ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-02-20 09:46:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

A bunch of multicast work... in progress.

Browse Source
This commit is contained in:
Adam Ierymenko 2019-09-07 19:15:21 -07:00
parent 0d2c87fe4e
commit 540ee69773
No known key found for this signature in database
GPG Key ID: C8877CF2D7A5D7F3
11 changed files with 139 additions and 911 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
node/Constants.hpp
View File

@ -248,7 +248,7 @@
*
* The protocol allows up to 7, but we limit it to something smaller.
*/
#define ZT_RELAY_MAX_HOPS 3
#define ZT_RELAY_MAX_HOPS 4
/**
* Expire time for multicast 'likes' and indirect multicast memberships in ms

45
node/Hashtable.hpp
View File

@ -16,19 +16,12 @@
#include "Constants.hpp"
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdexcept>
#include <vector>
#include <utility>
#include <algorithm>
namespace ZeroTier {
/**
* A minimal hash table implementation for the ZeroTier core
*
* This is optimized for smaller data sets.
*/
template<typename K,typename V>
class Hashtable
@ -40,9 +33,9 @@ private:
ZT_ALWAYS_INLINE _Bucket(const K &k) : k(k),v() {}
ZT_ALWAYS_INLINE _Bucket(const _Bucket &b) : k(b.k),v(b.v) {}
ZT_ALWAYS_INLINE _Bucket &operator=(const _Bucket &b) { k = b.k; v = b.v; return *this; }
K k;
V v;
_Bucket *next; // must be set manually for each _Bucket
const K k;
V v;
};
public:
@ -95,9 +88,9 @@ public:
//friend class Hashtable<K,V>::Iterator;
/**
* @param bc Initial capacity in buckets (default: 64, must be nonzero)
* @param bc Initial capacity in buckets (default: 32, must be nonzero)
*/
inline Hashtable(unsigned long bc = 64) :
ZT_ALWAYS_INLINE Hashtable(unsigned long bc = 32) :
_t(reinterpret_cast<_Bucket **>(::malloc(sizeof(_Bucket *) * bc))),
_bc(bc),
_s(0)
@ -108,7 +101,7 @@ public:
_t[i] = (_Bucket *)0;
}
inline Hashtable(const Hashtable<K,V> &ht) :
ZT_ALWAYS_INLINE Hashtable(const Hashtable<K,V> &ht) :
_t(reinterpret_cast<_Bucket **>(::malloc(sizeof(_Bucket *) * ht._bc))),
_bc(ht._bc),
_s(ht._s)
@ -128,13 +121,13 @@ public:
}
}
inline ~Hashtable()
ZT_ALWAYS_INLINE ~Hashtable()
{
this->clear();
::free(_t);
}
inline Hashtable &operator=(const Hashtable<K,V> &ht)
ZT_ALWAYS_INLINE Hashtable &operator=(const Hashtable<K,V> &ht)
{
this->clear();
if (ht._s) {
@ -152,7 +145,7 @@ public:
/**
* Erase all entries
*/
inline void clear()
ZT_ALWAYS_INLINE void clear()
{
if (_s) {
for(unsigned long i=0;i<_bc;++i) {
@ -171,7 +164,7 @@ public:
/**
* @return Vector of all keys
*/
inline typename std::vector<K> keys() const
ZT_ALWAYS_INLINE typename std::vector<K> keys() const
{
typename std::vector<K> k;
if (_s) {
@ -194,7 +187,7 @@ public:
* @tparam Type of V (generally inferred)
*/
template<typename C>
inline void appendKeys(C &v) const
ZT_ALWAYS_INLINE void appendKeys(C &v) const
{
if (_s) {
for(unsigned long i=0;i<_bc;++i) {
@ -210,7 +203,7 @@ public:
/**
* @return Vector of all entries (pairs of K,V)
*/
inline typename std::vector< std::pair<K,V> > entries() const
ZT_ALWAYS_INLINE typename std::vector< std::pair<K,V> > entries() const
{
typename std::vector< std::pair<K,V> > k;
if (_s) {
@ -230,7 +223,7 @@ public:
* @param k Key
* @return Pointer to value or NULL if not found
*/
ZT_ALWAYS_INLINE V *get(const K &k)
ZT_ALWAYS_INLINE V *get(const K k)
{
_Bucket *b = _t[_hc(k) % _bc];
while (b) {
@ -240,7 +233,7 @@ public:
}
return (V *)0;
}
inline const V *get(const K &k) const { return const_cast<Hashtable *>(this)->get(k); }
ZT_ALWAYS_INLINE const V *get(const K k) const { return const_cast<Hashtable *>(this)->get(k); }
/**
* @param k Key
@ -279,7 +272,7 @@ public:
* @param k Key
* @return True if value was present
*/
inline bool erase(const K &k)
ZT_ALWAYS_INLINE bool erase(const K &k)
{
const unsigned long bidx = _hc(k) % _bc;
_Bucket *lastb = (_Bucket *)0;
@ -304,7 +297,7 @@ public:
* @param v Value
* @return Reference to value in table
*/
inline V &set(const K &k,const V &v)
ZT_ALWAYS_INLINE V &set(const K &k,const V &v)
{
const unsigned long h = _hc(k);
unsigned long bidx = h % _bc;
@ -334,7 +327,7 @@ public:
* @param k Key
* @return Value, possibly newly created
*/
inline V &operator[](const K &k)
ZT_ALWAYS_INLINE V &operator[](const K k)
{
const unsigned long h = _hc(k);
unsigned long bidx = h % _bc;
@ -379,7 +372,7 @@ private:
static ZT_ALWAYS_INLINE unsigned long _hc(void *p) { return ((unsigned long)((uintptr_t)p) * (unsigned long)0x9e3779b1); }
static ZT_ALWAYS_INLINE unsigned long _hc(const void *p) { return ((unsigned long)((uintptr_t)p) * (unsigned long)0x9e3779b1); }
inline void _grow()
ZT_ALWAYS_INLINE void _grow()
{
const unsigned long nc = _bc * 2;
_Bucket **nt = reinterpret_cast<_Bucket **>(::malloc(sizeof(_Bucket *) * nc));

21
node/Identity.hpp
View File

@ -260,6 +260,27 @@ public:
*/
ZT_ALWAYS_INLINE const Address &address() const { return _address; }
/**
* Attempt to generate an older type identity from a newer type
*
* If this identity has its private key this is not transferred to
* the downgraded identity.
*
* @param dest Destination to fill with downgraded identity
* @param toType Desired identity type
*/
inline bool downgrade(Identity &dest,const Type toType)
{
if ((_type == P384)&&(toType == C25519)) {
dest._address = _address;
dest._type = C25519;
dest._hasPrivate = false;
memcpy(dest._pub.c25519,_pub.c25519,ZT_C25519_PUBLIC_KEY_LEN);
return true;
}
return false;
}
/**
* Serialize this identity (binary)
*

