void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-06-14 16:33:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

A little renaming for the future.

Browse source
This commit is contained in:
Adam Ierymenko 2022-10-23 13:36:00 -07:00
parent 752dbf4816
commit d07d146260
No known key found for this signature in database
GPG key ID: C8877CF2D7A5D7F3
3 changed files with 15 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
controller/src/handler.rs
View file

@ -165,7 +165,7 @@ impl<DatabaseImpl: Database> InnerProtocol for Handler<DatabaseImpl> {
let now = ms_since_epoch(); let now = ms_since_epoch();
let result = match inner let result = match inner
.handle_network_config_request::<HostSystemImpl>(&peer.identity, network_id, &meta_data, now) .handle_network_config_request::<HostSystemImpl>(&peer.identity, network_id, now)
.await .await
{ {
Result::Ok((result, Some(config))) => { Result::Ok((result, Some(config))) => {
@ -306,7 +306,6 @@ impl<DatabaseImpl: Database> Inner<DatabaseImpl> {
self: &Arc<Self>, self: &Arc<Self>,
source_identity: &Identity, source_identity: &Identity,
network_id: NetworkId, network_id: NetworkId,
_meta_data: &Dictionary,
now: i64, now: i64,
) -> Result<(AuthorizationResult, Option<NetworkConfig>), DatabaseImpl::Error> { ) -> Result<(AuthorizationResult, Option<NetworkConfig>), DatabaseImpl::Error> {
let network = self.database.get_network(network_id).await?; let network = self.database.get_network(network_id).await?;
@ -359,11 +358,14 @@ impl<DatabaseImpl: Database> Inner<DatabaseImpl> {
// TODO: check SSO // TODO: check SSO
// Figure out time bounds for the certificate to generate. // Figure out time bounds for the certificate to generate.
let max_delta = network.credential_window_size.unwrap_or(CREDENTIAL_WINDOW_SIZE_DEFAULT); let credential_ttl = network.credential_ttl.unwrap_or(CREDENTIAL_WINDOW_SIZE_DEFAULT);
// Get a list of all network members that were deauthorized but are still within the time window. // Get a list of all network members that were deauthorized but are still within the time window.
// These will be issued revocations to remind the node not to speak to them until they fall off. // These will be issued revocations to remind the node not to speak to them until they fall off.
let deauthed_members_still_in_window = self.database.list_members_deauthorized_after(network.id, now - max_delta).await; let deauthed_members_still_in_window = self
.database
.list_members_deauthorized_after(network.id, now - credential_ttl)
.await;
// Check and if necessary auto-assign static IPs for this member. // Check and if necessary auto-assign static IPs for this member.
member_changed |= network.check_zt_ip_assignments(self.database.as_ref(), &mut member).await; member_changed |= network.check_zt_ip_assignments(self.database.as_ref(), &mut member).await;
@ -373,7 +375,7 @@ impl<DatabaseImpl: Database> Inner<DatabaseImpl> {
nc.name = member.name.clone(); nc.name = member.name.clone();
nc.private = network.private; nc.private = network.private;
nc.timestamp = now; nc.timestamp = now;
nc.max_delta = max_delta; nc.credential_ttl = credential_ttl;
nc.revision = now as u64; nc.revision = now as u64;
nc.mtu = network.mtu.unwrap_or(ZEROTIER_VIRTUAL_NETWORK_DEFAULT_MTU as u16); nc.mtu = network.mtu.unwrap_or(ZEROTIER_VIRTUAL_NETWORK_DEFAULT_MTU as u16);
nc.multicast_limit = network.multicast_limit.unwrap_or(DEFAULT_MULTICAST_LIMIT as u32); nc.multicast_limit = network.multicast_limit.unwrap_or(DEFAULT_MULTICAST_LIMIT as u32);
@ -383,7 +385,7 @@ impl<DatabaseImpl: Database> Inner<DatabaseImpl> {
nc.dns = network.dns; nc.dns = network.dns;
nc.certificate_of_membership = nc.certificate_of_membership =
CertificateOfMembership::new(&self.local_identity, network_id, &source_identity, now, max_delta, legacy_v1); CertificateOfMembership::new(&self.local_identity, network_id, &source_identity, now, credential_ttl, legacy_v1);
if nc.certificate_of_membership.is_none() { if nc.certificate_of_membership.is_none() {
return Ok((AuthorizationResult::RejectedDueToError, None)); return Ok((AuthorizationResult::RejectedDueToError, None));
} }

