From f82c7006eaa723de7dd41b1a6e3afa32dbf00bc4 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Wed, 2 Jul 2014 15:59:08 -0700 Subject: [PATCH] Leave IP addresses alone instead of deleting them from tap if they are not members of any of the networks under management. --- node/EthernetTap.hpp | 23 ++++- node/InetAddress.cpp | 128 +++++++++++++++++++++++-- node/InetAddress.hpp | 217 ++++++++++--------------------------------- 3 files changed, 189 insertions(+), 179 deletions(-) diff --git a/node/EthernetTap.hpp b/node/EthernetTap.hpp index 79dae1271..da725553d 100644 --- a/node/EthernetTap.hpp +++ b/node/EthernetTap.hpp @@ -115,7 +115,8 @@ public: /** * Set this tap's IP addresses to exactly this set of IPs * - * New IPs are created, ones not in this list are removed. + * New IPs are created. Any IP that overlaps with the network of an IP in + * this list is removed, but other IPs are left intact. * * @param ips IP addresses with netmask in port field */ @@ -130,15 +131,27 @@ public: if (i->isLinkLocal()) { if (i->isV6()) haveV6LinkLocal = true; - } else if (!allIps.count(*i)) - removeIP(*i); + } else if (!allIps.count(*i)) { + for(std::set::const_iterator i2(allIps.begin());i2!=allIps.end();++i2) { + if (i->sameNetworkAs(*i2)) { + removeIP(*i); + break; + } + } + } } if (!haveV6LinkLocal) addIP(InetAddress::makeIpv6LinkLocal(_mac)); #else for(std::set::iterator i(myIps.begin());i!=myIps.end();++i) { - if ((!i->isLinkLocal())&&(!allIps.count(*i))) - removeIP(*i); + if ((!i->isLinkLocal())&&(!allIps.count(*i))) { + for(std::set::const_iterator i2(allIps.begin());i2!=allIps.end();++i2) { + if (i->sameNetworkAs(*i2)) { + removeIP(*i); + break; + } + } + } } #endif } diff --git a/node/InetAddress.cpp b/node/InetAddress.cpp index 0a7dd88cb..706d804ac 100644 --- a/node/InetAddress.cpp +++ b/node/InetAddress.cpp @@ -46,17 +46,51 @@ void InetAddress::set(const std::string &ip,unsigned int port) memset(&_sa,0,sizeof(_sa)); if (ip.find(':') != std::string::npos) { _sa.sin6.sin6_family = AF_INET6; - _sa.sin6.sin6_port = htons((uint16_t)port); + _sa.sin6.sin6_port = Utils::hton((uint16_t)port); if (inet_pton(AF_INET6,ip.c_str(),(void *)&(_sa.sin6.sin6_addr.s6_addr)) <= 0) _sa.saddr.sa_family = 0; } else { _sa.sin.sin_family = AF_INET; - _sa.sin.sin_port = htons((uint16_t)port); + _sa.sin.sin_port = Utils::hton((uint16_t)port); if (inet_pton(AF_INET,ip.c_str(),(void *)&(_sa.sin.sin_addr.s_addr)) <= 0) _sa.saddr.sa_family = 0; } } +void InetAddress::set(const void *ipBytes,unsigned int ipLen,unsigned int port) + throw() +{ + memset(&_sa,0,sizeof(_sa)); + if (ipLen == 4) { + setV4(); + memcpy(rawIpData(),ipBytes,4); + setPort(port); + } else if (ipLen == 16) { + setV6(); + memcpy(rawIpData(),ipBytes,16); + setPort(port); + } +} + +bool InetAddress::isLinkLocal() const + throw() +{ + if (_sa.saddr.sa_family == AF_INET) + return ((Utils::ntoh((uint32_t)_sa.sin.sin_addr.s_addr) & 0xffff0000) == 0xa9fe0000); + else if (_sa.saddr.sa_family == AF_INET6) { + if (_sa.sin6.sin6_addr.s6_addr[0] != 0xfe) return false; + if (_sa.sin6.sin6_addr.s6_addr[1] != 0x80) return false; + if (_sa.sin6.sin6_addr.s6_addr[2] != 