ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-01-19 03:06:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bit of comment and if nesting cleanup in PacketDecoder.

Browse Source
This commit is contained in:
Adam Ierymenko 2013-08-06 10:39:20 -04:00
parent b342f56bec
commit 499ac2699f
1 changed files with 72 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

141
node/PacketDecoder.cpp
View File

@ -46,8 +46,7 @@
*
* There's a lot of unnecessary if nesting. It's mostly to allow TRACE to
* print informative messages on every possible reason something gets
* rejected or fails. Sometimes it also makes code more explicit and thus
* easier to understand.
* rejected or fails.
*/
namespace ZeroTier {
@ -79,6 +78,7 @@ bool PacketDecoder::tryDecode(const RuntimeEnvironment *_r)
return true;
}
// If MAC authentication passed, decrypt and uncompress
if (encrypted()) {
decrypt(peer->cryptKey());
} else {
@ -88,7 +88,6 @@ bool PacketDecoder::tryDecode(const RuntimeEnvironment *_r)
// packets being mistakenly sent in the clear.
TRACE("ODD: %s from %s(%s) wasn't encrypted",Packet::verbString(verb()),source().toString().c_str(),_remoteAddress.toString().c_str());
}
if (!uncompress()) {
TRACE("dropped packet from %s(%s), compressed data invalid",source().toString().c_str(),_remoteAddress.toString().c_str());
return true;
@ -146,41 +145,45 @@ void PacketDecoder::_CBaddPeerFromHello(void *arg,const SharedPtr<Peer> &p,Topol
_CBaddPeerFromHello_Data *req = (_CBaddPeerFromHello_Data *)arg;
const RuntimeEnvironment *_r = req->renv;
switch(result) {
case Topology::PEER_VERIFY_ACCEPTED_NEW:
case Topology::PEER_VERIFY_ACCEPTED_ALREADY_HAVE:
case Topology::PEER_VERIFY_ACCEPTED_DISPLACED_INVALID_ADDRESS: {
_r->sw->doAnythingWaitingForPeer(p);
try {
switch(result) {
case Topology::PEER_VERIFY_ACCEPTED_NEW:
case Topology::PEER_VERIFY_ACCEPTED_ALREADY_HAVE:
case Topology::PEER_VERIFY_ACCEPTED_DISPLACED_INVALID_ADDRESS: {
_r->sw->doAnythingWaitingForPeer(p);
Packet outp(req->source,_r->identity.address(),Packet::VERB_OK);
outp.append((unsigned char)Packet::VERB_HELLO);
outp.append(req->helloPacketId);
outp.append(req->helloTimestamp);
outp.encrypt(p->cryptKey());
outp.hmacSet(p->macKey());
_r->demarc->send(req->localPort,req->remoteAddress,outp.data(),outp.size(),-1);
} break;
Packet outp(req->source,_r->identity.address(),Packet::VERB_OK);
outp.append((unsigned char)Packet::VERB_HELLO);
outp.append(req->helloPacketId);
outp.append(req->helloTimestamp);
outp.encrypt(p->cryptKey());
outp.hmacSet(p->macKey());
_r->demarc->send(req->localPort,req->remoteAddress,outp.data(),outp.size(),-1);
} break;
case Topology::PEER_VERIFY_REJECTED_INVALID_IDENTITY: {
Packet outp(req->source,_r->identity.address(),Packet::VERB_ERROR);
outp.append((unsigned char)Packet::VERB_HELLO);
outp.append(req->helloPacketId);
outp.append((unsigned char)Packet::ERROR_IDENTITY_INVALID);
outp.encrypt(p->cryptKey());
outp.hmacSet(p->macKey());
_r->demarc->send(req->localPort,req->remoteAddress,outp.data(),outp.size(),-1);
} break;
case Topology::PEER_VERIFY_REJECTED_INVALID_IDENTITY: {
Packet outp(req->source,_r->identity.address(),Packet::VERB_ERROR);
outp.append((unsigned char)Packet::VERB_HELLO);
outp.append(req->helloPacketId);
outp.append((unsigned char)Packet::ERROR_IDENTITY_INVALID);
outp.encrypt(p->cryptKey());
outp.hmacSet(p->macKey());
_r->demarc->send(req->localPort,req->remoteAddress,outp.data(),outp.size(),-1);
} break;
case Topology::PEER_VERIFY_REJECTED_DUPLICATE:
case Topology::PEER_VERIFY_REJECTED_DUPLICATE_TRIAGED: {
Packet outp(req->source,_r->identity.address(),Packet::VERB_ERROR);
outp.append((unsigned char)Packet::VERB_HELLO);
outp.append(req->helloPacketId);
outp.append((unsigned char)Packet::ERROR_IDENTITY_COLLISION);
outp.encrypt(p->cryptKey());
outp.hmacSet(p->macKey());
_r->demarc->send(req->localPort,req->remoteAddress,outp.data(),outp.size(),-1);
} break;
case Topology::PEER_VERIFY_REJECTED_DUPLICATE:
case Topology::PEER_VERIFY_REJECTED_DUPLICATE_TRIAGED: {
Packet outp(req->source,_r->identity.address(),Packet::VERB_ERROR);
outp.append((unsigned char)Packet::VERB_HELLO);
outp.append(req->helloPacketId);
outp.append((unsigned char)Packet::ERROR_IDENTITY_COLLISION);
outp.encrypt(p->cryptKey());
outp.hmacSet(p->macKey());
_r->demarc->send(req->localPort,req->remoteAddress,outp.data(),outp.size(),-1);
} break;
}
} catch ( ... ) {
