diff --git a/node/Constants.hpp b/node/Constants.hpp index b3c3dec0d..b7042d5dc 100644 --- a/node/Constants.hpp +++ b/node/Constants.hpp @@ -296,7 +296,12 @@ /** * General rate limit timeout for multiple packet types (HELLO, etc.) */ -#define ZT_PEER_GENERAL_INBOUND_RATE_LIMIT 1000 +#define ZT_PEER_GENERAL_INBOUND_RATE_LIMIT 500 + +/** + * General limit for max RTT for requests over the network + */ +#define ZT_GENERAL_RTT_LIMIT 5000 /** * Delay between requests for updated network autoconf information diff --git a/node/IncomingPacket.cpp b/node/IncomingPacket.cpp index 9bc41d475..b39257739 100644 --- a/node/IncomingPacket.cpp +++ b/node/IncomingPacket.cpp @@ -153,28 +153,21 @@ bool IncomingPacket::_doERROR(const RuntimeEnvironment *RR,const SharedPtr break; case Packet::ERROR_IDENTITY_COLLISION: - // Roots are the only peers currently permitted to state authoritatively - // that an identity has collided. When this occurs the node should be shut - // down and a new identity created. The odds of this ever happening are - // very low. + // FIXME: for federation this will need a payload with a signature or something. if (RR->topology->isRoot(peer->identity())) RR->node->postEvent(ZT_EVENT_FATAL_ERROR_IDENTITY_COLLISION); break; case Packet::ERROR_NEED_MEMBERSHIP_CERTIFICATE: { - // This error can be sent in response to any packet that fails network - // authorization. We only listen to it if it's from a peer that has recently - // been authorized on this network. + // Peers can send this in response to frames if they do not have a recent enough COM from us SharedPtr network(RR->node->network(at(ZT_PROTO_VERB_ERROR_IDX_PAYLOAD))); - if ((network)&&(network->recentlyAllowedOnNetwork(peer))) { - const uint64_t now = RR->node->now(); - if (peer->rateGateComRequest(now)) { - Packet outp(peer->address(),RR->identity.address(),Packet::VERB_NETWORK_CREDENTIALS); - network->config().com.serialize(outp); - outp.append((uint8_t)0); - outp.armor(peer->key(),true); - _path->send(RR,outp.data(),outp.size(),now); - } + const uint64_t now = RR->node->now(); + if ( (network) && (network->config().com) && (peer->rateGateComRequest(now)) ) { + Packet outp(peer->address(),RR->identity.address(),Packet::VERB_NETWORK_CREDENTIALS); + network->config().com.serialize(outp); + outp.append((uint8_t)0); + outp.armor(peer->key(),true); + _path->send(RR,outp.data(),outp.size(),now); } } break; diff --git a/node/Membership.hpp b/node/Membership.hpp index d67c68224..5eb68d344 100644 --- a/node/Membership.hpp +++ b/node/Membership.hpp @@ -154,23 +154,6 @@ public: return nconf.com.agreesWith(_com); } - /** - * @return True if this member has been on this network recently (or network is public) - */ - inline bool recentlyAllowedOnNetwork(const NetworkConfig &nconf) const - { - if (nconf.isPublic()) - return true; - if (_com) { - const uint64_t a = _com.timestamp().first; - if ((_blacklistBefore)&&(a <= _blacklistBefore)) - return false; - const uint64_t b = nconf.com.timestamp().first; - return ((a <= b) ? ((b - a) <= ZT_NETWORKCONFIG_DEFAULT_CREDENTIAL_TIME_MAX_MAX_DELTA) : true); - } - return false; - } - /** * Check whether a capability or tag is within its max delta from the timestamp of our network config and newer than any blacklist cutoff time * @@ -259,10 +242,7 @@ public: * * @param ts Blacklist cutoff */ - inline void blacklistBefore(const uint64_t ts) - { - _blacklistBefore = ts; - } + inline void blacklistBefore(const uint64_t ts) { _blacklistBefore = ts; } /** * Clean up old or stale entries diff --git a/node/Network.cpp b/node/Network.cpp index 197841d98..455e185eb 