Work in progress...

2025-06-05 03:53:44 +02:00 · 2013-09-25 10:55:27 -04:00 · 2013-09-25 10:55:27 -04:00 · f3128a18fe
commit f3128a18fe
parent 5557a8192d
12 changed files with 218 additions and 138 deletions
--- a/node/Multicaster.cpp
+++ b/node/Multicaster.cpp
@ -0,0 +1,116 @@
 /*
 * ZeroTier One - Global Peer to Peer Ethernet
 * Copyright (C) 2012-2013  ZeroTier Networks LLC
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 * --
 *
 * ZeroTier may be used and distributed under the terms of the GPLv3, which
 * are available at: http://www.gnu.org/licenses/gpl-3.0.html
 *
 * If you would like to embed ZeroTier into a commercial application or
 * redistribute it in a modified binary form, please contact ZeroTier Networks
 * LLC. Start here: http://www.zerotier.com/
 */
 #include "Constants.hpp"
 #include "Multicaster.hpp"
 #include "Utils.hpp"
 namespace ZeroTier {
 Multicaster::Multicaster()
 {
 }
 Multicaster::~Multicaster()
 {
 }
 void Multicaster::likesGroup(uint64_t nwid,const Address &a,const MulticastGroup &mg,uint64_t now)
 {
 	Mutex::Lock _l(_lock);
 	_NetInfo &n = _nets[nwid];
 	_SubInfo &si = n.subscriptions[_Subscription(a,mg)];
 	if (!si.lastLike) { // on first LIKE, we must add to _proximity[mg]
 		std::list< Address > &p = n.proximity[mg];
 		p.push_front(a);
 		si.proximitySlot = p.begin(); // list's iterators remain valid until erase()
 	}
 	si.lastLike = now;
 }
 void Multicaster::bringCloser(uint64_t nwid,const Address &a)
 {
 	Mutex::Lock _l(_lock);
 	std::map< uint64_t,_NetInfo >::iterator n(_nets.find(nwid));
 	if (n == _nets.end())
 		return;
 	/* _subscriptions contains pairs of <Address,MulticastGroup>, so we can
 	 * easily iterate through all subscriptions for a given address by
 	 * starting with the default all-zero MulticastGroup() as lower bound
 	 * and stopping when we're not looking at the right address anymore.
 	 * Then we can look up _proximity and rapidly splice() the list using
 	 * the saved iterator in _SubInfo. */
 	std::map< _Subscription,_SubInfo >::iterator s(n->second.subscriptions.lower_bound(_Subscription(a,MulticastGroup())));
 	while ((s != n->second.subscriptions.end())&&(s->first.first == a)) {
 		std::map< MulticastGroup,std::list< Address > >::iterator p(n->second.proximity.find(s->first.second));
 		if (s->second.proximitySlot != p->second.begin())
 			p->second.splice(p->second.begin(),p->second,s->second.proximitySlot);
 		++s;
 	}
 }
 void Multicaster::got(uint64_t nwid,const Address &peer,uint64_t mcGuid,uint64_t now)
 {
 	Mutex::Lock _l(_lock);
 	_NetInfo &n = _nets[nwid];
 	std::pair< uint64_t,std::set<Address> > &g = n.got[mcGuid];
 	g.first = now;
 	g.second.insert(peer);
 }
 void Multicaster::clean(uint64_t now)
 {
 	Mutex::Lock _l(_lock);
 	for(std::map< uint64_t,_NetInfo >::iterator n(_nets.begin());n!=_nets.end();) {
 		for(std::map< uint64_t,std::pair< uint64_t,std::set<Address> > >::iterator g(n->second.got.begin());g!=n->second.got.end();) {
 			if ((now - g->second.first) > ZT_MULTICAST_MAGNET_STATE_EXPIRE)
 				n->second.got.erase(g++);
 			else ++g;
 		}
 		for(std::map< _Subscription,_SubInfo >::iterator s(n->second.subscriptions.begin());s!=n->second.subscriptions.end();) {
 			if ((now - s->second.lastLike) > ZT_MULTICAST_LIKE_EXPIRE) {
 				std::map< MulticastGroup,std::list< Address > >::iterator p(n->second.proximity.find(s->first.second));
 				p->second.erase(s->second.proximitySlot);
 				if (p->second.empty())
 					n->second.proximity.erase(p);
 				n->second.subscriptions.erase(s++);
 			} else ++s;
 		}
 		if (n->second.got.empty()&&n->second.proximity.empty()&&n->second.subscriptions.empty())
 			_nets.erase(n++);
 		else ++n;
 	}
 }
 } // namespace ZeroTier
--- a/node/Multicaster.hpp
+++ b/node/Multicaster.hpp
@ -33,109 +33,61 @@
 #include <stdexcept>
