From c5b9036b9ee87756caad0dd1c1ffa2ed84a3609c Mon Sep 17 00:00:00 2001 From: Erik Hollensbe Date: Mon, 18 Apr 2022 14:22:57 -0700 Subject: [PATCH] rustfmt tree Signed-off-by: Erik Hollensbe --- aes-gmac-siv/src/impl_gcrypt.rs | 9 +- aes-gmac-siv/src/impl_macos.rs | 4 +- zerotier-core-crypto/src/c25519.rs | 29 +- zerotier-core-crypto/src/hash.rs | 24 +- zerotier-core-crypto/src/hex.rs | 2 +- zerotier-core-crypto/src/kbkdf.rs | 58 ++-- zerotier-core-crypto/src/lib.rs | 12 +- zerotier-core-crypto/src/p384.rs | 37 +-- zerotier-core-crypto/src/random.rs | 18 +- zerotier-core-crypto/src/salsa.rs | 21 +- zerotier-core-crypto/src/secret.rs | 32 +- zerotier-core-crypto/src/varint.rs | 4 +- zerotier-network-hypervisor/src/error.rs | 2 +- zerotier-network-hypervisor/src/lib.rs | 2 +- .../src/networkhypervisor.rs | 14 +- .../src/util/buffer.rs | 104 ++++-- zerotier-network-hypervisor/src/util/gate.rs | 24 +- zerotier-network-hypervisor/src/util/mod.rs | 32 +- zerotier-network-hypervisor/src/util/pool.rs | 16 +- .../src/vl1/address.rs | 14 +- .../src/vl1/dictionary.rs | 44 ++- .../src/vl1/endpoint.rs | 30 +- .../src/vl1/fragmentedpacket.rs | 2 +- .../src/vl1/hybridkey.rs | 10 +- zerotier-network-hypervisor/src/vl1/mac.rs | 10 +- zerotier-network-hypervisor/src/vl1/mod.rs | 30 +- zerotier-network-hypervisor/src/vl1/node.rs | 25 +- zerotier-network-hypervisor/src/vl1/path.rs | 32 +- .../src/vl1/protocol.rs | 40 ++- .../src/vl1/symmetricsecret.rs | 16 +- .../src/vl1/whoisqueue.rs | 10 +- zerotier-network-hypervisor/src/vl2/mod.rs | 4 +- .../src/vl2/multicastgroup.rs | 16 +- zerotier-network-hypervisor/src/vl2/switch.rs | 10 +- zerotier-system-service/src/fastudpsocket.rs | 57 ++-- zerotier-system-service/src/getifaddrs.rs | 8 +- zerotier-system-service/src/localconfig.rs | 67 +--- zerotier-system-service/src/log.rs | 4 +- zerotier-system-service/src/main.rs | 124 +++---- zerotier-system-service/src/service.rs | 56 ++-- zerotier-system-service/src/store.rs | 27 +- zerotier-system-service/src/utils.rs | 84 ++--- zerotier-system-service/src/vnic/common.rs | 2 +- .../src/vnic/mac_feth_tap.rs | 309 ++++++++++-------- zerotier-system-service/src/vnic/mod.rs | 2 +- 45 files changed, 828 insertions(+), 649 deletions(-) diff --git a/aes-gmac-siv/src/impl_gcrypt.rs b/aes-gmac-siv/src/impl_gcrypt.rs index 3231f0673..678017b72 100644 --- a/aes-gmac-siv/src/impl_gcrypt.rs +++ b/aes-gmac-siv/src/impl_gcrypt.rs @@ -122,7 +122,8 @@ impl AesGmacSiv { pub fn encrypt_first_pass_finish(&mut self) { let _ = self.gmac.flush(); let _ = self.gmac.get_mac(&mut self.tmp); - unsafe { // tag[8..16] = tmp[0..8] ^ tmp[8..16] + unsafe { + // tag[8..16] = tmp[0..8] ^ tmp[8..16] let tmp = self.tmp.as_mut_ptr().cast::(); *self.tag.as_mut_ptr().cast::().offset(1) = *tmp ^ *tmp.offset(1); } @@ -158,7 +159,8 @@ impl AesGmacSiv { self.tmp[12] &= 0x7f; let _ = self.ctr.set_ctr(&self.tmp); let _ = self.ecb.decrypt_inplace(&mut self.tag); - unsafe { // tmp[0..8] = tag[0..8], tmp[8..16] = 0 + unsafe { + // tmp[0..8] = tag[0..8], tmp[8..16] = 0 let tmp = self.tmp.as_mut_ptr().cast::(); *tmp = *self.tag.as_mut_ptr().cast::(); *tmp.offset(1) = 0; @@ -203,7 +205,8 @@ impl AesGmacSiv { pub fn decrypt_finish(&mut self) -> bool { let _ = self.gmac.flush(); let _ = self.gmac.get_mac(&mut self.tmp); - unsafe { // tag[8..16] == tmp[0..8] ^ tmp[8..16] + unsafe { + // tag[8..16] == tmp[0..8] ^ tmp[8..16] let tmp = self.tmp.as_mut_ptr().cast::(); *self.tag.as_mut_ptr().cast::().offset(1) == *tmp ^ *tmp.offset(1) } diff --git a/aes-gmac-siv/src/impl_macos.rs b/aes-gmac-siv/src/impl_macos.rs index 3ebafdb87..554354d5b 100644 --- a/aes-gmac-siv/src/impl_macos.rs +++ b/aes-gmac-siv/src/impl_macos.rs @@ -8,8 +8,8 @@ // AES-GMAC-SIV implemented using MacOS/iOS CommonCrypto (MacOS 10.13 or newer required). -use std::os::raw::{c_void, c_int}; -use std::ptr::{null_mut, null}; +use std::os::raw::{c_int, c_void}; +use std::ptr::{null, null_mut}; #[allow(non_upper_case_globals)] const kCCModeECB: i32 = 1; diff --git a/zerotier-core-crypto/src/c25519.rs b/zerotier-core-crypto/src/c25519.rs index 13f02c552..32f486cb4 100644 --- a/zerotier-core-crypto/src/c25519.rs +++ b/zerotier-core-crypto/src/c25519.rs @@ -45,10 +45,14 @@ impl C25519KeyPair { } #[inline(always)] - pub fn public_bytes(&self) -> [u8; C25519_PUBLIC_KEY_SIZE] { self.1.to_bytes() } + pub fn public_bytes(&self) -> [u8; C25519_PUBLIC_KEY_SIZE] { + self.1.to_bytes() + } #[inline(always)] - pub fn secret_bytes(&self) -> Secret<{ C25519_SECRET_KEY_SIZE }> { Secret(self.0.to_bytes()) } + pub fn secret_bytes(&self) -> Secret<{ C25519_SECRET_KEY_SIZE }> { + Secret(self.0.to_bytes()) + } /// Execute ECDH agreement and return a raw (un-hashed) shared secret key. pub fn agree(&self, their_public: &[u8]) -> Secret<{ C25519_SHARED_SECRET_SIZE }> { @@ -60,7 +64,9 @@ impl C25519KeyPair { } impl Clone for C25519KeyPair { - fn clone(&self) -> Self { Self(x25519_dalek::StaticSecret::from(self.0.to_bytes()), x25519_dalek::PublicKey::from(self.1.to_bytes())) } + fn clone(&self) -> Self { + Self(x25519_dalek::StaticSecret::from(self.0.to_bytes()), x25519_dalek::PublicKey::from(self.1.to_bytes())) + } } /// Ed25519 key pair for EDDSA signatures. @@ -78,10 +84,7 @@ impl Ed25519KeyPair { let pk = ed25519_dalek::PublicKey::from_bytes(public_bytes); let sk = ed25519_dalek::SecretKey::from_bytes(secret_bytes); if pk.is_ok() && sk.is_ok() { - Some(Ed25519KeyPair(ed25519_dalek::Keypair { - public: pk.unwrap(), - secret: sk.unwrap(), - })) + Some(Ed25519KeyPair(ed25519_dalek::Keypair { public: pk.unwrap(), secret: sk.unwrap() })) } else { None } @@ -91,10 +94,14 @@ impl Ed25519KeyPair { } #[inline(always)] - pub fn public_bytes(&self) -> [u8; ED25519_PUBLIC_KEY_SIZE] { self.0.public.to_bytes() } + pub fn public_bytes(&self) -> [u8; ED25519_PUBLIC_KEY_SIZE] { + self.0.public.to_bytes() + } #[inline(always)] - pub fn secret_bytes(&self) -> Secret<{ ED25519_SECRET_KEY_SIZE }> { Secret(self.0.secret.to_bytes()) } + pub fn secret_bytes(&self) -> Secret<{ ED25519_SECRET_KEY_SIZE }> { + Secret(self.0.secret.to_bytes()) + } pub fn sign(&self, msg: &[u8]) -> [u8; ED25519_SIGNATURE_SIZE] { let mut h = ed25519_dalek::Sha512::new(); @@ -118,7 +125,9 @@ impl Ed25519KeyPair { } impl Clone for Ed25519KeyPair { - fn clone(&self) -> Self { Self(ed25519_dalek::Keypair::from_bytes(&self.0.to_bytes()).unwrap()) } + fn clone(&self) -> Self { + Self(ed25519_dalek::Keypair::from_bytes(&self.0.to_bytes()).unwrap()) + } } pub fn ed25519_verify(public_key: &[u8], signature: &[u8], msg: &[u8]) -> bool { diff --git a/zerotier-core-crypto/src/hash.rs b/zerotier-core-crypto/src/hash.rs index f9d1c047c..b8ef0e609 100644 --- a/zerotier-core-crypto/src/hash.rs +++ b/zerotier-core-crypto/src/hash.rs @@ -52,7 +52,9 @@ impl Write for SHA512 { } #[inline(always)] - fn flush(&mut self) -> std::io::Result<()> { Ok(()) } + fn flush(&mut self) -> std::io::Result<()> { + Ok(()) + } } pub struct SHA384(Option); @@ -92,7 +94,9 @@ impl Write for SHA384 { } #[inline(always)] - fn flush(&mut self) -> std::io::Result<()> { Ok(()) } + fn flush(&mut self) -> std::io::Result<()> { + Ok(()) + } } //#[link(name="crypto")] @@ -109,22 +113,18 @@ extern "C" { pub struct HMACSHA512 { ctx: *mut c_void, - evp_md: *const c_void + evp_md: *const c_void, } impl HMACSHA512 { #[inline(always)] pub fn new(key: &[u8]) -> Self { unsafe { - let hm = Self { - ctx: HMAC_CTX_new(), - evp_md: EVP_sha512() - }; + let hm = Self { ctx: HMAC_CTX_new(), evp_md: EVP_sha512() }; assert!(!hm.ctx.is_null()); assert_ne!(HMAC_Init_ex(hm.ctx, key.as_ptr().cast(), key.len() as c_int, hm.evp_md, null()), 0); hm } - } #[inline(always)] @@ -172,22 +172,18 @@ unsafe impl Send for HMACSHA512 {} pub struct HMACSHA384 { ctx: *mut c_void, - evp_md: *const c_void + evp_md: *const c_void, } impl HMACSHA384 { #[inline(always)] pub fn new(key: &[u8]) -> Self { unsafe { - let hm = Self { - ctx: HMAC_CTX_new(), - evp_md: EVP_sha384() - }; + let hm = Self { ctx: HMAC_CTX_new(), evp_md: EVP_sha384() }; assert!(!hm.ctx.is_null()); assert_ne!(HMAC_Init_ex(hm.ctx, key.as_ptr().cast(), key.len() as c_int, hm.evp_md, null()), 0); hm } - } #[inline(always)] diff --git a/zerotier-core-crypto/src/hex.rs b/zerotier-core-crypto/src/hex.rs index 7ef8c655c..d582f4418 100644 --- a/zerotier-core-crypto/src/hex.rs +++ b/zerotier-core-crypto/src/hex.rs @@ -6,7 +6,7 @@ * https://www.zerotier.com/ */ -pub const HEX_CHARS: [u8; 16] = [ b'0', b'1', b'2', b'3', b'4', b'5', b'6', b'7', b'8', b'9', b'a', b'b', b'c', b'd', b'e', b'f']; +pub const HEX_CHARS: [u8; 16] = [b'0', b'1', b'2', b'3', b'4', b'5', b'6', b'7', b'8', b'9', b'a', b'b', b'c', b'd', b'e', b'f']; /// Encode a byte slice to a hexadecimal string. pub fn to_string(b: &[u8]) -> String { diff --git a/zerotier-core-crypto/src/kbkdf.rs b/zerotier-core-crypto/src/kbkdf.rs index 4b10e3326..a51eee4cc 100644 --- a/zerotier-core-crypto/src/kbkdf.rs +++ b/zerotier-core-crypto/src/kbkdf.rs @@ -12,29 +12,43 @@ use crate::secret::Secret; // See: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-108.pdf page 12 pub fn zt_kbkdf_hmac_sha384(key: &[u8], label: u8, context: u8, iter: u32) -> Secret<48> { - Secret(crate::hash::hmac_sha384(key, &[ - (iter >> 24) as u8, - (iter >> 16) as u8, - (iter >> 8) as u8, - iter as u8, - b'Z', b'T', // can also be considered part of "label" - label, - 0, - context, - 0, 0, 0x01, 0x80 // 384 bits - ])) + Secret(crate::hash::hmac_sha384( + key, + &[ + (iter >> 24) as u8, + (iter >> 16) as u8, + (iter >> 8) as u8, + iter as u8, + b'Z', + b'T', // can also be considered part of "label" + label, + 0, + context, + 0, + 0, + 0x01, + 0x80, // 384 bits + ], + )) } pub fn zt_kbkdf_hmac_sha512(key: &[u8], label: u8, context: u8, iter: u32) -> Secret<64> { - Secret(crate::hash::hmac_sha512(key, &[ - (iter >> 24) as u8, - (iter >> 16) as u8, - (iter >> 8) as u8, - iter as u8, - b'Z', b'T', // can also be considered part of "label" - label, - 0, - context, - 0, 0, 0x01, 0x80 // 384 bits - ])) + Secret(crate::hash::hmac_sha512( + key, + &[ + (iter >> 24) as u8, + (iter >> 16) as u8, + (iter >> 8) as u8, + iter as u8, + b'Z', + b'T', // can also be considered part of "label" + label, + 0, + context, + 0, + 0, + 0x01, + 0x80, // 384 bits + ], + )) } diff --git a/zerotier-core-crypto/src/lib.rs b/zerotier-core-crypto/src/lib.rs index 59229997c..11d827702 100644 --- a/zerotier-core-crypto/src/lib.rs +++ b/zerotier-core-crypto/src/lib.rs @@ -8,13 +8,13 @@ pub mod c25519; pub mod hash; -pub mod p384; -pub mod salsa; -pub mod poly1305; -pub mod kbkdf; -pub mod random; -pub mod secret; pub mod hex; +pub mod kbkdf; +pub mod p384; +pub mod poly1305; +pub mod random; +pub mod salsa; +pub mod secret; pub mod varint; pub use aes_gmac_siv; diff --git a/zerotier-core-crypto/src/p384.rs b/zerotier-core-crypto/src/p384.rs index 35e4b88dd..016c3bd72 100644 --- a/zerotier-core-crypto/src/p384.rs +++ b/zerotier-core-crypto/src/p384.rs @@ -10,13 +10,13 @@ use std::convert::TryInto; use std::os::raw::{c_int, c_ulong, c_void}; use std::ptr::{null, write_volatile}; +use foreign_types::{ForeignType, ForeignTypeRef}; use lazy_static::lazy_static; use openssl::bn::{BigNum, BigNumContext}; use openssl::ec::{EcKey, EcPoint, EcPointRef, PointConversionForm}; use openssl::ecdsa::EcdsaSig; use openssl::nid::Nid; use openssl::pkey::{Private, Public}; -use foreign_types::{ForeignType, ForeignTypeRef}; use crate::hash::SHA384; use crate::secret::Secret; @@ -39,7 +39,7 @@ lazy_static! { #[derive(Clone)] pub struct P384PublicKey { key: EcKey, - bytes: [u8; 49] + bytes: [u8; 49], } impl P384PublicKey { @@ -50,7 +50,7 @@ impl P384PublicKey { bytes[(49 - kb.len())..].copy_from_slice(kb.as_slice()); Self { key: EcKey::from_public_key(GROUP_P384.as_ref(), key).unwrap(), - bytes + bytes, } } @@ -63,10 +63,7 @@ impl P384PublicKey { if key.is_on_curve(GROUP_P384.as_ref(), &mut bnc).unwrap_or(false) { let key = EcKey::from_public_key(GROUP_P384.as_ref(), key.as_ref()); if key.is_ok() { - return Some(Self { - key: key.unwrap(), - bytes: b.try_into().unwrap() - }); + return Some(Self { key: key.unwrap(), bytes: b.try_into().unwrap() }); } } } @@ -89,12 +86,16 @@ impl P384PublicKey { } #[inline(always)] - pub fn as_bytes(&self) -> &[u8; 49] { &self.bytes } + pub fn as_bytes(&self) -> &[u8; 49] { + &self.bytes + } } impl PartialEq for P384PublicKey { #[inline(always)] - fn eq(&self, other: &Self) -> bool { self.bytes == other.bytes } + fn eq(&self, other: &Self) -> bool { + self.bytes == other.bytes + } } unsafe impl Send for P384PublicKey {} @@ -113,10 +114,7 @@ impl P384KeyPair { let pair = EcKey::generate(GROUP_P384.as_ref()).unwrap(); // failure implies a serious problem assert!