void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-06-05 03:53:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Eliminate some aggressive port scanning NAT-t behavior that has proven ineffective.

Browse source
This commit is contained in:
Adam Ierymenko 2015-07-27 16:43:05 -07:00
parent 7a15d8a7e3
commit e30ba3e138
1 changed files with 3 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
node/Switch.cpp
View file

@ -451,7 +451,7 @@ unsigned long Switch::doTimerTasks(uint64_t now)
{ {
unsigned long nextDelay = 0xffffffff; // ceiling delay, caller will cap to minimum unsigned long nextDelay = 0xffffffff; // ceiling delay, caller will cap to minimum
{ // Aggressive NAT traversal time! {
Mutex::Lock _l(_contactQueue_m); Mutex::Lock _l(_contactQueue_m);
for(std::list<ContactQueueEntry>::iterator qi(_contactQueue.begin());qi!=_contactQueue.end();) { for(std::list<ContactQueueEntry>::iterator qi(_contactQueue.begin());qi!=_contactQueue.end();) {
if (now >= qi->fireAtTime) { if (now >= qi->fireAtTime) {
@ -460,26 +460,17 @@ unsigned long Switch::doTimerTasks(uint64_t now)
_contactQueue.erase(qi++); _contactQueue.erase(qi++);
continue; continue;
} else { } else {
// Nope, nothing yet. Time to kill some kittens.
if (qi->strategyIteration == 0) { if (qi->strategyIteration == 0) {
// First strategy: send packet directly (we already tried this but try again) // First strategy: send packet directly (we already tried this but try again)
qi->peer->attemptToContactAt(RR,qi->inaddr,now); qi->peer->attemptToContactAt(RR,qi->inaddr,now);
} else if (qi->strategyIteration <= 9) { } else if (qi->strategyIteration <= 4) {
// Strategies 1-9: try escalating ports // Strategies 1-4: try escalating ports
InetAddress tmpaddr(qi->inaddr); InetAddress tmpaddr(qi->inaddr);
int p = (int)qi->inaddr.port() + qi->strategyIteration; int p = (int)qi->inaddr.port() + qi->strategyIteration;
if (p < 0xffff) { if (p < 0xffff) {
tmpaddr.setPort((unsigned int)p); tmpaddr.setPort((unsigned int)p);
qi->peer->attemptToContactAt(RR,tmpaddr,now); qi->peer->attemptToContactAt(RR,tmpaddr,now);
} else qi->strategyIteration = 9; } else qi->strategyIteration = 9;
} else if (qi->strategyIteration <= 18) {
// Strategies 10-18: try ports below
InetAddress tmpaddr(qi->inaddr);
int p = (int)qi->inaddr.port() - (qi->strategyIteration - 9);
if (p >= 1024) {
tmpaddr.setPort((unsigned int)p);
qi->peer->attemptToContactAt(RR,tmpaddr,now);
} else qi->strategyIteration = 18;
} else { } else {
// All strategies tried, expire entry // All strategies tried, expire entry
_contactQueue.erase(qi++); _contactQueue.erase(qi++);