mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2025-06-06 12:33:44 +02:00
Tighten up credential push just a bit for faster up-time with older nodes, should not have significant impact on bandwidth. Also some cleanup and push direct path timing fixes.
This commit is contained in:
parent
a3ef9b8a15
commit
a019c3dd5d
8 changed files with 52 additions and 20 deletions
|
@ -530,14 +530,19 @@
|
||||||
#define ZT_MAX_BRIDGE_ROUTES 67108864
|
#define ZT_MAX_BRIDGE_ROUTES 67108864
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* If there is no known route, spam to up to this many active bridges
|
* If there is no known L2 bridging route, spam to up to this many active bridges
|
||||||
*/
|
*/
|
||||||
#define ZT_MAX_BRIDGE_SPAM 32
|
#define ZT_MAX_BRIDGE_SPAM 32
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Interval between direct path pushes in milliseconds
|
* Interval between direct path pushes in milliseconds
|
||||||
*/
|
*/
|
||||||
#define ZT_DIRECT_PATH_PUSH_INTERVAL 120000
|
#define ZT_DIRECT_PATH_PUSH_INTERVAL 15000
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Interval between direct path pushes in milliseconds if we already have a path
|
||||||
|
*/
|
||||||
|
#define ZT_DIRECT_PATH_PUSH_INTERVAL_HAVEPATH 120000
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Time horizon for push direct paths cutoff
|
* Time horizon for push direct paths cutoff
|
||||||
|
|
|
@ -185,15 +185,12 @@ bool InetAddress::fromString(const char *ipSlashPort)
|
||||||
inet_pton(AF_INET6, buf, &in6->sin6_addr.s6_addr);
|
inet_pton(AF_INET6, buf, &in6->sin6_addr.s6_addr);
|
||||||
in6->sin6_family = AF_INET6;
|
in6->sin6_family = AF_INET6;
|
||||||
in6->sin6_port = Utils::hton((uint16_t)port);
|
in6->sin6_port = Utils::hton((uint16_t)port);
|
||||||
|
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
} else if (strchr(buf,'.')) {
|
} else if (strchr(buf,'.')) {
|
||||||
struct sockaddr_in *const in = reinterpret_cast<struct sockaddr_in *>(this);
|
struct sockaddr_in *const in = reinterpret_cast<struct sockaddr_in *>(this);
|
||||||
inet_pton(AF_INET, buf, &in->sin_addr.s_addr);
|
inet_pton(AF_INET, buf, &in->sin_addr.s_addr);
|
||||||
in->sin_family = AF_INET;
|
in->sin_family = AF_INET;
|
||||||
in->sin_port = Utils::hton((uint16_t)port);
|
in->sin_port = Utils::hton((uint16_t)port);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
return false;
|
return false;
|
||||||
|
|
|
@ -40,6 +40,7 @@ namespace ZeroTier {
|
||||||
Membership::Membership() :
|
Membership::Membership() :
|
||||||
_lastUpdatedMulticast(0),
|
_lastUpdatedMulticast(0),
|
||||||
_comRevocationThreshold(0),
|
_comRevocationThreshold(0),
|
||||||
|
_lastPushedCredentials(0),
|
||||||
_revocations(4),
|
_revocations(4),
|
||||||
_remoteTags(4),
|
_remoteTags(4),
|
||||||
_remoteCaps(4),
|
_remoteCaps(4),
|
||||||
|
@ -103,6 +104,8 @@ void Membership::pushCredentials(const RuntimeEnvironment *RR,void *tPtr,const i
|
||||||
outp.compress();
|
outp.compress();
|
||||||
RR->sw->send(tPtr,outp,true);
|
RR->sw->send(tPtr,outp,true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
_lastPushedCredentials = now;
|
||||||
}
|
}
|
||||||
|
|
||||||