(pair.check_key().is_ok()); // also would imply a serious problem let public = P384PublicKey::new_from_point(pair.public_key()); - Self { - pair, - public, - } + Self { pair, public } } pub fn from_bytes(public_bytes: &[u8], secret_bytes: &[u8]) -> Option { @@ -127,10 +125,7 @@ impl P384KeyPair { if pair.is_ok() { let pair = pair.unwrap(); if pair.check_key().is_ok() { - Some(Self { - pair, - public - }) + Some(Self { pair, public }) } else { None } @@ -145,10 +140,14 @@ impl P384KeyPair { } #[inline(always)] - pub fn public_key(&self) -> &P384PublicKey { &self.public } + pub fn public_key(&self) -> &P384PublicKey { + &self.public + } #[inline(always)] - pub fn public_key_bytes(&self) -> &[u8; P384_PUBLIC_KEY_SIZE] { &self.public.bytes } + pub fn public_key_bytes(&self) -> &[u8; P384_PUBLIC_KEY_SIZE] { + &self.public.bytes + } pub fn secret_key_bytes(&self) -> Secret { let mut tmp: Secret = Secret::default(); diff --git a/zerotier-core-crypto/src/random.rs b/zerotier-core-crypto/src/random.rs index a1496bb8f..3d6b7ca6c 100644 --- a/zerotier-core-crypto/src/random.rs +++ b/zerotier-core-crypto/src/random.rs @@ -6,8 +6,8 @@ * https://www.zerotier.com/ */ -use std::mem::MaybeUninit; use openssl::rand::rand_bytes; +use std::mem::MaybeUninit; pub struct SecureRandom; @@ -43,18 +43,26 @@ pub fn get_bytes_secure() -> [u8; COUNT] { impl SecureRandom { #[inline(always)] - pub fn get() -> Self { Self } + pub fn get() -> Self { + Self + } } impl rand_core::RngCore for SecureRandom { #[inline(always)] - fn next_u32(&mut self) -> u32 { next_u32_secure() } + fn next_u32(&mut self) -> u32 { + next_u32_secure() + } #[inline(always)] - fn next_u64(&mut self) -> u64 { next_u64_secure() } + fn next_u64(&mut self) -> u64 { + next_u64_secure() + } #[inline(always)] - fn fill_bytes(&mut self, dest: &mut [u8]) { fill_bytes_secure(dest); } + fn fill_bytes(&mut self, dest: &mut [u8]) { + fill_bytes_secure(dest); + } #[inline(always)] fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), rand_core::Error> { diff --git a/zerotier-core-crypto/src/salsa.rs b/zerotier-core-crypto/src/salsa.rs index b27d1e64c..b0a7ace8e 100644 --- a/zerotier-core-crypto/src/salsa.rs +++ b/zerotier-core-crypto/src/salsa.rs @@ -9,7 +9,7 @@ use std::convert::TryInto; use std::ptr::{slice_from_raw_parts, slice_from_raw_parts_mut}; -const CONSTANTS: [u32; 4] = [ u32::from_le_bytes(*b"expa"), u32::from_le_bytes(*b"nd 3"), u32::from_le_bytes(*b"2-by"), u32::from_le_bytes(*b"te k") ]; +const CONSTANTS: [u32; 4] = [u32::from_le_bytes(*b"expa"), u32::from_le_bytes(*b"nd 3"), u32::from_le_bytes(*b"2-by"), u32::from_le_bytes(*b"te k")]; /// Salsa stream cipher implementation supporting 8, 12, or 20 rounds. /// @@ -19,7 +19,7 @@ const CONSTANTS: [u32; 4] = [ u32::from_le_bytes(*b"expa"), u32::from_le_bytes(* /// transport encryption in ZeroTier anyway, but is still used to derive addresses from /// identity public keys. pub struct Salsa { - state: [u32; 16] + state: [u32; 16], } impl Salsa { @@ -45,13 +45,14 @@ impl Salsa { u32::from_le_bytes((&key[20..24]).try_into().unwrap()), u32::from_le_bytes((&key[24..28]).try_into().unwrap()), u32::from_le_bytes((&key[28..32]).try_into().unwrap()), - CONSTANTS[3] - ] + CONSTANTS[3], + ], } } pub fn crypt(&mut self, mut plaintext: &[u8], mut ciphertext: &mut [u8]) { - let (j0, j1, j2, j3, j4, j5, j6, j7, mut j8, mut j9, j10, j11, j12, j13, j14, j15) = (self.state[0], self.state[1], self.state[2], self.state[3], self.state[4], self.state[5], self.state[6], self.state[7], self.state[8], self.state[9], self.state[10], self.state[11], self.state[12], self.state[13], self.state[14], self.state[15]); + let (j0, j1, j2, j3, j4, j5, j6, j7, mut j8, mut j9, j10, j11, j12, j13, j14, j15) = + (self.state[0], self.state[1], self.state[2], self.state[3], self.state[4], self.state[5], self.state[6], self.state[7], self.state[8], self.state[9], self.state[10], self.state[11], self.state[12], self.state[13], self.state[14], self.state[15]); loop { let (mut x0, mut x1, mut x2, mut x3, mut x4, mut x5, mut x6, mut x7, mut x8, mut x9, mut x10, mut x11, mut x12, mut x13, mut x14, mut x15) = (j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15); @@ -108,7 +109,8 @@ impl Salsa { x15 = x15.wrapping_add(j15); if plaintext.len() >= 64 { - #[cfg(any(target_arch = "x86", target_arch = "x86_64", target_arch = "aarch64"))] { + #[cfg(any(target_arch = "x86", target_arch = "x86_64", target_arch = "aarch64"))] + { // Slightly faster keystream XOR for little-endian platforms with unaligned load/store. unsafe { *ciphertext.as_mut_ptr().cast::() = *plaintext.as_ptr().cast::() ^ x0; @@ -129,7 +131,8 @@ impl Salsa { *ciphertext.as_mut_ptr().cast::().add(15) = *plaintext.as_ptr().cast::().add(15) ^ x15; } } - #[cfg(not(any(target_arch = "x86", target_arch = "x86_64", target_arch = "aarch64")))] { + #[cfg(not(any(target_arch = "x86", target_arch = "x86_64", target_arch = "aarch64")))] + { // Portable keystream XOR with alignment-safe access and native to little-endian conversion. ciphertext[0..4].copy_from_slice(&(u32::from_ne_bytes(unsafe { *plaintext.as_ptr().cast::<[u8; 4]>() }) ^ x0.to_le()).to_ne_bytes()); ciphertext[4..8].copy_from_slice(&(u32::from_ne_bytes(unsafe { *plaintext.as_ptr().add(4).cast::<[u8; 4]>() }) ^ x1.to_le()).to_ne_bytes()); @@ -171,8 +174,6 @@ impl Salsa { #[inline(always)] pub fn crypt_in_place(&mut self, data: &mut [u8]) { - unsafe { - self.crypt(&*slice_from_raw_parts(data.as_ptr(), data.len()), &mut *slice_from_raw_parts_mut(data.as_mut_ptr(), data.len())) - } + unsafe { self.crypt(&*slice_from_raw_parts(data.as_ptr(), data.len()), &mut *slice_from_raw_parts_mut(data.as_mut_ptr(), data.len())) } } } diff --git a/zerotier-core-crypto/src/secret.rs b/zerotier-core-crypto/src/secret.rs index abf70229a..ac5329653 100644 --- a/zerotier-core-crypto/src/secret.rs +++ b/zerotier-core-crypto/src/secret.rs @@ -24,14 +24,20 @@ pub struct Secret(pub [u8; L]); impl Secret { #[inline(always)] - pub fn new() -> Self { Self([0_u8; L]) } + pub fn new() -> Self { + Self([0_u8; L]) + } /// Copy bytes into secret, will panic if size does not match. #[inline(always)] - pub fn from_bytes(b: &[u8]) -> Self { Self(b.try_into().unwrap()) } + pub fn from_bytes(b: &[u8]) -> Self { + Self(b.try_into().unwrap()) + } #[inline(always)] - pub fn as_bytes(&self) -> &[u8; L] { return &self.0 } + pub fn as_bytes(&self) -> &[u8; L] { + return &self.0; + } /// Get a clone of the first N bytes of this secret. #[inline(always)] @@ -54,25 +60,35 @@ impl Drop for Secret { impl Default for Secret { #[inline(always)] - fn default() -> Self { Self([0_u8; L]) } + fn default() -> Self { + Self([0_u8; L]) + } } impl AsRef<[u8]> for Secret { #[inline(always)] - fn as_ref(&self) -> &[u8] { &self.0 } + fn as_ref(&self) -> &[u8] { + &self.0 + } } impl AsRef<[u8; L]> for Secret { #[inline(always)] - fn as_ref(&self) -> &[u8; L] { &self.0 } + fn as_ref(&self) -> &[u8; L] { + &self.0 + } } impl AsMut<[u8]> for Secret { #[inline(always)] - fn as_mut(&mut self) -> &mut [u8] { &mut self.0 } + fn as_mut(&mut self) -> &mut [u8] { + &mut self.0 + } } impl AsMut<[u8; L]> for Secret { #[inline(always)] - fn as_mut(&mut self) -> &mut [u8; L] { &mut self.0 } + fn as_mut(&mut self) -> &mut [u8; L] { + &mut self.0 + } } diff --git a/zerotier-core-crypto/src/varint.rs b/zerotier-core-crypto/src/varint.rs index d1076c33d..09bb2ecda 100644 --- a/zerotier-core-crypto/src/varint.rs +++ b/zerotier-core-crypto/src/varint.rs @@ -73,7 +73,9 @@ impl Encoded { impl AsRef<[u8]> for Encoded { #[inline(always)] - fn as_ref(&self) -> &[u8] { &self.0[0..(self.1 as usize)] } + fn as_ref(&self) -> &[u8] { + &self.0[0..(self.1 as usize)] + } } #[cfg(test)] diff --git a/zerotier-network-hypervisor/src/error.rs b/zerotier-network-hypervisor/src/error.rs index 3c79e3596..1e93f68a5 100644 --- a/zerotier-network-hypervisor/src/error.rs +++ b/zerotier-network-hypervisor/src/error.rs @@ -7,7 +7,7 @@ */ use std::error::Error; -use std::fmt::{Display, Debug}; +use std::fmt::{Debug, Display}; pub struct InvalidFormatError; diff --git a/zerotier-network-hypervisor/src/lib.rs b/zerotier-network-hypervisor/src/lib.rs index 0933e2aaf..1f3d9b489 100644 --- a/zerotier-network-hypervisor/src/lib.rs +++ b/zerotier-network-hypervisor/src/lib.rs @@ -13,8 +13,8 @@ pub const VERSION_MAJOR: u8 = 1; pub const VERSION_MINOR: u8 = 99; pub const VERSION_REVISION: u8 = 1; -pub mod util; pub mod error; +pub mod util; pub mod vl1; pub mod vl2; diff --git a/zerotier-network-hypervisor/src/networkhypervisor.rs b/zerotier-network-hypervisor/src/networkhypervisor.rs index 1001d4851..c7d4a4984 100644 --- a/zerotier-network-hypervisor/src/networkhypervisor.rs +++ b/zerotier-network-hypervisor/src/networkhypervisor.rs @@ -10,7 +10,7 @@ use std::num::NonZeroI64; use std::time::Duration; use crate::error::InvalidParameterError; -use crate::vl1::{Address, Identity, Endpoint, SystemInterface, Node}; +use crate::vl1::{Address, Endpoint, Identity, Node, SystemInterface}; use crate::vl2::{Switch, SwitchInterface}; use crate::PacketBuffer; @@ -33,13 +33,19 @@ impl NetworkHypervisor { /// /// The returned object is a Pooled> instance. The buffer is returned to the pool when the container is destroyed. #[inline(always)] - pub fn get_packet_buffer(&self) -> PacketBuffer { self.vl1.get_packet_buffer() } + pub fn get_packet_buffer(&self) -> PacketBuffer { + self.vl1.get_packet_buffer() + } #[inline(always)] - pub fn address(&self) -> Address { self.vl1.identity.address } + pub fn address(&self) -> Address { + self.vl1.identity.address + } #[inline(always)] - pub fn identity(&self) -> &Identity { &self.vl1.identity } + pub fn identity(&self) -> &Identity { + &self.vl1.identity + } pub fn do_background_tasks(&self, ii: &I) -> Duration { self.vl1.do_background_tasks(ii) diff --git a/zerotier-network-hypervisor/src/util/buffer.rs b/zerotier-network-hypervisor/src/util/buffer.rs index 11fce577b..d92199a32 100644 --- a/zerotier-network-hypervisor/src/util/buffer.rs +++ b/zerotier-network-hypervisor/src/util/buffer.rs @@ -6,9 +6,9 @@ * https://www.zerotier.com/ */ -use std::io::Write; -use std::mem::{MaybeUninit, size_of}; use crate::util::{array_range, array_range_mut}; +use std::io::Write; +use std::mem::{size_of, MaybeUninit}; use crate::util::pool::PoolFactory; @@ -27,7 +27,9 @@ unsafe impl RawObject for Buffer {} impl Default for Buffer { #[inline(always)] - fn default() -> Self { Self(0, [0_u8; L]) } + fn default() -> Self { + Self(0, [0_u8; L]) + } } const OVERFLOW_ERR_MSG: &'static str = "overflow"; @@ -35,14 +37,20 @@ const OVERFLOW_ERR_MSG: &'static str = "overflow"; impl Buffer { pub const CAPACITY: usize = L; - pub const fn capacity(&self) -> usize { L } + pub const fn capacity(&self) -> usize { + L + } #[inline(always)] - pub fn new() -> Self { Self(0, [0_u8; L]) } + pub fn new() -> Self { + Self(0, [0_u8; L]) + } /// Create an empty buffer without zeroing its memory (saving a bit of CPU). #[inline(always)] - pub unsafe fn new_without_memzero() -> Self { Self(0, MaybeUninit::uninit().assume_init()) } + pub unsafe fn new_without_memzero() -> Self { + Self(0, MaybeUninit::uninit().assume_init()) + } #[inline(always)] pub fn from_bytes(b: &[u8]) -> std::io::Result { @@ -58,22 +66,34 @@ impl Buffer { } #[inline(always)] - pub fn as_bytes(&self) -> &[u8] { &self.1[0..self.0] } + pub fn as_bytes(&self) -> &[u8] { + &self.1[0..self.0] + } #[inline(always)] - pub fn as_bytes_mut(&mut self) -> &mut [u8] { &mut self.1[0..self.0] } + pub fn as_bytes_mut(&mut self) -> &mut [u8] { + &mut self.1[0..self.0] + } #[inline(always)] - pub fn as_range_fixed(&self) -> &[u8; LEN] { array_range::(&self.1) } + pub fn as_range_fixed(&self) -> &[u8; LEN] { + array_range::(&self.1) + } #[inline(always)] - pub fn as_ptr(&self) -> *const u8 { self.1.as_ptr() } + pub fn as_ptr(&self) -> *const u8 { + self.1.as_ptr() + } #[inline(always)] - pub fn as_mut_ptr(&mut self) -> *mut u8 { self.1.as_mut_ptr() } + pub fn as_mut_ptr(&mut self) -> *mut u8 { + self.1.as_mut_ptr() + } #[inline(always)] - pub fn as_mut_range_fixed(&mut self) -> &mut [u8; LEN] { array_range_mut::(&mut self.1) } + pub fn as_mut_range_fixed(&mut self) -> &mut [u8; LEN] { + array_range_mut::(&mut self.1) + } /// Get all bytes after a given position. #[inline(always)] @@ -106,10 +126,14 @@ impl Buffer { } #[inline(always)] - pub fn len(&self) -> usize { self.0 } + pub fn len(&self) -> usize { + self.0 + } #[inline(always)] - pub fn is_empty(&self) -> bool { self.0 == 0 } + pub fn is_empty(&self) -> bool { + self.0 == 0 + } /// Set the size of this buffer's data. /// @@ -127,10 +151,14 @@ impl Buffer { } #[inline(always)] - pub unsafe fn set_size_unchecked(&mut self, s: usize) { self.0 = s; } + pub unsafe fn set_size_unchecked(&mut self, s: usize) { + self.0 = s; + } #[inline(always)] - pub unsafe fn get_unchecked(&self, i: usize) -> u8 { *self.1.get_unchecked(i) } + pub unsafe fn get_unchecked(&self, i: usize) -> u8 { + *self.1.get_unchecked(i) + } /// Append a structure and return a mutable reference to its memory. #[inline(always)] @@ -314,9 +342,7 @@ impl Buffer { #[inline(always)] pub fn struct_at(&self, ptr: usize) -> std::io::Result<&T> { if (ptr + size_of::()) <= self.0 { - unsafe { - Ok(&*self.1.as_ptr().cast::().offset(ptr as isize).cast::()) - } + unsafe { Ok(&*self.1.as_ptr().cast::().offset(ptr as isize).cast::()) } } else { Err(std::io::Error::new(std::io::ErrorKind::UnexpectedEof, OVERFLOW_ERR_MSG)) } @@ -326,9 +352,7 @@ impl Buffer { #[inline(always)] pub fn struct_mut_at(&mut self, ptr: usize) -> std::io::Result<&mut T> { if (ptr + size_of::()) <= self.0 { - unsafe { - Ok(&mut *self.1.as_mut_ptr().cast::().offset(ptr as isize).cast::()) - } + unsafe { Ok(&mut *self.1.as_mut_ptr().cast::().offset(ptr as isize).cast::()) } } else { Err(std::io::Error::new(std::io::ErrorKind::UnexpectedEof, OVERFLOW_ERR_MSG)) } @@ -351,9 +375,7 @@ impl Buffer { debug_assert!