ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-04-13 22:12:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Delete bunch of commented out code.

Browse Source
This commit is contained in:
Adam Ierymenko 2014-10-11 16:53:21 -07:00
parent 0d017c043f
commit 8b0846d077
1 changed files with 1 additions and 248 deletions

249
node/IncomingPacket.cpp

@ -605,7 +605,7 @@ bool IncomingPacket::_doP5_MULTICAST_FRAME(const RuntimeEnvironment *RR,const Sh
// If the sending peer is >=1.0.0, they only go to legacy peers. Otherwise they go to all
// peers.
const bool senderIsLegacy = ((peer->remoteVersionMajor() < 1)||(depth == 0xbeef));
const bool senderIsLegacy = ((peer->remoteVersionMajor() < 1)||(depth == 0xbeef)); // magic number means "relayed on behalf of legacy peer"
const unsigned int limit = 128; // use a fairly generous limit since we want legacy peers to always work until they go away
std::vector<Address> members(RR->mc->getMembers(nwid,dest,limit));
@ -671,253 +671,6 @@ bool IncomingPacket::_doP5_MULTICAST_FRAME(const RuntimeEnvironment *RR,const Sh
} catch ( ... ) {
TRACE("dropped P5_MULTICAST_FRAME from %s(%s): unexpected exception: (unknown)",source().toString().c_str(),_remoteAddress.toString().c_str());
}
#if 0 // old code preserved below
try {
Address origin(Address(field(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_ORIGIN,ZT_PROTO_VERB_MULTICAST_FRAME_LEN_ORIGIN),ZT_ADDRESS_LENGTH));
SharedPtr<Peer> originPeer(RR->topology->getPeer(origin));
if (!originPeer) {
// We must have the origin's identity in order to authenticate a multicast
RR->sw->requestWhois(origin);
_step = DECODE_WAITING_FOR_MULTICAST_FRAME_ORIGINAL_SENDER_LOOKUP; // causes processing to come back here
return false;
}
// These fields in the packet are changed by each forwarder
unsigned int depth = at<uint16_t>(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_PROPAGATION_DEPTH);
unsigned char *const fifo = field(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_PROPAGATION_FIFO,ZT_PROTO_VERB_MULTICAST_FRAME_LEN_PROPAGATION_FIFO);
unsigned char *const bloom = field(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_PROPAGATION_BLOOM,ZT_PROTO_VERB_MULTICAST_FRAME_LEN_PROPAGATION_BLOOM);
// These fields don't -- they're signed by the original sender
const unsigned int flags = (*this)[ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FLAGS];
const uint64_t nwid = at<uint64_t>(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_NETWORK_ID);
const uint16_t bloomNonce = at<uint16_t>(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_PROPAGATION_BLOOM_NONCE);
const unsigned int prefixBits = (*this)[ZT_PROTO_VERB_MULTICAST_FRAME_IDX_PROPAGATION_PREFIX_BITS];
const unsigned int prefix = (*this)[ZT_PROTO_VERB_MULTICAST_FRAME_IDX_PROPAGATION_PREFIX];
const uint64_t guid = at<uint64_t>(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_GUID);
const MAC sourceMac(field(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_SOURCE_MAC,ZT_PROTO_VERB_MULTICAST_FRAME_LEN_SOURCE_MAC),ZT_PROTO_VERB_MULTICAST_FRAME_LEN_SOURCE_MAC);
const MulticastGroup dest(MAC(field(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_DEST_MAC,ZT_PROTO_VERB_MULTICAST_FRAME_LEN_DEST_MAC),ZT_PROTO_VERB_MULTICAST_FRAME_LEN_DEST_MAC),at<uint32_t>(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_DEST_ADI));
const unsigned int etherType = at<uint16_t>(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_ETHERTYPE);
const unsigned int frameLen = at<uint16_t>(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FRAME_LEN);
const unsigned char *const frame = field(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FRAME,frameLen);
const unsigned int signatureLen = at<uint16_t>(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FRAME + frameLen);
const unsigned char *const signature = field(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FRAME + frameLen + 2,signatureLen);
if ((!sourceMac)||(sourceMac.isMulticast())) {
TRACE("dropped MULTICAST_FRAME from %s(%s): invalid source MAC %s",source().toString().c_str(),_remoteAddress.toString().c_str(),sourceMac.toString().c_str());
return true;
}
SharedPtr<Network> network(RR->nc->network(nwid));
SharedPtr<NetworkConfig> nconf;
if (network)
nconf = network->config2();
/* Grab, verify, and learn certificate of network membership if any -- provided we are
* a member of this network. Note: we can do this before verification of the actual
* packet, since the certificate has its own separate signature. In other words a valid
* COM does not imply a valid multicast; they are two separate things. The ability to
* include the COM with the multicast is a performance optimization to allow peers to
* distribute their COM along with their packets instead of as a separate transaction.
