mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2025-06-06 12:33:44 +02:00
Clean up the awful Network::Config mess and break that out into NetworkConfig.
This commit is contained in:
parent
5a8f213c23
commit
03b909603a
4 changed files with 91 additions and 78 deletions
|
@ -105,7 +105,7 @@ public:
|
||||||
* @param etherType Ethernet frame type to check
|
* @param etherType Ethernet frame type to check
|
||||||
* @return True if allowed on this network
|
* @return True if allowed on this network
|
||||||
*/
|
*/
|
||||||
inline bool allowsEtherType(unsigned int etherType)
|
inline bool permitsEtherType(unsigned int etherType)
|
||||||
throw()
|
throw()
|
||||||
{
|
{
|
||||||
if ((!etherType)||(etherType > 0xffff)) // sanity checks
|
if ((!etherType)||(etherType > 0xffff)) // sanity checks
|
||||||
|
|
|
@ -143,12 +143,18 @@ public:
|
||||||
{
|
{
|
||||||
InetAddress v4(p->ipv4ActivePath(_now));
|
InetAddress v4(p->ipv4ActivePath(_now));
|
||||||
InetAddress v6(p->ipv6ActivePath(_now));
|
InetAddress v6(p->ipv6ActivePath(_now));
|
||||||
_P("200 listpeers %s %s %s %u %s",
|
if ((v4)||(v6)) {
|
||||||
p->address().toString().c_str(),
|
_P("200 listpeers %s %s %s %u %s",
|
||||||
((v4) ? v4.toString().c_str() : "-"),
|
p->address().toString().c_str(),
|
||||||
((v6) ? v6.toString().c_str() : "-"),
|
((v4) ? v4.toString().c_str() : "-"),
|
||||||
(((v4)||(v6)) ? p->latency() : 0),
|
((v6) ? v6.toString().c_str() : "-"),
|
||||||
p->remoteVersion().c_str());
|
p->latency(),
|
||||||
|
p->remoteVersion().c_str());
|
||||||
|
} else {
|
||||||
|
_P("200 listpeers %s - - - %s",
|
||||||
|
p->address().toString().c_str(),
|
||||||
|
p->remoteVersion().c_str());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private:
|
private:
|
||||||
|
@ -200,10 +206,11 @@ std::vector<std::string> NodeConfig::execute(const char *command)
|
||||||
tmp.append(i->toString());
|
tmp.append(i->toString());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
SharedPtr<NetworkConfig> nconf(nw->second->config2());
|
||||||
_P("200 listnetworks %.16llx %s %s %s %s",
|
_P("200 listnetworks %.16llx %s %s %s %s",
|
||||||
(unsigned long long)nw->first,
|
(unsigned long long)nw->first,
|
||||||
Network::statusString(nw->second->status()),
|
Network::statusString(nw->second->status()),
|
||||||
(nw->second->isOpen() ? "open" : "private"),
|
((nconf) ? (nconf->isOpen() ? "public" : "private") : "?"),
|
||||||
nw->second->tap().deviceName().c_str(),
|
nw->second->tap().deviceName().c_str(),
|
||||||
((tmp.length() > 0) ? tmp.c_str() : "-"));
|
((tmp.length() > 0) ? tmp.c_str() : "-"));
|
||||||
}
|
}
|
||||||
|
|
|
@ -269,9 +269,8 @@ bool PacketDecoder::_doOK(const RuntimeEnvironment *_r,const SharedPtr<Peer> &pe
|
||||||
unsigned int dictlen = at<uint16_t>(ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST__OK__IDX_DICT_LEN);
|
unsigned int dictlen = at<uint16_t>(ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST__OK__IDX_DICT_LEN);
|
||||||
std::string dict((const char *)field(ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST__OK__IDX_DICT,dictlen),dictlen);
|
std::string dict((const char *)field(ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST__OK__IDX_DICT,dictlen),dictlen);
|
||||||
if (dict.length()) {
|
if (dict.length()) {
|
||||||
Network::Config netconf(dict);
|
nw->setConfiguration(Dictionary(dict));
|
||||||
TRACE("got network configuration for network %.16llx from %s",(unsigned long long)nw->id(),source().toString().c_str());
|
TRACE("got network configuration for network %.16llx from %s",(unsigned long long)nw->id(),source().toString().c_str());
|
||||||
nw->setConfiguration(netconf);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} break;
|
} break;
|
||||||
|
