From 540ee69773f25aae2da17514b056fef62dc50ff4 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Sat, 7 Sep 2019 19:15:21 -0700 Subject: [PATCH] A bunch of multicast work... in progress. --- node/Constants.hpp | 2 +- node/Hashtable.hpp | 45 ++-- node/Identity.hpp | 21 ++ node/Multicaster.cpp | 160 +++----------- node/Multicaster.hpp | 112 ++++------ node/OutboundMulticast.cpp | 6 - node/OutboundMulticast.hpp | 24 +- node/Packet.hpp | 48 ++-- node/SHA512.hpp | 2 +- service/SoftwareUpdater.cpp | 426 ------------------------------------ service/SoftwareUpdater.hpp | 204 ----------------- 11 files changed, 139 insertions(+), 911 deletions(-) delete mode 100644 service/SoftwareUpdater.cpp delete mode 100644 service/SoftwareUpdater.hpp diff --git a/node/Constants.hpp b/node/Constants.hpp index 862676b87..9474338c1 100644 --- a/node/Constants.hpp +++ b/node/Constants.hpp @@ -248,7 +248,7 @@ * * The protocol allows up to 7, but we limit it to something smaller. */ -#define ZT_RELAY_MAX_HOPS 3 +#define ZT_RELAY_MAX_HOPS 4 /** * Expire time for multicast 'likes' and indirect multicast memberships in ms diff --git a/node/Hashtable.hpp b/node/Hashtable.hpp index 4d33b9281..a5f6b0f6d 100644 --- a/node/Hashtable.hpp +++ b/node/Hashtable.hpp @@ -16,19 +16,12 @@ #include "Constants.hpp" -#include -#include -#include - -#include -#include -#include -#include - namespace ZeroTier { /** * A minimal hash table implementation for the ZeroTier core + * + * This is optimized for smaller data sets. */ template class Hashtable @@ -40,9 +33,9 @@ private: ZT_ALWAYS_INLINE _Bucket(const K &k) : k(k),v() {} ZT_ALWAYS_INLINE _Bucket(const _Bucket &b) : k(b.k),v(b.v) {} ZT_ALWAYS_INLINE _Bucket &operator=(const _Bucket &b) { k = b.k; v = b.v; return *this; } - K k; - V v; _Bucket *next; // must be set manually for each _Bucket + const K k; + V v; }; public: @@ -95,9 +88,9 @@ public: //friend class Hashtable::Iterator; /** - * @param bc Initial capacity in buckets (default: 64, must be nonzero) + * @param bc Initial capacity in buckets (default: 32, must be nonzero) */ - inline Hashtable(unsigned long bc = 64) : + ZT_ALWAYS_INLINE Hashtable(unsigned long bc = 32) : _t(reinterpret_cast<_Bucket **>(::malloc(sizeof(_Bucket *) * bc))), _bc(bc), _s(0) @@ -108,7 +101,7 @@ public: _t[i] = (_Bucket *)0; } - inline Hashtable(const Hashtable &ht) : + ZT_ALWAYS_INLINE Hashtable(const Hashtable &ht) : _t(reinterpret_cast<_Bucket **>(::malloc(sizeof(_Bucket *) * ht._bc))), _bc(ht._bc), _s(ht._s) @@ -128,13 +121,13 @@ public: } } - inline ~Hashtable() + ZT_ALWAYS_INLINE ~Hashtable() { this->clear(); ::free(_t); } - inline Hashtable &operator=(const Hashtable &ht) + ZT_ALWAYS_INLINE Hashtable &operator=(const Hashtable &ht) { this->clear(); if (ht._s) { @@ -152,7 +145,7 @@ public: /** * Erase all entries */ - inline void clear() + ZT_ALWAYS_INLINE void clear() { if (_s) { for(unsigned long i=0;i<_bc;++i) { @@ -171,7 +164,7 @@ public: /** * @return Vector of all keys */ - inline typename std::vector keys() const + ZT_ALWAYS_INLINE typename std::vector keys() const { typename std::vector k; if (_s) { @@ -194,7 +187,7 @@ public: * @tparam Type of V (generally inferred) */ template - inline void appendKeys(C &v) const + ZT_ALWAYS_INLINE void appendKeys(C &v) const { if (_s) { for(unsigned long i=0;i<_bc;++i) { @@ -210,7 +203,7 @@ public: /** * @return Vector of all entries (pairs of K,V) */ - inline typename std::vector< std::pair > entries() const + ZT_ALWAYS_INLINE typename std::vector< std::pair > entries() const { typename std::vector< std::pair > k; if (_s) { @@ -230,7 +223,7 @@ public: * @param k Key * @return Pointer to value or NULL if not found */ - ZT_ALWAYS_INLINE V *get(const K &k) + ZT_ALWAYS_INLINE V *get(const K k) { _Bucket *b = _t[_hc(k) % _bc]; while (b) { @@ -240,7 +233,7 @@ public: } return (V *)0; } - inline const V *get(const K &k) const { return const_cast(this)->get(k); } + ZT_ALWAYS_INLINE const V *get(const K k) const { return const_cast(this)->get(k); } /** * @param k Key @@ -279,7 +272,7 @@ public: * @param k Key * @return True if value was present */ - inline bool erase(const K &k) + ZT_ALWAYS_INLINE bool erase(const K &k) { const unsigned long bidx = _hc(k) % _bc; _Bucket *lastb = (_Bucket *)0; @@ -304,7 +297,7 @@ public: * @param v Value * @return Reference to value in table */ - inline V &set(const K &k,const V &v) + ZT_ALWAYS_INLINE V &set(const K &k,const V &v) { const unsigned long h = _hc(k); unsigned long bidx = h % _bc; @@ -334,7 +327,7 @@ public: * @param k Key * @return Value, possibly newly created */ - inline V &operator[](const K &k) + ZT_ALWAYS_INLINE V &operator[](const K k) { const unsigned long h = _hc(k); unsigned long bidx = h % _bc; @@ -379,7 +372,7 @@ private: static ZT_ALWAYS_INLINE unsigned long _hc(void *p) { return ((unsigned long)((uintptr_t)p) * (unsigned long)0x9e3779b1); } static ZT_ALWAYS_INLINE unsigned long _hc(const void *p) { return ((unsigned long)((uintptr_t)p) * (unsigned long)0x9e3779b1); } - inline void _grow() + ZT_ALWAYS_INLINE void _grow() { const unsigned long nc = _bc * 2; _Bucket **nt = reinterpret_cast<_Bucket **>(::malloc(sizeof(_Bucket *) * nc)); diff --git a/node/Identity.hpp b/node/Identity.hpp index ef59689ad..f447189dc 100644 --- a/node/Identity.hpp +++ b/node/Identity.hpp @@ -260,6 +260,27 @@ public: */ ZT_ALWAYS_INLINE const Address &address() const { return _address; } + /** + * Attempt to generate an older type identity from a newer type + * + * If this identity has its private key this is not transferred to + * the downgraded identity. + * + * @param dest Destination to fill with downgraded identity + * @param toType Desired identity type + */ + inline bool downgrade(Identity &dest,const Type toType) + { + if ((_type == P384)&&(toType == C25519)) { + dest._address = _address; + dest._type = C25519; + dest._hasPrivate = false; + memcpy(dest._pub.c25519,_pub.c25519,ZT_C25519_PUBLIC_KEY_LEN); + return true; + } + return false; + } + /** * Serialize this identity (binary) * diff --git