mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2024-12-21 22:07:49 +00:00
Add noupdate flag in root topologies, add ability for mktopology to read from a template.
This commit is contained in:
Adam Ierymenko
parent
644db7a04a
commit
dcea212e40
@ -228,6 +228,7 @@ struct _NodeImpl
|
||||
volatile bool started;
|
||||
volatile bool running;
|
||||
volatile bool resynchronize;
|
||||
volatile bool disableRootTopologyUpdates;
|
||||
|
||||
// This function performs final node tear-down
|
||||
inline Node::ReasonForTermination terminate()
|
||||
@ -395,6 +396,7 @@ Node::Node(
|
||||
impl->started = false;
|
||||
impl->running = false;
|
||||
impl->resynchronize = false;
|
||||
impl->disableRootTopologyUpdates = false;
|
||||
}
|
||||
|
||||
Node::~Node()
|
||||
@ -471,6 +473,7 @@ Node::ReasonForTermination Node::run()
|
||||
// Create non-crypto PRNG right away in case other code in init wants to use it
|
||||
_r->prng = new CMWC4096();
|
||||
|
||||
// Read identity public and secret, generating if not present
|
||||
bool gotId = false;
|
||||
std::string identitySecretPath(_r->homePath + ZT_PATH_SEPARATOR_S + "identity.secret");
|
||||
std::string identityPublicPath(_r->homePath + ZT_PATH_SEPARATOR_S + "identity.public");
|
||||
@ -511,6 +514,7 @@ Node::ReasonForTermination Node::run()
|
||||
#endif
|
||||
}
|
||||
|
||||
// Read configuration authentication token, generating if not present
|
||||
std::string configAuthTokenPath(_r->homePath + ZT_PATH_SEPARATOR_S + "authtoken.secret");
|
||||
std::string configAuthToken;
|
||||
if (!Utils::readFile(configAuthTokenPath.c_str(),configAuthToken)) {
|
||||
@ -546,18 +550,26 @@ Node::ReasonForTermination Node::run()
|
||||
}
|
||||
#endif
|
||||
|
||||
// Initialize root topology from defaults or root-toplogy file in home path on disk
|
||||
std::string rootTopologyPath(_r->homePath + ZT_PATH_SEPARATOR_S + "root-topology");
|
||||
std::string rootTopology;
|
||||
if (!Utils::readFile(rootTopologyPath.c_str(),rootTopology))
|
||||
rootTopology = ZT_DEFAULTS.defaultRootTopology;
|
||||
try {
|
||||
Dictionary rt(rootTopology);
|
||||
|
||||
if (Topology::authenticateRootTopology(rt)) {
|
||||
_r->topology->setSupernodes(Dictionary(rt.get("supernodes")));
|
||||
// Set supernodes if root topology signature is valid
|
||||
_r->topology->setSupernodes(Dictionary(rt.get("supernodes",""))); // set supernodes from root-topology
|
||||
|
||||
// If root-topology contains noupdate=1, disable further updates and only use what was on disk
|
||||
impl->disableRootTopologyUpdates = (Utils::strToInt(rt.get("noupdate","0").c_str()) > 0);
|
||||
} else {
|
||||
// Revert to built-in defaults if root topology fails signature check
|
||||
LOG("%s failed signature check, using built-in defaults instead",rootTopologyPath.c_str());
|
||||
Utils::rm(rootTopologyPath.c_str());
|
||||
_r->topology->setSupernodes(Dictionary(Dictionary(ZT_DEFAULTS.defaultRootTopology).get("supernodes")));
|
||||
_r->topology->setSupernodes(Dictionary(Dictionary(ZT_DEFAULTS.defaultRootTopology).get("supernodes","")));
|
||||
impl->disableRootTopologyUpdates = false;
|
||||
}
|
||||
} catch ( ... ) {
|
||||
return impl->terminateBecause(Node::NODE_UNRECOVERABLE_ERROR,"invalid root-topology format");
|
||||
@ -761,10 +773,13 @@ Node::ReasonForTermination Node::run()
|
||||
_r->sm->send(ZT_DEFAULTS.v4Broadcast,false,false,bcn,ZT_PROTO_BEACON_LENGTH);
|
||||
}
|
||||
|
||||
// Check for updates to root topology (supernodes) periodically
|
||||
if ((now - lastRootTopologyFetch) >= ZT_UPDATE_ROOT_TOPOLOGY_CHECK_INTERVAL) {
|
||||
lastRootTopologyFetch = now;
|
||||
TRACE("fetching root topology from %s",ZT_DEFAULTS.rootTopologyUpdateURL.c_str());
|
||||
_r->http->GET(ZT_DEFAULTS.rootTopologyUpdateURL,HttpClient::NO_HEADERS,60,&_cbHandleGetRootTopology,_r);
|
||||
if (!impl->disableRootTopologyUpdates) {
|
||||
TRACE("fetching root topology from %s",ZT_DEFAULTS.rootTopologyUpdateURL.c_str());
|
||||
_r->http->GET(ZT_DEFAULTS.rootTopologyUpdateURL,HttpClient::NO_HEADERS,60,&_cbHandleGetRootTopology,_r);
|
||||
}
|
||||
}
|
||||
|
||||
// Sleep for loop interval or until something interesting happens.