* This causes network memberships to start working faster. */
if (((flags & ZT_PROTO_VERB_MULTICAST_FRAME_FLAGS_HAS_MEMBERSHIP_CERTIFICATE))&&(network)) {
CertificateOfMembership originCom(*this,ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FRAME + frameLen + 2 + signatureLen);
Address comSignedBy(originCom.signedBy());
if ((originCom.networkId() == nwid)&&(comSignedBy == network->controller())) {
SharedPtr<Peer> comSigningPeer(RR->topology->getPeer(comSignedBy));
if (!comSigningPeer) {
// Technically this should never happen because the COM should be signed by
// the master for this network (in current usage) and we ought to already have
// that cached. But handle it anyway.
RR->sw->requestWhois(comSignedBy);
_step = DECODE_WAITING_FOR_MULTICAST_FRAME_ORIGINAL_SENDER_LOOKUP; // causes processing to come back here
return false;
} else if (originCom.verify(comSigningPeer->identity())) {
// The certificate is valid so learn it. As explained above this does not
// imply validation of the multicast. That happens later. Look for a call
// to network->isAllowed().
network->addMembershipCertificate(originCom);
} else {
// Go ahead and drop the multicast though if the COM was invalid, since this
// obviously signifies a problem.
LOG("dropped MULTICAST_FRAME from %s(%s): included COM failed authentication check",source().toString().c_str(),_remoteAddress.toString().c_str());
return true;
}
} else {
// Go ahead and drop the multicast here too, since this also ought never to
// happen and certainly indicates a problem.
LOG("dropped MULTICAST_FRAME from %s(%s): included COM is not for this network",source().toString().c_str(),_remoteAddress.toString().c_str());
return true;
}
}
// Check the multicast frame's signature to verify that its original sender is
// who it claims to be.
const unsigned int signedPartLen = (ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FRAME - ZT_PROTO_VERB_MULTICAST_FRAME_IDX__START_OF_SIGNED_PORTION) + frameLen;
if (!originPeer->identity().verify(field(ZT_PROTO_VERB_MULTICAST_FRAME_IDX__START_OF_SIGNED_PORTION,signedPartLen),signedPartLen,signature,signatureLen)) {
LOG("dropped MULTICAST_FRAME from %s(%s): failed signature verification, claims to be from %s",source().toString().c_str(),_remoteAddress.toString().c_str(),origin.toString().c_str());
return true;
}
// Security check to prohibit multicasts that are really Ethernet unicasts...
// otherwise people could do weird things like multicast out a TCP SYN.
if (!dest.mac().isMulticast()) {
LOG("dropped MULTICAST_FRAME from %s(%s): %s is not a multicast/broadcast address",source().toString().c_str(),_remoteAddress.toString().c_str(),dest.mac().toString().c_str());
return true;
}
// At this point the frame is basically valid, so we can call it a receive
peer->receive(RR,_fromSock,_remoteAddress,hops(),packetId(),Packet::VERB_MULTICAST_FRAME,0,Packet::VERB_NOP,Utils::now());
// This gets updated later in most cases but start with the global limit.
unsigned int maxDepth = ZT_MULTICAST_GLOBAL_MAX_DEPTH;
if ((origin == RR->identity.address())||(RR->mc->deduplicate(nwid,guid))) {
// This is a boomerang or a duplicate of a multicast we've already seen. Ordinary
// nodes drop these, while supernodes will keep propagating them since they can
// act as bridges between sparse multicast networks more than once.
if (!RR->topology->amSupernode()) {
TRACE("dropped MULTICAST_FRAME from %s(%s): duplicate",source().toString().c_str(),_remoteAddress.toString().c_str());
return true;
}
} else {
// If we are actually a member of this network (will just about always
// be the case unless we're a supernode), check to see if we should
// inject the packet. This also gives us an opportunity to check things
// like multicast bandwidth constraints.
if ((network)&&(nconf)) {
// Learn real maxDepth from netconf
maxDepth = std::min((unsigned int)ZT_MULTICAST_GLOBAL_MAX_DEPTH,nconf->multicastDepth());
if (!maxDepth)
maxDepth = ZT_MULTICAST_GLOBAL_MAX_DEPTH;
if (!network->isAllowed(origin)) {
// Papers, please...
Packet outp(source(),RR->identity.address(),Packet::VERB_ERROR);
outp.append((unsigned char)Packet::VERB_MULTICAST_FRAME);
outp.append(packetId());
outp.append((unsigned char)Packet::ERROR_NEED_MEMBERSHIP_CERTIFICATE);
outp.append(nwid);
outp.armor(peer->key(),true);
_fromSock->send(_remoteAddress,outp.data(),outp.size());
TRACE("dropped MULTICAST_FRAME from %s(%s) into %.16llx: sender %s not allowed or we don't have a certificate",source().toString().c_str(),_remoteAddress.toString().c_str(),nwid,origin.toString().c_str());
return true;
}
if (MAC(origin,network->id()) != sourceMac) {
if (!nconf->permitsBridging(origin)) {
TRACE("dropped MULTICAST_FRAME from %s(%s) into %.16llx: source mac %s doesn't belong to %s, and bridging is not supported on network",source().toString().c_str(),_remoteAddress.toString().c_str(),nwid,sourceMac.toString().c_str(),origin.toString().c_str());
return true;
}
network->learnBridgeRoute(sourceMac,origin);
}
if (!nconf->permitsEtherType(etherType)) {
TRACE("dropped MULTICAST_FRAME from %s(%s) into %.16llx: ethertype %u is not allowed",source().toString().c_str(),nwid,_remoteAddress.toString().c_str(),etherType);
return true;
}
if (!network->updateAndCheckMulticastBalance(origin,dest,frameLen)) {
// Rate limits can only be checked by members of this network, but
// there should be enough of them that over-limit multicasts get
// their propagation aborted.