a/node/Multicaster.cpp b/node/Multicaster.cpp index ddc652bab..71f3bd32b 100644 --- a/node/Multicaster.cpp +++ b/node/Multicaster.cpp @@ -29,120 +29,39 @@ namespace ZeroTier { Multicaster::Multicaster(const RuntimeEnvironment *renv) : RR(renv), - _groups(32) + _groups(32) {} + +Multicaster::~Multicaster() {} + +void Multicaster::add(const int64_t now,const uint64_t nwid,const MulticastGroup &mg,const Address &member) { + Mutex::Lock l(_groups_l); + _groups[Multicaster::Key(nwid,mg)].set(member,now); } -Multicaster::~Multicaster() +void Multicaster::addMultiple(const int64_t now,const uint64_t nwid,const MulticastGroup &mg,const void *addresses,unsigned int count,const unsigned int totalKnown) { -} - -void Multicaster::addMultiple(void *tPtr,int64_t now,uint64_t nwid,const MulticastGroup &mg,const void *addresses,unsigned int count,unsigned int totalKnown) -{ - const unsigned char *p = (const unsigned char *)addresses; - const unsigned char *e = p + (5 * count); - Mutex::Lock _l(_groups_m); - MulticastGroupStatus &gs = _groups[Multicaster::Key(nwid,mg)]; - while (p != e) { - _add(tPtr,now,nwid,mg,gs,Address(p,5)); - p += 5; + Mutex::Lock l(_groups_l); + const uint8_t *a = (const uint8_t *)addresses; + Hashtable< Address,int64_t > &members = _groups[Multicaster::Key(nwid,mg)]; + while (count--) { + members.set(Address(a,ZT_ADDRESS_LENGTH),now); + a += ZT_ADDRESS_LENGTH; } } -void Multicaster::remove(uint64_t nwid,const MulticastGroup &mg,const Address &member) +void Multicaster::remove(const uint64_t nwid,const MulticastGroup &mg,const Address &member) { - Mutex::Lock _l(_groups_m); - MulticastGroupStatus *s = _groups.get(Multicaster::Key(nwid,mg)); - if (s) { - for(std::vector::iterator m(s->members.begin());m!=s->members.end();++m) { - if (m->address == member) { - s->members.erase(m); - break; - } - } + Mutex::Lock l(_groups_l); + const Multicaster::Key gk(nwid,mg); + Hashtable< Address,int64_t > *const members = _groups.get(gk); + if (members) { + members->erase(member); + if (members->empty()) + _groups.erase(gk); } } -unsigned int Multicaster::gather(const Address &queryingPeer,uint64_t nwid,const MulticastGroup &mg,Buffer &appendTo,unsigned int limit) const -{ - unsigned char *p; - unsigned int added = 0,i,k,rptr,totalKnown = 0; - uint64_t a,picked[(ZT_PROTO_MAX_PACKET_LENGTH / 5) + 2]; - - if (!limit) - return 0; - else if (limit > 0xffff) - limit = 0xffff; - - const unsigned int totalAt = appendTo.size(); - appendTo.addSize(4); // sizeof(uint32_t) - const unsigned int addedAt = appendTo.size(); - appendTo.addSize(2); // sizeof(uint16_t) - - { // Return myself if I am a member of this group - SharedPtr network(RR->node->network(nwid)); - if ((network)&&(network->subscribedToMulticastGroup(mg,true))) { - RR->identity.address().appendTo(appendTo); - ++totalKnown; - ++added; - } - } - - Mutex::Lock _l(_groups_m); - - const MulticastGroupStatus *s = _groups.get(Multicaster::Key(nwid,mg)); - if ((s)&&(!s->members.empty())) { - totalKnown += (unsigned int)s->members.size(); - - // Members are returned in random order so that repeated gather queries - // will return different subsets of a large multicast group. - k = 0; - while ((added < limit)&&(k < s->members.size())&&((appendTo.size() + ZT_ADDRESS_LENGTH) <= ZT_PROTO_MAX_PACKET_LENGTH)) { - rptr = (unsigned int)Utils::random(); - -restart_member_scan: - a = s->members[rptr % (unsigned int)s->members.size()].address.toInt(); - for(i=0;i> 32) & 0xff); - *(p++) = (unsigned char)((a >> 24) & 0xff); - *(p++) = (unsigned char)((a >> 16) & 0xff); - *(p++) = (unsigned char)((a >> 8) & 0xff); - *p = (unsigned char)(a & 0xff); - ++added; - } - } - } - - appendTo.setAt(totalAt,(uint32_t)totalKnown); - appendTo.setAt(addedAt,(uint16_t)added); - - return added; -} - -std::vector
Multicaster::getMembers(uint64_t nwid,const MulticastGroup &mg,unsigned int limit) const -{ - std::vector
ls; - Mutex::Lock _l(_groups_m); - const MulticastGroupStatus *s = _groups.get(Multicaster::Key(nwid,mg)); - if (!s) - return ls; - for(std::vector::const_reverse_iterator m(s->members.rbegin());m!=s->members.rend();++m) { - ls.push_back(m->address); - if (ls.size() >= limit) - break; - } - return ls; -} - void Multicaster::send( void *tPtr, int64_t now, @@ -154,6 +73,7 @@ void Multicaster::send( const void *data, unsigned int len) { +#if 0 unsigned long idxbuf[4096]; unsigned long *indexes = idxbuf; @@ -322,10 +242,12 @@ void Multicaster::send( // Free allocated memory buffer if any if (indexes != idxbuf) delete [] indexes; +#endif } void Multicaster::clean(int64_t now) { +#if 0 { Mutex::Lock _l(_groups_m); Multicaster::Key *k = (Multicaster::Key *)0; @@ -361,37 +283,7 @@ void Multicaster::clean(int64_t now) } } } -} - -void Multicaster::_add(void *tPtr,int64_t now,uint64_t nwid,const MulticastGroup &mg,MulticastGroupStatus &gs,const Address &member) -{ - // assumes _groups_m is locked - - // Do not add self -- even if someone else returns it - if (member == RR->identity.address()) - return; - - std::vector::iterator m(std::lower_bound(gs.members.begin(),gs.members.end(),member)); - if (m != gs.members.end()) { - if (m->address == member) { - m->timestamp = now; - return; - } - gs.members.insert(m,MulticastGroupMember(member,now)); - } else { - gs.members.push_back(MulticastGroupMember(member,now)); - } - - for(std::list::iterator tx(gs.txQueue.begin());tx!