(end <= L); if end <= self.0 { *cursor = end; - unsafe { - Ok(&*self.1.as_ptr().cast::().offset(ptr as isize).cast::()) - } + unsafe { Ok(&*self.1.as_ptr().cast::().offset(ptr as isize).cast::()) } } else { Err(std::io::Error::new(std::io::ErrorKind::UnexpectedEof, OVERFLOW_ERR_MSG)) } @@ -366,9 +388,7 @@ impl Buffer { debug_assert!(end <= L); if end <= self.0 { *cursor = end; - unsafe { - Ok(&*self.1.as_ptr().cast::().offset(ptr as isize).cast::<[u8; S]>()) - } + unsafe { Ok(&*self.1.as_ptr().cast::().offset(ptr as isize).cast::<[u8; S]>()) } } else { Err(std::io::Error::new(std::io::ErrorKind::UnexpectedEof, OVERFLOW_ERR_MSG)) } @@ -501,7 +521,9 @@ impl Buffer { impl PartialEq for Buffer { #[inline(always)] - fn eq(&self, other: &Self) -> bool { self.1[0..self.0].eq(&other.1[0..other.0]) } + fn eq(&self, other: &Self) -> bool { + self.1[0..self.0].eq(&other.1[0..other.0]) + } } impl Eq for Buffer {} @@ -521,30 +543,42 @@ impl Write for Buffer { } #[inline(always)] - fn flush(&mut self) -> std::io::Result<()> { Ok(()) } + fn flush(&mut self) -> std::io::Result<()> { + Ok(()) + } } impl AsRef<[u8]> for Buffer { #[inline(always)] - fn as_ref(&self) -> &[u8] { self.as_bytes() } + fn as_ref(&self) -> &[u8] { + self.as_bytes() + } } impl AsMut<[u8]> for Buffer { #[inline(always)] - fn as_mut(&mut self) -> &mut [u8] { self.as_bytes_mut() } + fn as_mut(&mut self) -> &mut [u8] { + self.as_bytes_mut() + } } pub struct PooledBufferFactory; impl PooledBufferFactory { #[inline(always)] - pub fn new() -> Self { Self{} } + pub fn new() -> Self { + Self {} + } } impl PoolFactory> for PooledBufferFactory { #[inline(always)] - fn create(&self) -> Buffer { Buffer::new() } + fn create(&self) -> Buffer { + Buffer::new() + } #[inline(always)] - fn reset(&self, obj: &mut Buffer) { obj.clear(); } + fn reset(&self, obj: &mut Buffer) { + obj.clear(); + } } diff --git a/zerotier-network-hypervisor/src/util/gate.rs b/zerotier-network-hypervisor/src/util/gate.rs index a5545d831..af5f1a1d9 100644 --- a/zerotier-network-hypervisor/src/util/gate.rs +++ b/zerotier-network-hypervisor/src/util/gate.rs @@ -14,15 +14,21 @@ pub struct IntervalGate(i64); impl Default for IntervalGate { #[inline(always)] - fn default() -> Self { Self(0) } + fn default() -> Self { + Self(0) + } } impl IntervalGate { #[inline(always)] - pub fn new(initial_ts: i64) -> Self { Self(initial_ts) } + pub fn new(initial_ts: i64) -> Self { + Self(initial_ts) + } #[inline(always)] - pub fn reset(&mut self) { self.0 = 0; } + pub fn reset(&mut self) { + self.0 = 0; + } #[inline(always)] pub fn gate(&mut self, time: i64) -> bool { @@ -41,15 +47,21 @@ pub struct AtomicIntervalGate(AtomicI64); impl Default for AtomicIntervalGate { #[inline(always)] - fn default() -> Self { Self(AtomicI64::new(0)) } + fn default() -> Self { + Self(AtomicI64::new(0)) + } } impl AtomicIntervalGate { #[inline(always)] - pub fn new(initial_ts: i64) -> Self { Self(AtomicI64::new(initial_ts)) } + pub fn new(initial_ts: i64) -> Self { + Self(AtomicI64::new(initial_ts)) + } #[inline(always)] - pub fn reset(&self) { self.0.store(0, Ordering::Relaxed); } + pub fn reset(&self) { + self.0.store(0, Ordering::Relaxed); + } #[inline(always)] pub fn gate(&self, mut time: i64) -> bool { diff --git a/zerotier-network-hypervisor/src/util/mod.rs b/zerotier-network-hypervisor/src/util/mod.rs index 721bdcda6..d18a656a0 100644 --- a/zerotier-network-hypervisor/src/util/mod.rs +++ b/zerotier-network-hypervisor/src/util/mod.rs @@ -6,9 +6,9 @@ * https://www.zerotier.com/ */ -pub(crate) mod pool; -pub(crate) mod gate; pub mod buffer; +pub(crate) mod gate; +pub(crate) mod pool; pub use zerotier_core_crypto::hex; pub use zerotier_core_crypto::varint; @@ -31,7 +31,9 @@ pub(crate) fn array_range_mut &[u8; 8] { unsafe { &*(i as *const u64).cast() } } +pub(crate) fn u64_as_bytes(i: &u64) -> &[u8; 8] { + unsafe { &*(i as *const u64).cast() } +} lazy_static! { static ref HIGHWAYHASHER_KEY: [u64; 4] = [zerotier_core_crypto::random::next_u64_secure(), zerotier_core_crypto::random::next_u64_secure(), zerotier_core_crypto::random::next_u64_secure(), zerotier_core_crypto::random::next_u64_secure()]; @@ -40,7 +42,9 @@ lazy_static! { /// Get an instance of HighwayHasher initialized with a secret per-process random salt. /// The random salt is generated at process start and so will differ for each invocation of whatever process this is inside. #[inline(always)] -pub(crate) fn highwayhasher() -> highway::HighwayHasher { highway::HighwayHasher::new(highway::Key(HIGHWAYHASHER_KEY.clone())) } +pub(crate) fn highwayhasher() -> highway::HighwayHasher { + highway::HighwayHasher::new(highway::Key(HIGHWAYHASHER_KEY.clone())) +} /// Non-cryptographic 64-bit bit mixer for things like local hashing. #[inline(always)] @@ -59,12 +63,16 @@ pub(crate) struct U64NoOpHasher(u64); impl U64NoOpHasher { #[inline(always)] - pub fn new() -> Self { Self(0) } + pub fn new() -> Self { + Self(0) + } } impl std::hash::Hasher for U64NoOpHasher { #[inline(always)] - fn finish(&self) -> u64 { self.0 } + fn finish(&self) -> u64 { + self.0 + } #[inline(always)] fn write(&mut self, _: &[u8]) { @@ -72,15 +80,21 @@ impl std::hash::Hasher for U64NoOpHasher { } #[inline(always)] - fn write_u64(&mut self, i: u64) { self.0 += i; } + fn write_u64(&mut self, i: u64) { + self.0 += i; + } #[inline(always)] - fn write_i64(&mut self, i: i64) { self.0 += i as u64; } + fn write_i64(&mut self, i: i64) { + self.0 += i as u64; + } } impl std::hash::BuildHasher for U64NoOpHasher { type Hasher = Self; #[inline(always)] - fn build_hasher(&self) -> Self::Hasher { Self(0) } + fn build_hasher(&self) -> Self::Hasher { + Self(0) + } } diff --git a/zerotier-network-hypervisor/src/util/pool.rs b/zerotier-network-hypervisor/src/util/pool.rs index 8b75c7180..28729e6ef 100644 --- a/zerotier-network-hypervisor/src/util/pool.rs +++ b/zerotier-network-hypervisor/src/util/pool.rs @@ -129,13 +129,11 @@ impl> Pool { #[inline(always)] pub fn get(&self) -> Pooled { //let _ = self.0.outstanding_count.fetch_add(1, Ordering::Acquire); - Pooled::(self.0.pool.lock().pop().unwrap_or_else(|| { - unsafe { - NonNull::new_unchecked(Box::into_raw(Box::new(PoolEntry:: { - obj: self.0.factory.create(), - return_pool: Arc::downgrade(&self.0), - }))) - } + Pooled::(self.0.pool.lock().pop().unwrap_or_else(|| unsafe { + NonNull::new_unchecked(Box::into_raw(Box::new(PoolEntry:: { + obj: self.0.factory.create(), + return_pool: Arc::downgrade(&self.0), + }))) })) } @@ -169,8 +167,8 @@ unsafe impl> Send for Pool {} #[cfg(test)] mod tests { - use std::sync::Arc; use std::sync::atomic::{AtomicUsize, Ordering}; + use std::sync::Arc; use std::time::Duration; use crate::util::pool::*; @@ -189,7 +187,7 @@ mod tests { #[test] fn threaded_pool_use() { - let p: Arc> = Arc::new(Pool::new(2, TestPoolFactory{})); + let p: Arc> = Arc::new(Pool::new(2, TestPoolFactory {})); let ctr = Arc::new(AtomicUsize::new(0)); for _ in 0..64 { let p2 = p.clone(); diff --git a/zerotier-network-hypervisor/src/vl1/address.rs b/zerotier-network-hypervisor/src/vl1/address.rs index 60c7936a3..608f9bf41 100644 --- a/zerotier-network-hypervisor/src/vl1/address.rs +++ b/zerotier-network-hypervisor/src/vl1/address.rs @@ -11,8 +11,8 @@ use std::num::NonZeroU64; use std::str::FromStr; use crate::error::InvalidFormatError; -use crate::util::hex::HEX_CHARS; use crate::util::buffer::Buffer; +use crate::util::hex::HEX_CHARS; use crate::vl1::protocol::{ADDRESS_RESERVED_PREFIX, ADDRESS_SIZE}; #[derive(Clone, Copy, PartialEq, Eq, PartialOrd, Ord)] @@ -24,13 +24,7 @@ impl Address { #[inline(always)] pub fn from_u64(mut i: u64) -> Option
{ i &= 0xffffffffff; - NonZeroU64::new(i).and_then(|ii| { - if (i >> 32) != ADDRESS_RESERVED_PREFIX as u64 { - Some(Address(ii)) - } else { - None - } - }) + NonZeroU64::new(i).and_then(|ii| if (i >> 32) != ADDRESS_RESERVED_PREFIX as u64 { Some(Address(ii)) } else { None }) } #[inline(always)] @@ -54,7 +48,9 @@ impl Address { } #[inline(always)] - pub fn to_u64(&self) -> u64 { self.0.get() } + pub fn to_u64(&self) -> u64 { + self.0.get() + } #[inline(always)] pub(crate) fn marshal(&self, buf: &mut Buffer) -> std::io::Result<()> { diff --git a/zerotier-network-hypervisor/src/vl1/dictionary.rs b/zerotier-network-hypervisor/src/vl1/dictionary.rs index ab8592951..c10f1bdc7 100644 --- a/zerotier-network-hypervisor/src/vl1/dictionary.rs +++ b/zerotier-network-hypervisor/src/vl1/dictionary.rs @@ -25,12 +25,24 @@ fn write_escaped(b: &[u8], w: &mut W) -> std::io::Result<()> { while i < l { let ii = i + 1; match b[i] { - 0 => { w.write_all(&[b'\\', b'0'])?; } - b'\n' => { w.write_all(&[b'\\', b'n'])?; } - b'\r' => { w.write_all(&[b'\\', b'r'])?; } - b'=' => { w.write_all(&[b'\\', b'e'])?; } - b'\\' => { w.write_all(&[b'\\', b'\\'])?; } - _ => { w.write_all(&b[i..ii])?; } + 0 => { + w.write_all(&[b'\\', b'0'])?; + } + b'\n' => { + w.write_all(&[b'\\', b'n'])?; + } + b'\r' => { + w.write_all(&[b'\\', b'r'])?; + } + b'=' => { + w.write_all(&[b'\\', b'e'])?; + } + b'\\' => { + w.write_all(&[b'\\', b'\\'])?; + } + _ => { + w.write_all(&b[i..ii])?; + } } i = ii; } @@ -52,15 +64,23 @@ fn append_printable(s: &mut String, b: &[u8]) { } impl Dictionary { - pub fn new() -> Self { Self(BTreeMap::new()) } + pub fn new() -> Self { + Self(BTreeMap::new()) + } - pub fn clear(&mut self) { self.0.clear() } + pub fn clear(&mut self) { + self.0.clear() + } #[inline(always)] - pub fn len(&self) -> usize { self.0.len() } + pub fn len(&self) -> usize { + self.0.len() + } #[inline(always)] - pub fn is_empty(&self) -> bool { self.0.is_empty() } + pub fn is_empty(&self) -> bool { + self.0.is_empty() + } pub fn get_str(&self, k: &str) -> Option<&str> { self.0.get(k).map_or(None, |v| std::str::from_utf8(v.as_slice()).map_or(None, |s| Some(s))) @@ -131,7 +151,7 @@ impl Dictionary { b'0' => 0, b'n' => b'\n', b'r' => b'\r', - _ => c // =, \, and escapes before other characters are unnecessary but not errors + _ => c, // =, \, and escapes before other characters are unnecessary but not errors }); } else if c == b'\\' { escape = true; @@ -187,7 +207,7 @@ mod tests { let mut d = Dictionary::new(); d.set_str("foo", "bar"); d.set_u64("bar", 0xfeedcafebabebeef); - d.set_bytes("baz", vec![1,2,3,4,5,6,7,8,9]); + d.set_bytes("baz", vec![1, 2, 3, 4, 5, 6, 7, 8, 9]); d.set_bool("lala", true); d.set_bool("haha", false); let bytes = d.to_bytes(); diff --git a/zerotier-network-hypervisor/src/vl1/endpoint.rs b/zerotier-network-hypervisor/src/vl1/endpoint.rs index db7ad727f..75a28cc7d 100644 --- a/zerotier-network-hypervisor/src/vl1/endpoint.rs +++ b/zerotier-network-hypervisor/src/vl1/endpoint.rs @@ -11,9 +11,9 @@ use std::hash::{Hash, Hasher}; use zerotier_core_crypto::hash::SHA384_HASH_SIZE; -use crate::vl1::{Address, MAC}; -use crate::vl1::inetaddress::InetAddress; use crate::util::buffer::Buffer; +use crate::vl1::inetaddress::InetAddress; +use crate::vl1::{Address, MAC}; pub const TYPE_NIL: u8 = 0; pub const TYPE_ZEROTIER: u8 = 1; @@ -70,7 +70,9 @@ pub enum Endpoint { impl Default for Endpoint { #[inline(always)] - fn default() -> Endpoint { Endpoint::Nil } + fn default() -> Endpoint { + Endpoint::Nil + } } impl Endpoint { @@ -81,7 +83,7 @@ impl Endpoint { Endpoint::Ip(ip) => Some((&ip, TYPE_IP)), Endpoint::IpUdp(ip) => Some((&ip, TYPE_IPUDP)), Endpoint::IpTcp(ip) => Some((&ip, TYPE_IPTCP)), - _ => None + _ => None, } } @@ -102,7 +104,9 @@ impl Endpoint { } #[inline(always)] - pub fn is_nil(&self) -> bool { matches!(self, Endpoint::Nil) } + pub fn is_nil(&self) -> bool { + matches!