mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2024-12-23 14:52:24 +00:00
557 lines
16 KiB
C++
557 lines
16 KiB
C++
/*
|
|
* ZeroTier One - Network Virtualization Everywhere
|
|
* Copyright (C) 2011-2017 ZeroTier, Inc. https://www.zerotier.com/
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*
|
|
* --
|
|
*
|
|
* You can be released from the requirements of the license by purchasing
|
|
* a commercial license. Buying such a license is mandatory as soon as you
|
|
* develop commercial closed-source software that incorporates or links
|
|
* directly against ZeroTier software without disclosing the source code
|
|
* of your own application.
|
|
*/
|
|
|
|
#ifndef ZT_PEER_HPP
|
|
#define ZT_PEER_HPP
|
|
|
|
#include <stdint.h>
|
|
|
|
#include "Constants.hpp"
|
|
|
|
#include <algorithm>
|
|
#include <utility>
|
|
#include <vector>
|
|
#include <stdexcept>
|
|
|
|
#include "../include/ZeroTierOne.h"
|
|
|
|
#include "RuntimeEnvironment.hpp"
|
|
#include "Path.hpp"
|
|
#include "Address.hpp"
|
|
#include "Utils.hpp"
|
|
#include "Identity.hpp"
|
|
#include "InetAddress.hpp"
|
|
#include "Packet.hpp"
|
|
#include "SharedPtr.hpp"
|
|
#include "AtomicCounter.hpp"
|
|
#include "Hashtable.hpp"
|
|
#include "Mutex.hpp"
|
|
#include "NonCopyable.hpp"
|
|
|
|
#define ZT_PEER_MAX_SERIALIZED_STATE_SIZE (sizeof(Peer) + 32 + (sizeof(Path) * 2))
|
|
|
|
/**
|
|
* Maximum number of direct paths to a peer
|
|
*
|
|
* This can be increased. You'll want about 2X the number of physical links
|
|
* you are ever likely to want to bundle/trunk since there is likely to be
|
|
* a path for every protocol (IPv4, IPv6, etc.).
|
|
*/
|
|
#define ZT_PEER_MAX_PATHS 16
|
|
|
|
namespace ZeroTier {
|
|
|
|
/**
|
|
* Peer on P2P Network (virtual layer 1)
|
|
*/
|
|
class Peer : NonCopyable
|
|
{
|
|
friend class SharedPtr<Peer>;
|
|
|
|
private:
|
|
Peer() {} // disabled to prevent bugs -- should not be constructed uninitialized
|
|
|
|
public:
|
|
~Peer() { Utils::burn(_key,sizeof(_key)); }
|
|
|
|
/**
|
|
* Construct a new peer
|
|
*
|
|
* @param renv Runtime environment
|
|
* @param myIdentity Identity of THIS node (for key agreement)
|
|
* @param peerIdentity Identity of peer
|
|
* @throws std::runtime_error Key agreement with peer's identity failed
|
|
*/
|
|
Peer(const RuntimeEnvironment *renv,const Identity &myIdentity,const Identity &peerIdentity);
|
|
|
|
/**
|
|
* @return This peer's ZT address (short for identity().address())
|
|
*/
|
|
inline const Address &address() const { return _id.address(); }
|
|
|
|
/**
|
|
* @return This peer's identity
|
|
*/
|
|
inline const Identity &identity() const { return _id; }
|
|
|
|
/**
|
|
* Log receipt of an authenticated packet
|
|
*
|
|
* This is called by the decode pipe when a packet is proven to be authentic
|
|
* and appears to be valid.
