint8_t *out, unsigned int len) noe } --len; out[totalLen++] = *(in++); - if (!(totalLen & 15U)) { + if ((totalLen & 15U) == 0) { uint8_t *const otmp = out + (totalLen - 16); uint8x16_t d0 = vrev32q_u8(dd); uint8x16_t pt = vld1q_u8(otmp); @@ -180,7 +180,10 @@ void AES::CTR::p_armCrypt(const uint8_t *in, uint8_t *out, unsigned int len) noe uint8x16_t d2 = vrev32q_u8(dd2); uint8x16_t d3 = vrev32q_u8(dd3); uint8x16_t pt0 = vld1q_u8(in); - in += 16; + uint8x16_t pt1 = vld1q_u8(in + 16); + uint8x16_t pt2 = vld1q_u8(in + 16); + uint8x16_t pt3 = vld1q_u8(in + 16); + d0 = vaesmcq_u8(vaeseq_u8(d0, k0)); d1 = vaesmcq_u8(vaeseq_u8(d1, k0)); d2 = vaesmcq_u8(vaeseq_u8(d2, k0)); @@ -193,8 +196,6 @@ void AES::CTR::p_armCrypt(const uint8_t *in, uint8_t *out, unsigned int len) noe d1 = vaesmcq_u8(vaeseq_u8(d1, k2)); d2 = vaesmcq_u8(vaeseq_u8(d2, k2)); d3 = vaesmcq_u8(vaeseq_u8(d3, k2)); - uint8x16_t pt1 = vld1q_u8(in); - in += 16; d0 = vaesmcq_u8(vaeseq_u8(d0, k3)); d1 = vaesmcq_u8(vaeseq_u8(d1, k3)); d2 = vaesmcq_u8(vaeseq_u8(d2, k3)); @@ -207,8 +208,6 @@ void AES::CTR::p_armCrypt(const uint8_t *in, uint8_t *out, unsigned int len) noe d1 = vaesmcq_u8(vaeseq_u8(d1, k5)); d2 = vaesmcq_u8(vaeseq_u8(d2, k5)); d3 = vaesmcq_u8(vaeseq_u8(d3, k5)); - uint8x16_t pt2 = vld1q_u8(in); - in += 16; d0 = vaesmcq_u8(vaeseq_u8(d0, k6)); d1 = vaesmcq_u8(vaeseq_u8(d1, k6)); d2 = vaesmcq_u8(vaeseq_u8(d2, k6)); @@ -221,8 +220,6 @@ void AES::CTR::p_armCrypt(const uint8_t *in, uint8_t *out, unsigned int len) noe d1 = vaesmcq_u8(vaeseq_u8(d1, k8)); d2 = vaesmcq_u8(vaeseq_u8(d2, k8)); d3 = vaesmcq_u8(vaeseq_u8(d3, k8)); - uint8x16_t pt3 = vld1q_u8(in); - in += 16; d0 = vaesmcq_u8(vaeseq_u8(d0, k9)); d1 = vaesmcq_u8(vaeseq_u8(d1, k9)); d2 = vaesmcq_u8(vaeseq_u8(d2, k9)); @@ -253,7 +250,9 @@ void AES::CTR::p_armCrypt(const uint8_t *in, uint8_t *out, unsigned int len) noe vst1q_u8(out + 16, d1); vst1q_u8(out + 32, d2); vst1q_u8(out + 48, d3); + out += 64; + in += 64; dd = (uint8x16_t)vaddq_u32((uint32x4_t)dd, four); if (unlikely(len < 64)) diff --git a/node/Constants.hpp b/node/Constants.hpp index f9775dd63..400976c13 100644 --- a/node/Constants.hpp +++ b/node/Constants.hpp @@ -126,7 +126,12 @@ // Define ZT_NO_TYPE_PUNNING to disable reckless casts on anything other than x86/x64. #if (!(defined(__amd64__) || defined(__amd64) || defined(__x86_64__) || defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || defined(i386) || defined(__i386) || defined(__i386__) || defined(__i486__) || defined(__i586__) || defined(__i686__) || defined(_M_IX86) || defined(__X86__) || defined(_X86_) || defined(__I86__) || defined(__INTEL__) || defined(__386))) #ifndef ZT_NO_TYPE_PUNNING -#define ZT_NO_TYPE_PUNNING +#define ZT_NO_TYPE_PUNNING 1 +#endif +#endif +#ifdef ZT_NO_TYPE_PUNNING +#ifndef ZT_NO_UNALIGNED_ACCESS +#define ZT_NO_UNALIGNED_ACCESS 1 #endif #endif From 0a8b692482028d277fe1b295e632f7e3b239bbd1 Mon Sep 17 00:00:00 2001 From: Grant Limberg Date: Wed, 25 Nov 2020 12:03:17 -0800 Subject: [PATCH 09/10] fix device binding & possible loopback issue on FreeBSD --- service/OneService.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/service/OneService.cpp b/service/OneService.cpp index 3f135b17b..7405dc732 100644 --- a/service/OneService.cpp +++ b/service/OneService.cpp @@ -3027,6 +3027,7 @@ public: if ((ifname[0] == 't') && (ifname[1] == 'a') && (ifname[2] == 'p')) return false; // tap# is probably an OpenVPN tunnel or similar if ((ifname[0] == 'u') && (ifname[1] == 't') && (ifname[2] == 'u') && (ifname[3] == 'n')) return false; // ... as is utun# #endif + #ifdef _WIN32 if ((ifname[0] == 'Z') && (ifname[1] == 'e') && (ifname[2] == 'r') && ifname[3] == 'o' && (ifname[4] == 'T') && (ifname[5] == 'i') && (ifname[6] == 'e') && (ifname[7] == 'r')) { @@ -3034,6 +3035,11 @@ public: } #endif +#ifdef __FreeBSD__ + if ((ifname[0] == 'l') && (ifname[1] == 'o')) return false; // loopback + if ((ifname[0] == 'z') && (ifname[1] == 't')) return false; // sanity check: zt# +#endif + { Mutex::Lock _l(_localConfig_m); for(std::vector::const_iterator p(_interfacePrefixBlacklist.begin());p!=_interfacePrefixBlacklist.end();++p) { From f2cd7cd4eb9d196b4199e5f72de1b7e03021ae10 Mon Sep 17 00:00:00 2001 From: Grant Limberg Date: Wed, 25 Nov 2020 15:34:52 -0800 Subject: [PATCH 10/10] set deployment target for tap agent --- make-mac.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/make-mac.mk b/make-mac.mk index 8f3057f2b..0b81c7fea 100644 --- a/make-mac.mk +++ b/make-mac.mk @@ -96,7 +96,7 @@ ext/x64-salsa2012-asm/salsa2012.o: as -arch x86_64 -mmacosx-version-min=10.7 -o ext/x64-salsa2012-asm/salsa2012.o ext/x64-salsa2012-asm/salsa2012.s mac-agent: FORCE - $(CC) -Ofast $(ARCH_FLAGS) -o MacEthernetTapAgent osdep/MacEthernetTapAgent.c + $(CC) -Ofast $(ARCH_FLAGS) -mmacosx-version-min=10.7 -o MacEthernetTapAgent osdep/MacEthernetTapAgent.c $(CODESIGN) -f --options=runtime -s $(CODESIGN_APP_CERT) MacEthernetTapAgent osdep/MacDNSHelper.o: osdep/MacDNSHelper.mm