=gs.txQueue.end();) { - if (tx->atLimit()) - gs.txQueue.erase(tx++); - else { - tx->sendIfNew(RR,tPtr,member); - if (tx->atLimit()) - gs.txQueue.erase(tx++); - else ++tx; - } - } +#endif } } // namespace ZeroTier diff --git a/node/Multicaster.hpp b/node/Multicaster.hpp index 1d69b2887..c4a023c5c 100644 --- a/node/Multicaster.hpp +++ b/node/Multicaster.hpp @@ -19,7 +19,6 @@ #include #include -#include #include "Constants.hpp" #include "Hashtable.hpp" @@ -39,7 +38,7 @@ class Packet; class Network; /** - * Database of known multicast peers within a network + * Multicast database and outbound multicast handler */ class Multicaster { @@ -55,11 +54,7 @@ public: * @param mg Multicast group * @param member New member address */ - inline void add(void *tPtr,int64_t now,uint64_t nwid,const MulticastGroup &mg,const Address &member) - { - Mutex::Lock _l(_groups_m); - _add(tPtr,now,nwid,mg,_groups[Multicaster::Key(nwid,mg)],member); - } + void add(const int64_t now,const uint64_t nwid,const MulticastGroup &mg,const Address &member); /** * Add multiple addresses from a binary array of 5-byte address fields @@ -74,7 +69,7 @@ public: * @param count Number of addresses * @param totalKnown Total number of known addresses as reported by peer */ - void addMultiple(void *tPtr,int64_t now,uint64_t nwid,const MulticastGroup &mg,const void *addresses,unsigned int count,unsigned int totalKnown); + void addMultiple(const int64_t now,const uint64_t nwid,const MulticastGroup &mg,const void *addresses,unsigned int count,const unsigned int totalKnown); /** * Remove a multicast group member (if present) @@ -83,35 +78,46 @@ public: * @param mg Multicast group * @param member Member to unsubscribe */ - void remove(uint64_t nwid,const MulticastGroup &mg,const Address &member); + void remove(const uint64_t nwid,const MulticastGroup &mg,const Address &member); /** - * Append gather results to a packet by choosing registered multicast recipients at random + * Iterate over members of a multicast group until function returns false * - * This appends the following fields to the packet: - * <[4] 32-bit total number of known members in this multicast group> - * <[2] 16-bit number of members enumerated in this packet> - * <[...] series of 5-byte ZeroTier addresses of enumerated members> - * - * If zero is returned, the first two fields will still have been appended. - * - * @param queryingPeer Peer asking for gather (to skip in results) - * @param nwid Network ID - * @param mg Multicast group - * @param appendTo Packet to append to - * @param limit Maximum number of 5-byte addresses to append - * @return Number of addresses appended - * @throws std::out_of_range Buffer overflow writing to packet - */ - unsigned int gather(const Address &queryingPeer,uint64_t nwid,const MulticastGroup &mg,Buffer &appendTo,unsigned int limit) const; - - /** - * Get subscribers to a multicast group + * Iteration order is in inverse order of most recent receipt of a LIKE + * for a given membership. * * @param nwid Network ID * @param mg Multicast group + * @param func f(Address) + * @return Total number of known members (regardless of when function aborted) */ - std::vector
getMembers(uint64_t nwid,const MulticastGroup &mg,unsigned int limit) const; + template + inline unsigned long eachMember(const uint64_t nwid,const MulticastGroup &mg,F func) const + { + std::vector< std::pair > sortedByTime; + { + Mutex::Lock l(_groups_l); + const Multicaster::Key gk(nwid,mg); + const Hashtable< Address,int64_t > *const members = _groups.get(gk); + if (members) { + totalKnown = members->size(); + sortedByTime.reserve(totalKnown); + { + Hashtable< Address,int64_t >::Iterator mi(*const_cast *>(members)); + Address *mik = nullptr; + int64_t *miv = nullptr; + while (mi.next(mik,miv)) + sortedByTime.push_back(std::pair(*miv,*mik)); + } + std::sort(sortedByTime.begin(),sortedByTime.end()); + } + } + for(std::vector< std::pair >::const_reverse_iterator i(sortedByTime.begin());i!=sortedByTime.end();++i) { + if (!func(i->second)) + break; + } + return sortedByTime.size(); + } /** * Send a multicast @@ -148,48 +154,26 @@ public: private: struct Key { - inline Key() : nwid(0),mg() {} - inline Key(uint64_t n,const MulticastGroup &g) : nwid(n),mg(g) {} + ZT_ALWAYS_INLINE Key() : nwid(0),mg() {} + ZT_ALWAYS_INLINE Key(const uint64_t n,const MulticastGroup &g) : nwid(n),mg(g) {} uint64_t nwid; MulticastGroup mg; - inline bool operator==(const Key &k) const { return ((nwid == k.nwid)&&(mg == k.mg)); } - inline bool operator!=(const Key &k) const { return ((nwid != k.nwid)||(mg != k.mg)); } - inline unsigned long hashCode() const { return (mg.hashCode() ^ (unsigned long)(nwid ^ (nwid >> 32))); } + ZT_ALWAYS_INLINE bool operator==(const Key &k) const { return ((nwid == k.nwid)&&(mg == k.mg)); } + ZT_ALWAYS_INLINE bool operator!=(const Key &k) const { return ((nwid != k.nwid)||(mg != k.mg)); } + + ZT_ALWAYS_INLINE unsigned long hashCode() const { return (mg.hashCode() ^ (unsigned long)(nwid ^ (nwid >> 32))); } }; - struct MulticastGroupMember - { - inline MulticastGroupMember() {} - inline MulticastGroupMember(const Address &a,uint64_t ts) : address(a),timestamp(ts) {} - - inline bool operator<(const MulticastGroupMember &a) const { return (address < a.address); } - inline bool operator==(const MulticastGroupMember &a) const { return (address == a.address); } - inline bool operator!=(const MulticastGroupMember &a) const { return (address != a.address); } - inline bool operator<(const Address &a) const { return (address < a); } - inline bool operator==(const Address &a) const { return (address == a); } - inline bool operator!=(const Address &a) const { return (address != a); } - - Address address; - uint64_t timestamp; // time of last notification - }; - - struct MulticastGroupStatus - { - inline MulticastGroupStatus() : lastExplicitGather(0) {} - - uint64_t lastExplicitGather; - std::list txQueue; // pending outbound multicasts - std::vector members; // members of this group - }; - - void _add(void *tPtr,int64_t now,uint64_t nwid,const MulticastGroup &mg,MulticastGroupStatus &gs,const Address &member); - const RuntimeEnvironment *const RR; - Hashtable _groups; - Mutex _groups_m; + OutboundMulticast _txQueue[ZT_TX_QUEUE_SIZE]; + unsigned int _txQueuePtr; + Mutex _txQueue_l; + + Hashtable< Multicaster::Key,Hashtable< Address,int64_t > > _groups; + Mutex _groups_l; }; } // namespace ZeroTier diff --git a/node/OutboundMulticast.cpp b/node/OutboundMulticast.cpp index 1f2090ec8..b1633e4f4 100644 --- a/node/OutboundMulticast.cpp +++ b/node/OutboundMulticast.cpp @@ -27,8 +27,6 @@ void OutboundMulticast::init( uint64_t timestamp, uint64_t nwid, bool disableCompression, - unsigned int