160
node/Multicaster.cpp
View File

@ -29,120 +29,39 @@ namespace ZeroTier {
Multicaster::Multicaster(const RuntimeEnvironment *renv) :
RR(renv),
_groups(32)
_groups(32) {}
Multicaster::~Multicaster() {}
void Multicaster::add(const int64_t now,const uint64_t nwid,const MulticastGroup &mg,const Address &member)
{
Mutex::Lock l(_groups_l);
_groups[Multicaster::Key(nwid,mg)].set(member,now);
}
Multicaster::~Multicaster()
void Multicaster::addMultiple(const int64_t now,const uint64_t nwid,const MulticastGroup &mg,const void *addresses,unsigned int count,const unsigned int totalKnown)
{
}
void Multicaster::addMultiple(void *tPtr,int64_t now,uint64_t nwid,const MulticastGroup &mg,const void *addresses,unsigned int count,unsigned int totalKnown)
{
const unsigned char *p = (const unsigned char *)addresses;
const unsigned char *e = p + (5 * count);
Mutex::Lock _l(_groups_m);
MulticastGroupStatus &gs = _groups[Multicaster::Key(nwid,mg)];
while (p != e) {
_add(tPtr,now,nwid,mg,gs,Address(p,5));
p += 5;
Mutex::Lock l(_groups_l);
const uint8_t *a = (const uint8_t *)addresses;
Hashtable< Address,int64_t > &members = _groups[Multicaster::Key(nwid,mg)];
while (count--) {
members.set(Address(a,ZT_ADDRESS_LENGTH),now);
a += ZT_ADDRESS_LENGTH;
}
}
void Multicaster::remove(uint64_t nwid,const MulticastGroup &mg,const Address &member)
void Multicaster::remove(const uint64_t nwid,const MulticastGroup &mg,const Address &member)
{
Mutex::Lock _l(_groups_m);
MulticastGroupStatus *s = _groups.get(Multicaster::Key(nwid,mg));
if (s) {
for(std::vector<MulticastGroupMember>::iterator m(s->members.begin());m!=s->members.end();++m) {
if (m->address == member) {
s->members.erase(m);
break;
}
}
Mutex::Lock l(_groups_l);
const Multicaster::Key gk(nwid,mg);
Hashtable< Address,int64_t > *const members = _groups.get(gk);
if (members) {
members->erase(member);
if (members->empty())
_groups.erase(gk);
}
}
unsigned int Multicaster::gather(const Address &queryingPeer,uint64_t nwid,const MulticastGroup &mg,Buffer<ZT_PROTO_MAX_PACKET_LENGTH> &appendTo,unsigned int limit) const
{
unsigned char *p;
unsigned int added = 0,i,k,rptr,totalKnown = 0;
uint64_t a,picked[(ZT_PROTO_MAX_PACKET_LENGTH / 5) + 2];
if (!limit)
return 0;
else if (limit > 0xffff)
limit = 0xffff;
const unsigned int totalAt = appendTo.size();
appendTo.addSize(4); // sizeof(uint32_t)
const unsigned int addedAt = appendTo.size();
appendTo.addSize(2); // sizeof(uint16_t)
{ // Return myself if I am a member of this group
SharedPtr<Network> network(RR->node->network(nwid));
if ((network)&&(network->subscribedToMulticastGroup(mg,true))) {
RR->identity.address().appendTo(appendTo);
++totalKnown;
++added;
}
}
Mutex::Lock _l(_groups_m);
const MulticastGroupStatus *s = _groups.get(Multicaster::Key(nwid,mg));
if ((s)&&(!s->members.empty())) {
totalKnown += (unsigned int)s->members.size();
// Members are returned in random order so that repeated gather queries
// will return different subsets of a large multicast group.
k = 0;
while ((added < limit)&&(k < s->members.size())&&((appendTo.size() + ZT_ADDRESS_LENGTH) <= ZT_PROTO_MAX_PACKET_LENGTH)) {
rptr = (unsigned int)Utils::random();
restart_member_scan:
a = s->members[rptr % (unsigned int)s->members.size()].address.toInt();
for(i=0;i<k;++i) {
if (picked[i] == a) {
++rptr;
goto restart_member_scan;
}
}
picked[k++] = a;
if (queryingPeer.toInt() != a) { // do not return the peer that is making the request as a result
p = (unsigned char *)appendTo.appendField(ZT_ADDRESS_LENGTH);
*(p++) = (unsigned char)((a >> 32) & 0xff);
*(p++) = (unsigned char)((a >> 24) & 0xff);
*(p++) = (unsigned char)((a >> 16) & 0xff);
*(p++) = (unsigned char)((a >> 8) & 0xff);
*p = (unsigned char)(a & 0xff);
++added;
}
}
}
appendTo.setAt(totalAt,(uint32_t)totalKnown);
appendTo.setAt(addedAt,(uint16_t)added);
return added;
}
std::vector<Address> Multicaster::getMembers(uint64_t nwid,const MulticastGroup &mg,unsigned int limit) const
{
std::vector<Address> ls;
Mutex::Lock _l(_groups_m);
const MulticastGroupStatus *s = _groups.get(Multicaster::Key(nwid,mg));
if (!s)
return ls;
for(std::vector<MulticastGroupMember>::const_reverse_iterator m(s->members.rbegin());m!=s->members.rend();++m) {
ls.push_back(m->address);
if (ls.size() >= limit)
break;
}
return ls;
}
void Multicaster::send(
void *tPtr,
int64_t now,
@ -154,6 +73,7 @@ void Multicaster::send(
const void *data,
unsigned int len)
{
#if 0
unsigned long idxbuf[4096];
unsigned long *indexes = idxbuf;
@ -322,10 +242,12 @@ void Multicaster::send(
// Free allocated memory buffer if any
if (indexes != idxbuf)
delete [] indexes;
#endif
}
void Multicaster::clean(int64_t now)
{
#if 0
{
Mutex::Lock _l(_groups_m);
Multicaster::Key *k = (Multicaster::Key *)0;
@ -361,37 +283,7 @@ void Multicaster::clean(int64_t now)
}
}
}
}
void Multicaster::_add(void *tPtr,int64_t now,uint64_t nwid,const MulticastGroup &mg,MulticastGroupStatus &gs,const Address &member)
{
// assumes _groups_m is locked
// Do not add self -- even if someone else returns it
if (member == RR->identity.address())
return;
std::vector<MulticastGroupMember>::iterator m(std::lower_bound(gs.members.begin(),gs.members.end(),member));
if (m != gs.members.end()) {
if (m->address == member) {
m->timestamp = now;
return;
}
gs.members.insert(m,MulticastGroupMember(member,now));
} else {
gs.members.push_back(MulticastGroupMember(member,now));
}
for(std::list<OutboundMulticast>::iterator tx(gs.txQueue.begin());tx!=gs.txQueue.end();) {
if (tx->atLimit())
gs.txQueue.erase(tx++);
else {
tx->sendIfNew(RR,tPtr,member);
if (tx->atLimit())
gs.txQueue.erase(tx++);
else ++tx;
}
}
#endif
}
} // namespace ZeroTier