0x00) return false; + if (_sa.sin6.sin6_addr.s6_addr[3] != 0x00) return false; + if (_sa.sin6.sin6_addr.s6_addr[4] != 0x00) return false; + if (_sa.sin6.sin6_addr.s6_addr[5] != 0x00) return false; + if (_sa.sin6.sin6_addr.s6_addr[6] != 0x00) return false; + if (_sa.sin6.sin6_addr.s6_addr[7] != 0x00) return false; + return true; + } + return false; +} + std::string InetAddress::toString() const { char buf[128],buf2[128]; @@ -103,7 +137,6 @@ void InetAddress::fromString(const std::string &ipSlashPort) std::string InetAddress::toIpString() const { char buf[128]; - switch(_sa.saddr.sa_family) { case AF_INET: #ifdef __WINDOWS__ @@ -124,10 +157,64 @@ std::string InetAddress::toIpString() const #endif break; } - return std::string(); } +InetAddress InetAddress::netmask() const + throw() +{ + InetAddress r(*this); + switch(_sa.saddr.sa_family) { + case AF_INET: + r._sa.sin.sin_addr.s_addr = Utils::hton((uint32_t)(0xffffffff << (32 - netmaskBits()))); + break; + case AF_INET6: { + unsigned char *bf = (unsigned char *)r._sa.sin6.sin6_addr.s6_addr; + signed int bitsLeft = (signed int)netmaskBits(); + for(unsigned int i=0;i<16;++i) { + if (bitsLeft > 0) { + bf[i] = (unsigned char)((bitsLeft >= 8) ? 0xff : (0xff << (8 - bitsLeft))); + bitsLeft -= 8; + } else bf[i] = (unsigned char)0; + } + } break; + } + return r; +} + +bool InetAddress::sameNetworkAs(const InetAddress &ipnet) const + throw() +{ + if (_sa.saddr.sa_family != ipnet._sa.saddr.sa_family) + return false; + + unsigned int bits = netmaskBits(); + if (bits != ipnet.netmaskBits()) + return false; + if (!bits) + return true; + switch(_sa.saddr.sa_family) { + case AF_INET: + if (bits >= 32) bits = 32; + break; + case AF_INET6: + if (bits >= 128) bits = 128; + break; + default: + return false; + } + + const uint8_t *a = (const uint8_t *)rawIpData(); + const uint8_t *b = (const uint8_t *)ipnet.rawIpData(); + while (bits >= 8) { + if (*(a++) != *(b++)) + return false; + bits -= 8; + } + bits = 8 - bits; + return ((*a >> bits) == (*b >> bits)); +} + bool InetAddress::operator==(const InetAddress &a) const throw() { @@ -151,19 +238,44 @@ bool InetAddress::operator<(const InetAddress &a) const return true; else if (_sa.saddr.sa_family == a._sa.saddr.sa_family) { if (_sa.saddr.sa_family == AF_INET) { - unsigned long x = ntohl(_sa.sin.sin_addr.s_addr); - unsigned long y = ntohl(a._sa.sin.sin_addr.s_addr); + unsigned long x = Utils::ntoh((uint32_t)_sa.sin.sin_addr.s_addr); + unsigned long y = Utils::ntoh((uint32_t)a._sa.sin.sin_addr.s_addr); if (x == y) - return (ntohs(_sa.sin.sin_port) < ntohs(a._sa.sin.sin_port)); + return (Utils::ntoh((uint16_t)_sa.sin.sin_port) < Utils::ntoh((uint16_t)a._sa.sin.sin_port)); else return (x < y); } else if (_sa.saddr.sa_family == AF_INET6) { int cmp = (int)memcmp(_sa.sin6.sin6_addr.s6_addr,a._sa.sin6.sin6_addr.s6_addr,16); if (cmp == 0) - return (ntohs(_sa.sin6.sin6_port) < ntohs(a._sa.sin6.sin6_port)); + return (Utils::ntoh((uint16_t)_sa.sin6.sin6_port) < Utils::ntoh((uint16_t)a._sa.sin6.sin6_port)); else return (cmp < 0); } else return (memcmp(&_sa,&a._sa,sizeof(_sa)) < 0); } return false; } +InetAddress