From d07d146260a3772d49b9dc1ec5babec46d62bb49 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Sun, 23 Oct 2022 13:36:00 -0700 Subject: [PATCH] A little renaming for the future. --- controller/src/handler.rs | 14 ++++++++------ controller/src/model/network.rs | 6 +++--- network-hypervisor/src/vl2/networkconfig.rs | 8 ++++---- 3 files changed, 15 insertions(+), 13 deletions(-) diff --git a/controller/src/handler.rs b/controller/src/handler.rs index 350c836d1..53a19ef5f 100644 --- a/controller/src/handler.rs +++ b/controller/src/handler.rs @@ -165,7 +165,7 @@ impl InnerProtocol for Handler { let now = ms_since_epoch(); let result = match inner - .handle_network_config_request::(&peer.identity, network_id, &meta_data, now) + .handle_network_config_request::(&peer.identity, network_id, now) .await { Result::Ok((result, Some(config))) => { @@ -306,7 +306,6 @@ impl Inner { self: &Arc, source_identity: &Identity, network_id: NetworkId, - _meta_data: &Dictionary, now: i64, ) -> Result<(AuthorizationResult, Option), DatabaseImpl::Error> { let network = self.database.get_network(network_id).await?; @@ -359,11 +358,14 @@ impl Inner { // TODO: check SSO // Figure out time bounds for the certificate to generate. - let max_delta = network.credential_window_size.unwrap_or(CREDENTIAL_WINDOW_SIZE_DEFAULT); + let credential_ttl = network.credential_ttl.unwrap_or(CREDENTIAL_WINDOW_SIZE_DEFAULT); // Get a list of all network members that were deauthorized but are still within the time window. // These will be issued revocations to remind the node not to speak to them until they fall off. - let deauthed_members_still_in_window = self.database.list_members_deauthorized_after(network.id, now - max_delta).await; + let deauthed_members_still_in_window = self + .database + .list_members_deauthorized_after(network.id, now - credential_ttl) + .await; // Check and if necessary auto-assign static IPs for this member. member_changed |= network.check_zt_ip_assignments(self.database.as_ref(), &mut member).await; @@ -373,7 +375,7 @@ impl Inner { nc.name = member.name.clone(); nc.private = network.private; nc.timestamp = now; - nc.max_delta = max_delta; + nc.credential_ttl = credential_ttl; nc.revision = now as u64; nc.mtu = network.mtu.unwrap_or(ZEROTIER_VIRTUAL_NETWORK_DEFAULT_MTU as u16); nc.multicast_limit = network.multicast_limit.unwrap_or(DEFAULT_MULTICAST_LIMIT as u32); @@ -383,7 +385,7 @@ impl Inner { nc.dns = network.dns; nc.certificate_of_membership = - CertificateOfMembership::new(&self.local_identity, network_id, &source_identity, now, max_delta, legacy_v1); + CertificateOfMembership::new(&self.local_identity, network_id, &source_identity, now, credential_ttl, legacy_v1); if nc.certificate_of_membership.is_none() { return Ok((AuthorizationResult::RejectedDueToError, None)); } diff --git a/controller/src/model/network.rs b/controller/src/model/network.rs index 9f38300aa..eb03048d1 100644 --- a/controller/src/model/network.rs +++ b/controller/src/model/network.rs @@ -91,7 +91,7 @@ pub struct Network { #[serde(default)] pub rules: Vec, - /// If set this overrides the default "agreement" window for certificates and credentials. + /// If set this overrides the default TTL for certificates and credentials. /// /// Making it smaller causes deauthorized nodes to fall out of the window more rapidly but can /// come at the expense of reliability if it's too short for everyone to update their certs @@ -100,8 +100,8 @@ pub struct Network { /// /// Usually this does not need to be changed. #[serde(skip_serializing_if = "Option::is_none")] - #[serde(rename = "credentialWindowSize")] - pub credential_window_size: Option, + #[serde(rename = "credentialTtl")] + pub credential_ttl: Option, /// MTU inside the virtual network, default of 2800 is used if not set. pub mtu: Option, diff --git a/network-hypervisor/src/vl2/networkconfig.rs b/network-hypervisor/src/vl2/networkconfig.rs index ea8add846..eb965fffe 100644 --- a/network-hypervisor/src/vl2/networkconfig.rs +++ b/network-hypervisor/src/vl2/networkconfig.rs @@ -33,7 +33,7 @@ pub struct NetworkConfig { pub private: bool, pub timestamp: i64, - pub max_delta: i64, + pub credential_ttl: i64, pub revision: u64, pub mtu: u16, @@ -83,7 +83,7 @@ impl NetworkConfig { motd: String::new(), private: true, timestamp: 0, - max_delta: 0, + credential_ttl: 0, revision: 0, mtu: 0, multicast_limit: 0, @@ -122,7 +122,7 @@ impl NetworkConfig { }, ); d.set_u64(proto_v1_field_name::network_config::TIMESTAMP, self.timestamp as u64); - d.set_u64(proto_v1_field_name::network_config::MAX_DELTA, self.max_delta as u64); + d.set_u64(proto_v1_field_name::network_config::MAX_DELTA, self.credential_ttl as u64); d.set_u64(proto_v1_field_name::network_config::REVISION, self.revision); d.set_u64(proto_v1_field_name::network_config::MTU, self.mtu as u64); d.set_u64(proto_v1_field_name::network_config::MULTICAST_LIMIT, self.multicast_limit as u64); @@ -241,7 +241,7 @@ impl NetworkConfig { nc.timestamp = d .get_i64(proto_v1_field_name::network_config::TIMESTAMP) .ok_or(InvalidParameterError("missing timestamp"))?; - nc.max_delta = d.get_i64(proto_v1_field_name::network_config::MAX_DELTA).unwrap_or(0); + nc.credential_ttl = d.get_i64(proto_v1_field_name::network_config::MAX_DELTA).unwrap_or(0); nc.revision = d.get_u64(proto_v1_field_name::network_config::REVISION).unwrap_or(0); nc.mtu = d .get_u64(proto_v1_field_name::network_config::MTU)