 #include <map>
 #include <set>
 #include <list>
 #include <algorithm>
 #include "Constants.hpp"
 #include "Mutex.hpp"
 #include "MulticastGroup.hpp"
 #include "Utils.hpp"
 #include "Address.hpp"
 namespace ZeroTier {
 /**
- * Multicast propagation algorithm
+ * Multicast propagation algorithm core and database
 */
 class Multicaster
 {
 public:
-	Multicaster() {}
+	Multicaster();
 	~Multicaster();
 	/**
 	 * Add or renew a peer's subscription to a multicast group
 	 *
 	 * @param nwid Network ID
 	 * @param a Address that LIKEd
 	 * @param mg Multicast group
 	 * @param now Current time
 	 */
-	inline void likesGroup(const Address &a,const MulticastGroup &mg,uint64_t now)
+	void likesGroup(uint64_t nwid,const Address &a,const MulticastGroup &mg,uint64_t now);
 	{
 		Mutex::Lock _l(_lock);
 		_SubInfo &si = _subscriptions[_Subscription(a,mg)];
 		if (!si.lastLike) { // on first LIKE, we must add to _proximity[mg]
 			std::list< Address > &p = _proximity[mg];
 			p.push_front(a);
 			si.proximitySlot = p.begin(); // list's iterators remain valid until erase()
 		}
 		si.lastLike = now;
 	}
 	/**
 	 * Bring a peer closer in terms of propagation priority
 	 *
 	 * @param nwid Network ID
 	 * @param a Address to bring closer (e.g. due to unicast message)
 	 * @param now Current time
 	 */
-	inline void bringCloser(const Address &a)
+	void bringCloser(uint64_t nwid,const Address &a);
 	{
 		Mutex::Lock _l(_lock);
 		// _subscriptions contains pairs of <Address,MulticastGroup>, so we can
 		// easily iterate through all subscriptions for a given address by
 		// starting with the default all-zero MulticastGroup() as lower bound
 		// and stopping when we're not looking at the right address anymore.
 		// Then we can look up _proximity and rapidly splice() the list using
 		// the saved iterator in _SubInfo.
 		std::map< _Subscription,_SubInfo >::iterator s(_subscriptions.lower_bound(_Subscription(a,MulticastGroup())));
 		while ((s != _subscriptions.end())&&(s->first.first == a)) {
 			std::map< MulticastGroup,std::list< Address > >::iterator p(_proximity.find(s->first.second));
 			if (s->second.proximitySlot != p->second.begin())
 				p->second.splice(p->second.begin(),p->second,s->second.proximitySlot);
 			++s;
 		}
 	}
 	/**
 	 * Indicate that a peer reported that it GOT a multicast
 	 *
 	 * This only happens on magnet nodes for a propagation.
 	 *
 	 * @param nwid Network ID
 	 * @param mcGuid Multicast GUID
 	 * @param peer Peer that GOT multicast
 	 * @param now Current time
 	 */
-	inlien void got(const Address &peer,uint64_t mcGuid,uint64_t now)
+	void got(uint64_t nwid,const Address &peer,uint64_t mcGuid,uint64_t now);
 	{
 		Mutex::Lock _l(_lock);
 		std::pair< uint64_t,std::set<Address> > &g = _got[mcGuid];
 		g.first = now;
 		g.second.insert(peer);
 	}
 	/**
 	 * Erase entries for expired LIKEs and GOT records
 	 */
-	inline void clean(uint64_t now)
+	void clean(uint64_t now);
 	{
 		Mutex::Lock _l(_lock);
 		for(std::map< uint64_t,std::pair< uint64_t,std::set<Address> > >::iterator g(_got.begin());g!=_got.end();) {
 			if ((now - g->second.first) > ZT_MULTICAST_MAGNET_STATE_EXPIRE)
 				_got.erase(g++);
 			else ++g;
 		}
 		for(std::map< _Subscription,_SubInfo >::iterator s(_subscriptions.begin());s!=_subscriptions.end();) {
 			if ((now - s->second.lastLike) > ZT_MULTICAST_LIKE_EXPIRE) {
 				std::map< MulticastGroup,std::list< Address > > p(_proximity.find(s->first.second));
 				p->second.erase(s->second.proximitySlot);
 				if (p->second.empty())
 					_proximity.erase(p);
 				_subscriptions.erase(s++);
 			} else ++s;
 		}
 	}
 	/**
 	 * Pick next hops for a multicast by proximity
@ -143,36 +95,33 @@ public:
 	 * The function or function object must return true if more hops are desired
 	 * or false to stop finding new hops and return.
