Code cleanup, Linux build fixes.

core/AES.cpp

@@ -996,14 +996,14 @@ void AES::_initSW(const uint8_t key[32]) noexcept
 	rk[7] = readuint32_t(key + 28);
 	for (int i = 0;;) {
 		uint32_t temp = rk[7];
-		rk[8] = rk[0] ^ (Te2[(temp >> 16U) & 0xff] & 0xff000000) ^ (Te3[(temp >> 8U) & 0xff] & 0x00ff0000) ^ (Te0[(temp) & 0xff] & 0x0000ff00) ^ (Te1[(temp >> 24U)] & 0x000000ff) ^ rcon[i];
+		rk[8] = rk[0] ^ (Te2[(temp >> 16U) & 0xffU] & 0xff000000U) ^ (Te3[(temp >> 8U) & 0xffU] & 0x00ff0000U) ^ (Te0[(temp) & 0xffU] & 0x0000ff00U) ^ (Te1[(temp >> 24U)] & 0x000000ffU) ^ rcon[i];
 		rk[9] = rk[1] ^ rk[8];
 		rk[10] = rk[2] ^ rk[9];
 		rk[11] = rk[3] ^ rk[10];
 		if (++i == 7)
 			break;
 		temp = rk[11];
-		rk[12] = rk[4] ^ (Te2[(temp >> 24U)] & 0xff000000) ^ (Te3[(temp >> 16U) & 0xff] & 0x00ff0000) ^ (Te0[(temp >> 8U) & 0xff] & 0x0000ff00) ^ (Te1[(temp) & 0xff] & 0x000000ff);
+		rk[12] = rk[4] ^ (Te2[(temp >> 24U)] & 0xff000000U) ^ (Te3[(temp >> 16U) & 0xffU] & 0x00ff0000U) ^ (Te0[(temp >> 8U) & 0xffU] & 0x0000ff00U) ^ (Te1[(temp) & 0xffU] & 0x000000ffU);
 		rk[13] = rk[5] ^ rk[12];
 		rk[14] = rk[6] ^ rk[13];
 		rk[15] = rk[7] ^ rk[14];
@@ -1037,10 +1037,10 @@ void AES::_initSW(const uint8_t key[32]) noexcept
 	}
 	for (int i = 1; i < 14; ++i) {
 		rk += 4;
-		rk[0] = Td0[Te4[(rk[0] >> 24U)] & 0xff] ^ Td1[Te4[(rk[0] >> 16U) & 0xffU] & 0xff] ^ Td2[Te4[(rk[0] >> 8U) & 0xffU] & 0xffU] ^ Td3[Te4[(rk[0]) & 0xffU] & 0xffU];
-		rk[1] = Td0[Te4[(rk[1] >> 24U)] & 0xff] ^ Td1[Te4[(rk[1] >> 16U) & 0xffU] & 0xff] ^ Td2[Te4[(rk[1] >> 8U) & 0xffU] & 0xffU] ^ Td3[Te4[(rk[1]) & 0xffU] & 0xffU];
-		rk[2] = Td0[Te4[(rk[2] >> 24U)] & 0xff] ^ Td1[Te4[(rk[2] >> 16U) & 0xffU] & 0xff] ^ Td2[Te4[(rk[2] >> 8U) & 0xffU] & 0xffU] ^ Td3[Te4[(rk[2]) & 0xffU] & 0xffU];
-		rk[3] = Td0[Te4[(rk[3] >> 24U)] & 0xff] ^ Td1[Te4[(rk[3] >> 16U) & 0xffU] & 0xff] ^ Td2[Te4[(rk[3] >> 8U) & 0xffU] & 0xffU] ^ Td3[Te4[(rk[3]) & 0xffU] & 0xffU];
+		rk[0] = Td0[Te4[(rk[0] >> 24U)] & 0xffU] ^ Td1[Te4[(rk[0] >> 16U) & 0xffU] & 0xffU] ^ Td2[Te4[(rk[0] >> 8U) & 0xffU] & 0xffU] ^ Td3[Te4[(rk[0]) & 0xffU] & 0xffU];
+		rk[1] = Td0[Te4[(rk[1] >> 24U)] & 0xffU] ^ Td1[Te4[(rk[1] >> 16U) & 0xffU] & 0xffU] ^ Td2[Te4[(rk[1] >> 8U) & 0xffU] & 0xffU] ^ Td3[Te4[(rk[1]) & 0xffU] & 0xffU];
+		rk[2] = Td0[Te4[(rk[2] >> 24U)] & 0xffU] ^ Td1[Te4[(rk[2] >> 16U) & 0xffU] & 0xffU] ^ Td2[Te4[(rk[2] >> 8U) & 0xffU] & 0xffU] ^ Td3[Te4[(rk[2]) & 0xffU] & 0xffU];
+		rk[3] = Td0[Te4[(rk[3] >> 24U)] & 0xffU] ^ Td1[Te4[(rk[3] >> 16U) & 0xffU] & 0xffU] ^ Td2[Te4[(rk[3] >> 8U) & 0xffU] & 0xffU] ^ Td3[Te4[(rk[3]) & 0xffU] & 0xffU];
 	}
 }
 

