Reorganize a bit by shortening some directory names.

Cargo.toml

@@ -1,10 +1,10 @@
 [workspace]
 
 members = [
-  "zerotier-core-crypto",
-  "zerotier-network-hypervisor",
-  "zerotier-network-controller",
-  "zerotier-system-service",
+  "core-crypto",
+  "network-hypervisor",
+  "controller",
+  "system-service",
 ]
 
 [profile.release]

controller/Cargo.toml

@@ -0,0 +1,12 @@
+[package]
+name = "zerotier-network-controller"
+version = "0.1.0"
+edition = "2021"
+
+[[bin]]
+name = "zerotier-controller"
+path = "src/main.rs"
+
+[dependencies]
+zerotier-core-crypto = { path = "../core-crypto" }
+zerotier-network-hypervisor = { path = "../network-hypervisor" }

controller/src/main.rs

@@ -0,0 +1 @@
+

core-crypto/src/lib.rs

@@ -14,6 +14,4 @@ pub mod secret;
 pub mod varint;
 pub mod x25519;
 
-pub use pqc_kyber;
-
 pub const ZEROES: [u8; 16] = [0_u8; 16];

core-crypto/src/noise.rs

@@ -398,8 +398,8 @@ pub fn receive<
                         key.return_receive_cipher(c);
 
                         if tag.eq(&incoming_packet[data_len..]) {
-                            // If this is the "next" key, a valid packet using it indicates that it should become the current key.
                             if ki == 1 {
+                                // Promote next key to current key on success.
                                 unlikely_branch();
                                 drop(state);
                                 let mut state = session.state.write();
@@ -409,7 +409,6 @@ pub fn receive<
                             if packet_type == PACKET_TYPE_DATA {
                                 return Ok(ReceiveResult::OkData(&buffer[HEADER_SIZE..data_len], u32::from_le_bytes(nonce[..4].try_into().unwrap())));
                             } else {
-                                unlikely_branch();
                                 return Ok(ReceiveResult::Ok);
                             }
                         }

network-hypervisor/Cargo.toml

@@ -10,7 +10,7 @@ default = ["debug_events"]
 debug_events = []
 
 [dependencies]
-zerotier-core-crypto = { path = "../zerotier-core-crypto" }
+zerotier-core-crypto = { path = "../core-crypto" }
 async-trait = "^0"
 base64 = "^0"
 lz4_flex = { version = "^0", features = ["safe-encode", "safe-decode", "checked-decode"] }

network-hypervisor/src/vl1/address.rs

@@ -19,13 +19,19 @@ pub struct Address(NonZeroU64);
 
 impl Address {
     /// Get an address from a 64-bit integer or return None if it is zero or reserved.
-    #[inline]
+    #[inline(always)]
     pub fn from_u64(mut i: u64) -> Option<Address> {
         i &= 0xffffffffff;
-        NonZeroU64::new(i).and_then(|ii| if (i >> 32) != ADDRESS_RESERVED_PREFIX as u64 { Some(Address(ii)) } else { None })
+        NonZeroU64::new(i).and_then(|ii| {
+            if (i >> 32) != ADDRESS_RESERVED_PREFIX as u64 {
+                Some(Address(ii))
+            } else {
+                None
+            }
+        })
     }
 
-    #[inline]
+    #[inline(always)]
     pub fn from_bytes(b: &[u8]) -> Option<Address> {
         if b.len() >= ADDRESS_SIZE {
             Self::from_u64((b[0] as u64) << 32 | (b[1] as u64) << 24 | (b[2] as u64) << 16 | (b[3] as u64) << 8 | b[4] as u64)
@@ -34,32 +40,41 @@ impl Address {
         }
     }
 
-    #[inline]
+    #[inline(always)]
     pub fn from_bytes_fixed(b: &[u8; ADDRESS_SIZE]) -> Option<Address> {
         Self::from_u64((b[0] as u64) << 32 | (b[1] as u64) << 24 | (b[2] as u64) << 16 | (b[3] as u64) << 8 | b[4] as u64)
     }
 