(self, Endpoint::Nil) + } #[inline(always)] pub fn to_bytes(&self) -> Vec { @@ -113,9 +117,7 @@ impl Endpoint { pub fn marshal(&self, buf: &mut Buffer) -> std::io::Result<()> { match self { - Endpoint::Nil => { - buf.append_u8(TYPE_NIL) - } + Endpoint::Nil => buf.append_u8(TYPE_NIL), Endpoint::ZeroTier(a, h) => { buf.append_u8(16 + TYPE_ZEROTIER)?; buf.append_bytes_fixed(&a.to_bytes())?; @@ -201,7 +203,7 @@ impl Endpoint { } else { Err(std::io::Error::new(std::io::ErrorKind::InvalidData, "invalid ZeroTier address")) } - }, + } TYPE_ETHERNET => Ok(Endpoint::Ethernet(read_mac(buf, cursor)?)), TYPE_WIFIDIRECT => Ok(Endpoint::WifiDirect(read_mac(buf, cursor)?)), TYPE_BLUETOOTH => Ok(Endpoint::Bluetooth(read_mac(buf, cursor)?)), @@ -218,8 +220,8 @@ impl Endpoint { } else { Err(std::io::Error::new(std::io::ErrorKind::InvalidData, "invalid ZeroTier address")) } - }, - _ => Err(std::io::Error::new(std::io::ErrorKind::InvalidData, "unrecognized endpoint type in stream")) + } + _ => Err(std::io::Error::new(std::io::ErrorKind::InvalidData, "unrecognized endpoint type in stream")), } } } @@ -290,14 +292,16 @@ impl Ord for Endpoint { (Endpoint::Http(a), Endpoint::Http(b)) => a.cmp(b), (Endpoint::WebRTC(a), Endpoint::WebRTC(b)) => a.cmp(b), (Endpoint::ZeroTierEncap(a, ah), Endpoint::ZeroTierEncap(b, bh)) => a.cmp(b).then_with(|| ah.cmp(bh)), - _ => self.type_id().cmp(&other.type_id()) + _ => self.type_id().cmp(&other.type_id()), } } } impl PartialOrd for Endpoint { #[inline(always)] - fn partial_cmp(&self, other: &Self) -> Option { Some(self.cmp(other)) } + fn partial_cmp(&self, other: &Self) -> Option { + Some(self.cmp(other)) + } } impl ToString for Endpoint { diff --git a/zerotier-network-hypervisor/src/vl1/fragmentedpacket.rs b/zerotier-network-hypervisor/src/vl1/fragmentedpacket.rs index 06280bafc..3787eba89 100644 --- a/zerotier-network-hypervisor/src/vl1/fragmentedpacket.rs +++ b/zerotier-network-hypervisor/src/vl1/fragmentedpacket.rs @@ -6,8 +6,8 @@ * https://www.zerotier.com/ */ -use crate::PacketBuffer; use crate::vl1::protocol::*; +use crate::PacketBuffer; /// Packet fragment re-assembler and container. /// diff --git a/zerotier-network-hypervisor/src/vl1/hybridkey.rs b/zerotier-network-hypervisor/src/vl1/hybridkey.rs index 96a333d27..06fbf1d30 100644 --- a/zerotier-network-hypervisor/src/vl1/hybridkey.rs +++ b/zerotier-network-hypervisor/src/vl1/hybridkey.rs @@ -8,9 +8,9 @@ use std::io::Write; -use zerotier_core_crypto::c25519::{C25519_PUBLIC_KEY_SIZE, C25519KeyPair}; +use zerotier_core_crypto::c25519::{C25519KeyPair, C25519_PUBLIC_KEY_SIZE}; use zerotier_core_crypto::hash::{hmac_sha512, SHA512}; -use zerotier_core_crypto::p384::{P384_PUBLIC_KEY_SIZE, P384KeyPair, P384PublicKey}; +use zerotier_core_crypto::p384::{P384KeyPair, P384PublicKey, P384_PUBLIC_KEY_SIZE}; use zerotier_core_crypto::secret::Secret; pub const ALGORITHM_C25519: u8 = 0x01; @@ -22,14 +22,14 @@ pub const ALGORITHM_ECC_NIST_P384: u8 = 0x02; #[derive(Clone)] pub struct HybridKeyPair { pub c25519: C25519KeyPair, - pub p384: P384KeyPair + pub p384: P384KeyPair, } impl HybridKeyPair { pub fn generate() -> HybridKeyPair { Self { c25519: C25519KeyPair::generate(), - p384: P384KeyPair::generate() + p384: P384KeyPair::generate(), } } @@ -77,7 +77,7 @@ unsafe impl Send for HybridKeyPair {} #[derive(Clone)] pub struct HybridPublicKey { pub c25519: Option<[u8; C25519_PUBLIC_KEY_SIZE]>, - pub p384: Option + pub p384: Option, } impl HybridPublicKey { diff --git a/zerotier-network-hypervisor/src/vl1/mac.rs b/zerotier-network-hypervisor/src/vl1/mac.rs index 9043278cc..dae8a5b26 100644 --- a/zerotier-network-hypervisor/src/vl1/mac.rs +++ b/zerotier-network-hypervisor/src/vl1/mac.rs @@ -6,9 +6,9 @@ * https://www.zerotier.com/ */ +use std::hash::{Hash, Hasher}; use std::num::NonZeroU64; use std::str::FromStr; -use std::hash::{Hash, Hasher}; use crate::error::InvalidFormatError; use crate::util::buffer::Buffer; @@ -19,7 +19,9 @@ pub struct MAC(NonZeroU64); impl MAC { #[inline(always)] - pub fn from_u64(i: u64) -> Option { NonZeroU64::new(i & 0xffffffffffff).map(|i| MAC(i)) } + pub fn from_u64(i: u64) -> Option { + NonZeroU64::new(i & 0xffffffffffff).map(|i| MAC(i)) + } #[inline(always)] pub fn from_bytes(b: &[u8]) -> Option { @@ -42,7 +44,9 @@ impl MAC { } #[inline(always)] - pub fn to_u64(&self) -> u64 { self.0.get() } + pub fn to_u64(&self) -> u64 { + self.0.get() + } #[inline(always)] pub(crate) fn marshal(&self, buf: &mut Buffer) -> std::io::Result<()> { diff --git a/zerotier-network-hypervisor/src/vl1/mod.rs b/zerotier-network-hypervisor/src/vl1/mod.rs index 2d7d92a67..0538cd007 100644 --- a/zerotier-network-hypervisor/src/vl1/mod.rs +++ b/zerotier-network-hypervisor/src/vl1/mod.rs @@ -6,31 +6,31 @@ * https://www.zerotier.com/ */ -pub mod inetaddress; pub mod endpoint; pub mod identity; +pub mod inetaddress; -#[allow(unused)] -pub(crate) mod protocol; +pub(crate) mod address; +pub(crate) mod dictionary; +pub(crate) mod fragmentedpacket; +pub(crate) mod hybridkey; +pub(crate) mod mac; pub(crate) mod node; pub(crate) mod path; pub(crate) mod peer; -pub(crate) mod dictionary; -pub(crate) mod address; -pub(crate) mod mac; -pub(crate) mod fragmentedpacket; -pub(crate) mod whoisqueue; +#[allow(unused)] +pub(crate) mod protocol; pub(crate) mod symmetricsecret; -pub(crate) mod hybridkey; +pub(crate) mod whoisqueue; pub use address::Address; -pub use mac::MAC; -pub use identity::Identity; -pub use endpoint::Endpoint; pub use dictionary::Dictionary; +pub use endpoint::Endpoint; +pub use identity::Identity; pub use inetaddress::InetAddress; -pub use peer::Peer; -pub use path::Path; +pub use mac::MAC; pub use node::{Node, SystemInterface}; +pub use path::Path; +pub use peer::Peer; -pub use protocol::{PACKET_SIZE_MAX, PACKET_FRAGMENT_COUNT_MAX}; +pub use protocol::{PACKET_FRAGMENT_COUNT_MAX, PACKET_SIZE_MAX}; diff --git a/zerotier-network-hypervisor/src/vl1/node.rs b/zerotier-network-hypervisor/src/vl1/node.rs index 244870c4e..a399cbe8f 100644 --- a/zerotier-network-hypervisor/src/vl1/node.rs +++ b/zerotier-network-hypervisor/src/vl1/node.rs @@ -14,15 +14,15 @@ use std::time::Duration; use dashmap::DashMap; use parking_lot::Mutex; -use crate::{PacketBuffer, PacketBufferFactory, PacketBufferPool}; use crate::error::InvalidParameterError; use crate::util::buffer::Buffer; use crate::util::gate::IntervalGate; -use crate::vl1::{Address, Endpoint, Identity}; use crate::vl1::path::Path; use crate::vl1::peer::Peer; use crate::vl1::protocol::*; use crate::vl1::whoisqueue::{QueuedPacket, WhoisQueue}; +use crate::vl1::{Address, Endpoint, Identity}; +use crate::{PacketBuffer, PacketBufferFactory, PacketBufferPool}; /// Trait implemented by external code to handle events and provide an interface to the system or application. /// @@ -180,10 +180,14 @@ impl Node { /// Get a packet buffer that will automatically check itself back into the pool on drop. #[inline(always)] - pub fn get_packet_buffer(&self) -> PacketBuffer { self.buffer_pool.get() } + pub fn get_packet_buffer(&self) -> PacketBuffer { + self.buffer_pool.get() + } /// Get a peer by address. - pub fn peer(&self, a: Address) -> Option> { self.peers.get(&a).map(|peer| peer.value().clone()) } + pub fn peer(&self, a: Address) -> Option> { + self.peers.get(&a).map(|peer| peer.value().clone()) + } /// Get all peers currently in the peer cache. pub fn peers(&self) -> Vec> { @@ -239,7 +243,6 @@ impl Node { path.log_receive_anything(time_ticks); if fragment_header.is_fragment() { - if let Some(assembled_packet) = path.receive_fragment(u64::from_ne_bytes(fragment_header.id), fragment_header.fragment_no(), fragment_header.total_fragments(), data, time_ticks) { if let Some(frag0) = assembled_packet.frags[0].as_ref() { let packet_header = frag0.struct_at::(0); @@ -255,9 +258,7 @@ impl Node { } } } - } else { - if let Ok(packet_header) = data.struct_at::(0) { if let Some(source) = Address::from_bytes(&packet_header.src) { if let Some(peer) = self.peer(source) { @@ -267,9 +268,7 @@ impl Node { } } } - } - } else { // Forward packets not destined for this node. // TODO: need to add check for whether this node should forward. Regular nodes should only forward if a trust relationship exists. @@ -296,10 +295,14 @@ impl Node { } /// Get the current best root peer that we should use for WHOIS, relaying, etc. - pub fn root(&self) -> Option> { self.roots.lock().first().cloned() } + pub fn root(&self) -> Option> { + self.roots.lock().first().cloned() + } /// Return true if a peer is a root. - pub fn is_peer_root(&self, peer: &Peer) -> bool { self.roots.lock().iter().any(|p| Arc::as_ptr(p) == (peer as *const Peer)) } + pub fn is_peer_root(&self, peer: &Peer) -> bool { + self.roots.lock().iter().any(|p| Arc::as_ptr(p) == (peer as *const Peer)) + } /// Get the canonical Path object for a given endpoint and local socket information. /// diff --git a/zerotier-network-hypervisor/src/vl1/path.rs b/zerotier-network-hypervisor/src/vl1/path.rs index 92abf5591..bdc0e5bdf 100644 --- a/zerotier-network-hypervisor/src/vl1/path.rs +++ b/zerotier-network-hypervisor/src/vl1/path.rs @@ -10,19 +10,19 @@ use std::collections::HashMap; use std::hash::Hasher; use std::io::Write; use std::num::NonZeroI64; -use std::sync::Arc; use std::sync::atomic::{AtomicI64, Ordering}; +use std::sync::Arc; use highway::HighwayHash; use parking_lot::Mutex; use zerotier_core_crypto::hash::SHA384_HASH_SIZE; -use crate::PacketBuffer; use crate::util::{array_range, highwayhasher, U64NoOpHasher}; -use crate::vl1::Endpoint; use crate::vl1::fragmentedpacket::FragmentedPacket; use crate::vl1::node::SystemInterface; use crate::vl1::protocol::*; +use crate::vl1::Endpoint; +use crate::PacketBuffer; /// Keepalive interval for paths in milliseconds. pub(crate) const PATH_KEEPALIVE_INTERVAL: i64 = 20000; @@ -59,7 +59,7 @@ impl Path { Endpoint::Ethernet(m) => (m.to_u64() | 0x0100000000000000) as u128 ^ lsi, Endpoint::WifiDirect(m) => (m.to_u64() | 0x0200000000000000) as u128 ^ lsi, Endpoint::Bluetooth(m) => (m.to_u64() | 0x0400000000000000) as u128 ^ lsi, - Endpoint::Ip(ip) => ip.ip_as_native_u128().wrapping_sub(lsi), // naked IP has no port + Endpoint::Ip(ip) => ip.ip_as_native_u128().wrapping_sub(lsi), // naked IP has no port Endpoint::IpUdp(ip) => ip.ip_as_native_u128().wrapping_add(lsi), // UDP maintains one path per IP but merely learns the most recent port Endpoint::IpTcp(ip) => ip.ip_as_native_u128().wrapping_sub(crate::util::hash64_noncrypt((ip.port() as u64).wrapping_add(*RANDOM_64BIT_SALT_2)) as u128).wrapping_sub(lsi), Endpoint::Http(s) => { @@ -93,19 +93,29 @@ impl Path { } #[inline(always)] - pub fn endpoint(&self) -> Arc { self.endpoint.lock().clone() } + pub fn endpoint(&self) -> Arc { + self.endpoint.lock().clone() + } #[inline(always)] - pub fn local_socket(&self) -> Option { self.local_socket } + pub fn local_socket(&self) -> Option { + self.local_socket + } #[inline(always)] - pub fn local_interface(&self) -> Option { self.local_interface } + pub fn local_interface(&self) -> Option { + self.local_interface + } #[inline(always)] - pub fn last_send_time_ticks(&self) -> i64 { self.last_send_time_ticks.load(Ordering::Relaxed) } + pub fn last_send_time_ticks(&self) -> i64 { + self.last_send_time_ticks.load(Ordering::Relaxed) + } #[inline(always)] - pub fn last_receive_time_ticks(&self) -> i64 { self.last_receive_time_ticks.load(Ordering::Relaxed) } + pub fn last_receive_time_ticks(&self) -> i64 { + self.last_receive_time_ticks.load(Ordering::Relaxed) + } /// Receive a fragment and return a FragmentedPacket if the entire packet was assembled. /// This returns None if more fragments are needed to assemble the packet. @@ -152,10 +162,10 @@ impl Path { if ip_orig.port() != ip.port() { replace = true; } - }, + } _ => {} } - }, + } _ => {} } if replace { diff --git a/zerotier-network-hypervisor/src/vl1/protocol.rs b/zerotier-network-hypervisor/src/vl1/protocol.rs index eb9b28c4c..81da490b6 100644 --- a/zerotier-network-hypervisor/src/vl1/protocol.rs +++ b/zerotier-network-hypervisor/src/vl1/protocol.rs @@ -9,8 +9,8 @@ use std::convert::TryFrom; use std::mem::MaybeUninit; +use crate::util::buffer::{Buffer, RawObject}; use crate::vl1::Address; -use crate::util::buffer::{RawObject, Buffer}; pub const VERB_VL1_NOP: u8 = 0x00; pub const VERB_VL1_HELLO: u8 = 0x01; @@ -224,10 +224,14 @@ unsafe impl RawObject for PacketHeader {} impl PacketHeader { #[inline(always)] - pub fn cipher(&self) -> u8 { self.flags_cipher_hops & HEADER_FLAGS_FIELD_MASK_CIPHER } + pub fn cipher(&self) -> u8 { + self.flags_cipher_hops & HEADER_FLAGS_FIELD_MASK_CIPHER + } #[inline(always)] - pub fn hops(&self) -> u8 { self.flags_cipher_hops & HEADER_FLAGS_FIELD_MASK_HOPS } + pub fn hops(&self) -> u8 { + self.flags_cipher_hops & HEADER_FLAGS_FIELD_MASK_HOPS + } #[inline(always)] pub fn increment_hops(&mut self) -> u8 { @@ -238,10 +242,14 @@ impl PacketHeader { } #[inline(always)] - pub fn is_fragmented(&self) -> bool { (self.flags_cipher_hops & HEADER_FLAG_FRAGMENTED) != 0 } + pub fn is_fragmented(&self) -> bool { + (self.flags_cipher_hops & HEADER_FLAG_FRAGMENTED) != 0 + } #[inline(always)] - pub fn as_bytes(&self) -> &[u8; PACKET_HEADER_SIZE] { unsafe { &*(self as *const Self).cast::<[u8; PACKET_HEADER_SIZE]>() } } + pub fn as_bytes(&self) -> &[u8; PACKET_HEADER_SIZE] { + unsafe { &*(self as *const Self).cast::<[u8; PACKET_HEADER_SIZE]>() } + } #[inline(always)] pub fn aad_bytes(&self) -> [u8; 11] { @@ -280,16 +288,24 @@ unsafe