@ -363,7 +362,7 @@ bool PacketDecoder::_doFRAME(const RuntimeEnvironment *_r,const SharedPtr<Peer>
|
||||||
if (network) {
|
if (network) {
|
||||||
if (network->isAllowed(source())) {
|
if (network->isAllowed(source())) {
|
||||||
unsigned int etherType = at<uint16_t>(ZT_PROTO_VERB_FRAME_IDX_ETHERTYPE);
|
unsigned int etherType = at<uint16_t>(ZT_PROTO_VERB_FRAME_IDX_ETHERTYPE);
|
||||||
if (network->permitsEtherType(etherType)) {
|
if (network->config()->permitsEtherType(etherType)) {
|
||||||
network->tap().put(source().toMAC(),network->tap().mac(),etherType,data() + ZT_PROTO_VERB_FRAME_IDX_PAYLOAD,size() - ZT_PROTO_VERB_FRAME_IDX_PAYLOAD);
|
network->tap().put(source().toMAC(),network->tap().mac(),etherType,data() + ZT_PROTO_VERB_FRAME_IDX_PAYLOAD,size() - ZT_PROTO_VERB_FRAME_IDX_PAYLOAD);
|
||||||
} else if (size() > ZT_PROTO_VERB_FRAME_IDX_PAYLOAD) {
|
} else if (size() > ZT_PROTO_VERB_FRAME_IDX_PAYLOAD) {
|
||||||
TRACE("dropped FRAME from %s: ethernet type %u not allowed on network %.16llx",source().toString().c_str(),etherType,(unsigned long long)network->id());
|
TRACE("dropped FRAME from %s: ethernet type %u not allowed on network %.16llx",source().toString().c_str(),etherType,(unsigned long long)network->id());
|
||||||
|
@ -500,78 +499,81 @@ bool PacketDecoder::_doMULTICAST_FRAME(const RuntimeEnvironment *_r,const Shared
|
||||||
// inject the packet. This also gives us an opportunity to check things
|
// inject the packet. This also gives us an opportunity to check things
|
||||||
// like multicast bandwidth constraints.
|
// like multicast bandwidth constraints.
|
||||||
if (network) {
|
if (network) {
|
||||||
maxDepth = std::min((unsigned int)ZT_MULTICAST_GLOBAL_MAX_DEPTH,network->multicastDepth());
|
SharedPtr<NetworkConfig> nconf(network->config2());
|
||||||
if (!maxDepth)
|
if (nconf) {
|
||||||
maxDepth = ZT_MULTICAST_GLOBAL_MAX_DEPTH;
|
maxDepth = std::min((unsigned int)ZT_MULTICAST_GLOBAL_MAX_DEPTH,nconf->multicastDepth());
|
||||||
|
if (!maxDepth)
|
||||||
|
maxDepth = ZT_MULTICAST_GLOBAL_MAX_DEPTH;
|
||||||
|
|
||||||
if (!network->isAllowed(origin)) {
|
if (!network->isAllowed(origin)) {
|
||||||
TRACE("didn't inject MULTICAST_FRAME from %s(%s) into %.16llx: sender %s not allowed or we don't have a certificate",source().toString().c_str(),nwid,_remoteAddress.toString().c_str(),origin.toString().c_str());
|
TRACE("didn't inject MULTICAST_FRAME from %s(%s) into %.16llx: sender %s not allowed or we don't have a certificate",source().toString().c_str(),nwid,_remoteAddress.toString().c_str(),origin.toString().c_str());
|
||||||
|
|
||||||
// Tell them we need a certificate
|
// Tell them we need a certificate
|
||||||
Packet outp(source(),_r->identity.address(),Packet::VERB_ERROR);
|
Packet outp(source(),_r->identity.address(),Packet::VERB_ERROR);
|
||||||
outp.append((unsigned char)Packet::VERB_FRAME);
|
outp.append((unsigned char)Packet::VERB_FRAME);
|
||||||
outp.append(packetId());
|
outp.append(packetId());
|
||||||
outp.append((unsigned char)Packet::ERROR_NEED_MEMBERSHIP_CERTIFICATE);
|
outp.append((unsigned char)Packet::ERROR_NEED_MEMBERSHIP_CERTIFICATE);
|
||||||
outp.append(nwid);
|
outp.append(nwid);
|
||||||
outp.armor(peer->key(),true);
|
outp.armor(peer->key(),true);
|
||||||
_r->demarc->send(_localPort,_remoteAddress,outp.data(),outp.size(),-1);
|
_r->demarc->send(_localPort,_remoteAddress,outp.data(),outp.size(),-1);
|
||||||
|
|
||||||
// We do not terminate here, since if the member just has an out of
|
// We do not terminate here, since if the member just has an out of
|
||||||
// date cert or hasn't sent us a cert yet we still want to propagate
|
// date cert or hasn't sent us a cert yet we still want to propagate
|
||||||
// the message so multicast keeps working downstream.
