ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-02-20 09:46:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

More fixes to legacy support, and to a potential issue on quit.

Browse Source
This commit is contained in:
Adam Ierymenko 2014-10-14 12:37:35 -07:00
parent 023cac4ebb
commit 42d644a57e
3 changed files with 58 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
node/IncomingPacket.cpp
View File

@ -554,6 +554,8 @@ bool IncomingPacket::_doP5_MULTICAST_FRAME(const RuntimeEnvironment *RR,const Sh
const unsigned int signatureLen = at<uint16_t>(ZT_PROTO_VERB_P5_MULTICAST_FRAME_IDX_FRAME + frameLen);
{
if (origin == RR->identity.address())
return true;
Mutex::Lock _l(p5MulticastDedupBuffer_m);
if (!p5MulticastDedupBufferPtr) {
memset(p5MulticastDedupBuffer,0,sizeof(p5MulticastDedupBuffer));
@ -566,6 +568,32 @@ bool IncomingPacket::_doP5_MULTICAST_FRAME(const RuntimeEnvironment *RR,const Sh
p5MulticastDedupBuffer[p5MulticastDedupBufferPtr++ % 1024] = guid;
}
SharedPtr<Network> network(RR->nc->network(nwid));
if (network) {
if ((flags & ZT_PROTO_VERB_P5_MULTICAST_FRAME_FLAGS_HAS_MEMBERSHIP_CERTIFICATE) != 0) {
CertificateOfMembership com;
com.deserialize(*this,ZT_PROTO_VERB_P5_MULTICAST_FRAME_IDX_FRAME + frameLen + 2 + signatureLen);
if (com.hasRequiredFields())
network->addMembershipCertificate(com,false);
}
if (!network->isAllowed(origin)) {
SharedPtr<Peer> originPeer(RR->topology->getPeer(origin));
if (originPeer)
_sendErrorNeedCertificate(RR,originPeer,nwid);
} else if ((frameLen > 0)&&(frameLen <= 2800)) {
if (!dest.mac().isMulticast())
return true;
if ((!sourceMac)||(sourceMac.isMulticast())||(sourceMac == network->mac()))
return true;
if (sourceMac != MAC(origin,nwid)) {
if (network->permitsBridging(origin)) {
network->learnBridgeRoute(sourceMac,origin);
} else return true;
}
network->tapPut(sourceMac,dest.mac(),etherType,frame,frameLen);
}
}
peer->receive(RR,_fromSock,_remoteAddress,hops(),packetId(),Packet::VERB_P5_MULTICAST_FRAME,0,Packet::VERB_NOP,Utils::now());
if (RR->topology->amSupernode()) {
@ -577,12 +605,14 @@ bool IncomingPacket::_doP5_MULTICAST_FRAME(const RuntimeEnvironment *RR,const Sh
const unsigned int limit = 128; // use a fairly generous limit since we want legacy peers to always work until they go away
std::vector<Address> members(RR->mc->getMembers(nwid,dest,limit));
SharedPtr<Peer> lpp;
setAt(ZT_PROTO_VERB_P5_MULTICAST_FRAME_IDX_PROPAGATION_DEPTH,(uint16_t)0xffff);
setSource(RR->identity.address());
compress();
for(std::vector<Address>::iterator lp(members.begin());lp!=members.end();++lp) {
SharedPtr<Peer> lpp(RR->topology->getPeer(*lp));
if (!senderIsLegacy)
lpp = RR->topology->getPeer(*lp);
if ( (*lp != origin) && (*lp != peer->address()) && ((senderIsLegacy) || (!lpp) || (lpp->remoteVersionMajor() < 1)) ) {
newInitializationVector();
setDestination(*lp);
@ -605,35 +635,6 @@ bool IncomingPacket::_doP5_MULTICAST_FRAME(const RuntimeEnvironment *RR,const Sh
sn->send(RR,data(),size(),Utils::now());
}
}
SharedPtr<Network> network(RR->nc->network(nwid));
if (network) {
if ((flags & ZT_PROTO_VERB_P5_MULTICAST_FRAME_FLAGS_HAS_MEMBERSHIP_CERTIFICATE)) {
CertificateOfMembership com;
com.deserialize(*this,ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FRAME + frameLen + 2 + signatureLen);
if (com.hasRequiredFields())
network->addMembershipCertificate(com,false);
}
if (!network->isAllowed(origin)) {
_sendErrorNeedCertificate(RR,peer,network->id());
return true;
}
if ((frameLen > 0)&&(frameLen <= 2800)) {
if (!dest.mac().isMulticast())
return true;
if ((!sourceMac)||(sourceMac.isMulticast())||(sourceMac == network->mac()))
return true;
if (sourceMac != MAC(origin,network->id())) {
if (network->permitsBridging(origin)) {
network->learnBridgeRoute(sourceMac,origin);
} else return true;
}
network->tapPut(sourceMac,dest.mac(),etherType,frame,frameLen);
}
}
} catch (std::exception &ex) {
TRACE("dropped P5_MULTICAST_FRAME from %s(%s): unexpected exception: %s",source().toString().c_str(),_remoteAddress.toString().c_str(),ex.what());
} catch ( ... ) {