Membership::AddCredentialResult Membership::addCredential(const RuntimeEnvironment *RR,void *tPtr,const NetworkConfig &nconf,const CertificateOfMembership &com)
|
Membership::AddCredentialResult Membership::addCredential(const RuntimeEnvironment *RR,void *tPtr,const NetworkConfig &nconf,const CertificateOfMembership &com)
|
||||||
|
|
|
@ -78,6 +78,14 @@ public:
|
||||||
*/
|
*/
|
||||||
void pushCredentials(const RuntimeEnvironment *RR,void *tPtr,const int64_t now,const Address &peerAddress,const NetworkConfig &nconf,int localCapabilityIndex);
|
void pushCredentials(const RuntimeEnvironment *RR,void *tPtr,const int64_t now,const Address &peerAddress,const NetworkConfig &nconf,int localCapabilityIndex);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return True if we haven't pushed credentials in a long time (to cause proactive credential push)
|
||||||
|
*/
|
||||||
|
inline bool shouldPushCredentials(const int64_t now) const
|
||||||
|
{
|
||||||
|
return ((now - _lastPushedCredentials) > ZT_PEER_ACTIVITY_TIMEOUT);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check whether we should push MULTICAST_LIKEs to this peer, and update last sent time if true
|
* Check whether we should push MULTICAST_LIKEs to this peer, and update last sent time if true
|
||||||
*
|
*
|
||||||
|
@ -213,6 +221,9 @@ private:
|
||||||
// Revocation threshold for COM or 0 if none
|
// Revocation threshold for COM or 0 if none
|
||||||
int64_t _comRevocationThreshold;
|
int64_t _comRevocationThreshold;
|
||||||
|
|
||||||
|
// Time we last pushed credentials
|
||||||
|
int64_t _lastPushedCredentials;
|
||||||
|
|
||||||
// Remote member's latest network COM
|
// Remote member's latest network COM
|
||||||
CertificateOfMembership _com;
|
CertificateOfMembership _com;
|
||||||
|
|
||||||
|
|
|
@ -368,6 +368,21 @@ public:
|
||||||
_membership(to).pushCredentials(RR,tPtr,now,to,_config,-1);
|
_membership(to).pushCredentials(RR,tPtr,now,to,_config,-1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Push credentials if we haven't done so in a very long time
|
||||||
|
*
|
||||||
|
* @param tPtr Thread pointer to be handed through to any callbacks called as a result of this call
|
||||||
|
* @param to Destination peer address
|
||||||
|
* @param now Current time
|
||||||
|
*/
|
||||||
|
inline void pushCredentialsIfNeeded(void *tPtr,const Address &to,const int64_t now)
|
||||||
|
{
|
||||||
|
Mutex::Lock _l(_lock);
|
||||||
|
Membership &m = _membership(to);
|
||||||
|
if (m.shouldPushCredentials(now))
|
||||||
|
m.pushCredentials(RR,tPtr,now,to,_config,-1);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Destroy this network
|
* Destroy this network
|
||||||
*
|
*
|
||||||
|
|
|
@ -84,13 +84,12 @@ void OutboundMulticast::init(
|
||||||
void OutboundMulticast::sendOnly(const RuntimeEnvironment *RR,void *tPtr,const Address &toAddr)
|
void OutboundMulticast::sendOnly(const RuntimeEnvironment *RR,void *tPtr,const Address &toAddr)
|
||||||
{
|
{
|
||||||
const SharedPtr<Network> nw(RR->node->network(_nwid));
|
const SharedPtr<Network> nw(RR->node->network(_nwid));
|
||||||
const Address toAddr2(toAddr);
|
|
||||||
uint8_t QoSBucket = 255; // Dummy value
|
uint8_t QoSBucket = 255; // Dummy value
|
||||||