limit, - unsigned int gatherLimit, const MAC &src, const MulticastGroup &dest, unsigned int etherType, @@ -46,17 +44,13 @@ void OutboundMulticast::init( _macSrc.fromAddress(RR->identity.address(),nwid); } _macDest = dest.mac(); - _limit = limit; _frameLen = (len < ZT_MAX_MTU) ? len : ZT_MAX_MTU; _etherType = etherType; - if (gatherLimit) flags |= 0x02; - _packet.setSource(RR->identity.address()); _packet.setVerb(Packet::VERB_MULTICAST_FRAME); _packet.append((uint64_t)nwid); _packet.append(flags); - if (gatherLimit) _packet.append((uint32_t)gatherLimit); if (src) src.appendTo(_packet); dest.mac().appendTo(_packet); _packet.append((uint32_t)dest.adi()); diff --git a/node/OutboundMulticast.hpp b/node/OutboundMulticast.hpp index 297bda20c..7be13aaec 100644 --- a/node/OutboundMulticast.hpp +++ b/node/OutboundMulticast.hpp @@ -43,7 +43,7 @@ public: * * It must be initialized with init(). */ - inline OutboundMulticast() {} + ZT_ALWAYS_INLINE OutboundMulticast() {} /** * Initialize outbound multicast @@ -53,7 +53,6 @@ public: * @param nwid Network ID * @param disableCompression Disable compression of frame payload * @param limit Multicast limit for desired number of packets to send - * @param gatherLimit Number to lazily/implicitly gather with this frame or 0 for none * @param src Source MAC address of frame or NULL to imply compute from sender ZT address * @param dest Destination multicast group (MAC + ADI) * @param etherType 16-bit Ethernet type ID @@ -66,8 +65,6 @@ public: uint64_t timestamp, uint64_t nwid, bool disableCompression, - unsigned int limit, - unsigned int gatherLimit, const MAC &src, const MulticastGroup &dest, unsigned int etherType, @@ -77,18 +74,18 @@ public: /** * @return Multicast creation time */ - inline uint64_t timestamp() const { return _timestamp; } + ZT_ALWAYS_INLINE uint64_t timestamp() const { return _timestamp; } /** * @param now Current time * @return True if this multicast is expired (has exceeded transmit timeout) */ - inline bool expired(int64_t now) const { return ((now - _timestamp) >= ZT_MULTICAST_TRANSMIT_TIMEOUT); } + ZT_ALWAYS_INLINE bool expired(int64_t now) const { return ((now - _timestamp) >= ZT_MULTICAST_TRANSMIT_TIMEOUT); } /** * @return True if this outbound multicast has been sent to enough peers */ - inline bool atLimit() const { return (_alreadySentTo.size() >= _limit); } + ZT_ALWAYS_INLINE bool atLimit() const { return (_alreadySentTo.size() >= _limit); } /** * Just send without checking log @@ -106,9 +103,9 @@ public: * @param tPtr Thread pointer to be handed through to any callbacks called as a result of this call * @param toAddr Destination address */ - inline void sendAndLog(const RuntimeEnvironment *RR,void *tPtr,const Address &toAddr) + ZT_ALWAYS_INLINE void sendAndLog(const RuntimeEnvironment *RR,void *tPtr,const Address &toAddr) { - _alreadySentTo.push_back(toAddr); + _alreadySentTo.insert(std::upper_bound(_alreadySentTo.begin(),_alreadySentTo.end(),toAddr),toAddr); // sorted insert sendOnly(RR,tPtr,toAddr); } @@ -117,9 +114,9 @@ public: * * @param toAddr Address to log as sent */ - inline void logAsSent(const Address &toAddr) + ZT_ALWAYS_INLINE void logAsSent(const Address &toAddr) { - _alreadySentTo.push_back(toAddr); + _alreadySentTo.insert(std::upper_bound(_alreadySentTo.begin(),_alreadySentTo.end(),toAddr),toAddr); // sorted insert } /** @@ -130,9 +127,9 @@ public: * @param toAddr Destination address * @return True if address is new and packet was sent to switch, false if duplicate */ - inline bool sendIfNew(const RuntimeEnvironment *RR,void *tPtr,const Address &toAddr) + ZT_ALWAYS_INLINE bool sendIfNew(const RuntimeEnvironment *RR,void *tPtr,const Address &toAddr) { - if (std::find(_alreadySentTo.begin(),_alreadySentTo.end(),toAddr) == _alreadySentTo.end()) { + if (!std::binary_search(_alreadySentTo.begin(),_alreadySentTo.end(),toAddr)) { sendAndLog(RR,tPtr,toAddr); return true; } else { @@ -145,7 +142,6 @@ private: uint64_t _nwid; MAC _macSrc; MAC _macDest; - unsigned int _limit; unsigned int _frameLen; unsigned int _etherType; Packet _packet,_tmp; diff --git a/node/Packet.hpp b/node/Packet.hpp index 80f22ab00..260f36e17 100644 --- a/node/Packet.hpp +++ b/node/Packet.hpp @@ -62,7 +62,6 @@ * + Old planet/moon stuff is DEAD! * + AES-256-GMAC-CTR encryption is now the default * + NIST P-384 (type 1) identities now supported - * + Minimum proto version is now 8 (1.1.17 and newer) * + WILL_RELAY allows mesh-like operation * + Ephemeral keys are now negotiated opportunistically */ @@ -71,7 +70,7 @@ /** * Minimum supported protocol version */ -#define ZT_PROTO_VERSION_MIN 8 +#define ZT_PROTO_VERSION_MIN 6 /** * Maximum hop count allowed by packet structure (3 bits, 0-7) @@ -93,21 +92,16 @@ #define ZT_PROTO_CIPHER_SUITE__POLY1305_SALSA2012 1 /** - * Cipher suite: NONE + * No encryption or authentication at all * - * This differs from POLY1305/NONE in that *no* crypto is done, not even - * authentication. This is for trusted local LAN interconnects for internal - * SDN use within a data center. - * - * For this mode the MAC field becomes a trusted path ID and must match the - * configured ID of a trusted path or the packet is discarded. + * For trusted paths the MAC field is the trusted path ID. */ -#define ZT_PROTO_CIPHER_SUITE__NO_CRYPTO_TRUSTED_PATH 2 +#define ZT_PROTO_CIPHER_SUITE__NONE 2 /** - * AES-256-GMAC-CTR + * AES-GMAC_SIV with AES-256 */ -#define ZT_PROTO_CIPHER_SUITE__AES256_GMAC_CTR 3 +#define ZT_PROTO_CIPHER_SUITE__AES256_GMAC_SIV 3 /** * Header flag indicating that a packet is fragmented @@ -693,10 +687,6 @@ public: * <[6] MAC address of multicast group being queried> * <[4] 32-bit ADI for multicast group being queried> * <[4] 32-bit requested max number of multicast peers> - * [<[...] network certificate of membership>] - * - * Flags: - * 0x01 - COM is attached (DEPRECATED) * * More than one OK response can occur if the response is broken up across * multiple packets or if querying a clustered node. @@ -718,10 +708,9 @@ public: * Multicast frame: * <[8] 64-bit