TRACE("unexpected exception in addPeer() result callback for peer received via HELLO");
}
delete req;
@ -188,14 +191,19 @@ void PacketDecoder::_CBaddPeerFromHello(void *arg,const SharedPtr<Peer> &p,Topol
void PacketDecoder::_CBaddPeerFromWhois(void *arg,const SharedPtr<Peer> &p,Topology::PeerVerifyResult result)
{
switch(result) {
case Topology::PEER_VERIFY_ACCEPTED_NEW:
case Topology::PEER_VERIFY_ACCEPTED_ALREADY_HAVE:
case Topology::PEER_VERIFY_ACCEPTED_DISPLACED_INVALID_ADDRESS:
((const RuntimeEnvironment *)arg)->sw->doAnythingWaitingForPeer(p);
break;
default:
break;
const RuntimeEnvironment *_r = (const RuntimeEnvironment *)arg;
try {
switch(result) {
case Topology::PEER_VERIFY_ACCEPTED_NEW:
case Topology::PEER_VERIFY_ACCEPTED_ALREADY_HAVE:
case Topology::PEER_VERIFY_ACCEPTED_DISPLACED_INVALID_ADDRESS:
_r->sw->doAnythingWaitingForPeer(p);
break;
default:
break;
}
} catch ( ... ) {
TRACE("unexpected exception in addPeer() result callback for peer received via OK(WHOIS)");
}
}
@ -377,20 +385,20 @@ bool PacketDecoder::_doWHOIS(const RuntimeEnvironment *_r,const SharedPtr<Peer>
bool PacketDecoder::_doRENDEZVOUS(const RuntimeEnvironment *_r,const SharedPtr<Peer> &peer)
{
try {
//
// At the moment, we only obey RENDEZVOUS if it comes from a designated
// supernode. If relay offloading is implemented to scale the net, this
// will need reconsideration.
//
// The reason is that RENDEZVOUS could technically be used to cause a
// peer to send a weird encrypted UDP packet to an arbitrary IP:port.
// The sender of RENDEZVOUS has no control over the content of this
// packet, but it's still maybe something we want to not allow just
// anyone to order due to possible DDOS or network forensic implications.
// So if we diversify relays, we'll need some way of deciding whether the
// sender is someone we should trust with a RENDEZVOUS hint. Or maybe
// we just need rate limiting to prevent DDOS and amplification attacks.
//
/*
* At the moment, we only obey RENDEZVOUS if it comes from a designated
* supernode. If relay offloading is implemented to scale the net, this
* will need reconsideration.
*
* The reason is that RENDEZVOUS could technically be used to cause a
* peer to send a weird encrypted UDP packet to an arbitrary IP:port.
* The sender of RENDEZVOUS has no control over the content of this
* packet, but it's still maybe something we want to not allow just
* anyone to order due to possible DDOS or network forensic implications.
* So if we diversify relays, we'll need some way of deciding whether the
* sender is someone we should trust with a RENDEZVOUS hint. Or maybe
* we just need rate limiting to prevent DDOS and amplification attacks.
*/
if (_r->topology->isSupernode(source())) {
Address with(field(ZT_PROTO_VERB_RENDEZVOUS_IDX_ZTADDRESS,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH);
SharedPtr<Peer> withPeer(_r->topology->getPeer(with));
@ -455,20 +463,15 @@ bool PacketDecoder::_doMULTICAST_LIKE(const RuntimeEnvironment *_r,const SharedP
while ((ptr + 18) <= size()) {
uint64_t nwid = at<uint64_t>(ptr); ptr += 8;
SharedPtr<Network> network(_r->nc->network(nwid));
if (network) {
if (network->isAllowed(source())) {
MAC mac(field(ptr,6)); ptr += 6;
uint32_t adi = at<uint32_t>(ptr); ptr += 4;
//TRACE("peer %s likes multicast group %s:%.8lx on network %llu",source().toString().c_str(),mac.toString().c_str(),(unsigned long)adi,nwid);
_r->multicaster->likesMulticastGroup(nwid,MulticastGroup(mac,adi),source(),now);
++numAccepted;
} else {
ptr += 10;
TRACE("ignored MULTICAST_LIKE from %s(%s): not a member of closed network %.16llx",source().toString().c_str(),_remoteAddress.toString().c_str(),(unsigned long long)nwid);
}
if ((network)&&(network->isAllowed(source()))) {
MAC mac(field(ptr,6)); ptr += 6;
uint32_t adi = at<uint32_t>(ptr); ptr += 4;
//TRACE("peer %s likes multicast group %s:%.8lx on network %llu",source().toString().c_str(),mac.toString().c_str(),(unsigned long)adi,nwid);
_r->multicaster->likesMulticastGroup(nwid,MulticastGroup(mac,adi),source(),now);
++numAccepted;
} else {
ptr += 10;
TRACE("ignored MULTICAST_LIKE from %s(%s): network %.16llx unknown or we are not a member",source().toString().c_str(),_remoteAddress.toString().c_str(),(unsigned long long)nwid);
TRACE("ignored MULTICAST_LIKE from %s(%s): network %.16llx unknown, or sender is not a member of network",source().toString().c_str(),_remoteAddress.toString().c_str(),(unsigned long long)nwid);
}
}