Cleanup, version bump.

node/Packet.hpp

@@ -70,7 +70,6 @@
  * 9  - 1.2.0 ... 1.2.14
  * 10 - 1.4.0 ... CURRENT
  *    + Multipath capability and load balancing
- *    + Certificates of Delegation (CoDs) for full root decentralization
  */
 #define ZT_PROTO_VERSION 10
 

node/Peer.cpp

@@ -208,31 +208,12 @@ void Peer::received(
 		const uint64_t sinceLastPush = now - _lastDirectPathPushSent;
 		if (sinceLastPush >= ZT_DIRECT_PATH_PUSH_INTERVAL) {
 			_lastDirectPathPushSent = now;
-
-			// Start with explicitly known direct endpoint paths.
 			std::vector<InetAddress> pathsToPush(RR->node->directPaths());
-
-#if 0
-			// Do symmetric NAT prediction if we are communicating indirectly.
-			if (hops > 0) {
-				std::vector<InetAddress> sym(RR->sa->getSymmetricNatPredictions());
-				for(unsigned long i=0,added=0;i<sym.size();++i) {
-					InetAddress tmp(sym[(unsigned long)RR->node->prng() % sym.size()]);
-					if (std::find(pathsToPush.begin(),pathsToPush.end(),tmp) == pathsToPush.end()) {
-						pathsToPush.push_back(tmp);
-						if (++added >= ZT_PUSH_DIRECT_PATHS_MAX_PER_SCOPE_AND_FAMILY)
-							break;
-					}
-				}
-			}
-#endif
-
 			if (pathsToPush.size() > 0) {
 				std::vector<InetAddress>::const_iterator p(pathsToPush.begin());
 				while (p != pathsToPush.end()) {
 					Packet outp(_id.address(),RR->identity.address(),Packet::VERB_PUSH_DIRECT_PATHS);
 					outp.addSize(2); // leave room for count
-
 					unsigned int count = 0;
 					while ((p != pathsToPush.end())&&((outp.size() + 24) < 1200)) {
 						uint8_t addressType = 4;
@@ -257,7 +238,6 @@ void Peer::received(
 						++count;
 						++p;
 					}
-
 					if (count) {
 						outp.setAt(ZT_PACKET_IDX_PAYLOAD,(uint16_t)count);
 						outp.compress();

node/SelfAwareness.cpp

@@ -124,89 +124,4 @@ void SelfAwareness::clean(int64_t now)
 	}
 }
 
-#if 0
-std::vector<InetAddress> SelfAwareness::getSymmetricNatPredictions()
-{
-	/* This is based on ideas and strategies found here:
-	 * https://tools.ietf.org/html/draft-takeda-symmetric-nat-traversal-00
-	 *
-	 * For each IP address reported by a trusted (upstream) peer, we find
-	 * the external port most recently reported by ANY peer for that IP.
-	 *
-	 * We only do any of this for global IPv4 addresses since private IPs
-	 * and IPv6 are not going to have symmetric NAT.
-	 *
-	 * SECURITY NOTE:
-	 *
-	 * We never use IPs reported by non-trusted peers, since this could lead
-	 * to a minor vulnerability whereby a peer could poison our cache with
-	 * bad external surface reports via OK(HELLO) and then possibly coax us
-	 * into suggesting their IP to other peers via PUSH_DIRECT_PATHS. This
-	 * in turn could allow them to MITM flows.
-	 *
-	 * Since flows are encrypted and authenticated they could not actually
-	 * read or modify traffic, but they could gather meta-data for forensics
-	 * purposes or use this as a DOS attack vector. */
-
-	std::map< uint32_t,unsigned int > maxPortByIp;
-	InetAddress theOneTrueSurface;
-	{
-		Mutex::Lock _l(_phy_m);
-
-		// First check to see if this is a symmetric NAT and enumerate external IPs learned from trusted peers
-		bool symmetric = false;
-		{
-			Hashtable< PhySurfaceKey,PhySurfaceEntry >::Iterator i(_phy);
-			PhySurfaceKey *k = (PhySurfaceKey *)0;
-			PhySurfaceEntry *e = (PhySurfaceEntry *)0;
-			while (i.next(k,e)) {
-				if ((e->trusted)&&(e->mySurface.ss_family == AF_INET)&&(e->mySurface.ipScope() == InetAddress::IP_SCOPE_GLOBAL)) {
-					if (!theOneTrueSurface)
-						theOneTrueSurface = e->mySurface;
-					else if (theOneTrueSurface != e->mySurface)
-						symmetric = true;
-					maxPortByIp[reinterpret_cast<const struct sockaddr_in *>(&(e->mySurface))->sin_addr.s_addr] = e->mySurface.port();
-				}
-			}
-		}
-		if (!symmetric)
-			return std::vector<InetAddress>();
-
-		{	// Then find the highest issued port per IP
-			Hashtable< PhySurfaceKey,PhySurfaceEntry >::Iterator i(_phy);
-			PhySurfaceKey *k = (PhySurfaceKey *)0;
-			PhySurfaceEntry *e = (PhySurfaceEntry *)0;
-			while (i.next(k,e)) {
-				if ((e->mySurface.ss_family == AF_INET)&&(e->mySurface.ipScope() == InetAddress::IP_SCOPE_GLOBAL)) {
-					const unsigned int port = e->mySurface.port();
-					std::map< uint32_t,unsigned int >::iterator mp(maxPortByIp.find(reinterpret_cast<const struct sockaddr_in *>(&(e->mySurface))->sin_addr.s_addr));
-					if ((mp != maxPortByIp.end())&&(mp->second < port))
-						mp->second = port;
-				}
-			}
-		}
-	}
-
-	std::vector<InetAddress> r;
-
-	// Try next port up from max for each
-	for(std::map< uint32_t,unsigned int >::iterator i(maxPortByIp.begin());i!=maxPortByIp.end();++i) {
-		unsigned int p = i->second + 1;
-		if (p > 65535) p -= 64511;
-		const InetAddress pred(&(i->first),4,p);
-		if (std::find(r.begin(),r.end(),pred) == r.end())
-			r.push_back(pred);
-	}
-
-	// Try a random port for each -- there are only 65535 so eventually it should work
-	for(std::map< uint32_t,unsigned int >::iterator i(maxPortByIp.begin());i!=maxPortByIp.end();++i) {
-		const InetAddress pred(&(i->first),4,1024 + ((unsigned int)RR->node->prng() % 64511));
-		if (std::find(r.begin(),r.end(),pred) == r.end())
-			r.push_back(pred);
-	}
-
-	return r;
-}
-#endif
-
 } // namespace ZeroTier

node/SelfAwareness.hpp

@@ -64,15 +64,6 @@ public:
 	 */
 	void clean(int64_t now);
 
-#if 0
-	/**
-	 * If we appear to be behind a symmetric NAT, get predictions for possible external endpoints
-	 *
-	 * @return Symmetric NAT predictions or empty vector if none
-	 */
-	std::vector<InetAddress> getSymmetricNatPredictions();
-#endif
-
 private:
 	struct PhySurfaceKey
 	{

version.h

@@ -35,12 +35,12 @@
 /**
  * Minor version
  */
-#define ZEROTIER_ONE_VERSION_MINOR 2
+#define ZEROTIER_ONE_VERSION_MINOR 4
 
 /**
  * Revision
  */
-#define ZEROTIER_ONE_VERSION_REVISION 13
+#define ZEROTIER_ONE_VERSION_REVISION 0
 
 /**
  * Build version