 	 *
 	 * @param nwid Network ID
 	 * @param mg Multicast group
 	 * @param mcGuid Multicast message GUID (signer and signer unique ID)
 	 * @param nextHopFunc Function to call for each address, search stops if it returns false
 	 */
 	template<typename F>
-	inline void getNextHops(const MulticastGroup &mg,uint64_t mcGuid,F nextHopFunc)
+	inline void getNextHops(uint64_t nwid,const MulticastGroup &mg,uint64_t mcGuid,F nextHopFunc)
 	{
 		Mutex::Lock _l(_lock);
-		std::map< uint64_t,std::pair< uint64_t,std::set< Address > > > g(_got.find(mcGuid));
+
-		std::map< MulticastGroup,std::list< Address > > p(_proximity.find(mg));
+		std::map< uint64_t,_NetInfo >::iterator n(_nets.find(nwid));
-		if (p != _proximity.end()) {
+		if (n == _nets.end())
-			for(std::list< Address >::iterator a(p->second.begin());a!=p->second.end();++a) {
+			return;
-				if ((g == _got.end())||(!g->second.second.count(*a))) {
+		std::map< MulticastGroup,std::list< Address > >::iterator p(n->second.proximity.find(mg));
-					if (!nextHopFunc(*a))
+		if (p == n->second.proximity.end())
-						break;
+			return;
-				}
+		std::map< uint64_t,std::pair< uint64_t,std::set< Address > > >::iterator g(n->second.got.find(mcGuid));
 		for(std::list< Address >::iterator a(p->second.begin());a!=p->second.end();++a) {
 			if ((g == n->second.got.end())||(!g->second.second.count(*a))) {
 				if (!nextHopFunc(*a))
 					break;
 			}
 		}
 	}
 private:
 	// GOTs by multicast GUID: time of last GOT, addresses that GOT
 	std::map< uint64_t,std::pair< uint64_t,std::set< Address > > > _got;
 	// Peer proximity ordering for peers subscribed to each group
 	std::map< MulticastGroup,std::list< Address > > _proximity;
 	// An address and multicast group tuple
 	typedef std::pair<Address,MulticastGroup> _Subscription;
 	// Information about a subscription
 	struct _SubInfo
 	{
@ -187,9 +136,23 @@ private:
 		std::list< Address >::iterator proximitySlot;
 	};
-	// Peer subscriptions to multicast groups
+	// An address and multicast group tuple
-	std::map< _Subscription,_SubInfo > _subscriptions;
+	typedef std::pair<Address,MulticastGroup> _Subscription;
 	// Multicast info for a given network
 	struct _NetInfo
 	{
 		// GOTs by multicast GUID: time of last GOT, addresses that GOT
 		std::map< uint64_t,std::pair< uint64_t,std::set< Address > > > got;
 		// Peer proximity ordering for peers subscribed to each group
 		std::map< MulticastGroup,std::list< Address > > proximity;
 		// Peer subscriptions to multicast groups
 		std::map< _Subscription,_SubInfo > subscriptions;
 	};
 	std::map< uint64_t,_NetInfo > _nets;
 	Mutex _lock;
 };
--- a/node/Network.cpp
+++ b/node/Network.cpp
@ -262,8 +262,6 @@ void Network::clean()
 {
 	std::string mcdbPath(_r->homePath + ZT_PATH_SEPARATOR_S + "networks.d" + ZT_PATH_SEPARATOR_S + idString() + ".mcerts");
 	_multicaster.clean(Utils::now());
 	Mutex::Lock _l(_lock);
 	if ((!_id)||(_isOpen)) {
--- a/node/Network.hpp
+++ b/node/Network.hpp
@ -51,7 +51,6 @@
 #include "Identity.hpp"
 #include "InetAddress.hpp"
 #include "BandwidthAccount.hpp"
 #include "Multicaster.hpp"