112
node/Multicaster.hpp
View File

@ -19,7 +19,6 @@
#include <map>
#include <vector>
#include <list>
#include "Constants.hpp"
#include "Hashtable.hpp"
@ -39,7 +38,7 @@ class Packet;
class Network;
/**
* Database of known multicast peers within a network
* Multicast database and outbound multicast handler
*/
class Multicaster
{
@ -55,11 +54,7 @@ public:
* @param mg Multicast group
* @param member New member address
*/
inline void add(void *tPtr,int64_t now,uint64_t nwid,const MulticastGroup &mg,const Address &member)
{
Mutex::Lock _l(_groups_m);
_add(tPtr,now,nwid,mg,_groups[Multicaster::Key(nwid,mg)],member);
}
void add(const int64_t now,const uint64_t nwid,const MulticastGroup &mg,const Address &member);
/**
* Add multiple addresses from a binary array of 5-byte address fields
@ -74,7 +69,7 @@ public:
* @param count Number of addresses
* @param totalKnown Total number of known addresses as reported by peer
*/
void addMultiple(void *tPtr,int64_t now,uint64_t nwid,const MulticastGroup &mg,const void *addresses,unsigned int count,unsigned int totalKnown);
void addMultiple(const int64_t now,const uint64_t nwid,const MulticastGroup &mg,const void *addresses,unsigned int count,const unsigned int totalKnown);
/**
* Remove a multicast group member (if present)
@ -83,35 +78,46 @@ public:
* @param mg Multicast group
* @param member Member to unsubscribe
*/
void remove(uint64_t nwid,const MulticastGroup &mg,const Address &member);
void remove(const uint64_t nwid,const MulticastGroup &mg,const Address &member);
/**
* Append gather results to a packet by choosing registered multicast recipients at random
* Iterate over members of a multicast group until function returns false
*
* This appends the following fields to the packet:
* <[4] 32-bit total number of known members in this multicast group>
* <[2] 16-bit number of members enumerated in this packet>
* <[...] series of 5-byte ZeroTier addresses of enumerated members>
*
* If zero is returned, the first two fields will still have been appended.
*
* @param queryingPeer Peer asking for gather (to skip in results)
* @param nwid Network ID
* @param mg Multicast group
* @param appendTo Packet to append to
* @param limit Maximum number of 5-byte addresses to append
* @return Number of addresses appended
* @throws std::out_of_range Buffer overflow writing to packet
*/
unsigned int gather(const Address &queryingPeer,uint64_t nwid,const MulticastGroup &mg,Buffer<ZT_PROTO_MAX_PACKET_LENGTH> &appendTo,unsigned int limit) const;
/**
* Get subscribers to a multicast group
* Iteration order is in inverse order of most recent receipt of a LIKE
* for a given membership.
*
* @param nwid Network ID
* @param mg Multicast group
* @param func f(Address)
* @return Total number of known members (regardless of when function aborted)
*/
std::vector<Address> getMembers(uint64_t nwid,const MulticastGroup &mg,unsigned int limit) const;
template<typename F>
inline unsigned long eachMember(const uint64_t nwid,const MulticastGroup &mg,F func) const
{
std::vector< std::pair<int64_t,Address> > sortedByTime;
{
Mutex::Lock l(_groups_l);
const Multicaster::Key gk(nwid,mg);
const Hashtable< Address,int64_t > *const members = _groups.get(gk);
if (members) {
totalKnown = members->size();
sortedByTime.reserve(totalKnown);
{
Hashtable< Address,int64_t >::Iterator mi(*const_cast<Hashtable< Address,int64_t > *>(members));
Address *mik = nullptr;
int64_t *miv = nullptr;
while (mi.next(mik,miv))
sortedByTime.push_back(std::pair<int64_t,Address>(*miv,*mik));
}
std::sort(sortedByTime.begin(),sortedByTime.end());
}
}
for(std::vector< std::pair<int64_t,Address> >::const_reverse_iterator i(sortedByTime.begin());i!=sortedByTime.end();++i) {
if (!func(i->second))
break;
}
return sortedByTime.size();
}
/**
* Send a multicast
@ -148,48 +154,26 @@ public:
private:
struct Key
{
inline Key() : nwid(0),mg() {}
inline Key(uint64_t n,const MulticastGroup &g) : nwid(n),mg(g) {}
ZT_ALWAYS_INLINE Key() : nwid(0),mg() {}
ZT_ALWAYS_INLINE Key(const uint64_t n,const MulticastGroup &g) : nwid(n),mg(g) {}
uint64_t nwid;
MulticastGroup mg;
inline bool operator==(const Key &k) const { return ((nwid == k.nwid)&&(mg == k.mg)); }
inline bool operator!=(const Key &k) const { return ((nwid != k.nwid)||(mg != k.mg)); }
inline unsigned long hashCode() const { return (mg.hashCode() ^ (unsigned long)(nwid ^ (nwid >> 32))); }
ZT_ALWAYS_INLINE bool operator==(const Key &k) const { return ((nwid == k.nwid)&&(mg == k.mg)); }
ZT_ALWAYS_INLINE bool operator!=(const Key &k) const { return ((nwid != k.nwid)||(mg != k.mg)); }
ZT_ALWAYS_INLINE unsigned long hashCode() const { return (mg.hashCode() ^ (unsigned long)(nwid ^ (nwid >> 32))); }
};
struct MulticastGroupMember
{
inline MulticastGroupMember() {}
inline MulticastGroupMember(const Address &a,uint64_t ts) : address(a),timestamp(ts) {}
inline bool operator<(const MulticastGroupMember &a) const { return (address < a.address); }
inline bool operator==(const MulticastGroupMember &a) const { return (address == a.address); }
inline bool operator!=(const MulticastGroupMember &a) const { return (address != a.address); }
inline bool operator<(const Address &a) const { return (address < a); }
inline bool operator==(const Address &a) const { return (address == a); }
inline bool operator!=(const Address &a) const { return (address != a); }
Address address;
uint64_t timestamp; // time of last notification
};
struct MulticastGroupStatus
{
inline MulticastGroupStatus() : lastExplicitGather(0) {}
uint64_t lastExplicitGather;
std::list<OutboundMulticast> txQueue; // pending outbound multicasts
std::vector<MulticastGroupMember> members; // members of this group
};
void _add(void *tPtr,int64_t now,uint64_t nwid,const MulticastGroup &mg,MulticastGroupStatus &gs,const Address &member);
const RuntimeEnvironment *const RR;
Hashtable<Multicaster::Key,MulticastGroupStatus> _groups;
Mutex _groups_m;
OutboundMulticast _txQueue[ZT_TX_QUEUE_SIZE];
unsigned int _txQueuePtr;
Mutex _txQueue_l;
Hashtable< Multicaster::Key,Hashtable< Address,int64_t > > _groups;
Mutex _groups_l;
};
} // namespace ZeroTier

6
node/OutboundMulticast.cpp
View File

@ -27,8 +27,6 @@ void OutboundMulticast::init(
uint64_t timestamp,
uint64_t nwid,
bool disableCompression,
unsigned int limit,
unsigned int gatherLimit,
const MAC &src,
const MulticastGroup &dest,
unsigned int etherType,
@ -46,17 +44,13 @@ void OutboundMulticast::init(
_macSrc.fromAddress(RR->identity.address(),nwid);
}
_macDest = dest.mac();
_limit = limit;
_frameLen = (len < ZT_MAX_MTU) ? len : ZT_MAX_MTU;
_etherType = etherType;
if (gatherLimit) flags |= 0x02;
_packet.setSource(RR->identity.address());
_packet.setVerb(Packet::VERB_MULTICAST_FRAME);
_packet.append((uint64_t)nwid);
_packet.append(flags);
if (gatherLimit) _packet.append((uint32_t)gatherLimit);
if (src) src.appendTo(_packet);
dest.mac().appendTo(_packet);
_packet.append((uint32_t)dest.adi());