|
// the message so multicast keeps working downstream.
|
||||||
} else if ((!network->permitsBridging(origin))&&(!origin.wouldHaveMac(sourceMac))) {
|
} else if ((!nconf->permitsBridging(origin))&&(!origin.wouldHaveMac(sourceMac))) {
|
||||||
// This *does* terminate propagation, since it's technically a
|
// This *does* terminate propagation, since it's technically a
|
||||||
// security violation of the network's bridging policy. But if we
|
// security violation of the network's bridging policy. But if we
|
||||||
// were to keep propagating it wouldn't hurt anything, just waste
|
// were to keep propagating it wouldn't hurt anything, just waste
|
||||||
// bandwidth as everyone else would reject it too.
|
// bandwidth as everyone else would reject it too.
|
||||||
#ifdef ZT_TRACE_MULTICAST
|
#ifdef ZT_TRACE_MULTICAST
|
||||||
Utils::snprintf(mct,sizeof(mct),
|
Utils::snprintf(mct,sizeof(mct),
|
||||||
"%.16llx %.2u %.3u%s %c %s dropped: bridging not allowed",
|
"%.16llx %.2u %.3u%s %c %s dropped: bridging not allowed",
|
||||||
guid,
|
guid,
|
||||||
prefix,
|
prefix,
|
||||||
depth,
|
depth,
|
||||||
mctdepth,
|
mctdepth,
|
||||||
(_r->topology->amSupernode() ? 'S' : '-'),
|
(_r->topology->amSupernode() ? 'S' : '-'),
|
||||||
_r->identity.address().toString().c_str());
|
_r->identity.address().toString().c_str());
|
||||||
_r->demarc->send(Demarc::ANY_PORT,ZT_DEFAULTS.multicastTraceWatcher,mct,strlen(mct),-1);
|
_r->demarc->send(Demarc::ANY_PORT,ZT_DEFAULTS.multicastTraceWatcher,mct,strlen(mct),-1);
|
||||||
#endif
|
#endif
|
||||||
TRACE("dropped MULTICAST_FRAME from %s(%s) into %.16llx: source mac %s doesn't belong to %s, and bridging is not supported on network",source().toString().c_str(),nwid,_remoteAddress.toString().c_str(),sourceMac.toString().c_str(),origin.toString().c_str());
|
TRACE("dropped MULTICAST_FRAME from %s(%s) into %.16llx: source mac %s doesn't belong to %s, and bridging is not supported on network",source().toString().c_str(),nwid,_remoteAddress.toString().c_str(),sourceMac.toString().c_str(),origin.toString().c_str());
|
||||||
return true;
|
return true;
|
||||||
} else if (!network->permitsEtherType(etherType)) {
|
} else if (!nconf->permitsEtherType(etherType)) {
|
||||||
// Ditto for this-- halt propagation if this is for an ethertype
|
// Ditto for this-- halt propagation if this is for an ethertype
|
||||||
// this network doesn't allow. Same principle as bridging test.
|
// this network doesn't allow. Same principle as bridging test.