|
|
*
|
|
* @param tPtr Thread pointer to be handed through to any callbacks called as a result of this call
|
|
* @param path Path over which packet was received
|
|
* @param hops ZeroTier (not IP) hops
|
|
* @param packetId Packet ID
|
|
* @param verb Packet verb
|
|
* @param inRePacketId Packet ID in reply to (default: none)
|
|
* @param inReVerb Verb in reply to (for OK/ERROR, default: VERB_NOP)
|
|
* @param trustEstablished If true, some form of non-trivial trust (like allowed in network) has been established
|
|
* @param networkId Network ID if this pertains to a network, or 0 otherwise
|
|
*/
|
|
void received(
|
|
void *tPtr,
|
|
const SharedPtr<Path> &path,
|
|
const unsigned int hops,
|
|
const uint64_t packetId,
|
|
const Packet::Verb verb,
|
|
const uint64_t inRePacketId,
|
|
const Packet::Verb inReVerb,
|
|
const bool trustEstablished,
|
|
const uint64_t networkId);
|
|
|
|
/**
|
|
* Check whether we have an active path to this peer via the given address
|
|
*
|
|
* @param now Current time
|
|
* @param addr Remote address
|
|
* @return True if we have an active path to this destination
|
|
*/
|
|
inline bool hasActivePathTo(int64_t now,const InetAddress &addr) const
|
|
{
|
|
Mutex::Lock _l(_paths_m);
|
|
for(unsigned int i=0;i<ZT_PEER_MAX_PATHS;++i) {
|
|
if (_paths[i].p) {
|
|
if (((now - _paths[i].lr) < ZT_PEER_PATH_EXPIRATION)&&(_paths[i].p->address() == addr))
|
|
return true;
|
|
} else break;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Send via best direct path
|
|
*
|
|
* @param tPtr Thread pointer to be handed through to any callbacks called as a result of this call
|
|
* @param data Packet data
|
|
* @param len Packet length
|
|
* @param now Current time
|
|
* @param force If true, send even if path is not alive
|
|
* @return True if we actually sent something
|
|
*/
|
|
inline bool sendDirect(void *tPtr,const void *data,unsigned int len,int64_t now,bool force)
|
|
{
|
|
SharedPtr<Path> bp(getBestPath(now,force));
|
|
if (bp)
|
|
return bp->send(RR,tPtr,data,len,now);
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Get the best current direct path
|
|
*
|
|
* @param now Current time
|
|
* @param includeExpired If true, include even expired paths
|
|
* @return Best current path or NULL if none
|
|
*/
|
|
SharedPtr<Path> getBestPath(int64_t now,bool includeExpired) const;
|
|
|
|
/**
|
|
* Send VERB_RENDEZVOUS to this and another peer via the best common IP scope and path
|
|
*/
|
|
void introduce(void *const tPtr,const int64_t now,const SharedPtr<Peer> &other) const;
|
|
|
|
/**
|
|
* Send a HELLO to this peer at a specified physical address
|
|
*
|
|
* No statistics or sent times are updated here.
|
|
*
|
|
* @param tPtr Thread pointer to be handed through to any callbacks called as a result of this call
|
|
* @param localSocket Local source socket
|
|
* @param atAddress Destination address
|
|
* @param now Current time
|
|
* @param counter Outgoing packet counter
|
|
*/
|
|
void sendHELLO(void *tPtr,const int64_t localSocket,const InetAddress &atAddress,int64_t now,unsigned int counter);
|
|
|
|
/**
|
|
* Send ECHO (or HELLO for older peers) to this peer at the given address
|
|
*
|
|
* No statistics or sent times are updated here.
|
|
*
|
|
* @param tPtr Thread pointer to be handed through to any callbacks called as a result of this call
|
|
* @param localSocket Local source socket
|
|
* @param atAddress Destination address
|
|
* @param now Current time
|
|
* @param sendFullHello If true, always send a full HELLO instead of just an ECHO
|
|
* @param counter Outgoing packet counter
|
|
*/
|
|
void attemptToContactAt(void *tPtr,const int64_t localSocket,const InetAddress &atAddress,int64_t now,bool sendFullHello,unsigned int counter);
|
|
|
|
/**
|
|
* Try a memorized or statically defined path if any are known
|
|
*
|
|
* Under the hood this is done periodically based on ZT_TRY_MEMORIZED_PATH_INTERVAL.
|
|
*
|
|
* @param tPtr Thread pointer to be handed through to any callbacks called as a result of this call
|
|
* @param now Current time
|
|
*/
|
|
void tryMemorizedPath(void *tPtr,int64_t now);
|
|
|
|
/**
|
|
* Send pings or keepalives depending on configured timeouts
|
|
*
|
|
* This also cleans up some internal data structures. It's called periodically from Node.
|
|
*
|
|
* @param tPtr Thread pointer to be handed through to any callbacks called as a result of this call
|
|
* @param now Current time
|
|
* @param inetAddressFamily Keep this address family alive, or -1 for any
|
|
* @return 0 if nothing sent or bit mask: bit 0x1 if IPv4 sent, bit 0x2 if IPv6 sent (0x3 means both sent)
|
|
*/
|
|
unsigned int doPingAndKeepalive(void *tPtr,int64_t now);
|
|
|
|
/**
|
|
* Process a cluster redirect sent by this peer
|
|
*
|
|
* @param tPtr Thread pointer to be handed through to any callbacks called as a result of this call
|
|
* @param localSocket Local socket as supplied by external code
|
|
* @param remoteAddress Remote address
|
|
* @param now Current time
|
|
*/
|
|
void clusterRedirect(void *tPtr,const int64_t localSocket,const InetAddress &remoteAddress,const int64_t now);
|
|
|
|
/**
|
|
* Reset paths within a given IP scope and address family
|
|
*
|
|
* Resetting a path involves sending an ECHO to it and then deactivating
|
|
* it until or unless it responds. This is done when we detect a change
|
|
* to our external IP or another system change that might invalidate
|
|
* many or all current paths.
