diff --git a/node/IncomingPacket.cpp b/node/IncomingPacket.cpp index efb506fe9..5397d51c8 100644 --- a/node/IncomingPacket.cpp +++ b/node/IncomingPacket.cpp @@ -270,9 +270,9 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR) if (RR->topology->isSupernode(id.address())) { RR->node->postNewerVersionIfNewer(vMajor,vMinor,vRevision); - RR->sa->iam(_remoteAddress,destAddr,true); + RR->sa->iam(id.address(),_remoteAddress,destAddr,true); } else { - RR->sa->iam(_remoteAddress,destAddr,false); + RR->sa->iam(id.address(),_remoteAddress,destAddr,false); } Packet outp(id.address(),RR->identity.address(),Packet::VERB_OK); diff --git a/node/SelfAwareness.cpp b/node/SelfAwareness.cpp index db0c5595f..b6bfe9e4d 100644 --- a/node/SelfAwareness.cpp +++ b/node/SelfAwareness.cpp @@ -63,24 +63,26 @@ SelfAwareness::~SelfAwareness() { } -void SelfAwareness::iam(const InetAddress &reporterPhysicalAddress,const InetAddress &myPhysicalAddress,bool trusted) +void SelfAwareness::iam(const Address &reporter,const InetAddress &reporterPhysicalAddress,const InetAddress &myPhysicalAddress,bool trusted) { // This code depends on the numeric values assigned to scopes in InetAddress.hpp const unsigned int scope = (unsigned int)myPhysicalAddress.ipScope(); if ((scope > 0)&&(scope < (unsigned int)InetAddress::IP_SCOPE_LOOPBACK)) { - /* For now only trusted peers are permitted to inform us of changes to - * our global Internet IP or to changes of NATed IPs. We'll let peers on - * private, shared, or link-local networks inform us of changes as long - * as they too are at the same scope. This discrimination avoids a DoS - * attack in which an attacker could force us to reset our connections. */ - if ( (!trusted) && ((scope == (unsigned int)InetAddress::IP_SCOPE_GLOBAL)||(scope != (unsigned int)reporterPhysicalAddress.ipScope())) ) + if ( (!trusted) && ((scope == (unsigned int)InetAddress::IP_SCOPE_GLOBAL)||(scope != (unsigned int)reporterPhysicalAddress.ipScope())) ) { + /* For now only trusted peers are permitted to inform us of changes to + * our global Internet IP or to changes of NATed IPs. We'll let peers on + * private, shared, or link-local networks inform us of changes as long + * as they too are at the same scope. This discrimination avoids a DoS + * attack in which an attacker could force us to reset our connections. */ return; - else { + } else { Mutex::Lock _l(_lock); InetAddress &lastPhy = _lastPhysicalAddress[scope - 1]; if (!lastPhy) { + TRACE("learned physical address %s for scope %u from reporter %s(%s) (replaced )",myPhysicalAddress.toString().c_str(),scope,reporter.toString().c_str(),reporterPhysicalAddress.toString().c_str()); lastPhy = myPhysicalAddress; } else if (lastPhy != myPhysicalAddress) { + TRACE("learned physical address %s for scope %u from reporter %s(%s) (replaced %s, resetting within scope)",myPhysicalAddress.toString().c_str(),scope,reporter.toString().c_str(),reporterPhysicalAddress.toString().c_str(),lastPhy.toString().c_str()); lastPhy = myPhysicalAddress; _ResetWithinScope rset(RR,RR->node->now(),(InetAddress::IpScope)scope); RR->topology->eachPeer<_ResetWithinScope &>(rset); diff --git a/node/SelfAwareness.hpp b/node/SelfAwareness.hpp index eadc21494..2eb9b59f1 100644 --- a/node/SelfAwareness.hpp +++ b/node/SelfAwareness.hpp @@ -29,6 +29,7 @@ #define ZT_SELFAWARENESS_HPP #include "InetAddress.hpp" +#include "Address.hpp" #include "Mutex.hpp" namespace ZeroTier { @@ -47,11 +48,12 @@ public: /** * Called when a trusted remote peer informs us of our external network address * + * @param reporter ZeroTier address of reporting peer * @param reporterPhysicalAddress Physical address that reporting peer seems to have * @param myPhysicalAddress Physical address that peer says we have * @param trusted True if this peer is trusted as an authority to inform us of external address changes */ - void iam(const InetAddress &reporterPhysicalAddress,const InetAddress &myPhysicalAddress,bool trusted); + void iam(const Address &reporter,const InetAddress &reporterPhysicalAddress,const InetAddress &myPhysicalAddress,bool trusted); private: const RuntimeEnvironment *RR;