-    #[inline]
+    #[inline(always)]
     pub fn to_bytes(&self) -> [u8; ADDRESS_SIZE] {
         let i = self.0.get();
         [(i >> 32) as u8, (i >> 24) as u8, (i >> 16) as u8, (i >> 8) as u8, i as u8]
     }
+}
 
+impl From<Address> for u64 {
     #[inline(always)]
-    pub fn to_u64(&self) -> u64 {
-        self.0.get()
+    fn from(a: Address) -> Self {
+        a.0.get()
+    }
+}
+
+impl From<&Address> for u64 {
+    #[inline(always)]
+    fn from(a: &Address) -> Self {
+        a.0.get()
     }
 }
 
 impl Marshalable for Address {
     const MAX_MARSHAL_SIZE: usize = ADDRESS_SIZE;
 
-    #[inline]
+    #[inline(always)]
     fn marshal<const BL: usize>(&self, buf: &mut Buffer<BL>) -> std::io::Result<()> {
         buf.append_bytes(&self.0.get().to_be_bytes()[8 - ADDRESS_SIZE..])
     }
 
-    #[inline]
+    #[inline(always)]
     fn unmarshal<const BL: usize>(buf: &Buffer<BL>, cursor: &mut usize) -> std::io::Result<Self> {
         Self::from_bytes_fixed(buf.read_bytes_fixed(cursor)?).map_or_else(|| Err(std::io::Error::new(std::io::ErrorKind::InvalidData, "cannot be zero")), |a| Ok(a))
     }
@@ -168,7 +183,8 @@ mod tests {
         let mut rawaddr: u64 = rand::random();
         let addr = super::Address::from_u64(rawaddr);
         assert!(addr.is_some());
-        assert_eq!(addr.unwrap().to_u64(), rawaddr & 0xffffffffff);
+        let addr: u64 = addr.unwrap().into();
+        assert_eq!(addr, rawaddr & 0xffffffffff);
 
         rawaddr = 0;
         assert!(super::Address::from_u64(rawaddr).is_none());

network-hypervisor/src/vl1/endpoint.rs

@@ -230,19 +230,19 @@ impl Hash for Endpoint {
             }
             Endpoint::ZeroTier(a, _) => {
                 state.write_u8(TYPE_ZEROTIER);
-                state.write_u64(a.to_u64())
+                state.write_u64(a.into())
             }
             Endpoint::Ethernet(m) => {
                 state.write_u8(TYPE_ETHERNET);
-                state.write_u64(m.to_u64())
+                state.write_u64(m.into())
             }
             Endpoint::WifiDirect(m) => {
                 state.write_u8(TYPE_WIFIDIRECT);
-                state.write_u64(m.to_u64())
+                state.write_u64(m.into())
             }
             Endpoint::Bluetooth(m) => {
                 state.write_u8(TYPE_BLUETOOTH);
-                state.write_u64(m.to_u64())
+                state.write_u64(m.into())
             }
             Endpoint::Ip(ip) => {
                 state.write_u8(TYPE_IP);
@@ -266,7 +266,7 @@ impl Hash for Endpoint {
             }
             Endpoint::ZeroTierEncap(a, _) => {
                 state.write_u8(TYPE_ZEROTIER_ENCAP);
-                state.write_u64(a.to_u64())
+                state.write_u64(a.into())
             }
         }
     }

network-hypervisor/src/vl1/identity.rs

@@ -208,8 +208,7 @@ impl Identity {
             let p384_ecdh = P384KeyPair::generate();
             let p384_ecdsa = P384KeyPair::generate();
 