impl RawObject for FragmentHeader {} impl FragmentHeader { #[inline(always)] - pub fn is_fragment(&self) -> bool { self.fragment_indicator == PACKET_FRAGMENT_INDICATOR } + pub fn is_fragment(&self) -> bool { + self.fragment_indicator == PACKET_FRAGMENT_INDICATOR + } #[inline(always)] - pub fn total_fragments(&self) -> u8 { self.total_and_fragment_no >> 4 } + pub fn total_fragments(&self) -> u8 { + self.total_and_fragment_no >> 4 + } #[inline(always)] - pub fn fragment_no(&self) -> u8 { self.total_and_fragment_no & 0x0f } + pub fn fragment_no(&self) -> u8 { + self.total_and_fragment_no & 0x0f + } #[inline(always)] - pub fn hops(&self) -> u8 { self.reserved_hops & HEADER_FLAGS_FIELD_MASK_HOPS } + pub fn hops(&self) -> u8 { + self.reserved_hops & HEADER_FLAGS_FIELD_MASK_HOPS + } #[inline(always)] pub fn increment_hops(&mut self) -> u8 { @@ -300,7 +316,9 @@ impl FragmentHeader { } #[inline(always)] - pub fn as_bytes(&self) -> &[u8; FRAGMENT_HEADER_SIZE] { unsafe { &*(self as *const Self).cast::<[u8; FRAGMENT_HEADER_SIZE]>() } } + pub fn as_bytes(&self) -> &[u8; FRAGMENT_HEADER_SIZE] { + unsafe { &*(self as *const Self).cast::<[u8; FRAGMENT_HEADER_SIZE]>() } + } } pub(crate) mod message_component_structs { @@ -330,7 +348,7 @@ pub(crate) mod message_component_structs { pub version_major: u8, pub version_minor: u8, pub version_revision: [u8; 2], // u16 - pub timestamp: [u8; 8], // u64 + pub timestamp: [u8; 8], // u64 } unsafe impl RawObject for HelloFixedHeaderFields {} diff --git a/zerotier-network-hypervisor/src/vl1/symmetricsecret.rs b/zerotier-network-hypervisor/src/vl1/symmetricsecret.rs index 7b22ff324..0747e6966 100644 --- a/zerotier-network-hypervisor/src/vl1/symmetricsecret.rs +++ b/zerotier-network-hypervisor/src/vl1/symmetricsecret.rs @@ -19,10 +19,14 @@ pub(crate) struct AesGmacSivPoolFactory(Secret<32>, Secret<32>); impl PoolFactory for AesGmacSivPoolFactory { #[inline(always)] - fn create(&self) -> AesGmacSiv { AesGmacSiv::new(&self.0.0, &self.1.0) } + fn create(&self) -> AesGmacSiv { + AesGmacSiv::new(&self.0 .0, &self.1 .0) + } #[inline(always)] - fn reset(&self, obj: &mut AesGmacSiv) { obj.reset(); } + fn reset(&self, obj: &mut AesGmacSiv) { + obj.reset(); + } } /// A symmetric secret key negotiated between peers. @@ -37,7 +41,9 @@ pub(crate) struct SymmetricSecret { impl PartialEq for SymmetricSecret { #[inline(always)] - fn eq(&self, other: &Self) -> bool { self.key.0.eq(&other.key.0) } + fn eq(&self, other: &Self) -> bool { + self.key.0.eq(&other.key.0) + } } impl Eq for SymmetricSecret {} @@ -47,9 +53,7 @@ impl SymmetricSecret { pub fn new(key: Secret<64>) -> SymmetricSecret { let packet_hmac_key = zt_kbkdf_hmac_sha512(&key.0, KBKDF_KEY_USAGE_LABEL_PACKET_HMAC, 0, 0); let ephemeral_ratchet_key = zt_kbkdf_hmac_sha512(&key.0, KBKDF_KEY_USAGE_LABEL_EPHEMERAL_RATCHET_KEY, 0, 0); - let aes_factory = AesGmacSivPoolFactory( - zt_kbkdf_hmac_sha384(&key.0[0..48], KBKDF_KEY_USAGE_LABEL_AES_GMAC_SIV_K0, 0, 0).first_n(), - zt_kbkdf_hmac_sha384(&key.0[0..48], KBKDF_KEY_USAGE_LABEL_AES_GMAC_SIV_K1, 0, 0).first_n()); + let aes_factory = AesGmacSivPoolFactory(zt_kbkdf_hmac_sha384(&key.0[0..48], KBKDF_KEY_USAGE_LABEL_AES_GMAC_SIV_K0, 0, 0).first_n(), zt_kbkdf_hmac_sha384(&key.0[0..48], KBKDF_KEY_USAGE_LABEL_AES_GMAC_SIV_K1, 0, 0).first_n()); SymmetricSecret { key, packet_hmac_key, diff --git a/zerotier-network-hypervisor/src/vl1/whoisqueue.rs b/zerotier-network-hypervisor/src/vl1/whoisqueue.rs index 3f3afcd08..0dc25b68d 100644 --- a/zerotier-network-hypervisor/src/vl1/whoisqueue.rs +++ b/zerotier-network-hypervisor/src/vl1/whoisqueue.rs @@ -11,15 +11,15 @@ use std::collections::{HashMap, LinkedList}; use parking_lot::Mutex; use crate::util::gate::IntervalGate; -use crate::vl1::Address; use crate::vl1::fragmentedpacket::FragmentedPacket; use crate::vl1::node::{Node, SystemInterface}; -use crate::vl1::protocol::{WHOIS_RETRY_INTERVAL, WHOIS_MAX_WAITING_PACKETS, WHOIS_RETRY_MAX}; +use crate::vl1::protocol::{WHOIS_MAX_WAITING_PACKETS, WHOIS_RETRY_INTERVAL, WHOIS_RETRY_MAX}; +use crate::vl1::Address; use crate::PacketBuffer; pub(crate) enum QueuedPacket { Unfragmented(PacketBuffer), - Fragmented(FragmentedPacket) + Fragmented(FragmentedPacket), } struct WhoisQueueItem { @@ -33,7 +33,9 @@ pub(crate) struct WhoisQueue(Mutex>); impl WhoisQueue { pub(crate) const INTERVAL: i64 = WHOIS_RETRY_INTERVAL; - pub fn new() -> Self { Self(Mutex::new(HashMap::new())) } + pub fn new() -> Self { + Self(Mutex::new(HashMap::new())) + } /// Launch or renew a WHOIS query and enqueue a packet to be processed when (if) it is received. pub fn query(&self, node: &Node, si: &SI, target: Address, packet: Option) { diff --git a/zerotier-network-hypervisor/src/vl2/mod.rs b/zerotier-network-hypervisor/src/vl2/mod.rs index 2fef3e0b7..9cbef7b7f 100644 --- a/zerotier-network-hypervisor/src/vl2/mod.rs +++ b/zerotier-network-hypervisor/src/vl2/mod.rs @@ -6,8 +6,8 @@ * https://www.zerotier.com/ */ -mod switch; mod multicastgroup; +mod switch; pub use multicastgroup::MulticastGroup; -pub use switch::{SwitchInterface, Switch}; +pub use switch::{Switch, SwitchInterface}; diff --git a/zerotier-network-hypervisor/src/vl2/multicastgroup.rs b/zerotier-network-hypervisor/src/vl2/multicastgroup.rs index 310dd1e6b..852d875d4 100644 --- a/zerotier-network-hypervisor/src/vl2/multicastgroup.rs +++ b/zerotier-network-hypervisor/src/vl2/multicastgroup.rs @@ -19,20 +19,14 @@ pub struct MulticastGroup { impl From<&MAC> for MulticastGroup { #[inline(always)] fn from(mac: &MAC) -> Self { - Self { - mac: mac.clone(), - adi: 0, - } + Self { mac: mac.clone(), adi: 0 } } } impl From for MulticastGroup { #[inline(always)] fn from(mac: MAC) -> Self { - Self { - mac, - adi: 0, - } + Self { mac, adi: 0 } } } @@ -42,14 +36,16 @@ impl Ord for MulticastGroup { let o = self.mac.cmp(&other.mac); match o { Ordering::Equal => self.adi.cmp(&other.adi), - _ => o + _ => o, } } } impl PartialOrd for MulticastGroup { #[inline(always)] - fn partial_cmp(&self, other: &Self) -> Option { Some(self.cmp(other)) } + fn partial_cmp(&self, other: &Self) -> Option { + Some(self.cmp(other)) + } } impl Hash for MulticastGroup { diff --git a/zerotier-network-hypervisor/src/vl2/switch.rs b/zerotier-network-hypervisor/src/vl2/switch.rs index 3c73ed47a..0c46216e6 100644 --- a/zerotier-network-hypervisor/src/vl2/switch.rs +++ b/zerotier-network-hypervisor/src/vl2/switch.rs @@ -10,14 +10,12 @@ use std::sync::Arc; use crate::util::buffer::Buffer; use crate::vl1::node::VL1VirtualInterface; -use crate::vl1::{Peer, Path, Identity}; use crate::vl1::protocol::*; +use crate::vl1::{Identity, Path, Peer}; -pub trait SwitchInterface: Sync + Send { -} +pub trait SwitchInterface: Sync + Send {} -pub struct Switch { -} +pub struct Switch {} impl VL1VirtualInterface for Switch { fn handle_packet(&self, peer: &Peer, source_path: &Arc, forward_secrecy: bool, extended_authentication: bool, verb: u8, payload: &Buffer<{ PACKET_SIZE_MAX }>) -> bool { @@ -39,6 +37,6 @@ impl VL1VirtualInterface for Switch { impl Switch { pub fn new() -> Self { - Self{} + Self {} } } diff --git a/zerotier-system-service/src/fastudpsocket.rs b/zerotier-system-service/src/fastudpsocket.rs index 705b630f1..0193249e4 100644 --- a/zerotier-system-service/src/fastudpsocket.rs +++ b/zerotier-system-service/src/fastudpsocket.rs @@ -12,18 +12,18 @@ * for each thread using options like SO_REUSEPORT and concurrent packet listening. */ -use std::mem::{MaybeUninit, transmute, zeroed}; +use std::mem::{transmute, zeroed, MaybeUninit}; use std::num::NonZeroI64; use std::os::raw::c_int; use std::ptr::null_mut; -use std::sync::Arc; use std::sync::atomic::{AtomicBool, Ordering}; +use std::sync::Arc; use num_traits::cast::AsPrimitive; +use crate::debug; use zerotier_network_hypervisor::vl1::InetAddress; use zerotier_network_hypervisor::{PacketBuffer, PacketBufferPool}; -use crate::debug; const FAST_UDP_SOCKET_MAX_THREADS: usize = 4; @@ -65,12 +65,14 @@ fn bind_udp_socket(_device_name: &str, address: &InetAddress) -> Result Result 0 { - handler_copy(&thread_socket, &from_address, buf); - } else if s < 0 { - break; - } - } - }).unwrap()); + s.threads.push( + std::thread::Builder::new() + .stack_size(zerotier_core::RECOMMENDED_THREAD_STACK_SIZE) + .spawn(move || { + let mut from_address = InetAddress::new(); + while thread_run.load(Ordering::Relaxed) { + let mut buf = packet_buffer_pool_copy.get_packet_buffer(); + let s = fast_udp_socket_recvfrom(&thread_socket, &mut buf, &mut from_address); + if s > 0 { + handler_copy(&thread_socket, &from_address, buf); + } else if s < 0 { + break; + } + } + }) + .unwrap(), + ); } else { bind_failed_reason = thread_socket.err().unwrap(); } @@ -292,7 +303,7 @@ mod tests { use std::sync::atomic::{AtomicU32, Ordering}; use crate::fastudpsocket::*; - use zerotier_network_hypervisor::{PacketBufferPool, PacketBufferFactory, PacketBuffer}; + use zerotier_network_hypervisor::{PacketBuffer, PacketBufferFactory, PacketBufferPool}; #[test] fn test_udp_bind_and_transfer() { @@ -304,7 +315,7 @@ mod tests { let ba0 = ba0.unwrap(); let cnt0 = Arc::new(AtomicU32::new(0)); let cnt0c = cnt0.clone(); - let s0 = FastUDPSocket::new("", &ba0, &pool, move |sock: &FastUDPRawOsSocket, _: &InetAddress, data: PacketBuffer| { + let s0 = FastUDPSocket::new("", &ba0, &pool, move |sock: &FastUDPRawOsSocket, _: &InetAddress, data: PacketBuffer| { cnt0c.fetch_add(1, Ordering::Relaxed); }); assert!(s0.is_ok()); diff --git a/zerotier-system-service/src/getifaddrs.rs b/zerotier-system-service/src/getifaddrs.rs index 2e7122964..ea21b5472 100644 --- a/zerotier-system-service/src/getifaddrs.rs +++ b/zerotier-system-service/src/getifaddrs.rs @@ -13,7 +13,9 @@ use zerotier_network_hypervisor::vl1::InetAddress; #[allow(unused)] #[inline(always)] -fn s6_addr_as_ptr(a: &A) -> *const A { a as *const A } +fn s6_addr_as_ptr(a: &A) -> *const A { + a as *const A +} /// Call supplied function or closure for each physical IP address in the system. #[cfg(unix)] @@ -88,9 +90,7 @@ mod tests { #[test] fn test_getifaddrs() { println!("starting getifaddrs..."); - crate::getifaddrs::for_each_address(|a: &InetAddress, dev: &str| { - println!(" {} {}", dev, a.to_string()) - }); + crate::getifaddrs::for_each_address(|a: &InetAddress, dev: &str| println!(" {} {}", dev, a.to_string())); println!("done.") } } diff --git a/zerotier-system-service/src/localconfig.rs b/zerotier-system-service/src/localconfig.rs index 6af31f286..db01e958a 100644 --- a/zerotier-system-service/src/localconfig.rs +++ b/zerotier-system-service/src/localconfig.rs @@ -13,62 +13,23 @@ use serde::{Deserialize, Serialize}; use zerotier_network_hypervisor::vl1::{Address, InetAddress}; pub const UNASSIGNED_PRIVILEGED_PORTS: [u16; 299] = [ - 4, - 6, - 8, - 10, - 12, - 14, - 15, - 16, - 26, - 28, - 30, - 32, - 34, - 36, - 40, - 60, - 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, - 285, - 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 307, - 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, - 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, - 703, - 708, - 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, - 732, 733, 734, 735, 736, 737, 738, 739, 740, - 743, - 745, 746, - 755, 756, - 766, - 768, - 778, 779, - 781, 782, 783, 784, 785, 786, 787, 788, 789, 790, 791, 792, 793, 794, 795, 796, 797, 798, 799, - 802, 803, 804, 805, 806, 807, 808, 809, - 811, 812, 813, 814, 815, 816, 817, 818, 819, 820, 821, 822, 823, 824, 825, 826, 827, - 834, 835, 836, 837, 838, 839, 840, 841, 842, 843, 844, 845, 846, - 849, 850, 851, 852, 853, 854, 855, 856, 857, 858, 859, - 862, 863, 864, 865, 866, 867, 868, 869, 870, 871, 872, - 874, 875, 876, 877, 878, 879, 880, 881, 882, 883, 884, 885, - 889, 890, 891, 892, 893, 894, 895, 896, 897, 898, 899, - 904, 905, 906, 907, 908, 909, 910, 911, - 914, 915, 916, 917, 918, 919, 920, 921, 922, 923, 924, 925, 926, 927, 928, 929, 930, 931, 932, 933, 934, 935, 936, 937, 938, 939, 940, 941, 942, 943, 944, 945, 946, 947, 948, 949, 950, 951, 952, 953, 954, 955, 956, 957, 958, 959, 960, 961, 962, 963, 964, 965, 966, 967, 968, 969, 970, 971, 972, 973, 974, 975, 976, 977, 978, 979, 980, 981, 982, 983, 984, 985, 986, 987, 988, - 1001, 1002, 1003, 1004, 1005, 1006, 1007, 1008, 1009, - 1023, + 4, 6, 8, 10, 12, 14, 15, 16, 26, 28, 30, 32, 34, 36, 40, 60, 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 285, 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 307, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 334, 335, 336, 337, 338, + 339, 340, 341, 342, 343, 703, 708, 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, 732, 733, 734, 735, 736, 737, 738, 739, 740, 743, 745, 746, 755, 756, 766, 768, 778, 779, 781, 782, 783, 784, 785, 786, 787, 788, 789, 790, 791, 792, 793, 794, 795, 796, 797, 798, + 799, 802, 803, 804, 805, 806, 807, 808, 809, 811, 812, 813, 814, 815, 816, 817, 818, 819, 820, 821, 822, 823, 824, 825, 