network ID> * <[1] flags> - * [<[4] 32-bit implicit gather limit>] + * [<[...] network certificate of membership (DEPRECATED)>] + * [<[4] 32-bit implicit gather limit (DEPRECATED)>] * [<[6] source MAC>] - * [<[2] number of explicitly specified recipients>] - * [<[...] series of 5-byte explicitly specified recipients>] * <[6] destination MAC (multicast address)> * <[4] 32-bit multicast ADI (multicast address extension)> * <[2] 16-bit ethertype> @@ -733,20 +722,9 @@ public: * 0x04 - Source MAC is specified -- otherwise it's computed from sender * 0x08 - Explicit recipient list included for P2P/HS replication * - * Explicit recipient lists are used for peer to peer or hub and spoke - * replication. - * - * OK response payload: - * <[8] 64-bit network ID> - * <[6] MAC address of multicast group> - * <[4] 32-bit ADI for multicast group> - * <[1] flags> - * [<[...] network certificate of membership (DEPRECATED)>] - * [<[...] implicit gather results if flag 0x01 is set>] - * - * OK flags (same bits as request flags): - * 0x01 - OK includes certificate of network membership (DEPRECATED) - * 0x02 - OK includes implicit gather results + * ERROR_MULTICAST_STFU is generated if a recipient no longer wishes to + * receive these multicasts. It's essentially a source quench. Its + * payload is: * * ERROR response payload: * <[8] 64-bit network ID> @@ -965,7 +943,7 @@ public: ERROR_NETWORK_ACCESS_DENIED_ = 0x07, /* extra _ at end to avoid Windows name conflict */ /* Multicasts to this group are not wanted */ - ERROR_UNWANTED_MULTICAST = 0x08, + ERROR_MULTICAST_STFU = 0x08, /* Cannot deliver a forwarded ZeroTier packet (e.g. hops exceeded, no routes) */ /* Payload: , , <... additional packet ID / destinations> */ @@ -1158,7 +1136,7 @@ public: */ ZT_ALWAYS_INLINE void setTrusted(const uint64_t tpid) { - setCipher(ZT_PROTO_CIPHER_SUITE__NO_CRYPTO_TRUSTED_PATH); + setCipher(ZT_PROTO_CIPHER_SUITE__NONE); setAt(ZT_PACKET_IDX_MAC,tpid); } diff --git a/node/SHA512.hpp b/node/SHA512.hpp index 7cd26ae31..6a78a12fa 100644 --- a/node/SHA512.hpp +++ b/node/SHA512.hpp @@ -32,7 +32,7 @@ #define ZT_HMACSHA384_LEN 48 -#define ZT_PROTO_KBKDF_LABEL_KEY_USE_HMAC 'H' +#define ZT_PROTO_KBKDF_LABEL_KEY_USE_HMAC_SHA_384 'H' #define ZT_PROTO_KBKDF_LABEL_KEY_USE_AES_GMAC_SIV_K1 '1' #define ZT_PROTO_KBKDF_LABEL_KEY_USE_AES_GMAC_SIV_K2 '2' #define ZT_PROTO_KBKDF_LABEL_KEY_USE_AES_GMAC_SIV_K3 '3' diff --git a/service/SoftwareUpdater.cpp b/service/SoftwareUpdater.cpp deleted file mode 100644 index 5800f860f..000000000 --- a/service/SoftwareUpdater.cpp +++ /dev/null @@ -1,426 +0,0 @@ -/* - * Copyright (c)2019 ZeroTier, Inc. - * - * Use of this software is governed by the Business Source License included - * in the LICENSE.TXT file in the project's root directory. - * - * Change Date: 2023-01-01 - * - * On the date above, in accordance with the Business Source License, use - * of this software will be governed by version 2.0 of the Apache License. - */ -/****/ - -#include -#include -#include -#include - -#include "../node/Constants.hpp" -#include "../version.h" - -#ifdef __WINDOWS__ -#include -#include -#include -#include -#include -#else -#include -#include -#include -#include -#include -#endif - -#include "SoftwareUpdater.hpp" - -#include "../node/Utils.hpp" -#include "../node/SHA512.hpp" -#include "../node/Buffer.hpp" -#include "../node/Node.hpp" - -#include "../osdep/OSUtils.hpp" - -namespace ZeroTier { - -static int _compareVersion(unsigned int maj1,unsigned int min1,unsigned int rev1,unsigned int b1,unsigned int maj2,unsigned int min2,unsigned int rev2,unsigned int b2) -{ - if (maj1 > maj2) { - return 1; - } else if (maj1 < maj2) { - return -1; - } else { - if (min1 > min2) { - return 1; - } else if (min1 < min2) { - return -1; - } else { - if (rev1 > rev2) { - return 1; - } else if (rev1 < rev2) { - return -1; - } else { - if (b1 > b2) { - return 1; - } else if (b1 < b2) { - return -1; - } else { - return 0; - } - } - } - } -} - -SoftwareUpdater::SoftwareUpdater(Node &node,const std::string &homePath) : - _node(node), - _lastCheckTime(0), - _homePath(homePath), - _channel(ZT_SOFTWARE_UPDATE_DEFAULT_CHANNEL), - _distLog((FILE *)0), - _latestValid(false), - _downloadLength(0) -{ - OSUtils::rm((_homePath + ZT_PATH_SEPARATOR_S ZT_SOFTWARE_UPDATE_BIN_FILENAME).c_str()); -} - -SoftwareUpdater::~SoftwareUpdater() -{ - if (_distLog) - fclose(_distLog); -} - -void SoftwareUpdater::setUpdateDistribution(bool distribute) -{ - _dist.clear(); - if (distribute) { - _distLog = fopen((_homePath + ZT_PATH_SEPARATOR_S "update-dist.log").c_str(),"a"); - - const std::string udd(_homePath + ZT_PATH_SEPARATOR_S "update-dist.d"); - const std::vector ud(OSUtils::listDirectory(udd.c_str())); - for(std::vector::const_iterator u(ud.begin());u!=ud.end();++u) { - // Each update has a companion .json file describing it. Other files are ignored. - if ((u->length() > 5)&&(u->substr(u->length() - 5,5) == ".json")) { - - std::string buf; - if (OSUtils::readFile((udd + ZT_PATH_SEPARATOR_S + *u).c_str(),buf)) { - try { - _D d; - d.meta = OSUtils::jsonParse(buf); // throws on invalid JSON - - // If update meta is called e.g. foo.exe.json, then foo.exe is the update itself - const std::string binPath(udd + ZT_PATH_SEPARATOR_S + u->substr(0,u->length() - 5)); - const std::string metaHash(OSUtils::jsonBinFromHex(d.meta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_HASH])); - if ((metaHash.length() == ZT_SHA512_DIGEST_LEN)&&(OSUtils::readFile(binPath.c_str(),d.bin))) { - std::array sha512; - SHA512::hash(sha512.data(),d.bin.data(),(unsigned int)d.bin.length()); - if (!memcmp(sha512.data(),metaHash.data(),ZT_SHA512_DIGEST_LEN)) { // double check that hash in JSON is correct - d.meta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIZE] = d.bin.length(); // override with correct value -- setting this in meta json is optional - std::array shakey; - memcpy(shakey.data(),sha512.data(),16); - _dist[shakey] = d; - if (_distLog) { - fprintf(_distLog,".......... INIT: DISTRIBUTING %s (%u