Add some TRACE instrumentation to external surface address awareness.

node/IncomingPacket.cpp

@@ -270,9 +270,9 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR)
 
 		if (RR->topology->isSupernode(id.address())) {
 			RR->node->postNewerVersionIfNewer(vMajor,vMinor,vRevision);
-			RR->sa->iam(_remoteAddress,destAddr,true);
+			RR->sa->iam(id.address(),_remoteAddress,destAddr,true);
 		} else {
-			RR->sa->iam(_remoteAddress,destAddr,false);
+			RR->sa->iam(id.address(),_remoteAddress,destAddr,false);
 		}
 
 		Packet outp(id.address(),RR->identity.address(),Packet::VERB_OK);

node/SelfAwareness.cpp

@@ -63,24 +63,26 @@ SelfAwareness::~SelfAwareness()
 {
 }
 
-void SelfAwareness::iam(const InetAddress &reporterPhysicalAddress,const InetAddress &myPhysicalAddress,bool trusted)
+void SelfAwareness::iam(const Address &reporter,const InetAddress &reporterPhysicalAddress,const InetAddress &myPhysicalAddress,bool trusted)
 {
 	// This code depends on the numeric values assigned to scopes in InetAddress.hpp
 	const unsigned int scope = (unsigned int)myPhysicalAddress.ipScope();
 	if ((scope > 0)&&(scope < (unsigned int)InetAddress::IP_SCOPE_LOOPBACK)) {
-		/* For now only trusted peers are permitted to inform us of changes to
-		 * our global Internet IP or to changes of NATed IPs. We'll let peers on
-		 * private, shared, or link-local networks inform us of changes as long
-		 * as they too are at the same scope. This discrimination avoids a DoS
-		 * attack in which an attacker could force us to reset our connections. */
-		if ( (!trusted) && ((scope == (unsigned int)InetAddress::IP_SCOPE_GLOBAL)||(scope != (unsigned int)reporterPhysicalAddress.ipScope())) )
+		if ( (!trusted) && ((scope == (unsigned int)InetAddress::IP_SCOPE_GLOBAL)||(scope != (unsigned int)reporterPhysicalAddress.ipScope())) ) {
+			/* For now only trusted peers are permitted to inform us of changes to
+			 * our global Internet IP or to changes of NATed IPs. We'll let peers on
+			 * private, shared, or link-local networks inform us of changes as long
+			 * as they too are at the same scope. This discrimination avoids a DoS
+			 * attack in which an attacker could force us to reset our connections. */
 			return;
-		else {
+		} else {
 			Mutex::Lock _l(_lock);
 			InetAddress &lastPhy = _lastPhysicalAddress[scope - 1];
 			if (!lastPhy) {
+				TRACE("learned physical address %s for scope %u from reporter %s(%s) (replaced <null>)",myPhysicalAddress.toString().c_str(),scope,reporter.toString().c_str(),reporterPhysicalAddress.toString().c_str());
 				lastPhy = myPhysicalAddress;
 			} else if (lastPhy != myPhysicalAddress) {
+				TRACE("learned physical address %s for scope %u from reporter %s(%s) (replaced %s, resetting within scope)",myPhysicalAddress.toString().c_str(),scope,reporter.toString().c_str(),reporterPhysicalAddress.toString().c_str(),lastPhy.toString().c_str());
 				lastPhy = myPhysicalAddress;
 				_ResetWithinScope rset(RR,RR->node->now(),(InetAddress::IpScope)scope);
 				RR->topology->eachPeer<_ResetWithinScope &>(rset);

node/SelfAwareness.hpp

@@ -29,6 +29,7 @@
 #define ZT_SELFAWARENESS_HPP
 
 #include "InetAddress.hpp"
+#include "Address.hpp"
 #include "Mutex.hpp"
 
 namespace ZeroTier {
@@ -47,11 +48,12 @@ public:
 	/**
 	 * Called when a trusted remote peer informs us of our external network address
 	 *
+	 * @param reporter ZeroTier address of reporting peer
 	 * @param reporterPhysicalAddress Physical address that reporting peer seems to have
 	 * @param myPhysicalAddress Physical address that peer says we have
 	 * @param trusted True if this peer is trusted as an authority to inform us of external address changes
 	 */
-	void iam(const InetAddress &reporterPhysicalAddress,const InetAddress &myPhysicalAddress,bool trusted);
+	void iam(const Address &reporter,const InetAddress &reporterPhysicalAddress,const InetAddress &myPhysicalAddress,bool trusted);
 
 private:
 	const RuntimeEnvironment *RR;