Tighten up credential push just a bit for faster up-time with older nodes, should not have significant impact on bandwidth. Also some cleanup and push direct path timing fixes.

This commit is contained in:
Adam Ierymenko 2019-06-25 13:42:20 -07:00
parent a3ef9b8a15
commit a019c3dd5d
8 changed files with 52 additions and 20 deletions

View file

@ -530,14 +530,19 @@
#define ZT_MAX_BRIDGE_ROUTES 67108864 #define ZT_MAX_BRIDGE_ROUTES 67108864
/** /**
* If there is no known route, spam to up to this many active bridges * If there is no known L2 bridging route, spam to up to this many active bridges
*/ */
#define ZT_MAX_BRIDGE_SPAM 32 #define ZT_MAX_BRIDGE_SPAM 32
/** /**
* Interval between direct path pushes in milliseconds * Interval between direct path pushes in milliseconds
*/ */
#define ZT_DIRECT_PATH_PUSH_INTERVAL 120000 #define ZT_DIRECT_PATH_PUSH_INTERVAL 15000
/**
* Interval between direct path pushes in milliseconds if we already have a path
*/
#define ZT_DIRECT_PATH_PUSH_INTERVAL_HAVEPATH 120000
/** /**
* Time horizon for push direct paths cutoff * Time horizon for push direct paths cutoff

View file

@ -185,15 +185,12 @@ bool InetAddress::fromString(const char *ipSlashPort)
inet_pton(AF_INET6, buf, &in6->sin6_addr.s6_addr); inet_pton(AF_INET6, buf, &in6->sin6_addr.s6_addr);
in6->sin6_family = AF_INET6; in6->sin6_family = AF_INET6;
in6->sin6_port = Utils::hton((uint16_t)port); in6->sin6_port = Utils::hton((uint16_t)port);
return true; return true;
} else if (strchr(buf,'.')) { } else if (strchr(buf,'.')) {
struct sockaddr_in *const in = reinterpret_cast<struct sockaddr_in *>(this); struct sockaddr_in *const in = reinterpret_cast<struct sockaddr_in *>(this);
inet_pton(AF_INET, buf, &in->sin_addr.s_addr); inet_pton(AF_INET, buf, &in->sin_addr.s_addr);
in->sin_family = AF_INET; in->sin_family = AF_INET;
in->sin_port = Utils::hton((uint16_t)port); in->sin_port = Utils::hton((uint16_t)port);
return true; return true;
} else { } else {
return false; return false;

View file

@ -40,6 +40,7 @@ namespace ZeroTier {
Membership::Membership() : Membership::Membership() :
_lastUpdatedMulticast(0), _lastUpdatedMulticast(0),
_comRevocationThreshold(0), _comRevocationThreshold(0),
_lastPushedCredentials(0),
_revocations(4), _revocations(4),
_remoteTags(4), _remoteTags(4),
_remoteCaps(4), _remoteCaps(4),
@ -103,6 +104,8 @@ void Membership::pushCredentials(const RuntimeEnvironment *RR,void *tPtr,const i
outp.compress(); outp.compress();
RR->sw->send(tPtr,outp,true); RR->sw->send(tPtr,outp,true);
} }
_lastPushedCredentials = now;
} }
Membership::AddCredentialResult Membership::addCredential(const RuntimeEnvironment *RR,void *tPtr,const NetworkConfig &nconf,const CertificateOfMembership &com) Membership::AddCredentialResult Membership::addCredential(const RuntimeEnvironment *RR,void *tPtr,const NetworkConfig &nconf,const CertificateOfMembership &com)

View file

@ -78,6 +78,14 @@ public:
*/ */
void pushCredentials(const RuntimeEnvironment *RR,void *tPtr,const int64_t now,const Address &peerAddress,const NetworkConfig &nconf,int localCapabilityIndex); void pushCredentials(const RuntimeEnvironment *RR,void *tPtr,const int64_t now,const Address &peerAddress,const NetworkConfig &nconf,int localCapabilityIndex);
/**
* @return True if we haven't pushed credentials in a long time (to cause proactive credential push)
*/
inline bool shouldPushCredentials(const int64_t now) const
{
return ((now - _lastPushedCredentials) > ZT_PEER_ACTIVITY_TIMEOUT);
}
/** /**
* Check whether we should push MULTICAST_LIKEs to this peer, and update last sent time if true * Check whether we should push MULTICAST_LIKEs to this peer, and update last sent time if true
* *
@ -213,6 +221,9 @@ private:
// Revocation threshold for COM or 0 if none // Revocation threshold for COM or 0 if none
int64_t _comRevocationThreshold; int64_t _comRevocationThreshold;
// Time we last pushed credentials
int64_t _lastPushedCredentials;
// Remote member's latest network COM // Remote member's latest network COM
CertificateOfMembership _com; CertificateOfMembership _com;