7
node/Multicaster.cpp
View File

@ -270,8 +270,7 @@ void Multicaster::send(
outp.append((uint16_t)0xffff); // do not forward
outp.append((unsigned char)0,320 + 1024); // empty queue and bloom filter
unsigned int signedPortionStart = outp.size();
outp.append((unsigned char)0);
outp.append((unsigned char)((com) ? ZT_PROTO_VERB_P5_MULTICAST_FRAME_FLAGS_HAS_MEMBERSHIP_CERTIFICATE : 0));
outp.append((uint64_t)nwid);
outp.append((uint16_t)0);
outp.append((unsigned char)0);
@ -286,9 +285,9 @@ void Multicaster::send(
outp.append((uint16_t)etherType);
outp.append((uint16_t)len);
outp.append(data,len);
unsigned int signedPortionLen = outp.size() - signedPortionStart;
unsigned int signedPortionLen = outp.size() - ZT_PROTO_VERB_P5_MULTICAST_FRAME_IDX__START_OF_SIGNED_PORTION;
C25519::Signature sig(RR->identity.sign(outp.field(signedPortionStart,signedPortionLen),signedPortionLen));
C25519::Signature sig(RR->identity.sign(outp.field(ZT_PROTO_VERB_P5_MULTICAST_FRAME_IDX__START_OF_SIGNED_PORTION,signedPortionLen),signedPortionLen));
outp.append((uint16_t)sig.size());
outp.append(sig.data,sig.size());

56
node/Network.cpp
View File

@ -310,25 +310,31 @@ void Network::addMembershipCertificate(const CertificateOfMembership &cert,bool
return;
if (!forceAccept) {
if (cert.signedBy() != controller())
if (cert.signedBy() != controller()) {
LOG("rejected network membership certificate for %.16llx signed by %s: signer not a controller of this network",(unsigned long long)_id,cert.signedBy().toString().c_str());
return;
}
SharedPtr<Peer> signer(RR->topology->getPeer(cert.signedBy()));
if (!signer)
return; // we should already have done a WHOIS on this peer, since this is our netconf master
if (!cert.verify(signer->identity()))
if (!signer) {
// This would be rather odd, since this is our netconf master... could happen
// if we get packets before we've gotten config.
RR->sw->requestWhois(cert.signedBy());
return;
}
if (!cert.verify(signer->identity())) {
LOG("rejected network membership certificate for %.16llx signed by %s: signature check failed",(unsigned long long)_id,cert.signedBy().toString().c_str());
return;
}
}
Mutex::Lock _l(_lock);
// We go ahead and accept certs provisionally even if _isOpen is true, since
// that might be changed in short order if the user is fiddling in the UI.
CertificateOfMembership &old = _membershipCertificates[cert.issuedTo()];
if (cert.timestamp() >= old.timestamp()) {
//TRACE("got new certificate for %s on network %.16llx",cert.issuedTo().toString().c_str(),cert.networkId());
if (cert.timestamp() >= old.timestamp())
old = cert;
}
}
bool Network::peerNeedsOurMembershipCertificate(const Address &to,uint64_t now)
@ -632,6 +638,7 @@ void Network::_dumpMembershipCerts()
FILE *mcdb = fopen(mcdbPath.c_str(),"wb");
if (!mcdb)
return;
if (fwrite("ZTMCD0",6,1,mcdb) != 1) {
fclose(mcdb);
Utils::rm(mcdbPath);
@ -639,29 +646,14 @@ void Network::_dumpMembershipCerts()
}
for(std::map<Address,CertificateOfMembership>::iterator c=(_membershipCertificates.begin());c!=_membershipCertificates.end();++c) {
try {
c->second.serialize(buf);
if (buf.size() >= (ZT_NETWORK_CERT_WRITE_BUF_SIZE / 2)) {
if (fwrite(buf.data(),buf.size(),1,mcdb) != 1) {
fclose(mcdb);
Utils::rm(mcdbPath);
return;
}
buf.clear();
buf.clear();
c->second.serialize(buf);
if (buf.size() > 0) {
if (fwrite(buf.data(),buf.size(),1,mcdb) != 1) {
fclose(mcdb);
Utils::rm(mcdbPath);
return;
}
} catch ( ... ) {
// Sanity check... no cert will ever be big enough to overflow buf
fclose(mcdb);
Utils::rm(mcdbPath);
return;
}
}
if (buf.size()) {
if (fwrite(buf.data(),buf.size(),1,mcdb) != 1) {
fclose(mcdb);
Utils::rm(mcdbPath);
return;
}
}