InetAddress::makeIpv6LinkLocal(const MAC &mac) + throw() +{ + InetAddress ip; + ip._sa.saddr.sa_family = AF_INET6; + ip._sa.sin6.sin6_addr.s6_addr[0] = 0xfe; + ip._sa.sin6.sin6_addr.s6_addr[1] = 0x80; + ip._sa.sin6.sin6_addr.s6_addr[2] = 0x00; + ip._sa.sin6.sin6_addr.s6_addr[3] = 0x00; + ip._sa.sin6.sin6_addr.s6_addr[4] = 0x00; + ip._sa.sin6.sin6_addr.s6_addr[5] = 0x00; + ip._sa.sin6.sin6_addr.s6_addr[6] = 0x00; + ip._sa.sin6.sin6_addr.s6_addr[7] = 0x00; + ip._sa.sin6.sin6_addr.s6_addr[8] = mac[0] & 0xfd; + ip._sa.sin6.sin6_addr.s6_addr[9] = mac[1]; + ip._sa.sin6.sin6_addr.s6_addr[10] = mac[2]; + ip._sa.sin6.sin6_addr.s6_addr[11] = 0xff; + ip._sa.sin6.sin6_addr.s6_addr[12] = 0xfe; + ip._sa.sin6.sin6_addr.s6_addr[13] = mac[3]; + ip._sa.sin6.sin6_addr.s6_addr[14] = mac[4]; + ip._sa.sin6.sin6_addr.s6_addr[15] = mac[5]; + ip._sa.sin6.sin6_port = Utils::hton((uint16_t)64); + return ip; +} + } // namespace ZeroTier diff --git a/node/InetAddress.hpp b/node/InetAddress.hpp index afc820f4a..325c2de41 100644 --- a/node/InetAddress.hpp +++ b/node/InetAddress.hpp @@ -77,53 +77,14 @@ public: */ static const InetAddress LO6; - InetAddress() - throw() - { - memset(&_sa,0,sizeof(_sa)); - } - - InetAddress(const InetAddress &a) - throw() - { - memcpy(&_sa,&a._sa,sizeof(_sa)); - } - - InetAddress(const struct sockaddr *sa) - throw() - { - this->set(sa); - } - - InetAddress(const void *ipBytes,unsigned int ipLen,unsigned int port) - throw() - { - this->set(ipBytes,ipLen,port); - } - - InetAddress(const uint32_t ipv4,unsigned int port) - throw() - { - this->set(&ipv4,4,port); - } - - InetAddress(const std::string &ip,unsigned int port) - throw() - { - this->set(ip,port); - } - - InetAddress(const std::string &ipSlashPort) - throw() - { - this->fromString(ipSlashPort); - } - - InetAddress(const char *ipSlashPort) - throw() - { - this->fromString(std::string(ipSlashPort)); - } + InetAddress() throw() { memset(&_sa,0,sizeof(_sa)); } + InetAddress(const InetAddress &a) throw() { memcpy(&_sa,&a._sa,sizeof(_sa)); } + InetAddress(const struct sockaddr *sa) throw() { this->set(sa); } + InetAddress(const void *ipBytes,unsigned int ipLen,unsigned int port) throw() { this->set(ipBytes,ipLen,port); } + InetAddress(const uint32_t ipv4,unsigned int port) throw() { this->set(&ipv4,4,port); } + InetAddress(const std::string &ip,unsigned int port) throw() { this->set(ip,port); } + InetAddress(const std::string &ipSlashPort) throw() { this->fromString(ipSlashPort); } + InetAddress(const char *ipSlashPort) throw() { this->fromString(std::string(ipSlashPort)); } inline InetAddress &operator=(const InetAddress &a) throw() @@ -141,15 +102,9 @@ public: throw() { switch(sa->sa_family) { - case AF_INET: - memcpy(&_sa.sin,sa,sizeof(struct sockaddr_in)); - break; - case AF_INET6: - memcpy(&_sa.sin6,sa,sizeof(struct sockaddr_in6)); - break; - default: - _sa.saddr.sa_family = 0; - break; + case AF_INET: memcpy(&_sa.sin,sa,sizeof(struct sockaddr_in)); break; + case AF_INET6: memcpy(&_sa.sin6,sa,sizeof(struct sockaddr_in6)); break; + default: memset(&_sa,0,sizeof(_sa)); break; } } @@ -169,20 +124,8 @@ public: * @param