|
||||||
#ifdef ZT_TRACE_MULTICAST
|
#ifdef ZT_TRACE_MULTICAST
|
||||||
Utils::snprintf(mct,sizeof(mct),
|
Utils::snprintf(mct,sizeof(mct),
|
||||||
"%.16llx %.2u %.3u%s %c %s dropped: ethertype not allowed",
|
"%.16llx %.2u %.3u%s %c %s dropped: ethertype not allowed",
|
||||||
guid,
|
guid,
|
||||||
prefix,
|
prefix,
|
||||||
depth,
|
depth,
|
||||||
mctdepth,
|
mctdepth,
|
||||||
(_r->topology->amSupernode() ? 'S' : '-'),
|
(_r->topology->amSupernode() ? 'S' : '-'),
|
||||||
_r->identity.address().toString().c_str());
|
_r->identity.address().toString().c_str());
|
||||||
_r->demarc->send(Demarc::ANY_PORT,ZT_DEFAULTS.multicastTraceWatcher,mct,strlen(mct),-1);
|
_r->demarc->send(Demarc::ANY_PORT,ZT_DEFAULTS.multicastTraceWatcher,mct,strlen(mct),-1);
|
||||||
#endif
|
#endif
|
||||||
TRACE("dropped MULTICAST_FRAME from %s(%s) into %.16llx: ethertype %u is not allowed",source().toString().c_str(),nwid,_remoteAddress.toString().c_str(),etherType);
|
TRACE("dropped MULTICAST_FRAME from %s(%s) into %.16llx: ethertype %u is not allowed",source().toString().c_str(),nwid,_remoteAddress.toString().c_str(),etherType);
|
||||||
return true;
|
return true;
|
||||||
} else if (!network->updateAndCheckMulticastBalance(origin,dest,frameLen)) {
|
} else if (!network->updateAndCheckMulticastBalance(origin,dest,frameLen)) {
|
||||||
// Rate limits can only be checked by members of this network, but
|
// Rate limits can only be checked by members of this network, but
|
||||||
// there should be enough of them that over-limit multicasts get
|
// there should be enough of them that over-limit multicasts get
|
||||||
// their propagation aborted.
|
// their propagation aborted.
|
||||||
#ifdef ZT_TRACE_MULTICAST
|
#ifdef ZT_TRACE_MULTICAST
|
||||||
Utils::snprintf(mct,sizeof(mct),
|
Utils::snprintf(mct,sizeof(mct),
|
||||||
"%.16llx %.2u %.3u%s %c %s dropped: rate limits exceeded",
|
"%.16llx %.2u %.3u%s %c %s dropped: rate limits exceeded",
|
||||||
guid,
|
guid,
|
||||||
prefix,
|
prefix,
|
||||||
depth,
|
depth,
|
||||||
mctdepth,
|
mctdepth,
|
||||||
(_r->topology->amSupernode() ? 'S' : '-'),
|
(_r->topology->amSupernode() ? 'S' : '-'),
|
||||||
_r->identity.address().toString().c_str());
|
_r->identity.address().toString().c_str());
|
||||||
_r->demarc->send(Demarc::ANY_PORT,ZT_DEFAULTS.multicastTraceWatcher,mct,strlen(mct),-1);
|
_r->demarc->send(Demarc::ANY_PORT,ZT_DEFAULTS.multicastTraceWatcher,mct,strlen(mct),-1);
|
||||||
#endif
|
#endif
|
||||||
TRACE("dropped MULTICAST_FRAME from %s(%s): rate limits exceeded for sender %s",source().toString().c_str(),_remoteAddress.toString().c_str(),origin.toString().c_str());
|
TRACE("dropped MULTICAST_FRAME from %s(%s): rate limits exceeded for sender %s",source().toString().c_str(),_remoteAddress.toString().c_str(),origin.toString().c_str());
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
network->tap().put(sourceMac,dest.mac(),etherType,frame,frameLen);
|
network->tap().put(sourceMac,dest.mac(),etherType,frame,frameLen);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -82,6 +82,10 @@ void Switch::onRemotePacket(Demarc::Port localPort,const InetAddress &fromAddr,c
|
||||||
|
|
||||||
void Switch::onLocalEthernet(const SharedPtr<Network> &network,const MAC &from,const MAC &to,unsigned int etherType,const Buffer<4096> &data)
