/* * ZeroTier One - Network Virtualization Everywhere * Copyright (C) 2011-2015 ZeroTier, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * * -- * * ZeroTier may be used and distributed under the terms of the GPLv3, which * are available at: http://www.gnu.org/licenses/gpl-3.0.html * * If you would like to embed ZeroTier into a commercial application or * redistribute it in a modified binary form, please contact ZeroTier Networks * LLC. Start here: http://www.zerotier.com/ */ #ifndef ZT_PEER_HPP #define ZT_PEER_HPP #include #include "Constants.hpp" #include #include #include #include #include "../include/ZeroTierOne.h" #include "RuntimeEnvironment.hpp" #include "CertificateOfMembership.hpp" #include "Path.hpp" #include "Address.hpp" #include "Utils.hpp" #include "Identity.hpp" #include "InetAddress.hpp" #include "Packet.hpp" #include "SharedPtr.hpp" #include "AtomicCounter.hpp" #include "Hashtable.hpp" #include "Mutex.hpp" #include "NonCopyable.hpp" // Very rough computed estimate: (8 + 256 + 80 + (16 * 64) + (128 * 256) + (128 * 16)) // 1048576 provides tons of headroom -- overflow would just cause peer not to be persisted #define ZT_PEER_SUGGESTED_SERIALIZATION_BUFFER_SIZE 1048576 namespace ZeroTier { /** * Peer on P2P Network (virtual layer 1) */ class Peer : NonCopyable { friend class SharedPtr; private: Peer() {} // disabled to prevent bugs -- should not be constructed uninitialized public: ~Peer() { Utils::burn(_key,sizeof(_key)); } /** * Construct a new peer * * @param myIdentity Identity of THIS node (for key agreement) * @param peerIdentity Identity of peer * @throws std::runtime_error Key agreement with peer's identity failed */ Peer(const Identity &myIdentity,const Identity &peerIdentity) throw(std::runtime_error); /** * @return Time peer record was last used in any way */ inline uint64_t lastUsed() const throw() { return _lastUsed; } /** * Log a use of this peer record (done by Topology when peers are looked up) * * @param now New time of last use */ inline void use(uint64_t now) throw() { _lastUsed = now; } /** * @return This peer's ZT address (short for identity().address()) */ inline const Address &address() const throw() { return _id.address(); } /** * @return This peer's identity */ inline const Identity &identity() const throw() { return _id; } /** * Log receipt of an authenticated packet * * This is called by the decode pipe when a packet is proven to be authentic * and appears to be valid. * * @param RR Runtime environment * @param localAddr Local address * @param remoteAddr Internet address of sender * @param hops ZeroTier (not IP) hops * @param packetId Packet ID * @param verb Packet verb * @param inRePacketId Packet ID in reply to (default: none) * @param inReVerb Verb in reply to (for OK/ERROR, default: VERB_NOP) */ void received( const RuntimeEnvironment *RR, const InetAddress &localAddr, const InetAddress &remoteAddr, unsigned int hops, uint64_t packetId, Packet::Verb verb, uint64_t inRePacketId = 0, Packet::Verb inReVerb = Packet::VERB_NOP); /** * Get the current best direct path to this peer * * @param now Current time * @return Best path or NULL if there are no active direct paths */ inline Path *getBestPath(uint64_t now) { Mutex::Lock _l(_lock); return _getBestPath(now); } /** * Send via best path * * @param RR Runtime environment * @param data Packet data * @param len Packet length * @param now Current time * @return Path used on success or NULL on failure */ inline Path *send(const RuntimeEnvironment *RR,const void *data,unsigned int len,uint64_t now) { Path *bestPath = getBestPath(now); if (bestPath) { if (bestPath->send(RR,data,len,now)) return bestPath; } return (Path *)0; } /** * Send a HELLO to this peer at a specified physical address * * This does not update any statistics. It's used to send initial HELLOs * for NAT traversal and path verification. * * @param RR Runtime environment * @param localAddr Local address * @param atAddress Destination address * @param now Current time */ void sendHELLO(const RuntimeEnvironment *RR,const InetAddress &localAddr,const InetAddress &atAddress,uint64_t now); /** * Send pings or keepalives depending on configured timeouts * * @param RR Runtime environment * @param now Current time * @param inetAddressFamily Keep this address family alive, or 0 to simply pick current best ignoring family * @return True if at least one direct path seems alive */ bool doPingAndKeepalive(const RuntimeEnvironment *RR,uint64_t now,int inetAddressFamily); /** * Push direct paths if we haven't done so in [rate