|
|
*
|
|
* @param tPtr Thread pointer to be handed through to any callbacks called as a result of this call
|
|
* @param scope IP scope
|
|
* @param inetAddressFamily Family e.g. AF_INET
|
|
* @param now Current time
|
|
*/
|
|
void resetWithinScope(void *tPtr,InetAddress::IpScope scope,int inetAddressFamily,int64_t now);
|
|
|
|
/**
|
|
* @param now Current time
|
|
* @return All known paths to this peer
|
|
*/
|
|
inline std::vector< SharedPtr<Path> > paths(const int64_t now) const
|
|
{
|
|
std::vector< SharedPtr<Path> > pp;
|
|
Mutex::Lock _l(_paths_m);
|
|
for(unsigned int i=0;i<ZT_PEER_MAX_PATHS;++i) {
|
|
if (!_paths[i].p) break;
|
|
pp.push_back(_paths[i].p);
|
|
}
|
|
return pp;
|
|
}
|
|
|
|
/**
|
|
* @return Time of last receive of anything, whether direct or relayed
|
|
*/
|
|
inline int64_t lastReceive() const { return _lastReceive; }
|
|
|
|
/**
|
|
* @return True if we've heard from this peer in less than ZT_PEER_ACTIVITY_TIMEOUT
|
|
*/
|
|
inline bool isAlive(const int64_t now) const { return ((now - _lastReceive) < ZT_PEER_ACTIVITY_TIMEOUT); }
|
|
|
|
/**
|
|
* @return True if this peer has sent us real network traffic recently
|
|
*/
|
|
inline int64_t isActive(int64_t now) const { return ((now - _lastNontrivialReceive) < ZT_PEER_ACTIVITY_TIMEOUT); }
|
|
|
|
/**
|
|
* @return Latency in milliseconds of best path or 0xffff if unknown / no paths
|
|
*/
|
|
inline unsigned int latency(const int64_t now) const
|
|
{
|
|
SharedPtr<Path> bp(getBestPath(now,false));
|
|
return ((bp) ? bp->latency() : 0xffff);
|
|
}
|
|
|
|
/**
|
|
* This computes a quality score for relays and root servers
|
|
*
|
|
* If we haven't heard anything from these in ZT_PEER_ACTIVITY_TIMEOUT, they
|
|
* receive the worst possible quality (max unsigned int). Otherwise the
|
|
* quality is a product of latency and the number of potential missed
|
|
* pings. This causes roots and relays to switch over a bit faster if they
|
|
* fail.
|
|
*
|
|
* @return Relay quality score computed from latency and other factors, lower is better
|
|
*/
|
|
inline unsigned int relayQuality(const int64_t now) const
|
|
{
|
|
const uint64_t tsr = now - _lastReceive;
|
|
if (tsr >= ZT_PEER_ACTIVITY_TIMEOUT)
|
|
return (~(unsigned int)0);
|
|
unsigned int l = latency(now);
|
|
if (!l)
|
|
l = 0xffff;
|
|
return (l * (((unsigned int)tsr / (ZT_PEER_PING_PERIOD + 1000)) + 1));
|
|
}
|
|
|
|
/**
|
|
* @return 256-bit secret symmetric encryption key
|
|
*/
|
|
inline const unsigned char *key() const { return _key; }
|
|
|
|
/**
|
|
* Set the currently known remote version of this peer's client
|
|
*
|
|
* @param vproto Protocol version
|
|
* @param vmaj Major version
|
|
* @param vmin Minor version
|
|
* @param vrev Revision
|
|
*/
|
|
inline void setRemoteVersion(unsigned int vproto,unsigned int vmaj,unsigned int vmin,unsigned int vrev)
|
|
{
|
|
_vProto = (uint16_t)vproto;
|
|
_vMajor = (uint16_t)vmaj;
|
|
_vMinor = (uint16_t)vmin;
|
|
_vRevision = (uint16_t)vrev;
|
|
}
|
|
|
|