|
void Switch::onLocalEthernet(const SharedPtr<Network> &network,const MAC &from,const MAC &to,unsigned int etherType,const Buffer<4096> &data)
|
||||||
{
|
{
|
||||||
|
SharedPtr<NetworkConfig> nconf(network->config2());
|
||||||
|
if (!nconf)
|
||||||
|
return;
|
||||||
|
|
||||||
if (to == network->tap().mac()) {
|
if (to == network->tap().mac()) {
|
||||||
LOG("%s: frame received from self, ignoring (bridge loop? OS bug?)",network->tap().deviceName().c_str());
|
LOG("%s: frame received from self, ignoring (bridge loop? OS bug?)",network->tap().deviceName().c_str());
|
||||||
return;
|
return;
|
||||||
|
@ -92,7 +96,7 @@ void Switch::onLocalEthernet(const SharedPtr<Network> &network,const MAC &from,c
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!network->permitsEtherType(etherType)) {
|
if (!nconf->permitsEtherType(etherType)) {
|
||||||
LOG("ignored tap: %s -> %s: ethertype %s not allowed on network %.16llx",from.toString().c_str(),to.toString().c_str(),etherTypeName(etherType),(unsigned long long)network->id());
|
LOG("ignored tap: %s -> %s: ethertype %s not allowed on network %.16llx",from.toString().c_str(),to.toString().c_str(),etherTypeName(etherType),(unsigned long long)network->id());
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -115,11 +119,11 @@ void Switch::onLocalEthernet(const SharedPtr<Network> &network,const MAC &from,c
|
||||||
const SharedPtr<Peer> supernode(_r->topology->getBestSupernode());
|
const SharedPtr<Peer> supernode(_r->topology->getBestSupernode());
|
||||||
uint64_t now = Utils::now();
|
uint64_t now = Utils::now();
|
||||||
|
|
||||||
for(unsigned int prefix=0,np=((unsigned int)2 << (network->multicastPrefixBits() - 1));prefix<np;++prefix) {
|
for(unsigned int prefix=0,np=((unsigned int)2 << (nconf->multicastPrefixBits() - 1));prefix<np;++prefix) {
|
||||||
memset(bloom,0,sizeof(bloom));
|
memset(bloom,0,sizeof(bloom));
|
||||||
|
|
||||||
unsigned char *fifoPtr = fifo;
|
unsigned char *fifoPtr = fifo;
|
||||||
_r->mc->getNextHops(network->id(),mg,Multicaster::AddToPropagationQueue(&fifoPtr,fifoEnd,bloom,bloomNonce,_r->identity.address(),network->multicastPrefixBits(),prefix));
|
_r->mc->getNextHops(network->id(),mg,Multicaster::AddToPropagationQueue(&fifoPtr,fifoEnd,bloom,bloomNonce,_r->identity.address(),nconf->multicastPrefixBits(),prefix));
|
||||||
while (fifoPtr != fifoEnd)
|
while (fifoPtr != fifoEnd)
|
||||||
*(fifoPtr++) = (unsigned char)0;
|
*(fifoPtr++) = (unsigned char)0;
|
||||||
|
|
||||||
|
@ -143,7 +147,7 @@ void Switch::onLocalEthernet(const SharedPtr<Network> &network,const MAC &from,c
|
||||||
outp.append((unsigned char)0);
|
outp.append((unsigned char)0);
|
||||||
outp.append(network->id());
|
outp.append(network->id());
|
||||||
outp.append(bloomNonce);
|
outp.append(bloomNonce);
|
||||||
outp.append((unsigned char)network->multicastPrefixBits());
|
outp.append((unsigned char)nconf->multicastPrefixBits());
|
||||||
outp.append((unsigned char)prefix);
|
outp.append((unsigned char)prefix);
|
||||||
_r->identity.address().appendTo(outp);
|
_r->identity.address().appendTo(outp);
|
||||||
outp.append((unsigned char)((mcid >> 16) & 0xff));
|
outp.append((unsigned char)((mcid >> 16) & 0xff));
|
||||||
|
|
Loading…
Add table
Reference in a new issue