100644 --- a/node/Network.cpp +++ b/node/Network.cpp @@ -648,11 +648,12 @@ bool Network::filterOutgoingPacket( { uint32_t remoteTagIds[ZT_MAX_NETWORK_TAGS]; uint32_t remoteTagValues[ZT_MAX_NETWORK_TAGS]; - Address ztDest2(ztDest); + Address ztFinalDest(ztDest); Address cc; const Capability *relevantCap = (const Capability *)0; unsigned int ccLength = 0; bool accept = false; + const uint64_t now = RR->node->now(); Mutex::Lock _l(_lock); @@ -663,26 +664,27 @@ bool Network::filterOutgoingPacket( remoteTagCount = m->getAllTags(_config,remoteTagIds,remoteTagValues,ZT_MAX_NETWORK_TAGS); } - switch(_doZtFilter(RR,_config,false,ztSource,ztDest2,macSource,macDest,frameData,frameLen,etherType,vlanId,_config.rules,_config.ruleCount,_config.tags,_config.tagCount,remoteTagIds,remoteTagValues,remoteTagCount,cc,ccLength)) { + switch(_doZtFilter(RR,_config,false,ztSource,ztFinalDest,macSource,macDest,frameData,frameLen,etherType,vlanId,_config.rules,_config.ruleCount,_config.tags,_config.tagCount,remoteTagIds,remoteTagValues,remoteTagCount,cc,ccLength)) { case DOZTFILTER_NO_MATCH: for(unsigned int c=0;c<_config.capabilityCount;++c) { - ztDest2 = ztDest; // sanity check + ztFinalDest = ztDest; // sanity check Address cc2; unsigned int ccLength2 = 0; - switch (_doZtFilter(RR,_config,false,ztSource,ztDest2,macSource,macDest,frameData,frameLen,etherType,vlanId,_config.capabilities[c].rules(),_config.capabilities[c].ruleCount(),_config.tags,_config.tagCount,remoteTagIds,remoteTagValues,remoteTagCount,cc2,ccLength2)) { + switch (_doZtFilter(RR,_config,false,ztSource,ztFinalDest,macSource,macDest,frameData,frameLen,etherType,vlanId,_config.capabilities[c].rules(),_config.capabilities[c].ruleCount(),_config.tags,_config.tagCount,remoteTagIds,remoteTagValues,remoteTagCount,cc2,ccLength2)) { case DOZTFILTER_NO_MATCH: case DOZTFILTER_DROP: // explicit DROP in a capability just terminates its evaluation and is an anti-pattern break; - case DOZTFILTER_REDIRECT: // interpreted as ACCEPT but ztDest2 will have been changed in _doZtFilter() + case DOZTFILTER_REDIRECT: // interpreted as ACCEPT but ztFinalDest will have been changed in _doZtFilter() case DOZTFILTER_ACCEPT: case DOZTFILTER_SUPER_ACCEPT: // no difference in behavior on outbound side relevantCap = &(_config.capabilities[c]); accept = true; if ((!noTee)&&(cc2)) { - _membership(cc2).sendCredentialsIfNeeded(RR,RR->node->now(),cc2,_config,relevantCap); + Membership &m2 = _membership(cc2); + m2.sendCredentialsIfNeeded(RR,now,cc2,_config,relevantCap); Packet outp(cc2,RR->identity.address(),Packet::VERB_EXT_FRAME); outp.append(_id); @@ -705,7 +707,7 @@ bool Network::filterOutgoingPacket( case DOZTFILTER_DROP: return false; - case DOZTFILTER_REDIRECT: // interpreted as ACCEPT but ztDest2 will have been changed in _doZtFilter() + case DOZTFILTER_REDIRECT: // interpreted as ACCEPT but ztFinalDest will have been changed in _doZtFilter() case DOZTFILTER_ACCEPT: case DOZTFILTER_SUPER_ACCEPT: // no difference in behavior on outbound side accept = true; @@ -714,7 +716,8 @@ bool Network::filterOutgoingPacket( if (accept) { if ((!noTee)&&(cc)) { - _membership(cc).sendCredentialsIfNeeded(RR,RR->node->now(),cc,_config,relevantCap); + Membership &m2 = _membership(cc); + m2.sendCredentialsIfNeeded(RR,now,cc,_config,relevantCap); Packet outp(cc,RR->identity.address(),Packet::VERB_EXT_FRAME); outp.append(_id); @@ -727,10 +730,11 @@ bool Network::filterOutgoingPacket( RR->sw->send(outp,true); } - if ((ztDest != ztDest2)&&(ztDest2)) { - _membership(ztDest2).sendCredentialsIfNeeded(RR,RR->node->now(),ztDest2,_config,relevantCap); + if ((ztDest != ztFinalDest)&&(ztFinalDest)) { + Membership &m2 = _membership(ztFinalDest); + m2.sendCredentialsIfNeeded(RR,now,ztFinalDest,_config,relevantCap); - Packet outp(ztDest2,RR->identity.address(),Packet::VERB_EXT_FRAME); + Packet outp(ztFinalDest,RR->identity.address(),Packet::VERB_EXT_FRAME); outp.append(_id); outp.append((uint8_t)0x02); // TEE/REDIRECT from outbound side: 0x02 macDest.appendTo(outp); @@ -742,11 +746,13 @@ bool Network::filterOutgoingPacket( return false; // DROP locally, since we redirected } else if (m) { - m->sendCredentialsIfNeeded(RR,RR->node->now(),ztDest,_config,relevantCap); + m->sendCredentialsIfNeeded(RR,now,ztDest,_config,relevantCap); } - } - return accept; + return true; + } else { + return false; + } } int Network::filterIncomingPacket( @@ -761,7 +767,7 @@ int Network::filterIncomingPacket( { uint32_t remoteTagIds[ZT_MAX_NETWORK_TAGS]; uint32_t remoteTagValues[ZT_MAX_NETWORK_TAGS]; - Address ztDest2(ztDest); + Address ztFinalDest(ztDest); Address cc; unsigned int ccLength = 0; int accept = 0; @@ -771,16 +777,16 @@ int Network::filterIncomingPacket( Membership &m = _membership(sourcePeer->address()); const unsigned int remoteTagCount = m.getAllTags(_config,remoteTagIds,remoteTagValues,ZT_MAX_NETWORK_TAGS); - switch (_doZtFilter(RR,_config,true,sourcePeer->address(),ztDest2,macSource,macDest,frameData,frameLen,etherType,vlanId,_config.rules,_config.ruleCount,_config.tags,_config.tagCount,remoteTagIds,remoteTagValues,remoteTagCount,cc,ccLength)) { + switch (_doZtFilter(RR,_config,true,sourcePeer->address(),ztFinalDest,macSource,macDest,frameData,frameLen,etherType,vlanId,_config.rules,_config.ruleCount,_config.tags,_config.tagCount,remoteTagIds,remoteTagValues,remoteTagCount,cc,ccLength)) { case DOZTFILTER_NO_MATCH: { Membership::CapabilityIterator mci(m); const Capability *c; while ((c = mci.next(_config))) { - ztDest2 = ztDest; // sanity check + ztFinalDest = ztDest; // sanity check Address cc2; unsigned int ccLength2 = 0; - switch(_doZtFilter(RR,_config,true,sourcePeer->address(),ztDest2,macSource,macDest,frameData,frameLen,etherType,vlanId,c->rules(),c->ruleCount(),_config.tags,_config.tagCount,remoteTagIds,remoteTagValues,remoteTagCount,cc2,ccLength2)) { + switch(_doZtFilter(RR,_config,true,sourcePeer->address(),ztFinalDest,macSource,macDest,frameData,frameLen,etherType,vlanId,c->rules(),c->ruleCount(),_config.tags,_config.tagCount,remoteTagIds,remoteTagValues,remoteTagCount,cc2,ccLength2)) { case DOZTFILTER_NO_MATCH: case DOZTFILTER_DROP: // explicit DROP in a capability just terminates its evaluation and is an anti-pattern break; @@ -815,7 +821,7 @@ int Network::filterIncomingPacket( case DOZTFILTER_DROP: return 0; // DROP - case DOZTFILTER_REDIRECT: // interpreted as ACCEPT but ztDest2 will have been changed in _doZtFilter() + case DOZTFILTER_REDIRECT: // interpreted as ACCEPT but ztFinalDest will have been changed in _doZtFilter() case DOZTFILTER_ACCEPT: accept = 1; // ACCEPT break; @@ -839,10 +845,10 @@ int Network::filterIncomingPacket( RR->sw->send(outp,true); } - if ((ztDest != ztDest2)&&(ztDest2)) { - _membership(ztDest2).sendCredentialsIfNeeded(RR,RR->node->now(),ztDest2,_config,(const Capability *)0); + if ((ztDest != ztFinalDest)&&(ztFinalDest)) { + _membership(ztFinalDest).sendCredentialsIfNeeded(RR,RR->node->now(),ztFinalDest,_config,(const Capability *)0); - Packet outp(ztDest2,RR->identity.address(),Packet::VERB_EXT_FRAME); + Packet outp(ztFinalDest,RR->identity.address(),Packet::VERB_EXT_FRAME); outp.append(_id); outp.append((uint8_t)0x06); // TEE/REDIRECT from inbound side: 0x06 macDest.appendTo(outp); @@ -1063,23 +1069,26 @@ bool Network::gate(const SharedPtr &peer,const Packet::Verb verb,const uin Mutex::Lock _l(_lock); try { if (_config) { - Membership &m = _membership(peer->address()); - const bool allow = m.isAllowedOnNetwork(_config); - if (allow) { - m.sendCredentialsIfNeeded(RR,now,peer->address(),_config,(const Capability *)0); - if (m.shouldLikeMulticasts(now)) { + Membership *m = _memberships.get(peer->address()); + if ( (_config.isPublic()) || ((m)&&(m->isAllowedOnNetwork(_config))) ) { + if (!m) + m = &(_membership(peer->address())); + m->sendCredentialsIfNeeded(RR,now,peer->address(),_config,(const Capability *)0); + if (m->shouldLikeMulticasts(now)) { _announceMulticastGroupsTo(peer->address(),_allMulticastGroups()); - m.likingMulticasts(now); + m->likingMulticasts(now); + } + return true; + } else { + if (peer->rateGateRequestCredentials(now)) { + Packet outp(peer->address(),RR->identity.address(),Packet::VERB_ERROR); + outp.append((uint8_t)verb); + outp.append(packetId); + outp.append((uint8_t)Packet::ERROR_NEED_MEMBERSHIP_CERTIFICATE); + outp.append(_id); + RR->sw->send(outp,true); } - } else if (m.recentlyAllowedOnNetwork(_config)&&peer->rateGateRequestCredentials(now)) { - Packet outp(peer->address(),RR->identity.address(),Packet::VERB_ERROR); - outp.append((uint8_t)verb); - outp.append(packetId); - outp.append((uint8_t)Packet::ERROR_NEED_MEMBERSHIP_CERTIFICATE); - outp.append(_id); - RR->sw->send(outp,true); } - return allow; } } catch ( ... ) { TRACE("gate() check failed for peer %s: unexpected exception",peer->address().toString().c_str()); @@ -1092,15 +1101,6 @@ bool Network::gateMulticastGatherReply(const SharedPtr &peer,const Packet: return ( (peer->address() == controller()) || RR->topology->isUpstream(peer->identity()) || gate(peer,verb,packetId) || _config.isAnchor(peer->address()) ); } -bool Network::recentlyAllowedOnNetwork(const SharedPtr &peer) const -{ - Mutex::Lock _l(_lock); - const Membership *m = _memberships.get(peer->address()); - if (m) - return m->recentlyAllowedOnNetwork(_config); - return false; -} - void Network::clean() { const uint64_t now = RR->node->now(); @@ -1308,13 +1308,11 @@ void Network::_sendUpdatesToMembers(const MulticastGroup *const newMulticastGrou Membership *m = (Membership *)0; Hashtable::Iterator i(_memberships); while (i.next(a,m)) { - if ( (m->recentlyAllowedOnNetwork(_config)) || (std::find(anchors.begin(),anchors.end(),*a) != anchors.end()) ) { - m->sendCredentialsIfNeeded(RR,RR->node->now(),*a,_config,(const Capability *)0); - if ( ((newMulticastGroup)||(m->shouldLikeMulticasts(now))) && (m->isAllowedOnNetwork(_config)) ) { - if (!newMulticastGroup) - m->likingMulticasts(now); - _announceMulticastGroupsTo(*a,groups); - } + m->sendCredentialsIfNeeded(RR,now,*a,_config,(const Capability *)0); + if ( ((newMulticastGroup)||(m->shouldLikeMulticasts(now))) && (m->isAllowedOnNetwork(_config)) ) { + if (!newMulticastGroup) + m->likingMulticasts(now); + _announceMulticastGroupsTo(*a,groups); } } } diff --git a/node/Network.hpp b/node/Network.hpp index 7a4065ff5..c85e5993c 100644 --- a/node/Network.hpp +++ b/node/Network.hpp @@ -248,7 +248,10 @@ public: void requestConfiguration(); /** - * Membership check gate for incoming packets related to this network + * Determine whether this peer is permitted to communicate on this network + * + * This also performs certain periodic actions such as pushing renewed + * credentials to peers or requesting them if not present. * * @param peer Peer to check * @param verb Packet verb @@ -262,12 +265,6 @@ public: */ bool gateMulticastGatherReply(const