ipLen Length of IP address: 4 or 16 * @param port Port number or 0 for none */ - inline void set(const void *ipBytes,unsigned int ipLen,unsigned int port) - throw() - { - _sa.saddr.sa_family = 0; - if (ipLen == 4) { - setV4(); - memcpy(rawIpData(),ipBytes,4); - setPort(port); - } else if (ipLen == 16) { - setV6(); - memcpy(rawIpData(),ipBytes,16); - setPort(port); - } - } + void set(const void *ipBytes,unsigned int ipLen,unsigned int port) + throw(); /** * Set the port component @@ -193,32 +136,16 @@ public: throw() { if (_sa.saddr.sa_family == AF_INET) - _sa.sin.sin_port = htons((uint16_t)port); + _sa.sin.sin_port = Utils::hton((uint16_t)port); else if (_sa.saddr.sa_family == AF_INET6) - _sa.sin6.sin6_port = htons((uint16_t)port); + _sa.sin6.sin6_port = Utils::hton((uint16_t)port); } /** * @return True if this is a link-local IP address */ - inline bool isLinkLocal() const - throw() - { - if (_sa.saddr.sa_family == AF_INET) - return ((Utils::ntoh((uint32_t)_sa.sin.sin_addr.s_addr) & 0xffff0000) == 0xa9fe0000); - else if (_sa.saddr.sa_family == AF_INET6) { - if (_sa.sin6.sin6_addr.s6_addr[0] != 0xfe) return false; - if (_sa.sin6.sin6_addr.s6_addr[1] != 0x80) return false; - if (_sa.sin6.sin6_addr.s6_addr[2] != 0x00) return false; - if (_sa.sin6.sin6_addr.s6_addr[3] != 0x00) return false; - if (_sa.sin6.sin6_addr.s6_addr[4] != 0x00) return false; - if (_sa.sin6.sin6_addr.s6_addr[5] != 0x00) return false; - if (_sa.sin6.sin6_addr.s6_addr[6] != 0x00) return false; - if (_sa.sin6.sin6_addr.s6_addr[7] != 0x00) return false; - return true; - } - return false; - } + bool isLinkLocal() const + throw(); /** * @return ASCII IP/port format representation @@ -242,12 +169,10 @@ public: throw() { switch(_sa.saddr.sa_family) { - case AF_INET: - return ntohs(_sa.sin.sin_port); - case AF_INET6: - return ntohs(_sa.sin6.sin6_port); + case AF_INET: return Utils::ntoh((uint16_t)_sa.sin.sin_port); + case AF_INET6: return Utils::ntoh((uint16_t)_sa.sin6.sin6_port); + default: return 0; } - return 0; } /** @@ -259,36 +184,13 @@ public: * * @return Netmask bits */ - inline unsigned int netmaskBits() const - throw() - { - return port(); - } + inline unsigned int netmaskBits() const throw() { return port(); } /** * Construct a full netmask as an InetAddress */ - inline InetAddress netmask() const - throw() - { - InetAddress r(*this); - switch(_sa.saddr.sa_family) { - case AF_INET: - r._sa.sin.sin_addr.s_addr = Utils::hton((uint32_t)(0xffffffff << (32 - netmaskBits()))); - break; - case AF_INET6: { - unsigned char *bf = (unsigned char *)r._sa.sin6.sin6_addr.s6_addr; - signed int bitsLeft = (signed int)netmaskBits(); - for(unsigned int i=0;i<16;++i) { - if (bitsLeft > 0) { - bf[i] = (unsigned char)((bitsLeft >= 8) ? 