|
||||
|
||||
@ -1,5 +1,16 @@
|
||||
This folder contains the source files to compile the signed network root topology dictionary. Users outside ZeroTier won't find this useful except for testing, since the root topology must be signed by the root topology authority (public identity in root-topology-authority.public) to be considered valid.
|
||||
|
||||
Keys in the root topology dictionary are:
|
||||
|
||||
* **supernodes**: contains another Dictionary mapping supernode address to supernode definition
|
||||
* **##########**: supernode address, contains supernode definition
|
||||
* **id**: supernode identity (public) in string-serialized format
|
||||
* **udp**: comma-delimited list of ip/port UDP addresses of node
|
||||
* **tcp**: comma-delimited list of ip/port TCP addresses of node
|
||||
* **desc**: human-readable description (optional)
|
||||
* **dns**: DNS name (optional, not currently used for anything)
|
||||
* **noupdate**: if the value of this is '1', do not auto-update from ZeroTier's servers
|
||||
|
||||
ZT_DEFAULT_ROOT_TOPOLOGY.c contains the current default value, and this URL is periodically checked for updates:
|
||||
|
||||
http://download.zerotier.com/net/topology/ROOT
|
||||
|
||||
@ -16,6 +16,7 @@ int main(int argc,char **argv)
|
||||
{
|
||||
std::string buf;
|
||||
|
||||
// Read root-topology-authority.secret signing authority, must be symlinked and online
|
||||
if (!Utils::readFile("root-topology-authority.secret",buf)) {
|
||||
std::cerr << "Cannot read root-topology-authority.secret" << std::endl;
|
||||
return 1;
|
||||
@ -24,6 +25,14 @@ int main(int argc,char **argv)
|
||||
|
||||
Dictionary topology;
|
||||
|
||||
// Read template.dict to populate default fields in root topology
|
||||
// if this file exists. Otherwise we just start empty.
|
||||
buf.clear();
|
||||
if (Utils::readFile("template.dict",buf))
|
||||
topology.fromString(buf);
|
||||
|
||||
// Read all entries in supernodes/ that correspond to supernode entry dictionaries
|
||||
// and add them to topology under supernodes/ subkey.
|
||||
Dictionary supernodes;
|
||||
std::map<std::string,bool> supernodeDictionaries(Utils::listDirectory("supernodes"));
|
||||
for(std::map<std::string,bool>::iterator sn(supernodeDictionaries.begin());sn!=supernodeDictionaries.end();++sn) {
|
||||
@ -38,17 +47,21 @@ int main(int argc,char **argv)
|
||||
}
|
||||
topology["supernodes"] = supernodes.toString();
|
||||
|
||||
// Sign topology with root-topology-authority.secret
|
||||
if (!topology.sign(topologyAuthority)) {
|
||||
std::cerr << "Unable to sign!" << std::endl;
|
||||
return 1;
|
||||
}
|
||||
|
||||
// Test signature to make sure signing worked
|
||||
Dictionary test(topology.toString());
|
||||
if (!test.verify(topologyAuthority)) {
|
||||
std::cerr << "Test verification of signed dictionary failed!" << std::endl;
|
||||
return 1;
|
||||
}
|
||||
|
||||
// Output to stdout
|
||||
std::cout << topology.toString();
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user