inline unsigned int remoteVersionProtocol() const { return _vProto; }
|
|
inline unsigned int remoteVersionMajor() const { return _vMajor; }
|
|
inline unsigned int remoteVersionMinor() const { return _vMinor; }
|
|
inline unsigned int remoteVersionRevision() const { return _vRevision; }
|
|
|
|
inline bool remoteVersionKnown() const { return ((_vMajor > 0)||(_vMinor > 0)||(_vRevision > 0)); }
|
|
|
|
/**
|
|
* @return True if peer has received a trust established packet (e.g. common network membership) in the past ZT_TRUST_EXPIRATION ms
|
|
*/
|
|
inline bool trustEstablished(const int64_t now) const { return ((now - _lastTrustEstablishedPacketReceived) < ZT_TRUST_EXPIRATION); }
|
|
|
|
/**
|
|
* Rate limit gate for VERB_PUSH_DIRECT_PATHS
|
|
*/
|
|
inline bool rateGatePushDirectPaths(const int64_t now)
|
|
{
|
|
if ((now - _lastDirectPathPushReceive) <= ZT_PUSH_DIRECT_PATHS_CUTOFF_TIME)
|
|
++_directPathPushCutoffCount;
|
|
else _directPathPushCutoffCount = 0;
|
|
_lastDirectPathPushReceive = now;
|
|
return (_directPathPushCutoffCount < ZT_PUSH_DIRECT_PATHS_CUTOFF_LIMIT);
|
|
}
|
|
|
|
/**
|
|
* Rate limit gate for VERB_NETWORK_CREDENTIALS
|
|
*/
|
|
inline bool rateGateCredentialsReceived(const int64_t now)
|
|
{
|
|
if ((now - _lastCredentialsReceived) <= ZT_PEER_CREDENTIALS_CUTOFF_TIME)
|
|
++_credentialsCutoffCount;
|
|
else _credentialsCutoffCount = 0;
|
|
_lastCredentialsReceived = now;
|
|
return (_directPathPushCutoffCount < ZT_PEER_CREDEITIALS_CUTOFF_LIMIT);
|
|
}
|
|
|
|
/**
|
|
* Rate limit gate for sending of ERROR_NEED_MEMBERSHIP_CERTIFICATE
|
|
*/
|
|
inline bool rateGateRequestCredentials(const int64_t now)
|
|
{
|
|
if ((now - _lastCredentialRequestSent) >= ZT_PEER_GENERAL_RATE_LIMIT) {
|
|
_lastCredentialRequestSent = now;
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Rate limit gate for inbound WHOIS requests
|
|
*/
|
|
inline bool rateGateInboundWhoisRequest(const int64_t now)
|
|
{
|
|
if ((now - _lastWhoisRequestReceived) >= ZT_PEER_WHOIS_RATE_LIMIT) {
|
|
_lastWhoisRequestReceived = now;
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Rate limit gate for inbound ECHO requests
|
|
*/
|
|
inline bool rateGateEchoRequest(const int64_t now)
|
|
{
|
|
if ((now - _lastEchoRequestReceived) >= ZT_PEER_GENERAL_RATE_LIMIT) {
|
|
_lastEchoRequestReceived = now;
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Rate gate incoming requests for network COM
|
|
*/
|
|
inline bool rateGateIncomingComRequest(const int64_t now)
|
|
{
|
|
if ((now - _lastComRequestReceived) >= ZT_PEER_GENERAL_RATE_LIMIT) {
|
|
_lastComRequestReceived = now;
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Rate gate outgoing requests for network COM
|
|
*/
|
|
inline bool rateGateOutgoingComRequest(const int64_t now)
|
|
{
|
|
if ((now - _lastComRequestSent) >= ZT_PEER_GENERAL_RATE_LIMIT) {
|
|
_lastComRequestSent = now;
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Serialize a peer for storage in local cache
|
|
*
|
|
* This does not serialize everything, just non-ephemeral information.