24
node/OutboundMulticast.hpp
View File

@ -43,7 +43,7 @@ public:
*
* It must be initialized with init().
*/
inline OutboundMulticast() {}
ZT_ALWAYS_INLINE OutboundMulticast() {}
/**
* Initialize outbound multicast
@ -53,7 +53,6 @@ public:
* @param nwid Network ID
* @param disableCompression Disable compression of frame payload
* @param limit Multicast limit for desired number of packets to send
* @param gatherLimit Number to lazily/implicitly gather with this frame or 0 for none
* @param src Source MAC address of frame or NULL to imply compute from sender ZT address
* @param dest Destination multicast group (MAC + ADI)
* @param etherType 16-bit Ethernet type ID
@ -66,8 +65,6 @@ public:
uint64_t timestamp,
uint64_t nwid,
bool disableCompression,
unsigned int limit,
unsigned int gatherLimit,
const MAC &src,
const MulticastGroup &dest,
unsigned int etherType,
@ -77,18 +74,18 @@ public:
/**
* @return Multicast creation time
*/
inline uint64_t timestamp() const { return _timestamp; }
ZT_ALWAYS_INLINE uint64_t timestamp() const { return _timestamp; }
/**
* @param now Current time
* @return True if this multicast is expired (has exceeded transmit timeout)
*/
inline bool expired(int64_t now) const { return ((now - _timestamp) >= ZT_MULTICAST_TRANSMIT_TIMEOUT); }
ZT_ALWAYS_INLINE bool expired(int64_t now) const { return ((now - _timestamp) >= ZT_MULTICAST_TRANSMIT_TIMEOUT); }
/**
* @return True if this outbound multicast has been sent to enough peers
*/
inline bool atLimit() const { return (_alreadySentTo.size() >= _limit); }
ZT_ALWAYS_INLINE bool atLimit() const { return (_alreadySentTo.size() >= _limit); }
/**
* Just send without checking log
@ -106,9 +103,9 @@ public:
* @param tPtr Thread pointer to be handed through to any callbacks called as a result of this call
* @param toAddr Destination address
*/
inline void sendAndLog(const RuntimeEnvironment *RR,void *tPtr,const Address &toAddr)
ZT_ALWAYS_INLINE void sendAndLog(const RuntimeEnvironment *RR,void *tPtr,const Address &toAddr)
{
_alreadySentTo.push_back(toAddr);
_alreadySentTo.insert(std::upper_bound(_alreadySentTo.begin(),_alreadySentTo.end(),toAddr),toAddr); // sorted insert
sendOnly(RR,tPtr,toAddr);
}
@ -117,9 +114,9 @@ public:
*
* @param toAddr Address to log as sent
*/
inline void logAsSent(const Address &toAddr)
ZT_ALWAYS_INLINE void logAsSent(const Address &toAddr)
{
_alreadySentTo.push_back(toAddr);
_alreadySentTo.insert(std::upper_bound(_alreadySentTo.begin(),_alreadySentTo.end(),toAddr),toAddr); // sorted insert
}
/**
@ -130,9 +127,9 @@ public:
* @param toAddr Destination address
* @return True if address is new and packet was sent to switch, false if duplicate
*/
inline bool sendIfNew(const RuntimeEnvironment *RR,void *tPtr,const Address &toAddr)
ZT_ALWAYS_INLINE bool sendIfNew(const RuntimeEnvironment *RR,void *tPtr,const Address &toAddr)
{
if (std::find(_alreadySentTo.begin(),_alreadySentTo.end(),toAddr) == _alreadySentTo.end()) {
if (!std::binary_search(_alreadySentTo.begin(),_alreadySentTo.end(),toAddr)) {
sendAndLog(RR,tPtr,toAddr);
return true;
} else {
@ -145,7 +142,6 @@ private:
uint64_t _nwid;
MAC _macSrc;
MAC _macDest;
unsigned int _limit;
unsigned int _frameLen;
unsigned int _etherType;
Packet _packet,_tmp;

48
node/Packet.hpp
View File

@ -62,7 +62,6 @@
* + Old planet/moon stuff is DEAD!
* + AES-256-GMAC-CTR encryption is now the default
* + NIST P-384 (type 1) identities now supported
* + Minimum proto version is now 8 (1.1.17 and newer)
* + WILL_RELAY allows mesh-like operation
* + Ephemeral keys are now negotiated opportunistically
*/
@ -71,7 +70,7 @@
/**
* Minimum supported protocol version
*/
#define ZT_PROTO_VERSION_MIN 8
#define ZT_PROTO_VERSION_MIN 6
/**
* Maximum hop count allowed by packet structure (3 bits, 0-7)
@ -93,21 +92,16 @@
#define ZT_PROTO_CIPHER_SUITE__POLY1305_SALSA2012 1
/**
* Cipher suite: NONE
* No encryption or authentication at all
*
* This differs from POLY1305/NONE in that *no* crypto is done, not even
* authentication. This is for trusted local LAN interconnects for internal
* SDN use within a data center.
*
* For this mode the MAC field becomes a trusted path ID and must match the
* configured ID of a trusted path or the packet is discarded.
* For trusted paths the MAC field is the trusted path ID.
*/
#define ZT_PROTO_CIPHER_SUITE__NO_CRYPTO_TRUSTED_PATH 2
#define ZT_PROTO_CIPHER_SUITE__NONE 2
/**
* AES-256-GMAC-CTR
* AES-GMAC_SIV with AES-256
*/
#define ZT_PROTO_CIPHER_SUITE__AES256_GMAC_CTR 3
#define ZT_PROTO_CIPHER_SUITE__AES256_GMAC_SIV 3
/**
* Header flag indicating that a packet is fragmented
@ -693,10 +687,6 @@ public:
* <[6] MAC address of multicast group being queried>
* <[4] 32-bit ADI for multicast group being queried>
* <[4] 32-bit requested max number of multicast peers>
* [<[...] network certificate of membership>]
*
* Flags:
* 0x01 - COM is attached (DEPRECATED)
*
* More than one OK response can occur if the response is broken up across
* multiple packets or if querying a clustered node.
@ -718,10 +708,9 @@ public:
* Multicast frame:
* <[8] 64-bit network ID>
* <[1] flags>
* [<[4] 32-bit implicit gather limit>]
* [<[...] network certificate of membership (DEPRECATED)>]
* [<[4] 32-bit implicit gather limit (DEPRECATED)>]
* [<[6] source MAC>]
* [<[2] number of explicitly specified recipients>]
* [<[...] series of 5-byte explicitly specified recipients>]
* <[6] destination MAC (multicast address)>
* <[4] 32-bit multicast ADI (multicast address extension)>
* <[2] 16-bit ethertype>
@ -733,20 +722,9 @@ public:
* 0x04 - Source MAC is specified -- otherwise it's computed from sender
* 0x08 - Explicit recipient list included for P2P/HS replication
*
* Explicit recipient lists are used for peer to peer or hub and spoke
* replication.
*
* OK response payload:
* <[8] 64-bit network ID>
* <[6] MAC address of multicast group>
* <[4] 32-bit ADI for multicast group>
* <[1] flags>
* [<[...] network certificate of membership (DEPRECATED)>]
* [<[...] implicit gather results if flag 0x01 is set>]
*
* OK flags (same bits as request flags):
* 0x01 - OK includes certificate of network membership (DEPRECATED)
* 0x02 - OK includes implicit gather results
* ERROR_MULTICAST_STFU is generated if a recipient no longer wishes to
* receive these multicasts. It's essentially a source quench. Its
* payload is:
*
* ERROR response payload:
* <[8] 64-bit network ID>
@ -965,7 +943,7 @@ public:
ERROR_NETWORK_ACCESS_DENIED_ = 0x07, /* extra _ at end to avoid Windows name conflict */
/* Multicasts to this group are not wanted */
ERROR_UNWANTED_MULTICAST = 0x08,
ERROR_MULTICAST_STFU = 0x08,
/* Cannot deliver a forwarded ZeroTier packet (e.g. hops exceeded, no routes) */
/* Payload: <packet ID>, <destination>, <... additional packet ID / destinations> */
@ -1158,7 +1136,7 @@ public:
*/
ZT_ALWAYS_INLINE void setTrusted(const uint64_t tpid)
{
setCipher(ZT_PROTO_CIPHER_SUITE__NO_CRYPTO_TRUSTED_PATH);
setCipher(ZT_PROTO_CIPHER_SUITE__NONE);
setAt(ZT_PACKET_IDX_MAC,tpid);
}