bytes)" ZT_EOL_S,binPath.c_str(),(unsigned int)d.bin.length()); - fflush(_distLog); - } - } - } - } catch ( ... ) {} // ignore bad meta JSON, etc. - } - - } - } - } else { - if (_distLog) { - fclose(_distLog); - _distLog = (FILE *)0; - } - } -} - -void SoftwareUpdater::handleSoftwareUpdateUserMessage(uint64_t origin,const void *data,unsigned int len) -{ - if (!len) return; - const MessageVerb v = (MessageVerb)reinterpret_cast(data)[0]; - try { - switch(v) { - - case VERB_GET_LATEST: - case VERB_LATEST: { - nlohmann::json req = OSUtils::jsonParse(std::string(reinterpret_cast(data) + 1,len - 1)); // throws on invalid JSON - if (req.is_object()) { - const unsigned int rvMaj = (unsigned int)OSUtils::jsonInt(req[ZT_SOFTWARE_UPDATE_JSON_VERSION_MAJOR],0); - const unsigned int rvMin = (unsigned int)OSUtils::jsonInt(req[ZT_SOFTWARE_UPDATE_JSON_VERSION_MINOR],0); - const unsigned int rvRev = (unsigned int)OSUtils::jsonInt(req[ZT_SOFTWARE_UPDATE_JSON_VERSION_REVISION],0); - const unsigned int rvBld = (unsigned int)OSUtils::jsonInt(req[ZT_SOFTWARE_UPDATE_JSON_VERSION_BUILD],0); - const unsigned int rvPlatform = (unsigned int)OSUtils::jsonInt(req[ZT_SOFTWARE_UPDATE_JSON_PLATFORM],0); - const unsigned int rvArch = (unsigned int)OSUtils::jsonInt(req[ZT_SOFTWARE_UPDATE_JSON_ARCHITECTURE],0); - const unsigned int rvVendor = (unsigned int)OSUtils::jsonInt(req[ZT_SOFTWARE_UPDATE_JSON_VENDOR],0); - const std::string rvChannel(OSUtils::jsonString(req[ZT_SOFTWARE_UPDATE_JSON_CHANNEL],"")); - - if (v == VERB_GET_LATEST) { - - if (_dist.size() > 0) { - const nlohmann::json *latest = (const nlohmann::json *)0; - const std::string expectedSigner = OSUtils::jsonString(req[ZT_SOFTWARE_UPDATE_JSON_EXPECT_SIGNED_BY],""); - unsigned int bestVMaj = rvMaj; - unsigned int bestVMin = rvMin; - unsigned int bestVRev = rvRev; - unsigned int bestVBld = rvBld; - for(std::map< std::array,_D >::const_iterator d(_dist.begin());d!=_dist.end();++d) { - // The arch field in update description .json files can be an array for e.g. multi-arch update files - const nlohmann::json &dvArch2 = d->second.meta[ZT_SOFTWARE_UPDATE_JSON_ARCHITECTURE]; - std::vector dvArch; - if (dvArch2.is_array()) { - for(unsigned long i=0;isecond.meta[ZT_SOFTWARE_UPDATE_JSON_PLATFORM],0) == rvPlatform)&& - (std::find(dvArch.begin(),dvArch.end(),rvArch) != dvArch.end())&& - (OSUtils::jsonInt(d->second.meta[ZT_SOFTWARE_UPDATE_JSON_VENDOR],0) == rvVendor)&& - (OSUtils::jsonString(d->second.meta[ZT_SOFTWARE_UPDATE_JSON_CHANNEL],"") == rvChannel)&& - (OSUtils::jsonString(d->second.meta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIGNED_BY],"") == expectedSigner)) { - const unsigned int dvMaj = (unsigned int)OSUtils::jsonInt(d->second.meta[ZT_SOFTWARE_UPDATE_JSON_VERSION_MAJOR],0); - const unsigned int dvMin = (unsigned int)OSUtils::jsonInt(d->second.meta[ZT_SOFTWARE_UPDATE_JSON_VERSION_MINOR],0); - const unsigned int dvRev = (unsigned int)OSUtils::jsonInt(d->second.meta[ZT_SOFTWARE_UPDATE_JSON_VERSION_REVISION],0); - const unsigned int dvBld = (unsigned int)OSUtils::jsonInt(d->second.meta[ZT_SOFTWARE_UPDATE_JSON_VERSION_BUILD],0); - if (_compareVersion(dvMaj,dvMin,dvRev,dvBld,bestVMaj,bestVMin,bestVRev,bestVBld) > 0) { - latest = &(d->second.meta); - bestVMaj = dvMaj; - bestVMin = dvMin; - bestVRev = dvRev; - bestVBld = dvBld; - } - } - } - if (latest) { - std::string lj; - lj.push_back((char)VERB_LATEST); - lj.append(OSUtils::jsonDump(*latest)); - _node.sendUserMessage((void *)0,origin,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,lj.data(),(unsigned int)lj.length()); - if (_distLog) { - fprintf(_distLog,"%.10llx GET_LATEST %u.%u.%u_%u platform %u arch %u vendor %u channel %s -> LATEST %u.%u.%u_%u" ZT_EOL_S,(unsigned long long)origin,rvMaj,rvMin,rvRev,rvBld,rvPlatform,rvArch,rvVendor,rvChannel.c_str(),bestVMaj,bestVMin,bestVRev,bestVBld); - fflush(_distLog); - } - } - } // else no reply, since we have nothing to distribute - - } else { // VERB_LATEST - - if ((origin == ZT_SOFTWARE_UPDATE_SERVICE)&& - (_compareVersion(rvMaj,rvMin,rvRev,rvBld,ZEROTIER_ONE_VERSION_MAJOR,ZEROTIER_ONE_VERSION_MINOR,ZEROTIER_ONE_VERSION_REVISION,ZEROTIER_ONE_VERSION_BUILD) > 0)&& - (OSUtils::jsonString(req[ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIGNED_BY],"") == ZT_SOFTWARE_UPDATE_SIGNING_AUTHORITY)) { - const unsigned long len = (unsigned long)OSUtils::jsonInt(req[ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIZE],0); - const std::string hash = OSUtils::jsonBinFromHex(req[ZT_SOFTWARE_UPDATE_JSON_UPDATE_HASH]); - if ((len <= ZT_SOFTWARE_UPDATE_MAX_SIZE)&&(hash.length() >= 16)) { - if (_latestMeta != req) { - _latestMeta = req; - _latestValid = false; - OSUtils::rm((_homePath + ZT_PATH_SEPARATOR_S ZT_SOFTWARE_UPDATE_BIN_FILENAME).c_str()); - _download = std::string(); - memcpy(_downloadHashPrefix.data(),hash.data(),16); - _downloadLength = len; - } - - if ((_downloadLength > 0)&&(_download.length() < _downloadLength)) { - Buffer<128> gd; - gd.append((uint8_t)VERB_GET_DATA); - gd.append(_downloadHashPrefix.data(),16); - gd.append((uint32_t)_download.length()); - _node.sendUserMessage((void *)0,ZT_SOFTWARE_UPDATE_SERVICE,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,gd.data(),gd.size()); - } - } - } - } - - } - } break; - - case VERB_GET_DATA: - if ((len >= 21)&&(_dist.size() > 0)) { - unsigned long idx = (unsigned long)*(reinterpret_cast(data) + 17) << 24; - idx |= (unsigned long)*(reinterpret_cast(data) + 18) << 16; - idx |= (unsigned long)*(reinterpret_cast(data) + 19) << 8; - idx |= (unsigned long)*(reinterpret_cast(data) + 20); - std::array shakey; - memcpy(shakey.data(),reinterpret_cast(data) + 1,16); - std::map< std::array,_D >::iterator d(_dist.find(shakey)); - if ((d != _dist.end())&&(idx < (unsigned long)d->second.bin.length())) { - Buffer buf; - buf.append((uint8_t)VERB_DATA); - buf.append(reinterpret_cast(data) + 1,16); - buf.append((uint32_t)idx); - buf.append(d->second.bin.data() + idx,std::min((unsigned long)ZT_SOFTWARE_UPDATE_CHUNK_SIZE,(unsigned long)(d->second.bin.length() - idx))); - _node.sendUserMessage((void *)0,origin,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,buf.data(),buf.size()); - } - } - break; - - case VERB_DATA: - if ((len >= 21)&&(_downloadLength > 0)&&(!memcmp(_downloadHashPrefix.data(),reinterpret_cast(data) + 1,16))) { - unsigned long idx = (unsigned long)*(reinterpret_cast(data) + 17) << 24; - idx |= (unsigned long)*(reinterpret_cast(data) + 18) << 16; - idx |= (unsigned long)*(reinterpret_cast(data) + 19) << 8; - idx |= (unsigned long)*(reinterpret_cast(data) + 20); - if (idx == (unsigned long)_download.length()) { - _download.append(reinterpret_cast(data) + 21,len - 21); - if (_download.length() < _downloadLength) { - Buffer<128> gd; - gd.append((uint8_t)VERB_GET_DATA); - gd.append(_downloadHashPrefix.data(),16); - gd.append((uint32_t)_download.length()); - _node.sendUserMessage((void *)0,ZT_SOFTWARE_UPDATE_SERVICE,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,gd.data(),gd.size()); - } - } - } - break; - - default: - if (_distLog) { - fprintf(_distLog,"%.10llx WARNING: bad update message verb==%u length==%u (unrecognized verb)" ZT_EOL_S,(unsigned long long)origin,(unsigned int)v,len); - fflush(_distLog); - } - break; - } - } catch ( ... ) { - if (_distLog) { - fprintf(_distLog,"%.10llx WARNING: bad update message verb==%u length==%u (unexpected exception, likely invalid JSON)" ZT_EOL_S,(unsigned long long)origin,(unsigned int)v,len); - fflush(_distLog); - } - } -} - -bool SoftwareUpdater::check(const int64_t now) -{ - if ((now - _lastCheckTime) >= ZT_SOFTWARE_UPDATE_CHECK_PERIOD) { - _lastCheckTime = now; - char tmp[512]; - const unsigned int len = OSUtils::ztsnprintf(tmp,sizeof(tmp), - "%c{\"" ZT_SOFTWARE_UPDATE_JSON_VERSION_MAJOR "\":%d," - "\"" ZT_SOFTWARE_UPDATE_JSON_VERSION_MINOR "\":%d," - "\"" ZT_SOFTWARE_UPDATE_JSON_VERSION_REVISION "\":%d," - "\"" ZT_SOFTWARE_UPDATE_JSON_VERSION_BUILD "\":%d," - "\"" ZT_SOFTWARE_UPDATE_JSON_EXPECT_SIGNED_BY "\":\"%s\"," - "\"" ZT_SOFTWARE_UPDATE_JSON_PLATFORM "\":%d," - "\"" ZT_SOFTWARE_UPDATE_JSON_ARCHITECTURE "\":%d," - "\"" ZT_SOFTWARE_UPDATE_JSON_VENDOR "\":%d," - "\"" ZT_SOFTWARE_UPDATE_JSON_CHANNEL "\":\"%s\"}", - (char)VERB_GET_LATEST, - ZEROTIER_ONE_VERSION_MAJOR, - ZEROTIER_ONE_VERSION_MINOR, - ZEROTIER_ONE_VERSION_REVISION, - ZEROTIER_ONE_VERSION_BUILD, - ZT_SOFTWARE_UPDATE_SIGNING_AUTHORITY, - ZT_BUILD_PLATFORM, - ZT_BUILD_ARCHITECTURE, - (int)ZT_VENDOR_ZEROTIER, - _channel.c_str()); - _node.sendUserMessage((void *)0,ZT_SOFTWARE_UPDATE_SERVICE,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,tmp,len); - } - - if (_latestValid) - return true; - - if (_downloadLength > 0) { - if (_download.length() >= _downloadLength) { - // This is the very important security validation part that makes sure - // this software update doesn't have cooties. - - const std::string binPath(_homePath + ZT_PATH_SEPARATOR_S ZT_SOFTWARE_UPDATE_BIN_FILENAME); - try { - // (1) Check the hash itself to make sure the image is basically okay - uint8_t sha512[ZT_SHA512_DIGEST_LEN]; - SHA512::hash(sha512,_download.data(),(unsigned int)_download.length()); - char hexbuf[(ZT_SHA512_DIGEST_LEN * 2) + 2]; - if (OSUtils::jsonString(_latestMeta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_HASH],"") == Utils::hex(sha512,ZT_SHA512_DIGEST_LEN,hexbuf)) { - // (2) Check signature by signing authority - const std::string sig(OSUtils::jsonBinFromHex(_latestMeta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIGNATURE])); - if (Identity(ZT_SOFTWARE_UPDATE_SIGNING_AUTHORITY).verify(_download.data(),(unsigned int)_download.length(),sig.data(),(unsigned int)sig.length())) { - // (3) Try to save file, and if so we are good. - OSUtils::rm(binPath.c_str()); - if (OSUtils::writeFile(binPath.c_str(),_download)) { - OSUtils::lockDownFile(binPath.c_str(),false); - _latestValid = true; - _download = std::string(); - _downloadLength = 0; - return true; - } - } - } - } catch ( ... ) {} // any exception equals verification failure - - // If we get here, checks failed. - OSUtils::rm(binPath.c_str()); - _latestMeta = nlohmann::json(); - _latestValid = false; - _download = std::string(); - _downloadLength = 0; - } else { - Buffer<128> gd; - gd.append((uint8_t)VERB_GET_DATA); - gd.append(_downloadHashPrefix.data(),16); - gd.append((uint32_t)_download.length()); - _node.sendUserMessage((void *)0,ZT_SOFTWARE_UPDATE_SERVICE,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,gd.data(),gd.size()); - } - } - - return false; -} - -void SoftwareUpdater::apply() -{ - std::string updatePath(_homePath + ZT_PATH_SEPARATOR_S ZT_SOFTWARE_UPDATE_BIN_FILENAME); - if ((_latestMeta.is_object())&&(_latestValid)&&(OSUtils::fileExists(updatePath.c_str(),false))) { -#ifdef __WINDOWS__ - std::string cmdArgs(OSUtils::jsonString(_latestMeta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_EXEC_ARGS],"")); - if (cmdArgs.length() > 0) { - updatePath.push_back(' '); - updatePath.append(cmdArgs); - } - STARTUPINFOA si; - PROCESS_INFORMATION pi; - memset(&si,0,sizeof(si)); - memset(&pi,0,sizeof(pi)); - CreateProcessA(NULL,const_cast(updatePath.c_str()),NULL,NULL,FALSE,CREATE_NO_WINDOW|CREATE_NEW_PROCESS_GROUP,NULL,NULL,&si,&pi); - // Windows doesn't exit here -- updater will stop the service during update, etc. -- but we do want to stop multiple runs from happening - _latestMeta = nlohmann::json(); - _latestValid = false; -#else - char *argv[256]; - unsigned long ac = 0; - argv[ac++] = const_cast(updatePath.c_str()); - const std::vector argsSplit(OSUtils::split(OSUtils::jsonString(_latestMeta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_EXEC_ARGS],"").c_str()," ","\\","\"")); - for(std::vector::const_iterator a(argsSplit.begin());a!