View file

@ -368,6 +368,21 @@ public:
_membership(to).pushCredentials(RR,tPtr,now,to,_config,-1); _membership(to).pushCredentials(RR,tPtr,now,to,_config,-1);
} }
/**
* Push credentials if we haven't done so in a very long time
*
* @param tPtr Thread pointer to be handed through to any callbacks called as a result of this call
* @param to Destination peer address
* @param now Current time
*/
inline void pushCredentialsIfNeeded(void *tPtr,const Address &to,const int64_t now)
{
Mutex::Lock _l(_lock);
Membership &m = _membership(to);
if (m.shouldPushCredentials(now))
m.pushCredentials(RR,tPtr,now,to,_config,-1);
}
/** /**
* Destroy this network * Destroy this network
* *

View file

@ -84,13 +84,12 @@ void OutboundMulticast::init(
void OutboundMulticast::sendOnly(const RuntimeEnvironment *RR,void *tPtr,const Address &toAddr) void OutboundMulticast::sendOnly(const RuntimeEnvironment *RR,void *tPtr,const Address &toAddr)
{ {
const SharedPtr<Network> nw(RR->node->network(_nwid)); const SharedPtr<Network> nw(RR->node->network(_nwid));
const Address toAddr2(toAddr);
uint8_t QoSBucket = 255; // Dummy value uint8_t QoSBucket = 255; // Dummy value
if ((nw)&&(nw->filterOutgoingPacket(tPtr,true,RR->identity.address(),toAddr2,_macSrc,_macDest,_frameData,_frameLen,_etherType,0,QoSBucket))) { if ((nw)&&(nw->filterOutgoingPacket(tPtr,true,RR->identity.address(),toAddr,_macSrc,_macDest,_frameData,_frameLen,_etherType,0,QoSBucket))) {
nw->pushCredentialsIfNeeded(tPtr,toAddr,RR->node->now());
_packet.newInitializationVector(); _packet.newInitializationVector();
_packet.setDestination(toAddr2); _packet.setDestination(toAddr);
RR->node->expectReplyTo(_packet.packetId()); RR->node->expectReplyTo(_packet.packetId());
_tmp = _packet; _tmp = _packet;
RR->sw->send(tPtr,_tmp,true); RR->sw->send(tPtr,_tmp,true);
} }

