void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-06-06 12:33:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'dev' of github.com:zerotier/ZeroTierOne into dev

Browse source
This commit is contained in:
Adam Ierymenko 2021-05-28 17:08:44 -04:00
commit bf4bb414dd
No known key found for this signature in database
GPG key ID: C8877CF2D7A5D7F3
2 changed files with 16 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
osdep/Binder.hpp
View file

@ -40,7 +40,7 @@
#endif #endif
#endif #endif
#if defined(__APPLE__) && defined(TARGET_OS_MAC) #if defined(__unix__) && !defined(__LINUX__)
#include <net/if.h> #include <net/if.h>
#include <netinet6/in6_var.h> #include <netinet6/in6_var.h>
#include <sys/ioctl.h> #include <sys/ioctl.h>
@ -311,8 +311,7 @@ class Binder {
if (! gotViaProc) { if (! gotViaProc) {
struct ifaddrs* ifatbl = (struct ifaddrs*)0; struct ifaddrs* ifatbl = (struct ifaddrs*)0;
struct ifaddrs* ifa; struct ifaddrs* ifa;
#if defined(__unix__) && !defined(__LINUX__)
#if defined(__APPLE__)
// set up an IPv6 socket so we can check the state of interfaces via SIOCGIFAFLAG_IN6 // set up an IPv6 socket so we can check the state of interfaces via SIOCGIFAFLAG_IN6
int infoSock = socket(AF_INET6, SOCK_DGRAM, 0); int infoSock = socket(AF_INET6, SOCK_DGRAM, 0);
#endif #endif
@ -321,8 +320,8 @@ class Binder {
while (ifa) { while (ifa) {
if ((ifa->ifa_name) && (ifa->ifa_addr)) { if ((ifa->ifa_name) && (ifa->ifa_addr)) {
InetAddress ip = *(ifa->ifa_addr); InetAddress ip = *(ifa->ifa_addr);
#if defined(__APPLE__) && defined(TARGET_OS_MAC) #if defined(__unix__) && !defined(__LINUX__)
// Check if the address is an IPv6 Temporary Address, macOS version // Check if the address is an IPv6 Temporary Address, macOS/BSD version
if (ifa->ifa_addr->sa_family == AF_INET6) { if (ifa->ifa_addr->sa_family == AF_INET6) {
struct sockaddr_in6* sa6 = (struct sockaddr_in6*)ifa->ifa_addr; struct sockaddr_in6* sa6 = (struct sockaddr_in6*)ifa->ifa_addr;
struct in6_ifreq ifr6; struct in6_ifreq ifr6;
@ -369,7 +368,7 @@ class Binder {
else { else {
interfacesEnumerated = false; interfacesEnumerated = false;
} }
#if defined(__APPLE__) #if defined(__unix__) && !defined(__LINUX__)
close(infoSock); close(infoSock);
#endif #endif
} }

13
service/OneService.cpp
View file

@ -725,15 +725,24 @@ public:
OSUtils::ztsnprintf(portstr,sizeof(portstr),"%u",_ports[0]); OSUtils::ztsnprintf(portstr,sizeof(portstr),"%u",_ports[0]);
OSUtils::writeFile((_homePath + ZT_PATH_SEPARATOR_S "zerotier-one.port").c_str(),std::string(portstr)); OSUtils::writeFile((_homePath + ZT_PATH_SEPARATOR_S "zerotier-one.port").c_str(),std::string(portstr));
// Attempt to bind to a secondary port chosen from our ZeroTier address. // Attempt to bind to a secondary port.
// This exists because there are buggy NATs out there that fail if more // This exists because there are buggy NATs out there that fail if more
// than one device behind the same NAT tries to use the same internal // than one device behind the same NAT tries to use the same internal
// private address port number. Buggy NATs are a running theme. // private address port number. Buggy NATs are a running theme.
//
// This used to pick the secondary port based on the node ID until we
// discovered another problem: buggy routers and malicious traffic
// "detection". A lot of routers have such things built in these days
// and mis-detect ZeroTier traffic as malicious and block it resulting
// in a node that appears to be in a coma. Secondary ports are now
// randomized on startup.
if (_allowSecondaryPort) { if (_allowSecondaryPort) {
if (_secondaryPort) { if (_secondaryPort) {
_ports[1] = _secondaryPort; _ports[1] = _secondaryPort;
} else { } else {
_ports[1] = 20000 + ((unsigned int)_node->address() % 45500); unsigned int randp = 0;
Utils::getSecureRandom(&randp,sizeof(randp));
_ports[1] = 20000 + (randp % 45500);
for(int i=0;;++i) { for(int i=0;;++i) {
if (i > 1000) { if (i > 1000) {
_ports[1] = 0; _ports[1] = 0;