2
node/SHA512.hpp
View File

@ -32,7 +32,7 @@
#define ZT_HMACSHA384_LEN 48
#define ZT_PROTO_KBKDF_LABEL_KEY_USE_HMAC 'H'
#define ZT_PROTO_KBKDF_LABEL_KEY_USE_HMAC_SHA_384 'H'
#define ZT_PROTO_KBKDF_LABEL_KEY_USE_AES_GMAC_SIV_K1 '1'
#define ZT_PROTO_KBKDF_LABEL_KEY_USE_AES_GMAC_SIV_K2 '2'
#define ZT_PROTO_KBKDF_LABEL_KEY_USE_AES_GMAC_SIV_K3 '3'

426
service/SoftwareUpdater.cpp
View File

@ -1,426 +0,0 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2023-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
*/
/****/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include "../node/Constants.hpp"
#include "../version.h"
#ifdef __WINDOWS__
#include <WinSock2.h>
#include <Windows.h>
#include <ShlObj.h>
#include <netioapi.h>
#include <iphlpapi.h>
#else
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <unistd.h>
#include <ifaddrs.h>
#endif
#include "SoftwareUpdater.hpp"
#include "../node/Utils.hpp"
#include "../node/SHA512.hpp"
#include "../node/Buffer.hpp"
#include "../node/Node.hpp"
#include "../osdep/OSUtils.hpp"
namespace ZeroTier {
static int _compareVersion(unsigned int maj1,unsigned int min1,unsigned int rev1,unsigned int b1,unsigned int maj2,unsigned int min2,unsigned int rev2,unsigned int b2)
{
if (maj1 > maj2) {
return 1;
} else if (maj1 < maj2) {
return -1;
} else {
if (min1 > min2) {
return 1;
} else if (min1 < min2) {
return -1;
} else {
if (rev1 > rev2) {
return 1;
} else if (rev1 < rev2) {
return -1;
} else {
if (b1 > b2) {
return 1;
} else if (b1 < b2) {
return -1;
} else {
return 0;
}
}
}
}
}
SoftwareUpdater::SoftwareUpdater(Node &node,const std::string &homePath) :
_node(node),
_lastCheckTime(0),
_homePath(homePath),
_channel(ZT_SOFTWARE_UPDATE_DEFAULT_CHANNEL),
_distLog((FILE *)0),
_latestValid(false),
_downloadLength(0)
{
OSUtils::rm((_homePath + ZT_PATH_SEPARATOR_S ZT_SOFTWARE_UPDATE_BIN_FILENAME).c_str());
}
SoftwareUpdater::~SoftwareUpdater()
{
if (_distLog)
fclose(_distLog);
}
void SoftwareUpdater::setUpdateDistribution(bool distribute)
{
_dist.clear();
if (distribute) {
_distLog = fopen((_homePath + ZT_PATH_SEPARATOR_S "update-dist.log").c_str(),"a");
const std::string udd(_homePath + ZT_PATH_SEPARATOR_S "update-dist.d");
const std::vector<std::string> ud(OSUtils::listDirectory(udd.c_str()));
for(std::vector<std::string>::const_iterator u(ud.begin());u!=ud.end();++u) {
// Each update has a companion .json file describing it. Other files are ignored.
if ((u->length() > 5)&&(u->substr(u->length() - 5,5) == ".json")) {
std::string buf;
if (OSUtils::readFile((udd + ZT_PATH_SEPARATOR_S + *u).c_str(),buf)) {
try {
_D d;
d.meta = OSUtils::jsonParse(buf); // throws on invalid JSON
// If update meta is called e.g. foo.exe.json, then foo.exe is the update itself
const std::string binPath(udd + ZT_PATH_SEPARATOR_S + u->substr(0,u->length() - 5));
const std::string metaHash(OSUtils::jsonBinFromHex(d.meta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_HASH]));
if ((metaHash.length() == ZT_SHA512_DIGEST_LEN)&&(OSUtils::readFile(binPath.c_str(),d.bin))) {
std::array<uint8_t,ZT_SHA512_DIGEST_LEN> sha512;
SHA512::hash(sha512.data(),d.bin.data(),(unsigned int)d.bin.length());
if (!memcmp(sha512.data(),metaHash.data(),ZT_SHA512_DIGEST_LEN)) { // double check that hash in JSON is correct
d.meta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIZE] = d.bin.length(); // override with correct value -- setting this in meta json is optional
std::array<uint8_t,16> shakey;
memcpy(shakey.data(),sha512.data(),16);
_dist[shakey] = d;
if (_distLog) {
fprintf(_distLog,".......... INIT: DISTRIBUTING %s (%u bytes)" ZT_EOL_S,binPath.c_str(),(unsigned int)d.bin.length());
fflush(_distLog);
}
}
}
} catch ( ... ) {} // ignore bad meta JSON, etc.
}
}
}
} else {
if (_distLog) {
fclose(_distLog);
_distLog = (FILE *)0;
}
}
}
void SoftwareUpdater::handleSoftwareUpdateUserMessage(uint64_t origin,const void *data,unsigned int len)
{
if (!len) return;
const MessageVerb v = (MessageVerb)reinterpret_cast<const uint8_t *>(data)[0];
try {
switch(v) {
case VERB_GET_LATEST:
case VERB_LATEST: {
nlohmann::json req = OSUtils::jsonParse(std::string(reinterpret_cast<const char *>(data) + 1,len - 1)); // throws on invalid JSON
if (req.is_object()) {
const unsigned int rvMaj = (unsigned int)OSUtils::jsonInt(req[ZT_SOFTWARE_UPDATE_JSON_VERSION_MAJOR],0);
const unsigned int rvMin = (unsigned int)OSUtils::jsonInt(req[ZT_SOFTWARE_UPDATE_JSON_VERSION_MINOR],0);
const unsigned int rvRev = (unsigned int)OSUtils::jsonInt(req[ZT_SOFTWARE_UPDATE_JSON_VERSION_REVISION],0);
const unsigned int rvBld = (unsigned int)OSUtils::jsonInt(req[ZT_SOFTWARE_UPDATE_JSON_VERSION_BUILD],0);
const unsigned int rvPlatform = (unsigned int)OSUtils::jsonInt(req[ZT_SOFTWARE_UPDATE_JSON_PLATFORM],0);
const unsigned int rvArch = (unsigned int)OSUtils::jsonInt(req[ZT_SOFTWARE_UPDATE_JSON_ARCHITECTURE],0);
const unsigned int rvVendor = (unsigned int)OSUtils::jsonInt(req[ZT_SOFTWARE_UPDATE_JSON_VENDOR],0);
const std::string rvChannel(OSUtils::jsonString(req[ZT_SOFTWARE_UPDATE_JSON_CHANNEL],""));
if (v == VERB_GET_LATEST) {
if (_dist.size() > 0) {
const nlohmann::json *latest = (const nlohmann::json *)0;
const std::string expectedSigner = OSUtils::jsonString(req[ZT_SOFTWARE_UPDATE_JSON_EXPECT_SIGNED_BY],"");
unsigned int bestVMaj = rvMaj;
unsigned int bestVMin = rvMin;