-            let mut self_sign_buf: Vec<u8> =
-                Vec::with_capacity(ADDRESS_SIZE + C25519_PUBLIC_KEY_SIZE + ED25519_PUBLIC_KEY_SIZE + P384_PUBLIC_KEY_SIZE + P384_PUBLIC_KEY_SIZE + P384_ECDSA_SIGNATURE_SIZE + 4);
+            let mut self_sign_buf: Vec<u8> = Vec::with_capacity(ADDRESS_SIZE + C25519_PUBLIC_KEY_SIZE + ED25519_PUBLIC_KEY_SIZE + P384_PUBLIC_KEY_SIZE + P384_PUBLIC_KEY_SIZE + P384_ECDSA_SIGNATURE_SIZE + 4);
             let _ = self_sign_buf.write_all(&self.address.to_bytes());
             let _ = self_sign_buf.write_all(&self.x25519);
             let _ = self_sign_buf.write_all(&self.ed25519);
@@ -614,15 +613,13 @@ impl Identity {
                 s.push(':');
             }
             s.push_str(":2:"); // 2 == IDENTITY_ALGORITHM_EC_NIST_P384
-            let p384_joined: [u8; P384_PUBLIC_KEY_SIZE + P384_PUBLIC_KEY_SIZE + P384_ECDSA_SIGNATURE_SIZE + ED25519_SIGNATURE_SIZE] =
-                concat_arrays_4(p384.ecdh.as_bytes(), p384.ecdsa.as_bytes(), &p384.ecdsa_self_signature, &p384.ed25519_self_signature);
+            let p384_joined: [u8; P384_PUBLIC_KEY_SIZE + P384_PUBLIC_KEY_SIZE + P384_ECDSA_SIGNATURE_SIZE + ED25519_SIGNATURE_SIZE] = concat_arrays_4(p384.ecdh.as_bytes(), p384.ecdsa.as_bytes(), &p384.ecdsa_self_signature, &p384.ed25519_self_signature);
             s.push_str(base64::encode_config(p384_joined, base64::URL_SAFE_NO_PAD).as_str());
             if self.secret.is_some() && include_private {
                 let secret = self.secret.as_ref().unwrap();
                 if secret.p384.is_some() {
                     let p384_secret = secret.p384.as_ref().unwrap();
-                    let p384_secret_joined: [u8; P384_SECRET_KEY_SIZE + P384_SECRET_KEY_SIZE] =
-                        concat_arrays_2(p384_secret.ecdh.secret_key_bytes().as_bytes(), p384_secret.ecdsa.secret_key_bytes().as_bytes());
+                    let p384_secret_joined: [u8; P384_SECRET_KEY_SIZE + P384_SECRET_KEY_SIZE] = concat_arrays_2(p384_secret.ecdh.secret_key_bytes().as_bytes(), p384_secret.ecdsa.secret_key_bytes().as_bytes());
                     s.push(':');
                     s.push_str(base64::encode_config(p384_secret_joined, base64::URL_SAFE_NO_PAD).as_str());
                 }
@@ -809,7 +806,7 @@ impl PartialOrd for Identity {
 impl Hash for Identity {
     #[inline(always)]
     fn hash<H: Hasher>(&self, state: &mut H) {
-        state.write_u64(self.address.to_u64())
+        state.write_u64(self.address.into())
     }
 }
 

network-hypervisor/src/vl1/mac.rs

@@ -23,12 +23,12 @@ impl Debug for MAC {
 }
 
 impl MAC {
-    #[inline]
+    #[inline(always)]
     pub fn from_u64(i: u64) -> Option<MAC> {
         NonZeroU64::new(i & 0xffffffffffff).map(|i| MAC(i))
     }
 
-    #[inline]
+    #[inline(always)]
     pub fn from_bytes(b: &[u8]) -> Option<MAC> {
         if b.len() >= 6 {
             NonZeroU64::new((b[0] as u64) << 40 | (b[1] as u64) << 32 | (b[2] as u64) << 24 | (b[3] as u64) << 16 as u64 | (b[4] as u64) << 8 | b[5] as u64).map(|i| MAC(i))
@@ -37,32 +37,41 @@ impl MAC {
         }
     }
 
-    #[inline]
+    #[inline(always)]
     pub fn from_bytes_fixed(b: &[u8; 6]) -> Option<MAC> {
         NonZeroU64::new((b[0] as u64) << 40 | (b[1] as u64) << 32 | (b[2] as u64) << 24 | (b[3] as u64) << 16 as u64 | (b[4] as u64) << 8 | b[5] as u64).map(|i| MAC(i))
     }
 
-    #[inline]
+    #[inline(always)]
     pub fn to_bytes(&self) -> [u8; 6] {
         let i = self.0.get();
         [(i >> 40) as u8, (i >> 32) as u8, (i >> 24) as u8, (i >> 16) as u8, (i >> 8) as u8, i as u8]
     }
+}
 