if ((nw)&&(nw->filterOutgoingPacket(tPtr,true,RR->identity.address(),toAddr2,_macSrc,_macDest,_frameData,_frameLen,_etherType,0,QoSBucket))) {
|
if ((nw)&&(nw->filterOutgoingPacket(tPtr,true,RR->identity.address(),toAddr,_macSrc,_macDest,_frameData,_frameLen,_etherType,0,QoSBucket))) {
|
||||||
|
nw->pushCredentialsIfNeeded(tPtr,toAddr,RR->node->now());
|
||||||
_packet.newInitializationVector();
|
_packet.newInitializationVector();
|
||||||
_packet.setDestination(toAddr2);
|
_packet.setDestination(toAddr);
|
||||||
RR->node->expectReplyTo(_packet.packetId());
|
RR->node->expectReplyTo(_packet.packetId());
|
||||||
|
|
||||||
_tmp = _packet;
|
_tmp = _packet;
|
||||||
RR->sw->send(tPtr,_tmp,true);
|
RR->sw->send(tPtr,_tmp,true);
|
||||||
}
|
}
|
||||||
|
|
|
@ -39,6 +39,8 @@
|
||||||
|
|
||||||
namespace ZeroTier {
|
namespace ZeroTier {
|
||||||
|
|
||||||
|
static unsigned char s_freeRandomByteCounter = 0;
|
||||||
|
|
||||||
Peer::Peer(const RuntimeEnvironment *renv,const Identity &myIdentity,const Identity &peerIdentity) :
|
Peer::Peer(const RuntimeEnvironment *renv,const Identity &myIdentity,const Identity &peerIdentity) :
|
||||||
RR(renv),
|
RR(renv),
|
||||||
_lastReceive(0),
|
_lastReceive(0),
|
||||||
|
@ -55,7 +57,7 @@ Peer::Peer(const RuntimeEnvironment *renv,const Identity &myIdentity,const Ident
|
||||||
_lastACKWindowReset(0),
|
_lastACKWindowReset(0),
|
||||||
_lastQoSWindowReset(0),
|
_lastQoSWindowReset(0),
|
||||||
_lastMultipathCompatibilityCheck(0),
|
_lastMultipathCompatibilityCheck(0),
|
||||||
_freeRandomByte(0),
|
_freeRandomByte((unsigned char)((uintptr_t)this >> 4) ^ ++s_freeRandomByteCounter),
|
||||||
_uniqueAlivePathCount(0),
|
_uniqueAlivePathCount(0),
|
||||||
_localMultipathSupported(false),
|
_localMultipathSupported(false),
|
||||||
_remoteMultipathSupported(false),
|
_remoteMultipathSupported(false),
|
||||||
|
@ -73,7 +75,6 @@ Peer::Peer(const RuntimeEnvironment *renv,const Identity &myIdentity,const Ident
|
||||||
_lastAggregateStatsReport(0),
|
_lastAggregateStatsReport(0),
|
||||||
_lastAggregateAllocation(0)
|
_lastAggregateAllocation(0)
|
||||||
{
|
{
|
||||||
Utils::getSecureRandom(&_freeRandomByte, 1);
|
|
||||||
if (!myIdentity.agree(peerIdentity,_key,ZT_PEER_SECRET_KEY_LENGTH))
|
if (!myIdentity.agree(peerIdentity,_key,ZT_PEER_SECRET_KEY_LENGTH))
|
||||||
throw ZT_EXCEPTION_INVALID_ARGUMENT;
|
throw ZT_EXCEPTION_INVALID_ARGUMENT;
|
||||||
}
|
}
|
||||||
|
@ -101,7 +102,8 @@ void Peer::received(
|
||||||
case Packet::VERB_MULTICAST_FRAME:
|
case Packet::VERB_MULTICAST_FRAME:
|
||||||
_lastNontrivialReceive = now;
|
_lastNontrivialReceive = now;
|
||||||
break;
|
break;
|
||||||
default: break;
|
default:
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (trustEstablished) {
|
if (trustEstablished) {
|
||||||
|
@ -202,17 +204,17 @@ void Peer::received(
|
||||||
}
|
}
|
||||||
|
|
||||||
// If we have a trust relationship periodically push a message enumerating
|
// If we have a trust relationship periodically push a message enumerating
|
||||||
// all known external addresses for ourselves. We now do this even if we
|
// all known external addresses for ourselves. If we already have a path this
|
||||||
// have a current path since we'll want to use new ones too.
|
// is done less frequently.