unsigned int bestVRev = rvRev;
unsigned int bestVBld = rvBld;
for(std::map< std::array<uint8_t,16>,_D >::const_iterator d(_dist.begin());d!=_dist.end();++d) {
// The arch field in update description .json files can be an array for e.g. multi-arch update files
const nlohmann::json &dvArch2 = d->second.meta[ZT_SOFTWARE_UPDATE_JSON_ARCHITECTURE];
std::vector<unsigned int> dvArch;
if (dvArch2.is_array()) {
for(unsigned long i=0;i<dvArch2.size();++i)
dvArch.push_back((unsigned int)OSUtils::jsonInt(dvArch2[i],0));
} else {
dvArch.push_back((unsigned int)OSUtils::jsonInt(dvArch2,0));
}
if ((OSUtils::jsonInt(d->second.meta[ZT_SOFTWARE_UPDATE_JSON_PLATFORM],0) == rvPlatform)&&
(std::find(dvArch.begin(),dvArch.end(),rvArch) != dvArch.end())&&
(OSUtils::jsonInt(d->second.meta[ZT_SOFTWARE_UPDATE_JSON_VENDOR],0) == rvVendor)&&
(OSUtils::jsonString(d->second.meta[ZT_SOFTWARE_UPDATE_JSON_CHANNEL],"") == rvChannel)&&
(OSUtils::jsonString(d->second.meta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIGNED_BY],"") == expectedSigner)) {
const unsigned int dvMaj = (unsigned int)OSUtils::jsonInt(d->second.meta[ZT_SOFTWARE_UPDATE_JSON_VERSION_MAJOR],0);
const unsigned int dvMin = (unsigned int)OSUtils::jsonInt(d->second.meta[ZT_SOFTWARE_UPDATE_JSON_VERSION_MINOR],0);
const unsigned int dvRev = (unsigned int)OSUtils::jsonInt(d->second.meta[ZT_SOFTWARE_UPDATE_JSON_VERSION_REVISION],0);
const unsigned int dvBld = (unsigned int)OSUtils::jsonInt(d->second.meta[ZT_SOFTWARE_UPDATE_JSON_VERSION_BUILD],0);
if (_compareVersion(dvMaj,dvMin,dvRev,dvBld,bestVMaj,bestVMin,bestVRev,bestVBld) > 0) {
latest = &(d->second.meta);
bestVMaj = dvMaj;
bestVMin = dvMin;
bestVRev = dvRev;
bestVBld = dvBld;
}
}
}
if (latest) {
std::string lj;
lj.push_back((char)VERB_LATEST);
lj.append(OSUtils::jsonDump(*latest));
_node.sendUserMessage((void *)0,origin,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,lj.data(),(unsigned int)lj.length());
if (_distLog) {
fprintf(_distLog,"%.10llx GET_LATEST %u.%u.%u_%u platform %u arch %u vendor %u channel %s -> LATEST %u.%u.%u_%u" ZT_EOL_S,(unsigned long long)origin,rvMaj,rvMin,rvRev,rvBld,rvPlatform,rvArch,rvVendor,rvChannel.c_str(),bestVMaj,bestVMin,bestVRev,bestVBld);
fflush(_distLog);
}
}
} // else no reply, since we have nothing to distribute
} else { // VERB_LATEST
if ((origin == ZT_SOFTWARE_UPDATE_SERVICE)&&
(_compareVersion(rvMaj,rvMin,rvRev,rvBld,ZEROTIER_ONE_VERSION_MAJOR,ZEROTIER_ONE_VERSION_MINOR,ZEROTIER_ONE_VERSION_REVISION,ZEROTIER_ONE_VERSION_BUILD) > 0)&&
(OSUtils::jsonString(req[ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIGNED_BY],"") == ZT_SOFTWARE_UPDATE_SIGNING_AUTHORITY)) {
const unsigned long len = (unsigned long)OSUtils::jsonInt(req[ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIZE],0);
const std::string hash = OSUtils::jsonBinFromHex(req[ZT_SOFTWARE_UPDATE_JSON_UPDATE_HASH]);
if ((len <= ZT_SOFTWARE_UPDATE_MAX_SIZE)&&(hash.length() >= 16)) {
if (_latestMeta != req) {
_latestMeta = req;
_latestValid = false;
OSUtils::rm((_homePath + ZT_PATH_SEPARATOR_S ZT_SOFTWARE_UPDATE_BIN_FILENAME).c_str());
_download = std::string();
memcpy(_downloadHashPrefix.data(),hash.data(),16);
_downloadLength = len;
}
if ((_downloadLength > 0)&&(_download.length() < _downloadLength)) {
Buffer<128> gd;
gd.append((uint8_t)VERB_GET_DATA);
gd.append(_downloadHashPrefix.data(),16);
gd.append((uint32_t)_download.length());
_node.sendUserMessage((void *)0,ZT_SOFTWARE_UPDATE_SERVICE,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,gd.data(),gd.size());
}
}
}
}
}
} break;
case VERB_GET_DATA:
if ((len >= 21)&&(_dist.size() > 0)) {
unsigned long idx = (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 17) << 24;
idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 18) << 16;
idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 19) << 8;
idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 20);
std::array<uint8_t,16> shakey;
memcpy(shakey.data(),reinterpret_cast<const uint8_t *>(data) + 1,16);
std::map< std::array<uint8_t,16>,_D >::iterator d(_dist.find(shakey));
if ((d != _dist.end())&&(idx < (unsigned long)d->second.bin.length())) {
Buffer<ZT_SOFTWARE_UPDATE_CHUNK_SIZE + 128> buf;
buf.append((uint8_t)VERB_DATA);
buf.append(reinterpret_cast<const uint8_t *>(data) + 1,16);
buf.append((uint32_t)idx);
buf.append(d->second.bin.data() + idx,std::min((unsigned long)ZT_SOFTWARE_UPDATE_CHUNK_SIZE,(unsigned long)(d->second.bin.length() - idx)));
_node.sendUserMessage((void *)0,origin,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,buf.data(),buf.size());
}
}
break;
case VERB_DATA:
if ((len >= 21)&&(_downloadLength > 0)&&(!memcmp(_downloadHashPrefix.data(),reinterpret_cast<const uint8_t *>(data) + 1,16))) {
unsigned long idx = (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 17) << 24;
idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 18) << 16;
idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 19) << 8;
idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 20);
if (idx == (unsigned long)_download.length()) {
_download.append(reinterpret_cast<const char *>(data) + 21,len - 21);
if (_download.length() < _downloadLength) {
Buffer<128> gd;
gd.append((uint8_t)VERB_GET_DATA);
gd.append(_downloadHashPrefix.data(),16);
gd.append((uint32_t)_download.length());