SharedPtr &peer,const Packet::Verb verb,const uint64_t packetId); - /** - * @param peer Peer to check - * @return True if peer has recently been a valid member of this network - */ - bool recentlyAllowedOnNetwork(const SharedPtr &peer) const; - /** * Perform cleanup and possibly save state */ diff --git a/node/Node.cpp b/node/Node.cpp index 51f1b5c04..2533eeb69 100644 --- a/node/Node.cpp +++ b/node/Node.cpp @@ -241,7 +241,7 @@ public: } lastReceiveFromUpstream = std::max(p->lastReceive(),lastReceiveFromUpstream); - } else if (p->activelyTransferringFrames(_now)) { + } else if (p->isActive(_now)) { // Normal nodes get their preferred link kept alive if the node has generated frame traffic recently p->doPingAndKeepalive(_now,-1); } diff --git a/node/Peer.cpp b/node/Peer.cpp index 78af90631..d742964ae 100644 --- a/node/Peer.cpp +++ b/node/Peer.cpp @@ -41,7 +41,6 @@ namespace ZeroTier { static uint32_t _natKeepaliveBuf = 0; Peer::Peer(const RuntimeEnvironment *renv,const Identity &myIdentity,const Identity &peerIdentity) : - _lastUsed(0), _lastReceive(0), _lastUnicastFrame(0), _lastMulticastFrame(0), @@ -408,19 +407,16 @@ bool Peer::hasActiveDirectPath(uint64_t now) const return false; } -bool Peer::resetWithinScope(InetAddress::IpScope scope,int inetAddressFamily,uint64_t now) +void Peer::resetWithinScope(InetAddress::IpScope scope,int inetAddressFamily,uint64_t now) { Mutex::Lock _l(_paths_m); - bool resetSomething = false; for(unsigned int p=0;p<_numPaths;++p) { if ( (_paths[p].path->address().ss_family == inetAddressFamily) && (_paths[p].path->address().ipScope() == scope) ) { attemptToContactAt(_paths[p].path->localAddress(),_paths[p].path->address(),now); _paths[p].path->sent(now); - _paths[p].lastReceive >>= 2; // de-prioritize heavily vs. other paths, will get reset if we get OK(HELLO) or other traffic - resetSomething = true; + _paths[p].lastReceive = 0; // path will not be used unless it speaks again } } - return resetSomething; } void Peer::getBestActiveAddresses(uint64_t now,InetAddress &v4,InetAddress &v6) const diff --git a/node/Peer.hpp b/node/Peer.hpp index 1ae239bce..c5ef43edb 100644 --- a/node/Peer.hpp +++ b/node/Peer.hpp @@ -68,18 +68,6 @@ public: */ Peer(const RuntimeEnvironment *renv,const Identity &myIdentity,const Identity &peerIdentity); - /** - * @return Time peer record was last used in any way - */ - inline uint64_t lastUsed() const throw() { return _lastUsed; } - - /** - * Log a use of this peer record (done by Topology when peers are looked up) - * - * @param now New time of last use - */ - inline void use(uint64_t now) throw() { _lastUsed = now; } - /** * @return This peer's ZT address (short for identity().address()) */ @@ -194,15 +182,14 @@ public: /** * Reset paths within a given IP scope and address family * - * Resetting a path involves sending a HELLO to it and then de-prioritizing - * it vs. other paths. + * Resetting a path involves sending an ECHO to it and then deactivating + * it until or unless it responds. * * @param scope IP scope * @param inetAddressFamily Family e.g. AF_INET * @param now Current time - * @return True if we forgot at least one path */ - bool resetWithinScope(InetAddress::IpScope scope,int inetAddressFamily,uint64_t now); + void resetWithinScope(InetAddress::IpScope scope,int inetAddressFamily,uint64_t now); /** * Get most recently active path addresses for IPv4 and/or IPv6 @@ -232,27 +219,32 @@ public: /** * @return Time of last receive of anything, whether direct or relayed */ - inline uint64_t lastReceive() const throw() { return _lastReceive; } + inline uint64_t lastReceive() const { return _lastReceive; } + + /** + * @return True if we've heard from this peer in less than ZT_PEER_ACTIVITY_TIMEOUT + */ + inline bool isAlive(const uint64_t now) const { return ((now - _lastReceive) < ZT_PEER_ACTIVITY_TIMEOUT); } /** * @return Time of most recent unicast frame received */ - inline uint64_t lastUnicastFrame() const throw() { return _lastUnicastFrame; } + inline uint64_t lastUnicastFrame() const { return _lastUnicastFrame; } /** * @return Time of most recent multicast frame received */ - inline uint64_t lastMulticastFrame() const throw() { return _lastMulticastFrame; } + inline uint64_t lastMulticastFrame() const { return _lastMulticastFrame; } /** * @return Time of most recent frame of any kind (unicast or multicast) */ - inline uint64_t lastFrame() const throw() { return std::max(_lastUnicastFrame,_lastMulticastFrame); } + inline uint64_t lastFrame() const { return std::max(_lastUnicastFrame,_lastMulticastFrame); } /** * @return True if this peer has sent us real network traffic recently */ - inline uint64_t activelyTransferringFrames(uint64_t now) const throw() { return ((now - lastFrame()) < ZT_PEER_ACTIVITY_TIMEOUT); } + inline uint64_t isActive(uint64_t now) const { return ((now - lastFrame()) < ZT_PEER_ACTIVITY_TIMEOUT); } /** * @return Latency in milliseconds or 0 if unknown @@ -464,7 +456,6 @@ private: uint8_t _key[ZT_PEER_SECRET_KEY_LENGTH]; uint8_t _remoteClusterOptimal6[16]; - uint64_t _lastUsed; uint64_t _lastReceive; // direct or indirect uint64_t _lastUnicastFrame; uint64_t _lastMulticastFrame; diff --git a/node/SelfAwareness.cpp b/node/SelfAwareness.cpp index 6bf507209..e84b7b654 100644 --- a/node/SelfAwareness.cpp +++ b/node/SelfAwareness.cpp @@ -45,9 +45,7 @@ public: _family(inetAddressFamily), _scope(scope) {} - inline void operator()(Topology &t,const SharedPtr &p) { if (p->resetWithinScope(_scope,_family,_now)) peersReset.push_back(p); } - - std::vector< SharedPtr > peersReset; + inline void operator()(Topology &t,const SharedPtr &p) { p->resetWithinScope(_scope,_family,_now); } private: uint64_t _now; @@ -95,16 +93,6 @@ void SelfAwareness::iam(const Address &reporter,const InetAddress &receivedOnLoc // Reset all paths within this scope and address family _ResetWithinScope rset(now,myPhysicalAddress.ss_family,(InetAddress::IpScope)scope); RR->topology->eachPeer<_ResetWithinScope &>(rset); - - // Send a NOP to all peers for whom we forgot a path. This will cause direct - // links to be re-established if possible, possibly using a root server or some - // other relay. - for(std::vector< SharedPtr >::const_iterator p(rset.peersReset.begin());p!=rset.peersReset.end();++p) { - if ((*p)->activelyTransferringFrames(now)) { - Packet outp((*p)->address(),RR->identity.address(),Packet::VERB_NOP); - RR->sw->send(outp,true); - } - } } else { // Otherwise just update DB to use to determine external surface info entry.mySurface = myPhysicalAddress; diff --git a/node/Switch.cpp b/node/Switch.cpp index beb36b6c2..e3d57835b 100644 --- a/node/Switch.cpp +++ b/node/Switch.cpp @@ -354,8 +354,7 @@ void Switch::onLocalEthernet(const SharedPtr &network,const MAC &from,c return; } - // Destination is a multicast address (including broadcast) - MulticastGroup mg(to,0); + MulticastGroup multicastGroup(to,0); if (to.isBroadcast()) { if ( (etherType == ZT_ETHERTYPE_ARP) && (len >= 28) && ((((const uint8_t *)data)[2] == 0x08)&&(((const uint8_t *)data)[3] == 0x00)&&(((const uint8_t *)data)[4] == 6)&&(((const uint8_t *)data)[5] == 4)&&(((const uint8_t *)data)[7] == 0x01)) ) { @@ -368,7 +367,7 @@ void Switch::onLocalEthernet(const