core/AES.hpp

@@ -18,17 +18,9 @@
 #include "Utils.hpp"
 #include "SHA512.hpp"
 
-#include <cstdint>
-#include <cstring>
-
-#ifndef ZT_AES_NO_ACCEL
-#ifdef ZT_ARCH_X64
-#include <xmmintrin.h>
-#include <emmintrin.h>
-#include <immintrin.h>
+#if !defined(ZT_AES_NO_ACCEL) && defined(ZT_ARCH_X64)
 #define ZT_AES_AESNI 1
 #endif
-#endif
 
 namespace ZeroTier {
 
@@ -56,7 +48,8 @@ public:
 	/**
 	 * Create an un-initialized AES instance (must call init() before use)
 	 */
-	ZT_INLINE AES() noexcept {}
+	ZT_INLINE AES() noexcept
+	{}
 
 	/**
 	 * Create an AES instance with the given key
@@ -124,6 +117,7 @@ public:
 	}
 
 	class GMACSIVEncryptor;
+
 	class GMACSIVDecryptor;
 
 	/**
@@ -132,6 +126,7 @@ public:
 	class GMAC
 	{
 		friend class GMACSIVEncryptor;
+
 		friend class GMACSIVDecryptor;
 
 	public:
@@ -140,7 +135,8 @@ public:
 		 *
 		 * @param aes Keyed AES instance to use
 		 */
-		ZT_INLINE GMAC(const AES &aes) : _aes(aes) {}
+		ZT_INLINE GMAC(const AES &aes) : _aes(aes)
+		{}
 
 		/**
 		 * Reset and initialize for a new GMAC calculation
@@ -205,10 +201,12 @@ public:
 	class CTR
 	{
 		friend class GMACSIVEncryptor;
+
 		friend class GMACSIVDecryptor;
 
 	public:
-		ZT_INLINE CTR(const AES &aes) noexcept : _aes(aes) {}
+		ZT_INLINE CTR(const AES &aes) noexcept: _aes(aes)
+		{}
 
 		/**
 		 * Initialize this CTR instance to encrypt a new stream
@@ -282,7 +280,8 @@ public:
 		 */
 		ZT_INLINE GMACSIVEncryptor(const AES &k0, const AES &k1) noexcept:
 			_gmac(k0),
-			_ctr(k1) {}
+			_ctr(k1)
+		{}
 
 		/**
 		 * Initialize AES-GMAC-SIV
@@ -410,7 +409,8 @@ public:
 	public:
 		ZT_INLINE GMACSIVDecryptor(const AES &k0, const AES &k1) noexcept:
 			_ctr(k1),
-			_gmac(k0) {}
+			_gmac(k0)
+		{}
 
 		/**
 		 * Initialize decryptor for a new message
@@ -500,18 +500,23 @@ private:
 	static const uint32_t rcon[10];
 
 	void _initSW(const uint8_t key[32]) noexcept;
+
 	void _encryptSW(const uint8_t in[16], uint8_t out[16]) const noexcept;
+
 	void _decryptSW(const uint8_t in[16], uint8_t out[16]) const noexcept;
 
-	union {
+	union
+	{
 #ifdef ZT_AES_AESNI
-		struct {
+		struct
+		{
 			__m128i k[28];
 			__m128i h[4]; // h, hh, hhh, hhhh
 		} ni;
 #endif
 