_node.sendUserMessage((void *)0,ZT_SOFTWARE_UPDATE_SERVICE,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,gd.data(),gd.size());
}
}
}
break;
default:
if (_distLog) {
fprintf(_distLog,"%.10llx WARNING: bad update message verb==%u length==%u (unrecognized verb)" ZT_EOL_S,(unsigned long long)origin,(unsigned int)v,len);
fflush(_distLog);
}
break;
}
} catch ( ... ) {
if (_distLog) {
fprintf(_distLog,"%.10llx WARNING: bad update message verb==%u length==%u (unexpected exception, likely invalid JSON)" ZT_EOL_S,(unsigned long long)origin,(unsigned int)v,len);
fflush(_distLog);
}
}
}
bool SoftwareUpdater::check(const int64_t now)
{
if ((now - _lastCheckTime) >= ZT_SOFTWARE_UPDATE_CHECK_PERIOD) {
_lastCheckTime = now;
char tmp[512];
const unsigned int len = OSUtils::ztsnprintf(tmp,sizeof(tmp),
"%c{\"" ZT_SOFTWARE_UPDATE_JSON_VERSION_MAJOR "\":%d,"
"\"" ZT_SOFTWARE_UPDATE_JSON_VERSION_MINOR "\":%d,"
"\"" ZT_SOFTWARE_UPDATE_JSON_VERSION_REVISION "\":%d,"
"\"" ZT_SOFTWARE_UPDATE_JSON_VERSION_BUILD "\":%d,"
"\"" ZT_SOFTWARE_UPDATE_JSON_EXPECT_SIGNED_BY "\":\"%s\","
"\"" ZT_SOFTWARE_UPDATE_JSON_PLATFORM "\":%d,"
"\"" ZT_SOFTWARE_UPDATE_JSON_ARCHITECTURE "\":%d,"
"\"" ZT_SOFTWARE_UPDATE_JSON_VENDOR "\":%d,"
"\"" ZT_SOFTWARE_UPDATE_JSON_CHANNEL "\":\"%s\"}",
(char)VERB_GET_LATEST,
ZEROTIER_ONE_VERSION_MAJOR,
ZEROTIER_ONE_VERSION_MINOR,
ZEROTIER_ONE_VERSION_REVISION,
ZEROTIER_ONE_VERSION_BUILD,
ZT_SOFTWARE_UPDATE_SIGNING_AUTHORITY,
ZT_BUILD_PLATFORM,
ZT_BUILD_ARCHITECTURE,
(int)ZT_VENDOR_ZEROTIER,
_channel.c_str());
_node.sendUserMessage((void *)0,ZT_SOFTWARE_UPDATE_SERVICE,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,tmp,len);
}
if (_latestValid)
return true;
if (_downloadLength > 0) {
if (_download.length() >= _downloadLength) {
// This is the very important security validation part that makes sure
// this software update doesn't have cooties.
const std::string binPath(_homePath + ZT_PATH_SEPARATOR_S ZT_SOFTWARE_UPDATE_BIN_FILENAME);
try {
// (1) Check the hash itself to make sure the image is basically okay
uint8_t sha512[ZT_SHA512_DIGEST_LEN];
SHA512::hash(sha512,_download.data(),(unsigned int)_download.length());
char hexbuf[(ZT_SHA512_DIGEST_LEN * 2) + 2];
if (OSUtils::jsonString(_latestMeta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_HASH],"") == Utils::hex(sha512,ZT_SHA512_DIGEST_LEN,hexbuf)) {
// (2) Check signature by signing authority
const std::string sig(OSUtils::jsonBinFromHex(_latestMeta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIGNATURE]));
if (Identity(ZT_SOFTWARE_UPDATE_SIGNING_AUTHORITY).verify(_download.data(),(unsigned int)_download.length(),sig.data(),(unsigned int)sig.length())) {
// (3) Try to save file, and if so we are good.
OSUtils::rm(binPath.c_str());
if (OSUtils::writeFile(binPath.c_str(),_download)) {
OSUtils::lockDownFile(binPath.c_str(),false);
_latestValid = true;
_download = std::string();
_downloadLength = 0;
return true;
}
}
}
} catch ( ... ) {} // any exception equals verification failure
// If we get here, checks failed.
OSUtils::rm(binPath.c_str());
_latestMeta = nlohmann::json();
_latestValid = false;
_download = std::string();
_downloadLength = 0;
} else {
Buffer<128> gd;
gd.append((uint8_t)VERB_GET_DATA);
gd.append(_downloadHashPrefix.data(),16);
gd.append((uint32_t)_download.length());
_node.sendUserMessage((void *)0,ZT_SOFTWARE_UPDATE_SERVICE,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,gd.data(),gd.size());
}
}
return false;
}
void SoftwareUpdater::apply()
{
std::string updatePath(_homePath + ZT_PATH_SEPARATOR_S ZT_SOFTWARE_UPDATE_BIN_FILENAME);
if ((_latestMeta.is_object())&&(_latestValid)&&(OSUtils::fileExists(updatePath.c_str(),false))) {
#ifdef __WINDOWS__
std::string cmdArgs(OSUtils::jsonString(_latestMeta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_EXEC_ARGS],""));
if (cmdArgs.length() > 0) {
updatePath.push_back(' ');
updatePath.append(cmdArgs);
}
STARTUPINFOA si;
PROCESS_INFORMATION pi;
memset(&si,0,sizeof(si));
memset(&pi,0,sizeof(pi));
CreateProcessA(NULL,const_cast<LPSTR>(updatePath.c_str()),NULL,NULL,FALSE,CREATE_NO_WINDOW|CREATE_NEW_PROCESS_GROUP,NULL,NULL,&si,&pi);
// Windows doesn't exit here -- updater will stop the service during update, etc. -- but we do want to stop multiple runs from happening
_latestMeta = nlohmann::json();
_latestValid = false;
#else
char *argv[256];
unsigned long ac = 0;
argv[ac++] = const_cast<char *>(updatePath.c_str());
const std::vector<std::string> argsSplit(OSUtils::split(OSUtils::jsonString(_latestMeta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_EXEC_ARGS],"").c_str()," ","\\","\""));
for(std::vector<std::string>::const_iterator a(argsSplit.begin());a!=argsSplit.end();++a) {
argv[ac] = const_cast<char *>(a->c_str());
if (++ac == 255) break;
}
argv[ac] = (char *)0;
chmod(updatePath.c_str(),0700);
// Close all open file descriptors except stdout/stderr/etc.
int minMyFd = STDIN_FILENO;
if (STDOUT_FILENO > minMyFd) minMyFd = STDOUT_FILENO;
if (STDERR_FILENO > minMyFd) minMyFd = STDERR_FILENO;
++minMyFd;
#ifdef _SC_OPEN_MAX
int maxMyFd = (int)sysconf(_SC_OPEN_MAX);
if (maxMyFd <= minMyFd)
maxMyFd = 65536;
#else
int maxMyFd = 65536;
#endif
while (minMyFd < maxMyFd)
close(minMyFd++);
execv(updatePath.c_str(),argv);
fprintf(stderr,"FATAL: unable to execute software update binary at %s\n",updatePath.c_str());
exit(1);
#endif
}
}
} // namespace ZeroTier