|
|
*/
|
|
template<unsigned int C>
|
|
inline void serializeForCache(Buffer<C> &b) const
|
|
{
|
|
b.append((uint8_t)1);
|
|
|
|
_id.serialize(b);
|
|
|
|
b.append((uint16_t)_vProto);
|
|
b.append((uint16_t)_vMajor);
|
|
b.append((uint16_t)_vMinor);
|
|
b.append((uint16_t)_vRevision);
|
|
|
|
{
|
|
Mutex::Lock _l(_paths_m);
|
|
unsigned int pc = 0;
|
|
for(unsigned int i=0;i<ZT_PEER_MAX_PATHS;++i) {
|
|
if (_paths[i].p)
|
|
++pc;
|
|
else break;
|
|
}
|
|
b.append((uint16_t)pc);
|
|
for(unsigned int i=0;i<pc;++i)
|
|
_paths[i].p->address().serialize(b);
|
|
}
|
|
}
|
|
|
|
template<unsigned int C>
|
|
inline static SharedPtr<Peer> deserializeFromCache(int64_t now,void *tPtr,Buffer<C> &b,const RuntimeEnvironment *renv)
|
|
{
|
|
try {
|
|
unsigned int ptr = 0;
|
|
if (b[ptr++] != 1)
|
|
return SharedPtr<Peer>();
|
|
|
|
Identity id;
|
|
ptr += id.deserialize(b,ptr);
|
|
if (!id)
|
|
return SharedPtr<Peer>();
|
|
|
|
SharedPtr<Peer> p(new Peer(renv,renv->identity,id));
|
|
|
|
p->_vProto = b.template at<uint16_t>(ptr); ptr += 2;
|
|
p->_vMajor = b.template at<uint16_t>(ptr); ptr += 2;
|
|
p->_vMinor = b.template at<uint16_t>(ptr); ptr += 2;
|
|
p->_vRevision = b.template at<uint16_t>(ptr); ptr += 2;
|
|
|
|
// When we deserialize from the cache we don't actually restore paths. We
|
|
// just try them and then re-learn them if they happen to still be up.
|
|
// Paths are fairly ephemeral in the real world in most cases.
|
|
const unsigned int tryPathCount = b.template at<uint16_t>(ptr); ptr += 2;
|
|
for(unsigned int i=0;i<tryPathCount;++i) {
|
|
InetAddress inaddr;
|
|
try {
|
|
ptr += inaddr.deserialize(b,ptr);
|
|
if (inaddr)
|
|
p->attemptToContactAt(tPtr,-1,inaddr,now,true,0);
|
|
} catch ( ... ) {
|
|
break;
|
|
}
|
|
}
|
|
|
|
return p;
|
|
} catch ( ... ) {
|
|
return SharedPtr<Peer>();
|
|
}
|
|
}
|
|
|
|
private:
|
|
struct _PeerPath
|
|
{
|
|
_PeerPath() : lr(0),p(),priority(1) {}
|
|
int64_t lr; // time of last valid ZeroTier packet
|
|
SharedPtr<Path> p;
|
|
int priority; // >= 1, higher is better
|
|
};
|
|
|
|
uint8_t _key[ZT_PEER_SECRET_KEY_LENGTH];
|
|
|
|
const RuntimeEnvironment *RR;
|
|
|
|
int64_t _lastReceive; // direct or indirect
|
|
int64_t _lastNontrivialReceive; // frames, things like netconf, etc.
|
|
int64_t _lastTriedMemorizedPath;
|
|
int64_t _lastDirectPathPushSent;
|
|
int64_t _lastDirectPathPushReceive;
|
|
int64_t _lastCredentialRequestSent;
|
|
int64_t _lastWhoisRequestReceived;
|
|
int64_t _lastEchoRequestReceived;
|
|
int64_t _lastComRequestReceived;
|
|
int64_t _lastComRequestSent;
|
|
int64_t _lastCredentialsReceived;
|
|
int64_t _lastTrustEstablishedPacketReceived;
|
|
int64_t _lastSentFullHello;
|
|
|
|
uint16_t _vProto;
|
|
uint16_t _vMajor;
|
|
uint16_t _vMinor;
|
|
uint16_t _vRevision;
|
|
|
|
_PeerPath _paths[ZT_PEER_MAX_PATHS];
|
|
Mutex _paths_m;
|
|
|
|
Identity _id;
|
|
|
|
unsigned int _directPathPushCutoffCount;
|
|
unsigned int _credentialsCutoffCount;
|
|
|
|
AtomicCounter __refCount;
|
|
};
|
|
|
|
} // namespace ZeroTier
|
|
|
|
// Add a swap() for shared ptr's to peers to speed up peer sorts
|
|
namespace std {
|
|
template<>
|
|
inline void swap(ZeroTier::SharedPtr<ZeroTier::Peer> &a,ZeroTier::SharedPtr<ZeroTier::Peer> &b)
|
|
{
|
|
a.swap(b);
|
|
}
|
|
}
|
|
|
|
#endif
|