-		struct {
+		struct
+		{
 			uint64_t h[2];
 			uint32_t ek[60];
 			uint32_t dk[60];
@@ -519,6 +524,7 @@ private:
 	} _k;
 
 #ifdef ZT_AES_AESNI
+
 	void _init_aesni(const uint8_t key[32]) noexcept;
 
 	ZT_INLINE void _encrypt_aesni(const void *const in, void *const out) const noexcept
@@ -560,6 +566,7 @@ private:
 		tmp = _mm_aesdec_si128(tmp, _k.ni.k[27]);
 		_mm_storeu_si128((__m128i *)out, _mm_aesdeclast_si128(tmp, _k.ni.k[0]));
 	}
+
 #endif
 };
 

core/Constants.hpp

@@ -33,7 +33,7 @@
 	((uint64_t)ZEROTIER_VERSION_MAJOR    << 48U) | \
 	((uint64_t)ZEROTIER_VERSION_MINOR    << 32U) | \
 	((uint64_t)ZEROTIER_VERSION_REVISION << 16U) | \
-	(uint64_t)ZEROTIER_VERSION_BUILD )
+	((uint64_t)ZEROTIER_VERSION_BUILD)         )
 
 /**
  * Length of a ZeroTier address in bytes
@@ -91,7 +91,7 @@
 #define ZT_SYMMETRIC_KEY_TTL 1800000
 
 /**
- * Maximum number of messages over which a key should be considered usable.
+ * Maximum number of messages per symmetric key.
  */
 #define ZT_SYMMETRIC_KEY_TTL_MESSAGES 2147483648
 
@@ -178,7 +178,7 @@
 #define ZT_PEER_PRIORITIZE_PATHS_INTERVAL 5000
 
 /**
- * Number of previous endpoints to cache for root-less re-establishment
+ * Number of previous endpoints to cache in peer records.
  */
 #define ZT_PEER_ENDPOINT_CACHE_SIZE 8
 
@@ -201,11 +201,6 @@
  */
 #define ZT_MAX_BRIDGE_ROUTES 16777216
 
-/**
- * If there is no known L2 bridging route, spam to up to this many active bridges
- */
-#define ZT_MAX_BRIDGE_SPAM 32
-
 /**
  * WHOIS rate limit (we allow these to be pretty fast)
  */
@@ -221,30 +216,11 @@
  */
 #define ZT_PEER_PROBE_RESPONSE_RATE_LIMIT 5000
 
-/**
- * Don't do expensive identity validation more often than this
- *
- * IPv4 and IPv6 address prefixes are hashed down to 14-bit (0-16383) integers
- * using the first 24 bits for IPv4 or the first 48 bits for IPv6. These are
- * then rate limited to one identity validation per this often milliseconds.
- */
-#if (defined(__amd64) || defined(__amd64__) || defined(__x86_64) || defined(__x86_64__) || defined(__AMD64) || defined(__AMD64__) || defined(_M_X64) || defined(_M_AMD64))
-// AMD64 machines can do anywhere from one every 50ms to one every 10ms. This provides plenty of margin.
-#define ZT_IDENTITY_VALIDATION_SOURCE_RATE_LIMIT 2000
-#else
-#if (defined(__i386__) || defined(__i486__) || defined(__i586__) || defined(__i686__) || defined(_M_IX86) || defined(_X86_) || defined(__I86__))
-// 32-bit Intel machines usually average about one every 100ms
-#define ZT_IDENTITY_VALIDATION_SOURCE_RATE_LIMIT 5000
-#else
-// This provides a safe margin for ARM, MIPS, etc. that usually average one every 250-400ms
-#define ZT_IDENTITY_VALIDATION_SOURCE_RATE_LIMIT 10000
-#endif
-#endif
-
 /**
  * Size of a buffer to store either a C25519 or an ECC P-384 signature
  *
- * This must be large enough to hold all signature types.
+ * This must be large enough to hold all signature types, which right now is
+ * Curve25519 EDDSA and NIST P-384 ECDSA.
  */
 #define ZT_SIGNATURE_BUFFER_SIZE 96
 

core/Dictionary.cpp

@@ -12,7 +12,6 @@
 /****/
 
 #include "Dictionary.hpp"
-#include "Identity.hpp"
 
 namespace ZeroTier {
 
@@ -124,55 +123,6 @@ char *Dictionary::getS(const char *k, char *v, const unsigned int cap) const
 	return v;
 }
 