826, 827, 834, 835, 836, 837, 838, 839, 840, 841, 842, 843, 844, 845, 846, 849, 850, 851, 852, 853, 854, 855, 856, 857, 858, 859, 862, 863, 864, 865, 866, 867, 868, 869, 870, + 871, 872, 874, 875, 876, 877, 878, 879, 880, 881, 882, 883, 884, 885, 889, 890, 891, 892, 893, 894, 895, 896, 897, 898, 899, 904, 905, 906, 907, 908, 909, 910, 911, 914, 915, 916, 917, 918, 919, 920, 921, 922, 923, 924, 925, 926, 927, 928, 929, 930, 931, 932, 933, 934, 935, 936, 937, 938, 939, + 940, 941, 942, 943, 944, 945, 946, 947, 948, 949, 950, 951, 952, 953, 954, 955, 956, 957, 958, 959, 960, 961, 962, 963, 964, 965, 966, 967, 968, 969, 970, 971, 972, 973, 974, 975, 976, 977, 978, 979, 980, 981, 982, 983, 984, 985, 986, 987, 988, 1001, 1002, 1003, 1004, 1005, 1006, 1007, 1008, + 1009, 1023, ]; #[derive(Serialize, Deserialize, Clone, PartialEq, Eq)] #[serde(default)] pub struct LocalConfigPhysicalPathConfig { - pub blacklist: bool + pub blacklist: bool, } impl Default for LocalConfigPhysicalPathConfig { fn default() -> Self { - LocalConfigPhysicalPathConfig { - blacklist: false - } + LocalConfigPhysicalPathConfig { blacklist: false } } } @@ -76,14 +37,12 @@ impl Default for LocalConfigPhysicalPathConfig { #[serde(default)] pub struct LocalConfigVirtualConfig { #[serde(rename = "try")] - pub try_: Vec + pub try_: Vec, } impl Default for LocalConfigVirtualConfig { fn default() -> Self { - LocalConfigVirtualConfig { - try_: Vec::new() - } + LocalConfigVirtualConfig { try_: Vec::new() } } } @@ -109,7 +68,7 @@ impl Default for LocalConfigNetworkSettings { allow_global_ips: false, allow_managed_routes: true, allow_global_routes: false, - allow_default_route_override: false + allow_default_route_override: false, } } } @@ -174,7 +133,7 @@ impl Default for LocalConfigSettings { port_mapping: true, log: LocalConfigLogSettings::default(), interface_prefix_blacklist: bl, - explicit_addresses: Vec::new() + explicit_addresses: Vec::new(), } } } @@ -215,7 +174,7 @@ impl Default for LocalConfig { physical: BTreeMap::new(), virtual_: BTreeMap::new(), network: BTreeMap::new(), - settings: LocalConfigSettings::default() + settings: LocalConfigSettings::default(), } } } diff --git a/zerotier-system-service/src/log.rs b/zerotier-system-service/src/log.rs index 75cd2a9d5..c17710342 100644 --- a/zerotier-system-service/src/log.rs +++ b/zerotier-system-service/src/log.rs @@ -7,7 +7,7 @@ */ use std::fs::{File, OpenOptions}; -use std::io::{Seek, SeekFrom, stderr, Write}; +use std::io::{stderr, Seek, SeekFrom, Write}; use std::sync::Arc; use parking_lot::Mutex; @@ -39,7 +39,7 @@ impl Log { if !p.is_empty() { p.push(' '); } - Arc::new(Mutex::new(Log{ + Arc::new(Mutex::new(Log { prefix: p, path: String::from(path), file: None, diff --git a/zerotier-system-service/src/main.rs b/zerotier-system-service/src/main.rs index cda13d92d..ae40a868a 100644 --- a/zerotier-system-service/src/main.rs +++ b/zerotier-system-service/src/main.rs @@ -16,19 +16,20 @@ use zerotier_network_hypervisor::{VERSION_MAJOR, VERSION_MINOR, VERSION_REVISION use crate::store::platform_default_home_path; mod fastudpsocket; -mod localconfig; mod getifaddrs; +mod localconfig; #[macro_use] mod log; -mod store; -mod vnic; mod service; +mod store; mod utils; +mod vnic; pub const HTTP_API_OBJECT_SIZE_LIMIT: usize = 131072; fn make_help(long_help: bool) -> String { - format!(r###"ZeroTier Network Hypervisor Service Version {}.{}.{} + format!( + r###"ZeroTier Network Hypervisor Service Version {}.{}.{} (c)2013-2021 ZeroTier, Inc. Licensed under the Mozilla Public License (MPL) 2.0 (see LICENSE.txt) @@ -77,8 +78,10 @@ Common Operations: · join Join a virtual network · leave Leave a virtual network {}"###, - VERSION_MAJOR, VERSION_MINOR, VERSION_REVISION, - if long_help { + VERSION_MAJOR, + VERSION_MINOR, + VERSION_REVISION, + if long_help { r###" Advanced Operations: @@ -105,7 +108,10 @@ Advanced Operations: @ Argument is the path to a file containing the object. ? Argument can be either the object or a path to it (auto-detected). "### - } else { "" }) + } else { + "" + } + ) } pub fn print_help(long_help: bool) { @@ -117,7 +123,7 @@ pub struct GlobalCommandLineFlags { pub json_output: bool, pub base_path: String, pub auth_token_path_override: Option, - pub auth_token_override: Option + pub auth_token_override: Option, } fn main() { @@ -131,69 +137,45 @@ fn main() { .subcommand(App::new("help")) .subcommand(App::new("version")) .subcommand(App::new("status")) - .subcommand(App::new("set") - .subcommand(App::new("port") - .arg(Arg::with_name("port#").index(1).validator(utils::is_valid_port))) - .subcommand(App::new("secondaryport") - .arg(Arg::with_name("port#").index(1).validator(utils::is_valid_port))) - .subcommand(App::new("blacklist") - .subcommand(App::new("cidr") - .arg(Arg::with_name("ip_bits").index(1)) - .arg(Arg::with_name("boolean").index(2).validator(utils::is_valid_bool))) - .subcommand(App::new("if") - .arg(Arg::with_name("prefix").index(1)) - .arg(Arg::with_name("boolean").index(2).validator(utils::is_valid_bool)))) - .subcommand(App::new("portmap") - .arg(Arg::with_name("boolean").index(1).validator(utils::is_valid_bool)))) - .subcommand(App::new("peer") - .subcommand(App::new("show") - .arg(Arg::with_name("address").index(1).required(true))) - .subcommand(App::new("list")) - .subcommand(App::new("listroots")) - .subcommand(App::new("try"))) - .subcommand(App::new("network") - .subcommand(App::new("show") - .arg(Arg::with_name("nwid").index(1).required(true))) - .subcommand(App::new("list")) - .subcommand(App::new("set") - .arg(Arg::with_name("nwid").index(1).required(true)) - .arg(Arg::with_name("setting").index(2).required(false)) - .arg(Arg::with_name("value").index(3).required(false)))) - .subcommand(App::new("join") - .arg(Arg::with_name("nwid").index(1).required(true))) - .subcommand(App::new("leave") - .arg(Arg::with_name("nwid").index(1).required(true))) + .subcommand( + App::new("set") + .subcommand(App::new("port").arg(Arg::with_name("port#").index(1).validator(utils::is_valid_port))) + .subcommand(App::new("secondaryport").arg(Arg::with_name("port#").index(1).validator(utils::is_valid_port))) + .subcommand( + App::new("blacklist") + .subcommand(App::new("cidr").arg(Arg::with_name("ip_bits").index(1)).arg(Arg::with_name("boolean").index(2).validator(utils::is_valid_bool))) + .subcommand(App::new("if").arg(Arg::with_name("prefix").index(1)).arg(Arg::with_name("boolean").index(2).validator(utils::is_valid_bool))), + ) + .subcommand(App::new("portmap").arg(Arg::with_name("boolean").index(1).validator(utils::is_valid_bool))), + ) + .subcommand(App::new("peer").subcommand(App::new("show").arg(Arg::with_name("address").index(1).required(true))).subcommand(App::new("list")).subcommand(App::new("listroots")).subcommand(App::new("try"))) + .subcommand( + App::new("network") + .subcommand(App::new("show").arg(Arg::with_name("nwid").index(1).required(true))) + .subcommand(App::new("list")) + .subcommand(App::new("set").arg(Arg::with_name("nwid").index(1).required(true)).arg(Arg::with_name("setting").index(2).required(false)).arg(Arg::with_name("value").index(3).required(false))), + ) + .subcommand(App::new("join").arg(Arg::with_name("nwid").index(1).required(true))) + .subcommand(App::new("leave").arg(Arg::with_name("nwid").index(1).required(true))) .subcommand(App::new("service")) - .subcommand(App::new("controller") - .subcommand(App::new("list")) - .subcommand(App::new("new")) - .subcommand(App::new("set") - .arg(Arg::with_name("id").index(1).required(true)) - .arg(Arg::with_name("setting").index(2)) - .arg(Arg::with_name("value").index(3))) - .subcommand(App::new("show") - .arg(Arg::with_name("id").index(1).required(true)) - .arg(Arg::with_name("member").index(2))) - .subcommand(App::new("auth") - .arg(Arg::with_name("member").index(1).required(true))) - .subcommand(App::new("deauth") - .arg(Arg::with_name("member").index(1).required(true)))) - .subcommand(App::new("identity") - .subcommand(App::new("new") - .arg(Arg::with_name("type").possible_value("p384").possible_value("c25519").default_value("c25519").index(1))) - .subcommand(App::new("getpublic") - .arg(Arg::with_name("identity").index(1).required(true))) - .subcommand(App::new("fingerprint") - .arg(Arg::with_name("identity").index(1).required(true))) - .subcommand(App::new("validate") - .arg(Arg::with_name("identity").index(1).required(true))) - .subcommand(App::new("sign") - .arg(Arg::with_name("identity").index(1).required(true)) - .arg(Arg::with_name("path").index(2).required(true))) - .subcommand(App::new("verify") - .arg(Arg::with_name("identity").index(1).required(true)) - .arg(Arg::with_name("path").index(2).required(true)) - .arg(Arg::with_name("signature").index(3).required(true)))) + .subcommand( + App::new("controller") + .subcommand(App::new("list")) + .subcommand(App::new("new")) + .subcommand(App::new("set").arg(Arg::with_name("id").index(1).required(true)).arg(Arg::with_name("setting").index(2)).arg(Arg::with_name("value").index(3))) + .subcommand(App::new("show").arg(Arg::with_name("id").index(1).required(true)).arg(Arg::with_name("member").index(2))) + .subcommand(App::new("auth").arg(Arg::with_name("member").index(1).required(true))) + .subcommand(App::new("deauth").arg(Arg::with_name("member").index(1).required(true))), + ) + .subcommand( + App::new("identity") + .subcommand(App::new("new").arg(Arg::with_name("type").possible_value("p384").possible_value("c25519").default_value("c25519").index(1))) + .subcommand(App::new("getpublic").arg(Arg::with_name("identity").index(1).required(true))) + .subcommand(App::new("fingerprint").arg(Arg::with_name("identity").index(1).required(true))) + .subcommand(App::new("validate").arg(Arg::with_name("identity").index(1).required(true))) + .subcommand(App::new("sign").arg(Arg::with_name("identity").index(1).required(true)).arg(Arg::with_name("path").index(2).required(true))) + .subcommand(App::new("verify").arg(Arg::with_name("identity").index(1).required(true)).arg(Arg::with_name("path").index(2).required(true)).arg(Arg::with_name("signature").index(3).required(true))), + ) .help(help.as_str()) .get_matches_from_safe(std::env::args()); if args.is_err() { @@ -215,7 +197,7 @@ fn main() { json_output: cli_args.is_present("json"), base_path: cli_args.value_of("path").map_or_else(|| platform_default_home_path(), |p| p.into_string()), auth_token_path_override: cli_args.value_of("token_path").map(|p| p.into_string()), - auth_token_override: cli_args.value_of("token").map(|t| t.into_string()) + auth_token_override: cli_args.value_of("token").map(|t| t.into_string()), }; std::process::exit({ diff --git a/zerotier-system-service/src/service.rs b/zerotier-system-service/src/service.rs index ade02d8d5..ab4997d0a 100644 --- a/zerotier-system-service/src/service.rs +++ b/zerotier-system-service/src/service.rs @@ -7,21 +7,21 @@ */ use std::num::NonZeroI64; -use std::sync::Arc; use std::sync::atomic::{AtomicBool, AtomicUsize, Ordering}; +use std::sync::Arc; use parking_lot::Mutex; -use zerotier_network_hypervisor::{Interface, NetworkHypervisor}; +use crate::fastudpsocket::{fast_udp_socket_sendto, FastUDPRawOsSocket}; use zerotier_network_hypervisor::vl1::{Endpoint, Identity, IdentityType, Node, VL1SystemInterface}; use zerotier_network_hypervisor::vl2::SwitchInterface; -use crate::fastudpsocket::{fast_udp_socket_sendto, FastUDPRawOsSocket}; +use zerotier_network_hypervisor::{Interface, NetworkHypervisor}; -use crate::GlobalCommandLineFlags; -use crate::log::Log; -use crate::utils::{ms_monotonic, ms_since_epoch}; use crate::localconfig::LocalConfig; +use crate::log::Log; use crate::store::{platform_default_home_path, StateObjectType, Store}; +use crate::utils::{ms_monotonic, ms_since_epoch}; +use crate::GlobalCommandLineFlags; struct ServiceInterface { pub store: Store, @@ -59,23 +59,26 @@ impl VL1SystemInterface for ServiceInterface { fn wire_send(&self, endpoint: &Endpoint, local_socket: Option, local_interface: Option, data: &[&[u8]], packet_ttl: u8) -> bool { match endpoint { Endpoint::IpUdp(ip) => { - local_socket.map_or_else(|| { - let ptr = self.all_sockets_spin_ptr.fetch_add(1, Ordering::Relaxed); - let all_sockets = self.all_sockets.lock(); - if !all_sockets.is_empty() { - let s = unsafe { all_sockets.get_unchecked(ptr % all_sockets.len()) }.clone(); - drop(all_sockets); // release mutex - fast_udp_socket_sendto(&s, ip, data, packet_ttl); + local_socket.map_or_else( + || { + let ptr = self.all_sockets_spin_ptr.fetch_add(1, Ordering::Relaxed); + let all_sockets = self.all_sockets.lock(); + if !all_sockets.is_empty() { + let s = unsafe { all_sockets.get_unchecked(ptr % all_sockets.len()) }.clone(); + drop(all_sockets); // release mutex + fast_udp_socket_sendto(&s, ip, data, packet_ttl); + true + } else { + false + } + }, + |local_socket| { + fast_udp_socket_sendto(&local_socket, ip, data, packet_ttl); true - } else { - false - } - }, |local_socket| { - fast_udp_socket_sendto(&local_socket, ip, data, packet_ttl); - true - }) + }, + ) } - _ => false + _ => false, } } @@ -90,10 +93,14 @@ impl VL1SystemInterface for ServiceInterface { } #[inline(always)] - fn time_ticks(&self) -> i64 { ms_monotonic() } + fn time_ticks(&self) -> i64 { + ms_monotonic() + } #[inline(always)] - fn time_clock(&self) -> i64 { ms_since_epoch() } + fn time_clock(&self) -> i64 { + ms_since_epoch() + } } impl SwitchInterface for ServiceInterface {} @@ -102,8 +109,7 @@ impl Interface for ServiceInterface {} pub fn run(global_cli_flags: &GlobalCommandLineFlags) -> i32 { let store = Store::new(global_cli_flags.base_path.as_str(), &global_cli_flags.auth_token_path_override, &global_cli_flags.auth_token_override); - if store.is_err() { - } + if store.is_err() {} let si = ServiceInterface { store: store.unwrap(), diff --git a/zerotier-system-service/src/store.rs b/zerotier-system-service/src/store.rs index 4a2f140dc..00bfaa992 100644 --- a/zerotier-system-service/src/store.rs +++ b/zerotier-system-service/src/store.rs @@ -6,13 +6,13 @@ * https://www.zerotier.com/ */ +use std::ffi::CString; use std::io::{Read, Write}; use std::path::{Path, PathBuf}; -use std::sync::Mutex; use std::str::FromStr; -use std::ffi::CString; +use std::sync::Mutex; -use zerotier_core::{StateObjectType, NetworkId}; +use zerotier_core::{NetworkId, StateObjectType}; use crate::localconfig::LocalConfig; @@ -27,7 +27,7 @@ pub enum StateObjectType { IdentityPublic, IdentitySecret, NetworkConfig, - Peer + Peer, } #[cfg(any(target_os = "macos", target_os = "ios"))] @@ -70,16 +70,8 @@ impl Store { peers_path: bp.join("peers.d").into_boxed_path(), controller_path: bp.join("controller.d").into_boxed_path(), networks_path: bp.join("networks.d").into_boxed_path(), - auth_token_path: Mutex::new(auth_token_path_override.map_or_else(|| { - bp.join(AUTHTOKEN_SECRET).into_boxed_path() - }, |auth_token_path_override| { - PathBuf::from(auth_token_path_override).into_boxed_path() - })), - auth_token: Mutex::new(auth_token_override.map_or_else(|| { - String::new() - }, |auth_token_override| { - auth_token_override - })), + auth_token_path: Mutex::new(auth_token_path_override.map_or_else(|| bp.join(AUTHTOKEN_SECRET).into_boxed_path(), |auth_token_path_override| PathBuf::from(auth_token_path_override).into_boxed_path())), + auth_token: Mutex::new(auth_token_override.map_or_else(|| String::new(), |auth_token_override| auth_token_override)), }; let _ = std::fs::create_dir_all(&s.peers_path); @@ -99,7 +91,7 @@ impl Store { } else { Some(self.networks_path.join(format!("{:0>16x}.conf", obj_id[0]))) } - }, + } StateObjectType::Peer => { if obj_id.len() < 1 { None @@ -132,7 +124,7 @@ impl Store { let p = self.auth_token_path.lock().unwrap(); let ps = p.to_str().unwrap(); - let token2 = self.read_file(ps).map_or(String::new(), |sb| { String::from_utf8(sb).unwrap_or(String::new()).trim().to_string() }); + let token2 = self.read_file(ps).map_or(String::new(), |sb| String::from_utf8(sb).unwrap_or(String::new()).trim().to_string()); if token2.is_empty() { if generate_if_missing { let mut rb = [0_u8; 32]; @@ -173,7 +165,8 @@ impl Store { if de.is_ok() { let nn = de.unwrap().file_name(); let n = nn.to_str().unwrap_or(""); - if n.len() == 21 && n.ends_with(".conf") { // ################.conf + if n.len() == 21 && n.ends_with(".conf") { + // ################.conf let nwid = u64::from_str_radix(&n[0..16], 16); if nwid.is_ok() { list.push(NetworkId(nwid.unwrap())); diff --git a/zerotier-system-service/src/utils.rs b/zerotier-system-service/src/utils.rs index 61cb3bde2..fd8205f2f 100644 --- a/zerotier-system-service/src/utils.rs +++ b/zerotier-system-service/src/utils.rs @@ -15,8 +15,8 @@ use std::str::FromStr; use serde::de::DeserializeOwned; use serde::Serialize; -use zerotier_network_hypervisor::vl1::Identity; use zerotier_core_crypto::hex; +use zerotier_network_hypervisor::vl1::Identity; use crate::osdep; @@ -30,7 +30,8 @@ pub fn ms_monotonic() -> i64 { let mut tb: mach::mach_time::mach_timebase_info_data_t = std::mem::zeroed(); if mach::mach_time::mach_timebase_info(&mut tb) == 0 { let mt = mach::mach_time::mach_continuous_approximate_time(); // ZT doesn't need it to be *that* exact, and this is faster - (((mt as u128) * tb.numer as u128 * 1000000_u128) / (tb.denom as u128)) as i64 // milliseconds since X + (((mt as u128) * tb.numer as u128 * 1000000_u128) / (tb.denom as u128)) as i64 + // milliseconds since X } else { panic!("FATAL: mach_timebase_info() failed"); } @@ -38,21 +39,26 @@ pub fn ms_monotonic() -> i64 { } #[cfg(not(any(target_os = "macos", target_os = "ios")))] -pub fn ms_monotonic() -> i64 { -} +pub fn ms_monotonic() -> i64 {} pub fn parse_bool(v: &str) -> Result { if !v.is_empty() { match v.chars().next().unwrap() { - 'y' | 'Y' | '1' | 't' | 'T' => { return Ok(true); } - 'n' | 'N' | '0' | 'f' | 'F' => { return Ok(false); } + 'y' | 'Y' | '1' | 't' | 'T' => { + return Ok(true); + } + 'n' | 'N' | '0' | 'f' | 'F' => { + return Ok(false); + } _ => {} } } Err(format!("invalid boolean value: '{}'", v)) } -pub fn is_valid_bool(v: String) -> Result<(), String> { parse_bool(v.as_str()).map(|_| ()) } +pub fn is_valid_bool(v: String) -> Result<(), String> { + parse_bool(v.as_str()).map(|_| ()) +} pub fn is_valid_port(v: String) -> Result<(), String> { let i = u16::from_str(v.as_str()).unwrap_or(0); @@ -73,26 +79,19 @@ pub fn read_limit>(path: P, limit: usize) -> std::io::Result Result { let parse_func = |s: &str| { - Identity::new_from_string(s).map_or_else(|e| { - Err(format!("invalid identity: {}", e.to_str())) - }, |id| { - if !validate || id.validate() { - Ok(id) - } else { - Err(String::from("invalid identity: local validation failed")) - } - }) + Identity::new_from_string(s).map_or_else( + |e| Err(format!("invalid identity: {}", e.to_str())), + |id| { + if !validate || id.validate() { + Ok(id) + } else { + Err(String::from("invalid identity: local validation failed")) + } + }, + ) }; if Path::new(input).exists() { - read_limit(input, 16384).map_or_else(|e| { - Err(e.to_string()) - }, |v| { - String::from_utf8(v).map_or_else(|e| { - Err(e.to_string()) - }, |s| { - parse_func(s.as_str()) - }) - }) + read_limit(input, 16384).map_or_else(|e| Err(e.to_string()), |v| String::from_utf8(v).map_or_else(|e| Err(e.to_string()), |s| parse_func(s.as_str()))) } else { parse_func(input) } @@ -172,24 +171,33 @@ pub fn json_patch(target: &mut serde_json::value::Value, source: &serde_json::va /// If there are no changes, None is returned. The depth limit is passed through to json_patch and /// should be set to a sanity check value to prevent overflows. pub fn json_patch_object(obj: O, patch: &str, depth_limit: usize) -> Result, serde_json::Error> { - serde_json::from_str::(patch).map_or_else(|e| Err(e), |patch| { - serde_json::value::to_value(obj.borrow()).map_or_else(|e| Err(e), |mut obj_value| { - json_patch(&mut obj_value, &patch, depth_limit); - serde_json::value::from_value::(obj_value).map_or_else(|e| Err(e), |obj_merged| { - if obj == obj_merged { - Ok(None) - } else { - Ok(Some(obj_merged)) - } - }) - }) - }) + serde_json::from_str::(patch).map_or_else( + |e| Err(e), + |patch| { + serde_json::value::to_value(obj.borrow()).map_or_else( + |e| Err(e), + |mut obj_value| { + json_patch(&mut obj_value, &patch, depth_limit); + serde_json::value::from_value::(obj_value).map_or_else( + |e| Err(e), + |obj_merged| { + if obj == obj_merged { + Ok(None) + } else { + Ok(Some(obj_merged)) + } + }, + ) + }, + ) + }, + ) } #[cfg(test)] mod tests { - use std::time::Duration; use crate::utils::ms_monotonic; + use std::time::Duration; #[test] fn monotonic_clock_sanity_check() { diff --git a/zerotier-system-service/src/vnic/common.rs b/zerotier-system-service/src/vnic/common.rs index c4494b645..d844205c3 100644 --- a/zerotier-system-service/src/vnic/common.rs +++ b/zerotier-system-service/src/vnic/common.rs @@ -45,7 +45,7 @@ pub fn get_l2_multicast_subscriptions(dev: &str) -> HashSet { let la: &libc::sockaddr_dl = &*((*i).ifma_addr.cast()); if la.sdl_alen == 6 && in_.sdl_nlen <= dev.len().as_() && crate::libc::memcmp(dev.as_ptr().cast(), in_.sdl_data.as_ptr().cast(), in_.sdl_nlen.as_()) == 0 { let mi = la.sdl_nlen as usize; - MAC::from_u64((la.sdl_data[mi] as u64) << 40 | (la.sdl_data[mi+1] as u64) << 32 | (la.sdl_data[mi+2] as u64) << 24 | (la.sdl_data[mi+3] as u64) << 16 | (la.sdl_data[mi+4] as u64) << 8 | la.sdl_data[mi+5] as u64).map(|mac| groups.insert(mac)); + MAC::from_u64((la.sdl_data[mi] as u64) << 40 | (la.sdl_data[mi + 1] as u64) << 32 | (la.sdl_data[mi + 2] as u64) << 24 | (la.sdl_data[mi + 3] as u64) << 16 | (la.sdl_data[mi + 4] as u64) << 8 | la.sdl_data[mi + 5] as u64).map(|mac| groups.insert(mac)); } } i = (*i).ifma_next; diff --git a/zerotier-system-service/src/vnic/mac_feth_tap.rs b/zerotier-system-service/src/vnic/mac_feth_tap.rs index c6d8ae3f5..d2e585abd 100644 --- a/zerotier-system-service/src/vnic/mac_feth_tap.rs +++ b/zerotier-system-service/src/vnic/mac_feth_tap.rs @@ -57,7 +57,7 @@ const SYSCTL: &'static str = "/usr/sbin/sysctl"; // Holds names of feth devices and destroys them on Drop. struct MacFethDevice { pub name: String, - pub peer_name: String + pub peer_name: String, } impl Drop for MacFethDevice { @@ -100,80 +100,80 @@ lazy_static! { /* struct nd_ifinfo { - u_int32_t linkmtu; /* LinkMTU */ - u_int32_t maxmtu; /* Upper bound of LinkMTU */ - u_int32_t basereachable; /* BaseReachableTime */ - u_int32_t reachable; /* Reachable Time */ - u_int32_t retrans; /* Retrans Timer */ - u_int32_t flags; /* Flags */ - int recalctm; /* BaseReacable re-calculation timer */ - u_int8_t chlim; /* CurHopLimit */ - u_int8_t receivedra; + u_int32_t linkmtu; /* LinkMTU */ + u_int32_t maxmtu; /* Upper bound of LinkMTU */ + u_int32_t basereachable; /* BaseReachableTime */ + u_int32_t reachable; /* Reachable Time */ + u_int32_t retrans; /* Retrans Timer */ + u_int32_t flags; /* Flags */ + int recalctm; /* BaseReacable re-calculation timer */ + u_int8_t chlim; /* CurHopLimit */ + u_int8_t receivedra; }; struct in6_ndireq { char ifname[IFNAMSIZ]; struct nd_ifinfo ndi; }; struct in6_addrlifetime { - time_t ia6t_expire; /* valid lifetime expiration time */ - time_t ia6t_preferred; /* preferred lifetime expiration time */ - u_int32_t ia6t_vltime; /* valid lifetime */ - u_int32_t ia6t_pltime; /* prefix lifetime */ + time_t ia6t_expire; /* valid lifetime expiration time */ + time_t ia6t_preferred; /* preferred lifetime expiration time */ + u_int32_t ia6t_vltime; /* valid lifetime */ + u_int32_t ia6t_pltime; /* prefix lifetime */ }; struct in6_ifstat { - ifs6_in_receive; /* # of total input datagram */ - ifs6_in_hdrerr; /* # of datagrams with invalid hdr */ - ifs6_in_toobig; /* # of datagrams exceeded MTU */ - ifs6_in_noroute; /* # of datagrams with no route */ - ifs6_in_addrerr; /* # of datagrams with invalid dst */ - ifs6_in_protounknown; /* # of datagrams with unknown proto */ - /* NOTE: increment on final dst if */ - ifs6_in_truncated; /* # of truncated datagrams */ - ifs6_in_discard; /* # of discarded datagrams */ - /* NOTE: fragment timeout is not here */ - ifs6_in_deliver; /* # of datagrams delivered to ULP */ - /* NOTE: increment on final dst if */ - ifs6_out_forward; /* # of datagrams forwarded */ - /* NOTE: increment on outgoing if */ - ifs6_out_request; /* # of outgoing datagrams from ULP */ - /* NOTE: does not include forwrads */ - ifs6_out_discard; /* # of discarded datagrams */ - ifs6_out_fragok; /* # of datagrams fragmented */ - ifs6_out_fragfail; /* # of datagrams failed on fragment */ - ifs6_out_fragcreat; /* # of fragment datagrams */ - /* NOTE: this is # after fragment */ - ifs6_reass_reqd; /* # of incoming fragmented packets */ - /* NOTE: increment on final dst if */ - ifs6_reass_ok; /* # of reassembled packets */ - /* NOTE: this is # after reass */ - /* NOTE: increment on final dst if */ - ifs6_atmfrag_rcvd; /* # of atomic fragments received */ - ifs6_reass_fail; /* # of reass failures */ - /* NOTE: may not be packet count */ - /* NOTE: increment on final dst if */ - ifs6_in_mcast; /* # of inbound multicast datagrams */ - ifs6_out_mcast; /* # of outbound multicast datagrams */ + ifs6_in_receive; /* # of total input datagram */ + ifs6_in_hdrerr; /* # of datagrams with invalid hdr */ + ifs6_in_toobig; /* # of datagrams exceeded MTU */ + ifs6_in_noroute; /* # of datagrams with no route */ + ifs6_in_addrerr; /* # of datagrams with invalid dst */ + ifs6_in_protounknown; /* # of datagrams with unknown proto */ + /* NOTE: increment on final dst if */ + ifs6_in_truncated; /* # of truncated datagrams */ + ifs6_in_discard; /* # of discarded datagrams */ + /* NOTE: fragment timeout is not here */ + ifs6_in_deliver; /* # of datagrams delivered to ULP */ + /* NOTE: increment on final dst if */ + ifs6_out_forward; /* # of datagrams forwarded */ + /* NOTE: increment on outgoing