limit] milliseconds * * @param RR Runtime environment * @param path Remote path to use to send the push * @param now Current time * @param force If true, push regardless of rate limit */ void pushDirectPaths(const RuntimeEnvironment *RR,Path *path,uint64_t now,bool force); /** * @return All known direct paths to this peer */ inline std::vector paths() const { std::vector pp; Mutex::Lock _l(_lock); for(unsigned int p=0,np=_numPaths;p= ZT_PEER_ACTIVITY_TIMEOUT) return (~(unsigned int)0); unsigned int l = _latency; if (!l) l = 0xffff; return (l * (((unsigned int)tsr / (ZT_PEER_DIRECT_PING_DELAY + 1000)) + 1)); } /** * Update latency with a new direct measurment * * @param l Direct latency measurment in ms */ inline void addDirectLatencyMeasurment(unsigned int l) { unsigned int ol = _latency; if ((ol > 0)&&(ol < 10000)) _latency = (ol + std::min(l,(unsigned int)65535)) / 2; else _latency = std::min(l,(unsigned int)65535); } /** * @param now Current time * @return True if this peer has at least one active direct path */ inline bool hasActiveDirectPath(uint64_t now) const { Mutex::Lock _l(_lock); for(unsigned int p=0,np=_numPaths;p 0)||(_vMinor > 0)||(_vRevision > 0)); } /** * Get most recently active path addresses for IPv4 and/or IPv6 * * Note that v4 and v6 are not modified if they are not found, so * initialize these to a NULL address to be able to check. * * @param now Current time * @param v4 Result parameter to receive active IPv4 address, if any * @param v6 Result parameter to receive active IPv6 address, if any */ void getBestActiveAddresses(uint64_t now,InetAddress &v4,InetAddress &v6) const; /** * Check network COM agreement with this peer * * @param nwid Network ID * @param com Another certificate of membership * @return True if supplied COM agrees with ours, false if not or if we don't have one */ bool networkMembershipCertificatesAgree(uint64_t nwid,const CertificateOfMembership &com) const; /** * Check the validity of the COM and add/update if valid and new * * @param RR Runtime Environment * @param nwid Network ID * @param com Externally supplied COM */ bool validateAndSetNetworkMembershipCertificate(const RuntimeEnvironment *RR,uint64_t nwid,const CertificateOfMembership &com); /** * @param nwid Network ID * @param now Current time * @param updateLastPushedTime If true, go ahead and update the last pushed time regardless of return value * @return Whether or not this peer needs another COM push from us */ bool needsOurNetworkMembershipCertificate(uint64_t nwid,uint64_t now,bool updateLastPushedTime); /** * Perform periodic cleaning operations */ void clean(const RuntimeEnvironment *RR,uint64_t now); /** * Remove all paths with this remote address * * @param addr Remote address to remove */ inline void removePathByAddress(const InetAddress &addr) { Mutex::Lock _l(_lock); unsigned int np = _numPaths; unsigned int x = 0; unsigned int y = 0; while (x < np) { if (_paths[x].address() != addr) _paths[y++] = _paths[x]; ++x; } _numPaths = y; } /** * Update direct path push stats and return true if we should respond * * This is a circuit breaker to make VERB_PUSH_DIRECT_PATHS not particularly * useful as a DDOS amplification attack vector. Otherwise a malicious peer * could send loads of these and cause others to bombard arbitrary IPs with * traffic. * * @param now Current time * @return True if we should respond */ inline bool shouldRespondToDirectPathPush(const uint64_t now) { Mutex::Lock _l(_lock); if ((now - _lastDirectPathPushReceive) <= ZT_PUSH_DIRECT_PATHS_CUTOFF_TIME) ++_directPathPushCutoffCount; else _directPathPushCutoffCount = 0; _lastDirectPathPushReceive = now; return (_directPathPushCutoffCount < ZT_PUSH_DIRECT_PATHS_CUTOFF_LIMIT); } /** * Find a common set of addresses by which two peers can link, if any * * @param a Peer A * @param b Peer B * @param now Current time * @return Pair: B's address (to send to A), A's address (to send to B) */ static inline std::pair findCommonGround(const Peer &a,const Peer &b,uint64_t now) { std::pair v4,v6; b.getBestActiveAddresses(now,v4.first,v6.first); a.getBestActiveAddresses(now,v4.second,v6.second); if ((v6.first)&&(v6.second)) // prefer IPv6 if both have it since NAT-t is (almost) unnecessary return v6; else if ((v4.first)&&(v4.second)) return v4; else return std::pair(); } template inline void serialize(Buffer &b) const { Mutex::Lock _l(_lock); const unsigned int recSizePos = b.size(); b.addSize(4); // space for uint32_t field length b.append((uint16_t)0); // version of serialized Peer data _id.serialize(b,false); b.append((uint64_t)_lastUsed); b.append((uint64_t)_lastReceive); b.append((uint64_t)_lastUnicastFrame); b.append((uint64_t)_lastMulticastFrame); b.append((uint64_t)_lastAnnouncedTo); b.append((uint64_t)_lastPathConfirmationSent); b.append((uint64_t)_lastDirectPathPushSent); b.append((uint64_t)_lastDirectPathPushReceive); b.append((uint64_t)_lastPathSort); b.append((uint16_t)_vProto); b.append((uint16_t)_vMajor); b.append((uint16_t)_vMinor); b.append((uint16_t)_vRevision); b.append((uint32_t)_latency); b.append((uint16_t)_directPathPushCutoffCount); b.append((uint16_t)_numPaths); for(unsigned int i=0;i<_numPaths;++i) _paths[i].serialize(b); b.append((uint32_t)_networkComs.size()); { uint64_t *k = (uint64_t *)0; _NetworkCom *v = (_NetworkCom *)0; Hashtable::Iterator i(const_cast(this)->_networkComs); while (i.next(k,v)) { b.append((uint64_t)*k); b.append((uint64_t)v->ts); v->com.serialize(b); } } b.append((uint32_t)_lastPushedComs.size()); { uint64_t *k = (uint64_t *)0; uint64_t *v = (uint64_t *)0; Hashtable::Iterator i(const_cast(this)->_lastPushedComs); while (i.next(k,v)) { b.append((uint64_t)*k); b.append((uint64_t)*v); } } b.template setAt(recSizePos,(uint32_t)(b.size() - (recSizePos + 4))); // set size } /** * Create a new Peer from a serialized instance * * @param myIdentity This node's identity * @param b Buffer containing serialized Peer data * @param p Pointer to current position in buffer, will be updated in place as buffer is read (value/result) * @return New instance of Peer or NULL if serialized data was corrupt or otherwise invalid (may also throw an exception via Buffer) */ template static inline SharedPtr deserializeNew(const Identity &myIdentity,const Buffer &b,unsigned int &p) { const unsigned int recSize = b.template at(p); p += 4; if ((p + recSize) > b.size()) return SharedPtr(); // size invalid if (b.template at(p) != 0) return SharedPtr(); // version mismatch p += 2; Identity npid; p += npid.deserialize(b,p); if (!npid) return SharedPtr(); SharedPtr np(new Peer(myIdentity,npid)); np->_lastUsed = b.template at(p); p += 8; np->_lastReceive = b.template at(p); p += 8; np->_lastUnicastFrame = b.template at(p); p += 8; np->_lastMulticastFrame = b.template at(p); p += 8; np->_lastAnnouncedTo = b.template at(p); p += 8; np->_lastPathConfirmationSent = b.template at(p); p += 8; np->_lastDirectPathPushSent = b.template at(p); p += 8; np->_lastDirectPathPushReceive = b.template at(p); p += 8; np->_lastPathSort = b.template at(p); p += 8; np->_vProto = b.template at(p); p += 2; np->_vMajor = b.template at(p); p += 2; np->_vMinor = b.template at(p); p += 2; np->_vRevision = b.template at(p); p += 2; np->_latency = b.template at(p); p += 4; np->_directPathPushCutoffCount = b.template at(p); p += 2; const unsigned int numPaths = b.template at(p); p += 2; for(unsigned int i=0;i_paths[np->_numPaths++].deserialize(b,p); } else { // Skip any paths beyond max, but still read stream Path foo; p += foo.deserialize(b,p); } } const unsigned int numNetworkComs = b.template at(p); p += 4; for(unsigned int i=0;i_networkComs[b.template at(p)]; p += 8; c.ts = b.template at(p); p += 8; p += c.com.deserialize(b,p); } const unsigned int numLastPushed = b.template at(p); p += 4; for(unsigned int i=0;i(p); p += 8; const uint64_t ts = b.template at(p); p += 8; np->_lastPushedComs.set(nwid,ts); } return np; } private: void _sortPaths(const uint64_t now); Path *_getBestPath(const uint64_t now); Path *_getBestPath(const uint64_t now,int inetAddressFamily); unsigned char _key[ZT_PEER_SECRET_KEY_LENGTH]; // computed with key agreement, not serialized uint64_t _lastUsed; uint64_t _lastReceive; // direct or indirect uint64_t _lastUnicastFrame; uint64_t _lastMulticastFrame; uint64_t _lastAnnouncedTo; uint64_t _lastPathConfirmationSent; uint64_t _lastDirectPathPushSent; uint64_t _lastDirectPathPushReceive; uint64_t _lastPathSort; uint16_t _vProto; uint16_t _vMajor; uint16_t _vMinor; uint16_t _vRevision; Identity _id; Path _paths[ZT_MAX_PEER_NETWORK_PATHS]; unsigned int _numPaths; unsigned int _latency; unsigned int _directPathPushCutoffCount; struct _NetworkCom { _NetworkCom() {} _NetworkCom(uint64_t t,const CertificateOfMembership &c) : ts(t),com(c) {} uint64_t ts; CertificateOfMembership com; }; Hashtable _networkComs; Hashtable _lastPushedComs; Mutex _lock; AtomicCounter __refCount; }; } // namespace ZeroTier // Add a swap() for shared ptr's to peers to speed up peer sorts namespace std { template<> inline void swap(ZeroTier::SharedPtr &a,ZeroTier::SharedPtr &b) { a.swap(b); } } #endif