-bool Dictionary::sign(const Identity &signer)
-{
-	Vector<uint8_t> data;
-	encode(data, true);
-	uint8_t sig[ZT_SIGNATURE_BUFFER_SIZE];
-	const unsigned int siglen = signer.sign(data.data(), (unsigned int) data.size(), sig, ZT_SIGNATURE_BUFFER_SIZE);
-	if (siglen == 0)
-		return false;
-
-	uint8_t fp[ZT_ADDRESS_LENGTH + ZT_FINGERPRINT_HASH_SIZE];
-	Address(signer.fingerprint().address).copyTo(fp);
-	Utils::copy<ZT_FINGERPRINT_HASH_SIZE>(fp + ZT_ADDRESS_LENGTH, signer.fingerprint().hash);
-
-	m_entries[s_signatureFingerprint].assign(fp, fp + ZT_ADDRESS_LENGTH + ZT_FINGERPRINT_HASH_SIZE);
-	m_entries[s_signatureData].assign(sig, sig + siglen);
-
-	return true;
-}
-
-Fingerprint Dictionary::signer() const
-{
-	SortedMap<FCV<char, 8>, Vector<uint8_t> >::const_iterator sigfp(m_entries.find(s_signatureFingerprint));
-	Fingerprint fp;
-	if ((sigfp != m_entries.end()) && (sigfp->second.size() == (ZT_ADDRESS_LENGTH + ZT_FINGERPRINT_HASH_SIZE))) {
-		fp.address = Address(sigfp->second.data());
-		Utils::copy<ZT_FINGERPRINT_HASH_SIZE>(fp.hash, sigfp->second.data() + ZT_ADDRESS_LENGTH);
-	}
-	return fp;
-}
-
-bool Dictionary::verify(const Identity &signer) const
-{
-	SortedMap< FCV<char, 8>, Vector<uint8_t> >::const_iterator sigfp(m_entries.find(s_signatureFingerprint));
-	if (
-		(sigfp == m_entries.end()) ||
-		(sigfp->second.size() != (ZT_ADDRESS_LENGTH + ZT_FINGERPRINT_HASH_SIZE)) ||
-		(Address(sigfp->second.data()) != signer.address()) ||
-		(memcmp(sigfp->second.data() + ZT_ADDRESS_LENGTH,signer.fingerprint().hash,ZT_FINGERPRINT_HASH_SIZE) != 0))
-		return false;
-
-	SortedMap< FCV<char, 8>, Vector<uint8_t> >::const_iterator sig(m_entries.find(s_signatureData));
-	if ((sig == m_entries.end()) || (sig->second.empty()))
-		return false;
-
-	Vector<uint8_t> data;
-	encode(data, true);
-	return signer.verify(data.data(),(unsigned int)data.size(),sig->second.data(),(unsigned int)sig->second.size());
-}
-
 void Dictionary::clear()
 {
 	m_entries.clear();

core/Dictionary.hpp

@@ -19,8 +19,6 @@
 #include "Address.hpp"
 #include "Buf.hpp"
 #include "FCV.hpp"
-#include "SHA512.hpp"
-#include "Fingerprint.hpp"
 #include "Containers.hpp"
 
 namespace ZeroTier {
@@ -141,33 +139,6 @@ public:
 		return (obj.unmarshal(d.data(),(unsigned int)d.size()) > 0);
 	}
 