SharedPtr &network,const MAC &from,c * them into multicasts by stuffing the IP address being queried into * the 32-bit ADI field. In practice this uses our multicast pub/sub * system to implement a kind of extended/distributed ARP table. */ - mg = MulticastGroup::deriveMulticastGroupForAddressResolution(InetAddress(((const unsigned char *)data) + 24,4,0)); + multicastGroup = MulticastGroup::deriveMulticastGroupForAddressResolution(InetAddress(((const unsigned char *)data) + 24,4,0)); } else if (!network->config().enableBroadcast()) { // Don't transmit broadcasts if this network doesn't want them TRACE("%.16llx: dropped broadcast since ff:ff:ff:ff:ff:ff is not enabled",network->id()); @@ -463,9 +462,9 @@ void Switch::onLocalEthernet(const SharedPtr &network,const MAC &from,c * multicast addresses on bridge interfaces and subscribing each slave. * But in that case this does no harm, as the sets are just merged. */ if (fromBridged) - network->learnBridgedMulticastGroup(mg,RR->node->now()); + network->learnBridgedMulticastGroup(multicastGroup,RR->node->now()); - //TRACE("%.16llx: MULTICAST %s -> %s %s %u",network->id(),from.toString().c_str(),mg.toString().c_str(),etherTypeName(etherType),len); + //TRACE("%.16llx: MULTICAST %s -> %s %s %u",network->id(),from.toString().c_str(),multicastGroup.toString().c_str(),etherTypeName(etherType),len); // First pass sets noTee to false, but noTee is set to true in OutboundMulticast to prevent duplicates. if (!network->filterOutgoingPacket(false,RR->identity.address(),Address(),from,to,(const uint8_t *)data,len,etherType,vlanId)) { @@ -478,7 +477,7 @@ void Switch::onLocalEthernet(const SharedPtr &network,const MAC &from,c RR->node->now(), network->id(), network->config().activeBridges(), - mg, + multicastGroup, (fromBridged) ? from : MAC(), etherType, data, diff --git a/node/Topology.cpp b/node/Topology.cpp index 6e2fd0714..12a7cc0be 100644 --- a/node/Topology.cpp +++ b/node/Topology.cpp @@ -96,7 +96,6 @@ SharedPtr Topology::addPeer(const SharedPtr &peer) np = hp; } - np->use(RR->node->now()); saveIdentity(np->identity()); return np; @@ -113,7 +112,6 @@ SharedPtr Topology::getPeer(const Address &zta) Mutex::Lock _l(_lock); const SharedPtr *const ap = _peers.get(zta); if (ap) { - (*ap)->use(RR->node->now()); return *ap; } } @@ -127,7 +125,6 @@ SharedPtr Topology::getPeer(const Address &zta) SharedPtr &ap = _peers[zta]; if (!ap) ap.swap(np); - ap->use(RR->node->now()); return ap; } } @@ -176,10 +173,8 @@ SharedPtr Topology::getBestRoot(const Address *avoid,unsigned int avoidCou if (_rootAddresses[p] == RR->identity.address()) { for(unsigned long q=1;q<_rootAddresses.size();++q) { const SharedPtr *const nextsn = _peers.get(_rootAddresses[(p + q) % _rootAddresses.size()]); - if ((nextsn)&&((*nextsn)->hasActiveDirectPath(now))) { - (*nextsn)->use(now); + if ((nextsn)&&((*nextsn)->hasActiveDirectPath(now))) return *nextsn; - } } break; } @@ -214,10 +209,8 @@ SharedPtr Topology::getBestRoot(const Address *avoid,unsigned int avoidCou } if (bestNotAvoid) { - (*bestNotAvoid)->use(now); return *bestNotAvoid; } else if ((!strictAvoid)&&(bestOverall)) { - (*bestOverall)->use(now); return *bestOverall; } @@ -256,7 +249,7 @@ void Topology::clean(uint64_t now) Address *a = (Address *)0; SharedPtr *p = (SharedPtr *)0; while (i.next(a,p)) { - if (((now - (*p)->lastUsed()) >= ZT_PEER_IN_MEMORY_EXPIRATION)&&(std::find(_rootAddresses.begin(),_rootAddresses.end(),*a) == _rootAddresses.end())) + if ( (!(*p)->isAlive(now)) && (std::find(_rootAddresses.begin(),_rootAddresses.end(),*a) == _rootAddresses.end()) ) _peers.erase(*a); } }