=argsSplit.end();++a) { - argv[ac] = const_cast(a->c_str()); - if (++ac == 255) break; - } - argv[ac] = (char *)0; - chmod(updatePath.c_str(),0700); - - // Close all open file descriptors except stdout/stderr/etc. - int minMyFd = STDIN_FILENO; - if (STDOUT_FILENO > minMyFd) minMyFd = STDOUT_FILENO; - if (STDERR_FILENO > minMyFd) minMyFd = STDERR_FILENO; - ++minMyFd; -#ifdef _SC_OPEN_MAX - int maxMyFd = (int)sysconf(_SC_OPEN_MAX); - if (maxMyFd <= minMyFd) - maxMyFd = 65536; -#else - int maxMyFd = 65536; -#endif - while (minMyFd < maxMyFd) - close(minMyFd++); - - execv(updatePath.c_str(),argv); - fprintf(stderr,"FATAL: unable to execute software update binary at %s\n",updatePath.c_str()); - exit(1); -#endif - } -} - -} // namespace ZeroTier diff --git a/service/SoftwareUpdater.hpp b/service/SoftwareUpdater.hpp deleted file mode 100644 index 24a2bc725..000000000 --- a/service/SoftwareUpdater.hpp +++ /dev/null @@ -1,204 +0,0 @@ -/* - * Copyright (c)2019 ZeroTier, Inc. - * - * Use of this software is governed by the Business Source License included - * in the LICENSE.TXT file in the project's root directory. - * - * Change Date: 2023-01-01 - * - * On the date above, in accordance with the Business Source License, use - * of this software will be governed by version 2.0 of the Apache License. - */ -/****/ - -#ifndef ZT_SOFTWAREUPDATER_HPP -#define ZT_SOFTWAREUPDATER_HPP - -#include -#include - -#include -#include -#include -#include - -#include "../include/ZeroTierOne.h" - -#include "../node/Identity.hpp" -#include "../node/Packet.hpp" - -#include "../ext/json/json.hpp" - -/** - * VERB_USER_MESSAGE type ID for software update messages - */ -#define ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE 100 - -/** - * ZeroTier address of node that provides software updates - */ -#define ZT_SOFTWARE_UPDATE_SERVICE 0xb1d366e81fULL - -/** - * ZeroTier identity that must be used to sign software updates - * - * df24360f3e - update-signing-key-0010 generated Fri Jan 13th, 2017 at 4:05pm PST - */ -#define ZT_SOFTWARE_UPDATE_SIGNING_AUTHORITY "df24360f3e:0:06072642959c8dfb68312904d74d90197c8a7692697caa1b3fd769eca714f4370fab462fcee6ebcb5fffb63bc5af81f28a2514b2cd68daabb42f7352c06f21db" - -/** - * Chunk size for in-band downloads (can be changed, designed to always fit in one UDP packet easily) - */ -#define ZT_SOFTWARE_UPDATE_CHUNK_SIZE (ZT_PROTO_MAX_PACKET_LENGTH - 128) - -/** - * Sanity limit for the size of an update binary image - */ -#define ZT_SOFTWARE_UPDATE_MAX_SIZE (1024 * 1024 * 256) - -/** - * How often (ms) do we check? - */ -#define ZT_SOFTWARE_UPDATE_CHECK_PERIOD (60 * 10 * 1000) - -/** - * Default update channel - */ -#define ZT_SOFTWARE_UPDATE_DEFAULT_CHANNEL "release" - -/** - * Filename for latest update's binary image - */ -#define ZT_SOFTWARE_UPDATE_BIN_FILENAME "latest-update.exe" - -#define ZT_SOFTWARE_UPDATE_JSON_VERSION_MAJOR "vMajor" -#define ZT_SOFTWARE_UPDATE_JSON_VERSION_MINOR "vMinor" -#define ZT_SOFTWARE_UPDATE_JSON_VERSION_REVISION "vRev" -#define ZT_SOFTWARE_UPDATE_JSON_VERSION_BUILD "vBuild" -#define ZT_SOFTWARE_UPDATE_JSON_PLATFORM "platform" -#define ZT_SOFTWARE_UPDATE_JSON_ARCHITECTURE "arch" -#define ZT_SOFTWARE_UPDATE_JSON_VENDOR "vendor" -#define ZT_SOFTWARE_UPDATE_JSON_CHANNEL "channel" -#define ZT_SOFTWARE_UPDATE_JSON_EXPECT_SIGNED_BY "expectedSigner" -#define ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIGNED_BY "signer" -#define ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIGNATURE "signature" -#define ZT_SOFTWARE_UPDATE_JSON_UPDATE_HASH "hash" -#define ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIZE "size" -#define ZT_SOFTWARE_UPDATE_JSON_UPDATE_EXEC_ARGS "execArgs" -#define ZT_SOFTWARE_UPDATE_JSON_UPDATE_URL "url" - -namespace ZeroTier { - -class Node; - -/** - * This class handles retrieving and executing updates, or serving them - */ -class SoftwareUpdater -{ -public: - /** - * Each message begins with an 8-bit message verb - */ - enum MessageVerb - { - /** - * Payload: JSON containing current system platform, version, etc. - */ - VERB_GET_LATEST = 1, - - /** - * Payload: JSON describing latest update for this target. (No response is sent if there is none.) - */ - VERB_LATEST = 2, - - /** - * Payload: - * <[16] first 128 bits of hash of data object> - * <[4] 32-bit index of chunk to get> - */ - VERB_GET_DATA = 3, - - /** - * Payload: - * <[16] first 128 bits of hash of data object> - * <[4] 32-bit index of chunk> - * <[...] chunk data> - */ - VERB_DATA = 4 - }; - - SoftwareUpdater(Node &node,const std::string &homePath); - ~SoftwareUpdater(); - - /** - * Set whether or not we will distribute updates - * - * @param distribute If true, scan update-dist.d now and distribute updates found there -- if false, clear and stop distributing - */ - void setUpdateDistribution(bool distribute); - - /** - * Handle a software update user message - * - * @param origin ZeroTier address of message origin - * @param data Message payload - * @param len Length of message - */ - void handleSoftwareUpdateUserMessage(uint64_t origin,const void *data,unsigned int len); - - /** - * Check for updates and do other update-related housekeeping - * - * It should be called about every 10 seconds. - * - * @return True if we've downloaded and verified an update - */ - bool check(const int64_t now); - - /** - * @return Meta-data for downloaded update or NULL if none - */ - inline const nlohmann::json &pending() const { return _latestMeta; } - - /** - * Apply any ready update now - * - * Depending on the platform this function may never return and may forcibly - * exit the process. It does nothing if no update is ready. - */ - void apply(); - - /** - * Set software update channel - * - * @param channel 'release', 'beta', etc. - */ - inline void setChannel(const std::string &channel) { _channel = channel; } - -private: - Node &_node; - uint64_t _lastCheckTime; - std::string _homePath; - std::string _channel; - FILE *_distLog; - - // Offered software updates if we are an update host (we have update-dist.d and update hosting is enabled) - struct _D - { - nlohmann::json meta; - std::string bin; - }; - std::map< std::array,_D > _dist; // key is first 16 bytes of hash - - nlohmann::json _latestMeta; - bool _latestValid; - - std::string _download; - std::array _downloadHashPrefix; - unsigned long _downloadLength; -}; - -} // namespace ZeroTier - -#endif