if */ + ifs6_out_request; /* # of outgoing datagrams from ULP */ + /* NOTE: does not include forwrads */ + ifs6_out_discard; /* # of discarded datagrams */ + ifs6_out_fragok; /* # of datagrams fragmented */ + ifs6_out_fragfail; /* # of datagrams failed on fragment */ + ifs6_out_fragcreat; /* # of fragment datagrams */ + /* NOTE: this is # after fragment */ + ifs6_reass_reqd; /* # of incoming fragmented packets */ + /* NOTE: increment on final dst if */ + ifs6_reass_ok; /* # of reassembled packets */ + /* NOTE: this is # after reass */ + /* NOTE: increment on final dst if */ + ifs6_atmfrag_rcvd; /* # of atomic fragments received */ + ifs6_reass_fail; /* # of reass failures */ + /* NOTE: may not be packet count */ + /* NOTE: increment on final dst if */ + ifs6_in_mcast; /* # of inbound multicast datagrams */ + ifs6_out_mcast; /* # of outbound multicast datagrams */ - ifs6_cantfoward_icmp6; /* # of ICMPv6 packets received for unreachable dest */ - ifs6_addr_expiry_cnt; /* # of address expiry events (excluding privacy addresses) */ - ifs6_pfx_expiry_cnt; /* # of prefix expiry events */ - ifs6_defrtr_expiry_cnt; /* # of default router expiry events */ + ifs6_cantfoward_icmp6; /* # of ICMPv6 packets received for unreachable dest */ + ifs6_addr_expiry_cnt; /* # of address expiry events (excluding privacy addresses) */ + ifs6_pfx_expiry_cnt; /* # of prefix expiry events */ + ifs6_defrtr_expiry_cnt; /* # of default router expiry events */ }; struct in6_ifreq { - char ifr_name[IFNAMSIZ]; - union { - struct sockaddr_in6 ifru_addr; - struct sockaddr_in6 ifru_dstaddr; - int ifru_flags; - int ifru_flags6; - int ifru_metric; - int ifru_intval; - caddr_t ifru_data; - struct in6_addrlifetime ifru_lifetime; - struct in6_ifstat ifru_stat; - struct icmp6_ifstat ifru_icmp6stat; - u_int32_t ifru_scope_id[SCOPE6_ID_MAX]; - } ifr_ifru; + char ifr_name[IFNAMSIZ]; + union { + struct sockaddr_in6 ifru_addr; + struct sockaddr_in6 ifru_dstaddr; + int ifru_flags; + int ifru_flags6; + int ifru_metric; + int ifru_intval; + caddr_t ifru_data; + struct in6_addrlifetime ifru_lifetime; + struct in6_ifstat ifru_stat; + struct icmp6_ifstat ifru_icmp6stat; + u_int32_t ifru_scope_id[SCOPE6_ID_MAX]; + } ifr_ifru; }; */ @@ -268,7 +268,7 @@ union u_ifr_ifru { ifru_lifetime: in6_addrlifetime, ifru_stat: in6_ifstat, ifru_icmp6stat: icmp6_ifstat, - ifru_scope_id: [u32; 16 /* SCOPE6_ID_MAX */], + ifru_scope_id: [u32; 16], } #[allow(non_camel_case_types)] @@ -328,7 +328,16 @@ fn device_ipv6_set_params(device: &String, perform_nud: bool, accept_ra: bool) - let mut ifr: in6_ifreq = zeroed(); copy_nonoverlapping(dev.as_ptr(), ifr.ifr_name.as_mut_ptr().cast::(), if dev.len() > (ifr.ifr_name.len() - 1) { ifr.ifr_name.len() - 1 } else { dev.len() }); - if libc::ioctl(s, if accept_ra { 132 /* SIOCAUTOCONF_START */ } else { 133 /* SIOCAUTOCONF_STOP */ }, (&mut ifr as *mut in6_ifreq).cast::()) != 0 { + if libc::ioctl( + s, + if accept_ra { + 132 /* SIOCAUTOCONF_START */ + } else { + 133 /* SIOCAUTOCONF_STOP */ + }, + (&mut ifr as *mut in6_ifreq).cast::(), + ) != 0 + { ok = false; } @@ -339,40 +348,40 @@ fn device_ipv6_set_params(device: &String, perform_nud: bool, accept_ra: bool) - /* struct ifkpi { - unsigned int ifk_module_id; - unsigned int ifk_type; - union { - void *ifk_ptr; - int ifk_value; - } ifk_data; + unsigned int ifk_module_id; + unsigned int ifk_type; + union { + void *ifk_ptr; + int ifk_value; + } ifk_data; }; struct ifdevmtu { - int ifdm_current; - int ifdm_min; - int ifdm_max; + int ifdm_current; + int ifdm_min; + int ifdm_max; }; struct ifreq { #ifndef IFNAMSIZ #define IFNAMSIZ IF_NAMESIZE #endif - char ifr_name[IFNAMSIZ]; /* if name, e.g. "en0" */ - union { - struct sockaddr ifru_addr; - struct sockaddr ifru_dstaddr; - struct sockaddr ifru_broadaddr; - short ifru_flags; - int ifru_metric; - int ifru_mtu; - int ifru_phys; - int ifru_media; - int ifru_intval; - caddr_t ifru_data; - struct ifdevmtu ifru_devmtu; - struct ifkpi ifru_kpi; - u_int32_t ifru_wake_flags; - u_int32_t ifru_route_refcnt; - int ifru_cap[2]; - u_int32_t ifru_functional_type; + char ifr_name[IFNAMSIZ]; /* if name, e.g. "en0" */ + union { + struct sockaddr ifru_addr; + struct sockaddr ifru_dstaddr; + struct sockaddr ifru_broadaddr; + short ifru_flags; + int ifru_metric; + int ifru_mtu; + int ifru_phys; + int ifru_media; + int ifru_intval; + caddr_t ifru_data; + struct ifdevmtu ifru_devmtu; + struct ifkpi ifru_kpi; + u_int32_t ifru_wake_flags; + u_int32_t ifru_route_refcnt; + int ifru_cap[2]; + u_int32_t ifru_functional_type; #define IFRTYPE_FUNCTIONAL_UNKNOWN 0 #define IFRTYPE_FUNCTIONAL_LOOPBACK 1 #define IFRTYPE_FUNCTIONAL_WIRED 2 @@ -382,7 +391,7 @@ struct ifreq { #define IFRTYPE_FUNCTIONAL_INTCOPROC 6 #define IFRTYPE_FUNCTIONAL_COMPANIONLINK 7 #define IFRTYPE_FUNCTIONAL_LAST 7 - } ifr_ifru; + } ifr_ifru; #define ifr_addr ifr_ifru.ifru_addr /* address */ #define ifr_dstaddr ifr_ifru.ifru_dstaddr /* other end of p-to-p link */ #define ifr_broadaddr ifr_ifru.ifru_broadaddr /* broadcast address */ @@ -406,9 +415,9 @@ struct ifreq { #define ifr_curcap ifr_ifru.ifru_cap[1] /* current capabilities */ }; struct sockaddr_ndrv { - unsigned char snd_len; - unsigned char snd_family; - unsigned char snd_name[IFNAMSIZ]; /* from if.h */ + unsigned char snd_len; + unsigned char snd_family; + unsigned char snd_name[IFNAMSIZ]; /* from if.h */ }; */ @@ -510,7 +519,9 @@ impl MacFethTap { // Set sysctl for max if_fake MTU. This is allowed to fail since this sysctl doesn't // exist on older versions of MacOS (and isn't required there). 16000 is larger than // anything ZeroTier supports. OS max is 16384 - some overhead. - let _ = Command::new(SYSCTL).arg("net.link.fake.max_mtu").arg("10000").spawn().map(|mut c| { let _ = c.wait(); }); + let _ = Command::new(SYSCTL).arg("net.link.fake.max_mtu").arg("10000").spawn().map(|mut c| { + let _ = c.wait(); + }); // Create pair of feth interfaces and create MacFethDevice struct. let cmd = Command::new(IFCONFIG).arg(&device_name).arg("create").spawn(); @@ -523,10 +534,7 @@ impl MacFethTap { return Err(format!("unable to create device '{}': {}", peer_device_name.as_str(), cmd.err().unwrap().to_string())); } let _ = cmd.unwrap().wait(); - let device = MacFethDevice { - name: device_name, - peer_name: peer_device_name, - }; + let device = MacFethDevice { name: device_name, peer_name: peer_device_name }; // Set link-layer (MAC) address of primary interface. let cmd = Command::new(IFCONFIG).arg(&device.name).arg("lladdr").arg(mac.to_string()).spawn(); @@ -584,46 +592,78 @@ impl MacFethTap { // Set/get buffer length to use with reads from BPF device, trying to // use up to BPF_BUFFER_SIZE bytes. let mut fl: c_int = BPF_BUFFER_SIZE as c_int; - if unsafe { libc::ioctl(bpf_fd as c_int, 102 /* BIOCSBLEN */, (&mut fl as *mut c_int).cast::()) } != 0 { - unsafe { libc::close(bpf_fd); } + if unsafe { + libc::ioctl(bpf_fd as c_int, 102 /* BIOCSBLEN */, (&mut fl as *mut c_int).cast::()) + } != 0 + { + unsafe { + libc::close(bpf_fd); + } return Err(String::from("unable to configure BPF device")); } let bpf_read_size = fl as libc::size_t; // Set immediate mode for "live" capture. fl = 1; - if unsafe { libc::ioctl(bpf_fd as c_int, 112 /* BIOCIMMEDIATE */, (&mut fl as *mut c_int).cast::()) } != 0 { - unsafe { libc::close(bpf_fd); } + if unsafe { + libc::ioctl(bpf_fd as c_int, 112 /* BIOCIMMEDIATE */, (&mut fl as *mut c_int).cast::()) + } != 0 + { + unsafe { + libc::close(bpf_fd); + } return Err(String::from("unable to configure BPF device")); } // Do not send us back packets we inject or send. fl = 0; - if unsafe { libc::ioctl(bpf_fd as c_int, 119 /* BIOCSSEESENT */, (&mut fl as *mut c_int).cast::()) } != 0 { - unsafe { libc::close(bpf_fd); } + if unsafe { + libc::ioctl(bpf_fd as c_int, 119 /* BIOCSSEESENT */, (&mut fl as *mut c_int).cast::()) + } != 0 + { + unsafe { + libc::close(bpf_fd); + } return Err(String::from("unable to configure BPF device")); } // Bind BPF to secondary feth device. let mut bpf_ifr: ifreq = unsafe { std::mem::zeroed() }; let peer_dev_name_bytes = device.peer_name.as_bytes(); - unsafe { copy_nonoverlapping(peer_dev_name_bytes.as_ptr(), bpf_ifr.ifr_name.as_mut_ptr().cast::(), if peer_dev_name_bytes.len() > (bpf_ifr.ifr_name.len() - 1) { bpf_ifr.ifr_name.len() - 1 } else { peer_dev_name_bytes.len() }); } - if unsafe { libc::ioctl(bpf_fd as c_int, 108 /* BIOCSETIF */, (&mut bpf_ifr as *mut ifreq).cast::()) } != 0 { - unsafe { libc::close(bpf_fd); } + unsafe { + copy_nonoverlapping(peer_dev_name_bytes.as_ptr(), bpf_ifr.ifr_name.as_mut_ptr().cast::(), if peer_dev_name_bytes.len() > (bpf_ifr.ifr_name.len() - 1) { bpf_ifr.ifr_name.len() - 1 } else { peer_dev_name_bytes.len() }); + } + if unsafe { + libc::ioctl(bpf_fd as c_int, 108 /* BIOCSETIF */, (&mut bpf_ifr as *mut ifreq).cast::()) + } != 0 + { + unsafe { + libc::close(bpf_fd); + } return Err(String::from("unable to configure BPF device")); } // Include Ethernet header in BPF captures. fl = 1; - if unsafe { libc::ioctl(bpf_fd as c_int, 117 /* BIOCSHDRCMPLT */, (&mut fl as *mut c_int).cast::()) } != 0 { - unsafe { libc::close(bpf_fd); } + if unsafe { + libc::ioctl(bpf_fd as c_int, 117 /* BIOCSHDRCMPLT */, (&mut fl as *mut c_int).cast::()) + } != 0 + { + unsafe { + libc::close(bpf_fd); + } return Err(String::from("unable to configure BPF device")); } // Set promiscuous mode so bridging can work. fl = 1; - if unsafe { libc::ioctl(bpf_fd as c_int, 105 /* BIOCPROMISC */, (&mut fl as *mut c_int).cast::()) } != 0 { - unsafe { libc::close(bpf_fd); } + if unsafe { + libc::ioctl(bpf_fd as c_int, 105 /* BIOCPROMISC */, (&mut fl as *mut c_int).cast::()) + } != 0 + { + unsafe { + libc::close(bpf_fd); + } return Err(String::from("unable to configure BPF device")); } @@ -653,30 +693,46 @@ impl MacFethTap { } }); if t.is_err() { - unsafe { libc::close(bpf_fd); } + unsafe { + libc::close(bpf_fd); + } return Err(String::from("unable to start thread")); } // Create AF_NDRV socket used to inject packets. We could inject with BPF but that has // a hard MTU limit of 2048 so we have to use AF_NDRV instead. Performance is probably // the same, but it means another socket. - let ndrv_fd = unsafe { libc::socket(27 /* AF_NDRV */, libc::SOCK_RAW, 0) }; + let ndrv_fd = unsafe { + libc::socket(27 /* AF_NDRV */, libc::SOCK_RAW, 0) + }; if ndrv_fd < 0 { - unsafe { libc::close(bpf_fd); } + unsafe { + libc::close(bpf_fd); + } return Err(String::from("unable to create AF_NDRV socket")); } let mut ndrv_sa: sockaddr_ndrv = unsafe { std::mem::zeroed() }; ndrv_sa.snd_len = std::mem::size_of::() as c_uchar; ndrv_sa.snd_family = 27 /* AF_NDRV */; - unsafe { copy_nonoverlapping(peer_dev_name_bytes.as_ptr(), ndrv_sa.snd_name.as_mut_ptr().cast::(), if peer_dev_name_bytes.len() > (bpf_ifr.ifr_name.len() - 1) { bpf_ifr.ifr_name.len() - 1 } else { peer_dev_name_bytes.len() }); } + unsafe { + copy_nonoverlapping(peer_dev_name_bytes.as_ptr(), ndrv_sa.snd_name.as_mut_ptr().cast::(), if peer_dev_name_bytes.len() > (bpf_ifr.ifr_name.len() - 1) { bpf_ifr.ifr_name.len() - 1 } else { peer_dev_name_bytes.len() }); + } if unsafe { libc::bind(ndrv_fd, (&ndrv_sa as *const sockaddr_ndrv).cast(), std::mem::size_of::() as libc::socklen_t) } != 0 { - unsafe { libc::close(bpf_fd); } - unsafe { libc::close(ndrv_fd); } + unsafe { + libc::close(bpf_fd); + } + unsafe { + libc::close(ndrv_fd); + } return Err(String::from("unable to bind AF_NDRV socket")); } if unsafe { libc::connect(ndrv_fd, (&ndrv_sa as *const sockaddr_ndrv).cast(), std::mem::size_of::() as libc::socklen_t) } != 0 { - unsafe { libc::close(bpf_fd); } - unsafe { libc::close(ndrv_fd); } + unsafe { + libc::close(bpf_fd); + } + unsafe { + libc::close(ndrv_fd); + } return Err(String::from("unable to connect AF_NDRV socket")); } @@ -688,7 +744,7 @@ impl MacFethTap { ndrv_fd, bpf_fd, bpf_no, - bpf_read_thread: Cell::new(Some(t.unwrap())) + bpf_read_thread: Cell::new(Some(t.unwrap())), }) } @@ -758,10 +814,7 @@ impl VNIC for MacFethTap { let mut hdr: [u8; 14] = [(dm >> 40) as u8, (dm >> 32) as u8, (dm >> 24) as u8, (dm >> 16) as u8, (dm >> 8) as u8, dm as u8, (sm >> 40) as u8, (sm >> 32) as u8, (sm >> 24) as u8, (sm >> 16) as u8, (sm >> 8) as u8, sm as u8, (ethertype >> 8) as u8, ethertype as u8]; unsafe { let iov: [libc::iovec; 2] = [ - libc::iovec { - iov_base: hdr.as_mut_ptr().cast(), - iov_len: 14, - }, + libc::iovec { iov_base: hdr.as_mut_ptr().cast(), iov_len: 14 }, libc::iovec { iov_base: transmute(data), // have to "cast away const" even though data is not modified by writev() iov_len: len as libc::size_t, diff --git a/zerotier-system-service/src/vnic/mod.rs b/zerotier-system-service/src/vnic/mod.rs index a72e7a02f..a191dee86 100644 --- a/zerotier-system-service/src/vnic/mod.rs +++ b/zerotier-system-service/src/vnic/mod.rs @@ -6,8 +6,8 @@ * https://www.zerotier.com/ */ -mod vnic; mod common; +mod vnic; #[cfg(target_os = "macos")] mod mac_feth_tap;