+impl From<MAC> for u64 {
     #[inline(always)]
-    pub fn to_u64(&self) -> u64 {
-        self.0.get()
+    fn from(m: MAC) -> Self {
+        m.0.get()
+    }
+}
+
+impl From<&MAC> for u64 {
+    #[inline(always)]
+    fn from(m: &MAC) -> Self {
+        m.0.get()
     }
 }
 
 impl Marshalable for MAC {
     const MAX_MARSHAL_SIZE: usize = 6;
 
-    #[inline]
+    #[inline(always)]
     fn marshal<const BL: usize>(&self, buf: &mut Buffer<BL>) -> std::io::Result<()> {
         buf.append_bytes(&self.0.get().to_be_bytes()[2..])
     }
 
-    #[inline]
+    #[inline(always)]
     fn unmarshal<const BL: usize>(buf: &Buffer<BL>, cursor: &mut usize) -> std::io::Result<Self> {
         Self::from_bytes_fixed(buf.read_bytes_fixed(cursor)?).map_or_else(|| Err(std::io::Error::new(std::io::ErrorKind::InvalidData, "cannot be zero")), |a| Ok(a))
     }

network-hypervisor/src/vl1/node.rs

@@ -97,16 +97,7 @@ pub trait InnerProtocolInterface: Sync + Send + 'static {
     async fn handle_packet<SI: SystemInterface>(&self, source: &Peer<SI>, source_path: &Path<SI>, verb: u8, payload: &PacketBuffer) -> bool;
 
     /// Handle errors, returning true if the error was recognized.
-    async fn handle_error<SI: SystemInterface>(
-        &self,
-        source: &Peer<SI>,
-        source_path: &Path<SI>,
-        in_re_verb: u8,
-        in_re_message_id: u64,
-        error_code: u8,
-        payload: &PacketBuffer,
-        cursor: &mut usize,
-    ) -> bool;
+    async fn handle_error<SI: SystemInterface>(&self, source: &Peer<SI>, source_path: &Path<SI>, in_re_verb: u8, in_re_message_id: u64, error_code: u8, payload: &PacketBuffer, cursor: &mut usize) -> bool;
 
     /// Handle an OK, returing true if the OK was recognized.
     async fn handle_ok<SI: SystemInterface>(&self, source: &Peer<SI>, source_path: &Path<SI>, in_re_verb: u8, in_re_message_id: u64, payload: &PacketBuffer, cursor: &mut usize) -> bool;
@@ -350,12 +341,36 @@ impl<SI: SystemInterface> Node<SI> {
         debug_event!(
             si,
             "[vl1] do_background_tasks:{}{}{}{}{}{} ----",
-            if root_sync { " root_sync" } else { "" },
-            if root_hello { " root_hello" } else { "" },
-            if root_spam_hello { " root_spam_hello" } else { "" },
-            if peer_service { " peer_service" } else { "" },
-            if path_service { " path_service" } else { "" },
-            if whois_service { " whois_service" } else { "" },
+            if root_sync {
+                " root_sync"
+            } else {
+                ""
+            },
+            if root_hello {
+                " root_hello"
+            } else {
+                ""
+            },
+            if root_spam_hello {
+                " root_spam_hello"
+            } else {
+                ""
+            },
+            if peer_service {
+                " peer_service"
+            } else {
+                ""
+            },
+            if path_service {
+                " path_service"
+            } else {
+                ""
+            },
+            if whois_service {
+                " whois_service"
+            } else {
+                ""
+            },
         );
 