|
||||||
if (this->trustEstablished(now)) {
|
if (this->trustEstablished(now)) {
|
||||||
const uint64_t sinceLastPush = now - _lastDirectPathPushSent;
|
const int64_t sinceLastPush = now - _lastDirectPathPushSent;
|
||||||
if (sinceLastPush >= ZT_DIRECT_PATH_PUSH_INTERVAL) {
|
if (sinceLastPush >= ((hops == 0) ? ZT_DIRECT_PATH_PUSH_INTERVAL_HAVEPATH : ZT_DIRECT_PATH_PUSH_INTERVAL)) {
|
||||||
_lastDirectPathPushSent = now;
|
_lastDirectPathPushSent = now;
|
||||||
std::vector<InetAddress> pathsToPush(RR->node->directPaths());
|
std::vector<InetAddress> pathsToPush(RR->node->directPaths());
|
||||||
if (pathsToPush.size() > 0) {
|
if (pathsToPush.size() > 0) {
|
||||||
std::vector<InetAddress>::const_iterator p(pathsToPush.begin());
|
std::vector<InetAddress>::const_iterator p(pathsToPush.begin());
|
||||||
while (p != pathsToPush.end()) {
|
while (p != pathsToPush.end()) {
|
||||||
Packet *outp = new Packet(_id.address(),RR->identity.address(),Packet::VERB_PUSH_DIRECT_PATHS);
|
Packet *const outp = new Packet(_id.address(),RR->identity.address(),Packet::VERB_PUSH_DIRECT_PATHS);
|
||||||
outp->addSize(2); // leave room for count
|
outp->addSize(2); // leave room for count
|
||||||
unsigned int count = 0;
|
unsigned int count = 0;
|
||||||
while ((p != pathsToPush.end())&&((outp->size() + 24) < 1200)) {
|
while ((p != pathsToPush.end())&&((outp->size() + 24) < 1200)) {
|
||||||
|
@ -254,8 +256,7 @@ void Peer::received(
|
||||||
void Peer::recordOutgoingPacket(const SharedPtr<Path> &path, const uint64_t packetId,
|
void Peer::recordOutgoingPacket(const SharedPtr<Path> &path, const uint64_t packetId,
|
||||||
uint16_t payloadLength, const Packet::Verb verb, int64_t now)
|
uint16_t payloadLength, const Packet::Verb verb, int64_t now)
|
||||||
{
|
{
|
||||||
// Grab second byte from packetId to use as a source of entropy in the next path selection
|
_freeRandomByte += (unsigned char)(packetId >> 8); // grab entropy to use in path selection logic for multipath
|
||||||
_freeRandomByte = (packetId & 0xFF00) >> 8;
|
|
||||||
if (_canUseMultipath) {
|
if (_canUseMultipath) {
|
||||||
path->recordOutgoingPacket(now, packetId, payloadLength, verb);
|
path->recordOutgoingPacket(now, packetId, payloadLength, verb);
|
||||||
}
|
}
|
||||||
|
|
|
@ -417,6 +417,8 @@ void Switch::onLocalEthernet(void *tPtr,const SharedPtr<Network> &network,const
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
network->pushCredentialsIfNeeded(tPtr,toZT,RR->node->now());
|
||||||
|
|
||||||
if (fromBridged) {
|
if (fromBridged) {
|
||||||
Packet outp(toZT,RR->identity.address(),Packet::VERB_EXT_FRAME);
|
Packet outp(toZT,RR->identity.address(),Packet::VERB_EXT_FRAME);
|
||||||
outp.append(network->id());
|
outp.append(network->id());
|
||||||
|
@ -437,7 +439,6 @@ void Switch::onLocalEthernet(void *tPtr,const SharedPtr<Network> &network,const
|
||||||
outp.compress();
|
outp.compress();
|
||||||
aqm_enqueue(tPtr,network,outp,true,qosBucket);
|
aqm_enqueue(tPtr,network,outp,true,qosBucket);
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
// Destination is bridged behind a remote peer
|
// Destination is bridged behind a remote peer
|
||||||
|
|
||||||
|
|
Loading…
Add table
Reference in a new issue