-	/**
-	 * Sign this identity
-	 *
-	 * This adds two fields:
-	 *   "@Si" contains the fingerprint (address followed by hash) of the signer
-	 *   "@Ss" contains the signature
-	 *
-	 * @param signer Signing identity (must contain secret)
-	 * @return True if signature was successful
-	 */
-	bool sign(const Identity &signer);
-
-	/**
-	 * Get the signer's fingerprint for this dictionary or a NIL fingerprint if not signed.
-	 *
-	 * @return Signer
-	 */
-	Fingerprint signer() const;
-
-	/**
-	 * Verify this identity's signature
-	 *
-	 * @param signer
-	 * @return
-	 */
-	bool verify(const Identity &signer) const;
-
 	/**
 	 * Erase all entries in dictionary
 	 */

core/Endpoint.hpp

@@ -52,7 +52,7 @@ public:
 	{ memoryZero(this); }
 
 	ZT_INLINE Endpoint(const ZT_Endpoint &ep) noexcept
-	{ *this = ep; }
+	{ Utils::copy< sizeof(ZT_Endpoint) >((ZT_Endpoint *)this, &ep); }
 
 	/**
 	 * Create an endpoint for a type that uses an IP
@@ -200,7 +200,11 @@ public:
 
 	char *toString(char s[ZT_ENDPOINT_STRING_SIZE_MAX]) const noexcept;
 
-	ZT_INLINE String toString() const { char tmp[ZT_ENDPOINT_STRING_SIZE_MAX]; return String(toString(tmp)); }
+	ZT_INLINE String toString() const
+	{
+		char tmp[ZT_ENDPOINT_STRING_SIZE_MAX];
+		return String(toString(tmp));
+	}
 
 	bool fromString(const char *s) noexcept;
 
@@ -228,6 +232,8 @@ public:
 	{ return !(*this < ep); }
 };
 
+static_assert(sizeof(Endpoint) == sizeof(ZT_Endpoint), "size mismatch");
+
 } // namespace ZeroTier
 
 #endif

osdep/LinuxNetLink.cpp

@@ -419,7 +419,7 @@ void LinuxNetLink::_linkDeleted(struct nlmsghdr *nlp)
 
 	{
 		Mutex::Lock l(_if_m);
-		if(_interfaces.contains(ifip->ifi_index)) {
+		if(_interfaces.find(ifip->ifi_index) != _interfaces.end()) {
 			_interfaces.erase(ifip->ifi_index);
 		}
 	}
@@ -1057,12 +1057,9 @@ int LinuxNetLink::_indexForInterface(const char *iface)
 {
 	Mutex::Lock l(_if_m);
 	int interface_index = -1;
-	Hashtable<int, iface_entry>::Iterator iter(_interfaces);
-	int *k = NULL;
-	iface_entry *v = NULL;
-	while(iter.next(k,v)) {
-		if(strcmp(iface, v->ifacename) == 0) {
-			interface_index = v->index;
+	for(std::map<int, iface_entry>::iterator i(_interfaces.begin());i!=_interfaces.end();++i) {
+		if (strcmp(iface, i->second.ifacename) == 0) {
+			interface_index = i->second.index;
 			break;
 		}
 	}

osdep/LinuxNetLink.hpp

@@ -29,10 +29,8 @@
 #include "../core/InetAddress.hpp"
 #include "../core/MAC.hpp"
 #include "Thread.hpp"
-#include "../core/Hashtable.hpp"
 #include "../core/Mutex.hpp"
 
-
 namespace ZeroTier {
 
 struct route_entry {
@@ -107,7 +105,7 @@ private:
         char mac_bin[6];
         unsigned int mtu;
     };
-    Hashtable<int, iface_entry> _interfaces;
+    std::map<int, iface_entry> _interfaces;
     Mutex _if_m;
 
     // socket communication vars;

serviceiocore/GoGlue.cpp

@@ -32,7 +32,9 @@
 #include <ifaddrs.h>
 #include <net/if.h>
 #include <netinet/in.h>
+#if __has_include(<netinet/in6_var.h>)
 #include <netinet6/in6_var.h>
+#endif
 #include <arpa/inet.h>
 #include <errno.h>
 #ifdef __LINUX__
@@ -689,7 +691,7 @@ extern "C" void ZT_GoTap_setMtu(ZT_GoTap *tap,unsigned int mtu)
 
 extern "C" int ZT_isTemporaryV6Address(const char *ifname,const struct sockaddr_storage *a)
 {
-#ifndef __WINDOWS__
+#ifdef IN6_IFF_TEMPORARY
 	static ZT_SOCKET s_tmpV6Socket = ZT_INVALID_SOCKET;
 	static std::mutex s_lock;
 	std::lock_guard<std::mutex> l(s_lock);