         if root_sync {
@@ -388,9 +403,7 @@ impl<SI: SystemInterface> Node<SI> {
                             for m in rs.members.iter() {
                                 if m.identity.eq(&self.identity) {
                                     let _ = my_root_sets.get_or_insert_with(|| Vec::new()).write_all(rs.to_bytes().as_slice());
-                                } else if self.peers.read().get(&m.identity.address).map_or(false, |p| !p.identity.eq(&m.identity))
-                                    || address_collision_check.insert(m.identity.address, &m.identity).map_or(false, |old_id| !old_id.eq(&m.identity))
-                                {
+                                } else if self.peers.read().get(&m.identity.address).map_or(false, |p| !p.identity.eq(&m.identity)) || address_collision_check.insert(m.identity.address, &m.identity).map_or(false, |old_id| !old_id.eq(&m.identity)) {
                                     address_collisions.push(m.identity.address);
                                 }
                             }
@@ -428,7 +441,10 @@ impl<SI: SystemInterface> Node<SI> {
                     )));
                 }
                 for i in bad_identities.iter() {
-                    si.event(Event::SecurityWarning(format!("bad identity detected for address {} in at least one root set, ignoring (error creating peer object)", i.address.to_string())));
+                    si.event(Event::SecurityWarning(format!(
+                        "bad identity detected for address {} in at least one root set, ignoring (error creating peer object)",
+                        i.address.to_string()
+                    )));
                 }
 
                 let mut new_root_identities: Vec<Identity> = new_roots.iter().map(|(p, _)| p.identity.clone()).collect();
@@ -529,15 +545,7 @@ impl<SI: SystemInterface> Node<SI> {
         Duration::from_millis(1000)
     }
 
-    pub async fn handle_incoming_physical_packet<PH: InnerProtocolInterface>(
-        &self,
-        si: &SI,
-        ph: &PH,
-        source_endpoint: &Endpoint,
-        source_local_socket: &SI::LocalSocket,
-        source_local_interface: &SI::LocalInterface,
-        mut data: PooledPacketBuffer,
-    ) {
+    pub async fn handle_incoming_physical_packet<PH: InnerProtocolInterface>(&self, si: &SI, ph: &PH, source_endpoint: &Endpoint, source_local_socket: &SI::LocalSocket, source_local_interface: &SI::LocalInterface, mut data: PooledPacketBuffer) {
         debug_event!(
             si,
             "[vl1] {} -> #{} {}->{} length {} (on socket {}@{})",

network-hypervisor/src/vl1/rootset.rs

@@ -183,7 +183,13 @@ impl RootSet {
     /// method will return true when signing is complete.
     pub fn sign(&mut self, member_identity: &Identity) -> bool {
         let signature = member_identity.sign(self.marshal_for_signing().as_bytes(), false);
-        let unsigned_entry = self.members.iter().find_map(|m| if m.identity.eq(member_identity) { Some(m.clone()) } else { None });
+        let unsigned_entry = self.members.iter().find_map(|m| {
+            if m.identity.eq(member_identity) {
+                Some(m.clone())
+            } else {
+                None
+            }
+        });
         if unsigned_entry.is_some() && signature.is_some() {
             let unsigned_entry = unsigned_entry.unwrap();
             self.members.retain(|m| !m.identity.eq(member_identity));

network-hypervisor/src/vl2/multicastgroup.rs

@@ -45,7 +45,7 @@ impl PartialOrd for MulticastGroup {
 impl Hash for MulticastGroup {
     #[inline(always)]
     fn hash<H: Hasher>(&self, state: &mut H) {
-        state.write_u64(self.mac.to_u64());
+        state.write_u64(self.mac.into());
         state.write_u32(self.adi);
     }
 }

system-service/Cargo.toml

@@ -10,8 +10,8 @@ name = "zerotier"
 path = "src/main.rs"
 
 [dependencies]
-zerotier-network-hypervisor = { path = "../zerotier-network-hypervisor" }
-zerotier-core-crypto = { path = "../zerotier-core-crypto" }
+zerotier-network-hypervisor = { path = "../network-hypervisor" }
+zerotier-core-crypto = { path = "../core-crypto" }
 async-trait = "^0"
 num-traits = "^0"
 tokio = { version = "^1", features = ["fs", "io-util", "io-std", "net", "parking_lot", "process", "rt", "rt-multi-thread", "signal", "sync", "time"], default-features = false }

zerotier-network-controller/Cargo.toml

@@ -1,10 +0,0 @@
-[package]
-name = "zerotier-network-controller"
-version = "0.1.0"
-edition = "2021"
-
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
-
-[dependencies]
-serde = "*"
-serde_json = "*"

zerotier-network-controller/src/main.rs

@@ -1,5 +0,0 @@
-mod rules;
-
-fn main() {
-    println!("Hello, world!");
-}