204
service/SoftwareUpdater.hpp
View File

@ -1,204 +0,0 @@
/*
* Copyright (c)2019 ZeroTier, Inc.
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file in the project's root directory.
*
* Change Date: 2023-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2.0 of the Apache License.
*/
/****/
#ifndef ZT_SOFTWAREUPDATER_HPP
#define ZT_SOFTWAREUPDATER_HPP
#include <stdint.h>
#include <stdio.h>
#include <vector>
#include <map>
#include <string>
#include <array>
#include "../include/ZeroTierOne.h"
#include "../node/Identity.hpp"
#include "../node/Packet.hpp"
#include "../ext/json/json.hpp"
/**
* VERB_USER_MESSAGE type ID for software update messages
*/
#define ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE 100
/**
* ZeroTier address of node that provides software updates
*/
#define ZT_SOFTWARE_UPDATE_SERVICE 0xb1d366e81fULL
/**
* ZeroTier identity that must be used to sign software updates
*
* df24360f3e - update-signing-key-0010 generated Fri Jan 13th, 2017 at 4:05pm PST
*/
#define ZT_SOFTWARE_UPDATE_SIGNING_AUTHORITY "df24360f3e:0:06072642959c8dfb68312904d74d90197c8a7692697caa1b3fd769eca714f4370fab462fcee6ebcb5fffb63bc5af81f28a2514b2cd68daabb42f7352c06f21db"
/**
* Chunk size for in-band downloads (can be changed, designed to always fit in one UDP packet easily)
*/
#define ZT_SOFTWARE_UPDATE_CHUNK_SIZE (ZT_PROTO_MAX_PACKET_LENGTH - 128)
/**
* Sanity limit for the size of an update binary image
*/
#define ZT_SOFTWARE_UPDATE_MAX_SIZE (1024 * 1024 * 256)
/**
* How often (ms) do we check?
*/
#define ZT_SOFTWARE_UPDATE_CHECK_PERIOD (60 * 10 * 1000)
/**
* Default update channel
*/
#define ZT_SOFTWARE_UPDATE_DEFAULT_CHANNEL "release"
/**
* Filename for latest update's binary image
*/
#define ZT_SOFTWARE_UPDATE_BIN_FILENAME "latest-update.exe"
#define ZT_SOFTWARE_UPDATE_JSON_VERSION_MAJOR "vMajor"
#define ZT_SOFTWARE_UPDATE_JSON_VERSION_MINOR "vMinor"
#define ZT_SOFTWARE_UPDATE_JSON_VERSION_REVISION "vRev"
#define ZT_SOFTWARE_UPDATE_JSON_VERSION_BUILD "vBuild"
#define ZT_SOFTWARE_UPDATE_JSON_PLATFORM "platform"
#define ZT_SOFTWARE_UPDATE_JSON_ARCHITECTURE "arch"
#define ZT_SOFTWARE_UPDATE_JSON_VENDOR "vendor"
#define ZT_SOFTWARE_UPDATE_JSON_CHANNEL "channel"
#define ZT_SOFTWARE_UPDATE_JSON_EXPECT_SIGNED_BY "expectedSigner"
#define ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIGNED_BY "signer"
#define ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIGNATURE "signature"
#define ZT_SOFTWARE_UPDATE_JSON_UPDATE_HASH "hash"
#define ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIZE "size"
#define ZT_SOFTWARE_UPDATE_JSON_UPDATE_EXEC_ARGS "execArgs"
#define ZT_SOFTWARE_UPDATE_JSON_UPDATE_URL "url"
namespace ZeroTier {
class Node;
/**
* This class handles retrieving and executing updates, or serving them
*/
class SoftwareUpdater
{
public:
/**
* Each message begins with an 8-bit message verb
*/
enum MessageVerb
{
/**
* Payload: JSON containing current system platform, version, etc.
*/
VERB_GET_LATEST = 1,
/**
* Payload: JSON describing latest update for this target. (No response is sent if there is none.)
*/
VERB_LATEST = 2,
/**
* Payload:
* <[16] first 128 bits of hash of data object>
* <[4] 32-bit index of chunk to get>
*/
VERB_GET_DATA = 3,
/**
* Payload:
* <[16] first 128 bits of hash of data object>
* <[4] 32-bit index of chunk>
* <[...] chunk data>
*/
VERB_DATA = 4
};
SoftwareUpdater(Node &node,const std::string &homePath);
~SoftwareUpdater();
/**
* Set whether or not we will distribute updates
*
* @param distribute If true, scan update-dist.d now and distribute updates found there -- if false, clear and stop distributing
*/
void setUpdateDistribution(bool distribute);
/**
* Handle a software update user message
*
* @param origin ZeroTier address of message origin
* @param data Message payload
* @param len Length of message
*/
void handleSoftwareUpdateUserMessage(uint64_t origin,const void *data,unsigned int len);
/**
* Check for updates and do other update-related housekeeping
*
* It should be called about every 10 seconds.
*
* @return True if we've downloaded and verified an update
*/
bool check(const int64_t now);
/**
* @return Meta-data for downloaded update or NULL if none
*/
inline const nlohmann::json &pending() const { return _latestMeta; }
/**
* Apply any ready update now
*
* Depending on the platform this function may never return and may forcibly
* exit the process. It does nothing if no update is ready.
*/
void apply();
/**
* Set software update channel
*
* @param channel 'release', 'beta', etc.
*/
inline void setChannel(const std::string &channel) { _channel = channel; }
private:
Node &_node;
uint64_t _lastCheckTime;
std::string _homePath;
std::string _channel;
FILE *_distLog;
// Offered software updates if we are an update host (we have update-dist.d and update hosting is enabled)
struct _D
{
nlohmann::json meta;
std::string bin;
};
std::map< std::array<uint8_t,16>,_D > _dist; // key is first 16 bytes of hash
nlohmann::json _latestMeta;
bool _latestValid;
std::string _download;
std::array<uint8_t,16> _downloadHashPrefix;
unsigned long _downloadLength;
};
} // namespace ZeroTier
#endif