TRACE("dropped MULTICAST_FRAME from %s(%s): rate limits exceeded for sender %s",source().toString().c_str(),_remoteAddress.toString().c_str(),origin.toString().c_str());
return true;
}
network->tapPut(sourceMac,dest.mac(),etherType,frame,frameLen);
}
}
// Depth of 0xffff means "do not forward." Check first since
// incrementing this would integer overflow a 16-bit int.
if (depth == 0xffff) {
TRACE("not forwarding MULTICAST_FRAME from %s(%s): depth == 0xffff (do not forward)",source().toString().c_str(),_remoteAddress.toString().c_str());
return true;
}
// Check if graph traversal depth has exceeded configured maximum.
if (++depth > maxDepth) {
TRACE("not forwarding MULTICAST_FRAME from %s(%s): max propagation depth reached",source().toString().c_str(),_remoteAddress.toString().c_str());
return true;
}
// Update depth in packet with new incremented value
setAt(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_PROPAGATION_DEPTH,(uint16_t)depth);
// New FIFO with room for one extra, since head will be next hop
unsigned char newFifo[ZT_PROTO_VERB_MULTICAST_FRAME_LEN_PROPAGATION_FIFO + ZT_ADDRESS_LENGTH];
unsigned char *newFifoPtr = newFifo;
unsigned char *const newFifoEnd = newFifo + sizeof(newFifo);
// Copy old FIFO into new buffer, terminating at first NULL address
for(unsigned char *f=fifo,*const fifoEnd=(fifo + ZT_PROTO_VERB_MULTICAST_FRAME_LEN_PROPAGATION_FIFO);f!=fifoEnd;) {
unsigned char *nf = newFifoPtr;
unsigned char *e = nf + ZT_ADDRESS_LENGTH;
unsigned char *ftmp = f;
unsigned char zeroCheckMask = 0;
while (nf != e)
zeroCheckMask |= (*(nf++) = *(ftmp++));
if (zeroCheckMask) {
f = ftmp;
newFifoPtr = nf;
} else break;
}
// Add any other next hops we know about to FIFO
Multicaster::AddToPropagationQueue appender(
&newFifoPtr,
newFifoEnd,
bloom,
bloomNonce,
origin,
prefixBits,
prefix,
RR->topology,
Utils::now());
if (nconf) {
for(std::set<Address>::const_iterator ab(nconf->activeBridges().begin());ab!=nconf->activeBridges().end();++ab) {
if (!appender(*ab))
break;
}
}
RR->mc->getNextHops(nwid,dest,appender);
// Zero-terminate new FIFO if not completely full. We pad the remainder with
// zeroes because this improves data compression ratios.
while (newFifoPtr != newFifoEnd)
*(newFifoPtr++) = (unsigned char)0;
// First element in newFifo[] is next hop
Address nextHop(newFifo,ZT_ADDRESS_LENGTH);
if ((!nextHop)&&(!RR->topology->amSupernode())) {
SharedPtr<Peer> supernode(RR->topology->getBestSupernode(&origin,1,true));
if (supernode)
nextHop = supernode->address();
}
if ((!nextHop)||(nextHop == RR->identity.address())) { // check against our addr is a sanity check
//TRACE("not forwarding MULTICAST_FRAME from %s(%s): no next hop",source().toString().c_str(),_remoteAddress.toString().c_str());
return true;
}
// The rest of newFifo[] goes back into the packet
memcpy(fifo,newFifo + ZT_ADDRESS_LENGTH,ZT_PROTO_VERB_MULTICAST_FRAME_LEN_PROPAGATION_FIFO);
// Send to next hop, reusing this packet as scratch space
newInitializationVector();
setDestination(nextHop);
setSource(RR->identity.address());
compress(); // note: bloom filters and empty FIFOs are highly compressable!
RR->sw->send(*this,true);
return true;
} catch (std::exception &ex) {
TRACE("dropped MULTICAST_FRAME from %s(%s): unexpected exception: %s",source().toString().c_str(),_remoteAddress.toString().c_str(),ex.what());
} catch ( ... ) {
TRACE("dropped MULTICAST_FRAME from %s(%s): unexpected exception: (unknown)",source().toString().c_str(),_remoteAddress.toString().c_str());
}
#endif
return true;
}