0xff : (0xff << (8 - bitsLeft))); - bitsLeft -= 8; - } else bf[i] = (unsigned char)0; - } - } break; - } - return r; - } + InetAddress netmask() const + throw(); /** * @return True if this is an IPv4 address @@ -327,17 +229,17 @@ public: inline unsigned int saddrLen() const throw() { - return (isV4() ? sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6)); + switch(_sa.saddr.sa_family) { + case AF_INET: return sizeof(struct sockaddr_in); + case AF_INET6: return sizeof(struct sockaddr_in6); + default: return 0; + } } /** * @return Combined length of internal structure, room for either V4 or V6 */ - inline unsigned int saddrSpaceLen() const - throw() - { - return sizeof(_sa); - } + inline unsigned int saddrSpaceLen() const throw() { return sizeof(_sa); } /** * @return Raw sockaddr_in structure (valid if IPv4) @@ -356,7 +258,7 @@ public: inline const void *rawIpData() const throw() { return ((_sa.saddr.sa_family == AF_INET) ? (void *)(&(_sa.sin.sin_addr.s_addr)) : (void *)_sa.sin6.sin6_addr.s6_addr); } /** - * Compare only the IP portions of addresses, ignoring port + * Compare only the IP portions of addresses, ignoring port/netmask * * @param a Address to compare * @return True if both addresses are of the same (valid) type and their IPs match @@ -375,6 +277,25 @@ public: return false; } + /** + * Compare IP/netmask with another IP/netmask + * + * @param ipnet IP/netmask to compare with + * @return True if [netmask] bits match + */ + bool sameNetworkAs(const InetAddress &ipnet) const + throw(); + + /** + * Set to null/zero + */ + inline void zero() throw() { memset(&_sa,0,sizeof(_sa)); } + + /** + * @return True if address family is non-zero + */ + inline operator bool() const throw() { return ((_sa.saddr.sa_family == AF_INET)||(_sa.saddr.sa_family == AF_INET6)); } + bool operator==(const InetAddress &a) const throw(); inline bool operator!=(const InetAddress &a) const throw() { return !(*this == a); } bool operator<(const InetAddress &a) const throw(); @@ -382,48 +303,12 @@ public: inline bool operator<=(const InetAddress &a) const throw() { return !(a < *this); } inline bool operator>=(const InetAddress &a) const throw() { return !(*this < a); } - /** - * @return True if address family is non-zero - */ - inline operator bool() const throw() { return ((_sa.saddr.sa_family == AF_INET)||(_sa.saddr.sa_family == AF_INET6)); } - - /** - * Set to null/zero - */ - inline void zero() - throw() - { - _sa.saddr.sa_family = 0; - } - /** * @param mac MAC address seed * @return IPv6 link-local address */ - static inline InetAddress makeIpv6LinkLocal(const MAC &mac) - throw() - { - InetAddress ip; - ip._sa.saddr.sa_family = AF_INET6; - ip._sa.sin6.sin6_addr.s6_addr[0] = 0xfe; - ip._sa.sin6.sin6_addr.s6_addr[1] = 0x80; - ip._sa.sin6.sin6_addr.s6_addr[2] = 0x00; - ip._sa.sin6.sin6_addr.s6_addr[3] = 0x00; - ip._sa.sin6.sin6_addr.s6_addr[4] = 0x00; - ip._sa.sin6.sin6_addr.s6_addr[5] = 0x00; - ip._sa.sin6.sin6_addr.s6_addr[6] = 0x00; - ip._sa.sin6.sin6_addr.s6_addr[7] = 0x00; - ip._sa.sin6.sin6_addr.s6_addr[8] = mac[0] & 0xfd; - ip._sa.sin6.sin6_addr.s6_addr[9] = mac[1]; - ip._sa.sin6.sin6_addr.s6_addr[10] = mac[2]; - ip._sa.sin6.sin6_addr.s6_addr[11] = 0xff; - ip._sa.sin6.sin6_addr.s6_addr[12] = 0xfe; - ip._sa.sin6.sin6_addr.s6_addr[13] = mac[3]; - ip._sa.sin6.sin6_addr.s6_addr[14] = mac[4]; - ip._sa.sin6.sin6_addr.s6_addr[15] = mac[5]; - ip._sa.sin6.sin6_port = Utils::hton((uint16_t)64); - return ip; - } + static InetAddress makeIpv6LinkLocal(const MAC &mac) + throw(); private: union {