6
controller/src/model/network.rs
View file

@ -91,7 +91,7 @@ pub struct Network {
#[serde(default)] #[serde(default)]
pub rules: Vec<Rule>, pub rules: Vec<Rule>,
/// If set this overrides the default "agreement" window for certificates and credentials. /// If set this overrides the default TTL for certificates and credentials.
/// ///
/// Making it smaller causes deauthorized nodes to fall out of the window more rapidly but can /// Making it smaller causes deauthorized nodes to fall out of the window more rapidly but can
/// come at the expense of reliability if it's too short for everyone to update their certs /// come at the expense of reliability if it's too short for everyone to update their certs
@ -100,8 +100,8 @@ pub struct Network {
/// ///
/// Usually this does not need to be changed. /// Usually this does not need to be changed.
#[serde(skip_serializing_if = "Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
#[serde(rename = "credentialWindowSize")] #[serde(rename = "credentialTtl")]
pub credential_window_size: Option<i64>, pub credential_ttl: Option<i64>,
/// MTU inside the virtual network, default of 2800 is used if not set. /// MTU inside the virtual network, default of 2800 is used if not set.
pub mtu: Option<u16>, pub mtu: Option<u16>,

8
network-hypervisor/src/vl2/networkconfig.rs
View file

@ -33,7 +33,7 @@ pub struct NetworkConfig {
pub private: bool, pub private: bool,
pub timestamp: i64, pub timestamp: i64,
pub max_delta: i64, pub credential_ttl: i64,
pub revision: u64, pub revision: u64,
pub mtu: u16, pub mtu: u16,
@ -83,7 +83,7 @@ impl NetworkConfig {
motd: String::new(), motd: String::new(),
private: true, private: true,
timestamp: 0, timestamp: 0,
max_delta: 0, credential_ttl: 0,
revision: 0, revision: 0,
mtu: 0, mtu: 0,
multicast_limit: 0, multicast_limit: 0,
@ -122,7 +122,7 @@ impl NetworkConfig {
}, },
); );
d.set_u64(proto_v1_field_name::network_config::TIMESTAMP, self.timestamp as u64); d.set_u64(proto_v1_field_name::network_config::TIMESTAMP, self.timestamp as u64);
d.set_u64(proto_v1_field_name::network_config::MAX_DELTA, self.max_delta as u64); d.set_u64(proto_v1_field_name::network_config::MAX_DELTA, self.credential_ttl as u64);
d.set_u64(proto_v1_field_name::network_config::REVISION, self.revision); d.set_u64(proto_v1_field_name::network_config::REVISION, self.revision);
d.set_u64(proto_v1_field_name::network_config::MTU, self.mtu as u64); d.set_u64(proto_v1_field_name::network_config::MTU, self.mtu as u64);
d.set_u64(proto_v1_field_name::network_config::MULTICAST_LIMIT, self.multicast_limit as u64); d.set_u64(proto_v1_field_name::network_config::MULTICAST_LIMIT, self.multicast_limit as u64);
@ -241,7 +241,7 @@ impl NetworkConfig {
nc.timestamp = d nc.timestamp = d
.get_i64(proto_v1_field_name::network_config::TIMESTAMP) .get_i64(proto_v1_field_name::network_config::TIMESTAMP)
.ok_or(InvalidParameterError("missing timestamp"))?; .ok_or(InvalidParameterError("missing timestamp"))?;
nc.max_delta = d.get_i64(proto_v1_field_name::network_config::MAX_DELTA).unwrap_or(0); nc.credential_ttl = d.get_i64(proto_v1_field_name::network_config::MAX_DELTA).unwrap_or(0);
nc.revision = d.get_u64(proto_v1_field_name::network_config::REVISION).unwrap_or(0); nc.revision = d.get_u64(proto_v1_field_name::network_config::REVISION).unwrap_or(0);
nc.mtu = d nc.mtu = d
.get_u64(proto_v1_field_name::network_config::MTU) .get_u64(proto_v1_field_name::network_config::MTU)