View file

@ -39,6 +39,8 @@
namespace ZeroTier { namespace ZeroTier {
static unsigned char s_freeRandomByteCounter = 0;
Peer::Peer(const RuntimeEnvironment *renv,const Identity &myIdentity,const Identity &peerIdentity) : Peer::Peer(const RuntimeEnvironment *renv,const Identity &myIdentity,const Identity &peerIdentity) :
RR(renv), RR(renv),
_lastReceive(0), _lastReceive(0),
@ -55,7 +57,7 @@ Peer::Peer(const RuntimeEnvironment *renv,const Identity &myIdentity,const Ident
_lastACKWindowReset(0), _lastACKWindowReset(0),
_lastQoSWindowReset(0), _lastQoSWindowReset(0),
_lastMultipathCompatibilityCheck(0), _lastMultipathCompatibilityCheck(0),
_freeRandomByte(0), _freeRandomByte((unsigned char)((uintptr_t)this >> 4) ^ ++s_freeRandomByteCounter),
_uniqueAlivePathCount(0), _uniqueAlivePathCount(0),
_localMultipathSupported(false), _localMultipathSupported(false),
_remoteMultipathSupported(false), _remoteMultipathSupported(false),
@ -73,7 +75,6 @@ Peer::Peer(const RuntimeEnvironment *renv,const Identity &myIdentity,const Ident
_lastAggregateStatsReport(0), _lastAggregateStatsReport(0),
_lastAggregateAllocation(0) _lastAggregateAllocation(0)
{ {
Utils::getSecureRandom(&_freeRandomByte, 1);
if (!myIdentity.agree(peerIdentity,_key,ZT_PEER_SECRET_KEY_LENGTH)) if (!myIdentity.agree(peerIdentity,_key,ZT_PEER_SECRET_KEY_LENGTH))
throw ZT_EXCEPTION_INVALID_ARGUMENT; throw ZT_EXCEPTION_INVALID_ARGUMENT;
} }
@ -101,7 +102,8 @@ void Peer::received(
case Packet::VERB_MULTICAST_FRAME: case Packet::VERB_MULTICAST_FRAME:
_lastNontrivialReceive = now; _lastNontrivialReceive = now;
break; break;
default: break; default:
break;
} }
if (trustEstablished) { if (trustEstablished) {
@ -202,17 +204,17 @@ void Peer::received(
} }
// If we have a trust relationship periodically push a message enumerating // If we have a trust relationship periodically push a message enumerating
// all known external addresses for ourselves. We now do this even if we // all known external addresses for ourselves. If we already have a path this
// have a current path since we'll want to use new ones too. // is done less frequently.
if (this->trustEstablished(now)) { if (this->trustEstablished(now)) {
const uint64_t sinceLastPush = now - _lastDirectPathPushSent; const int64_t sinceLastPush = now - _lastDirectPathPushSent;
if (sinceLastPush >= ZT_DIRECT_PATH_PUSH_INTERVAL) { if (sinceLastPush >= ((hops == 0) ? ZT_DIRECT_PATH_PUSH_INTERVAL_HAVEPATH : ZT_DIRECT_PATH_PUSH_INTERVAL)) {
_lastDirectPathPushSent = now; _lastDirectPathPushSent = now;
std::vector<InetAddress> pathsToPush(RR->node->directPaths()); std::vector<InetAddress> pathsToPush(RR->node->directPaths());
if (pathsToPush.size() > 0) { if (pathsToPush.size() > 0) {
std::vector<InetAddress>::const_iterator p(pathsToPush.begin()); std::vector<InetAddress>::const_iterator p(pathsToPush.begin());
while (p != pathsToPush.end()) { while (p != pathsToPush.end()) {
Packet *outp = new Packet(_id.address(),RR->identity.address(),Packet::VERB_PUSH_DIRECT_PATHS); Packet *const outp = new Packet(_id.address(),RR->identity.address(),Packet::VERB_PUSH_DIRECT_PATHS);
outp->addSize(2); // leave room for count outp->addSize(2); // leave room for count
unsigned int count = 0; unsigned int count = 0;
while ((p != pathsToPush.end())&&((outp->size() + 24) < 1200)) { while ((p != pathsToPush.end())&&((outp->size() + 24) < 1200)) {
@ -254,8 +256,7 @@ void Peer::received(
void Peer::recordOutgoingPacket(const SharedPtr<Path> &path, const uint64_t packetId, void Peer::recordOutgoingPacket(const SharedPtr<Path> &path, const uint64_t packetId,
uint16_t payloadLength, const Packet::Verb verb, int64_t now) uint16_t payloadLength, const Packet::Verb verb, int64_t now)
{ {
// Grab second byte from packetId to use as a source of entropy in the next path selection _freeRandomByte += (unsigned char)(packetId >> 8); // grab entropy to use in path selection logic for multipath
_freeRandomByte = (packetId & 0xFF00) >> 8;
if (_canUseMultipath) { if (_canUseMultipath) {
path->recordOutgoingPacket(now, packetId, payloadLength, verb); path->recordOutgoingPacket(now, packetId, payloadLength, verb);
} }

View file

@ -417,6 +417,8 @@ void Switch::onLocalEthernet(void *tPtr,const SharedPtr<Network> &network,const
return; return;
} }
network->pushCredentialsIfNeeded(tPtr,toZT,RR->node->now());
if (fromBridged) { if (fromBridged) {
Packet outp(toZT,RR->identity.address(),Packet::VERB_EXT_FRAME); Packet outp(toZT,RR->identity.address(),Packet::VERB_EXT_FRAME);
outp.append(network->id()); outp.append(network->id());
@ -437,7 +439,6 @@ void Switch::onLocalEthernet(void *tPtr,const SharedPtr<Network> &network,const
outp.compress(); outp.compress();
aqm_enqueue(tPtr,network,outp,true,qosBucket); aqm_enqueue(tPtr,network,outp,true,qosBucket);
} }
} else { } else {
// Destination is bridged behind a remote peer // Destination is bridged behind a remote peer