 namespace ZeroTier {
@ -584,15 +583,6 @@ public:
 		//return tmp;
 	}
 	/**
 	 * @return Multicaster for this network
 	 */
 	inline Multicaster &multicaster()
 		throw()
 	{
 		return _multicaster;
 	}
 private:
 	static void _CBhandleTapData(void *arg,const MAC &from,const MAC &to,unsigned int etherType,const Buffer<4096> &data);
 	void _restoreState();
@ -619,9 +609,6 @@ private:
 	// Ethertype whitelist bit field, set from config, for really fast lookup
 	unsigned char _etWhitelist[65536 / 8];
 	// Multicast propagation database
 	Multicaster _multicaster;
 	uint64_t _id;
 	volatile uint64_t _lastConfigUpdate;
 	volatile bool _destroyOnDelete;
--- a/node/NodeConfig.cpp
+++ b/node/NodeConfig.cpp
@ -56,10 +56,6 @@
 #include "SHA512.hpp"
 #include "Node.hpp"
 #ifdef __WINDOWS__
 #define strtoull _strtoui64
 #endif
 namespace ZeroTier {
 NodeConfig::NodeConfig(const RuntimeEnvironment *renv,const char *authToken,unsigned int controlPort)
--- a/node/NodeConfig.hpp
+++ b/node/NodeConfig.hpp
@ -167,6 +167,7 @@ private:
 	unsigned char _controlSocketKey[32];
 	UdpSocket _controlSocket;
 	std::map< uint64_t,SharedPtr<Network> > _networks;
 	Mutex _networks_m;
 };
--- a/node/Packet.cpp
+++ b/node/Packet.cpp
@ -29,6 +29,8 @@
 namespace ZeroTier {
 const unsigned char Packet::ZERO_KEY[32] { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 };
 const char *Packet::verbString(Verb v)
 	throw()
 {
--- a/node/Packet.hpp
+++ b/node/Packet.hpp
@ -164,6 +164,9 @@
 #define ZT_PROTO_VERB_FRAME_IDX_ETHERTYPE (ZT_PROTO_VERB_FRAME_IDX_NETWORK_ID + 8)
 #define ZT_PROTO_VERB_FRAME_IDX_PAYLOAD (ZT_PROTO_VERB_FRAME_IDX_ETHERTYPE + 2)
 #define ZT_PROTO_VERB_MULTICAST_GOT_IDX_NETWORK_ID (ZT_PACKET_IDX_PAYLOAD)
 #define ZT_PROTO_VERB_MULTICAST_GOT_IDX_MULTICAST_GUID (ZT_PROTO_VERB_MULTICAST_GOT_IDX_NETWORK_ID + 8)
 #define ZT_PROTO_VERB_MULTICAST_FRAME_IDX_COUNTER (ZT_PACKET_IDX_PAYLOAD)
 #define ZT_PROTO_VERB_MULTICAST_FRAME_IDX_QUEUE (ZT_PROTO_VERB_MULTICAST_FRAME_IDX_COUNTER + 2)
 #define ZT_PROTO_VERB_MULTICAST_FRAME_IDX_MAGNET (ZT_PROTO_VERB_MULTICAST_FRAME_IDX_QUEUE + 320)
@ -836,9 +839,8 @@ public:
 		Salsa20 s20(mangledKey,256,field(ZT_PACKET_IDX_IV,8));
 		// MAC key is always the first 32 bytes of the Salsa20 key stream
-		// This is the same technique DJB's NaCl library uses to use poly1305
+		// This is the same construction DJB's NaCl library uses
-		memset(macKey,0,sizeof(macKey));
+		s20.encrypt(ZERO_KEY,macKey,sizeof(macKey));
 		s20.encrypt(macKey,macKey,sizeof(macKey));
 		if (encryptPayload)
 			s20.encrypt(payload,payload,payloadLen);
@ -864,8 +866,7 @@ public:
 		_mangleKey((const unsigned char *)key,mangledKey);
 		Salsa20 s20(mangledKey,256,field(ZT_PACKET_IDX_IV,8));
-		memset(macKey,0,sizeof(macKey));
+		s20.encrypt(ZERO_KEY,macKey,sizeof(macKey));
 		s20.encrypt(macKey,macKey,sizeof(macKey));
 		Poly1305::compute(mac,payload,payloadLen,macKey);
 		if (!Utils::secureEq(mac,field(ZT_PACKET_IDX_MAC,8),8))
 			return false;
@ -931,6 +932,8 @@ public:
 	}
 private:
 	static const unsigned char ZERO_KEY[32];
 	/**
 	 * Deterministically mangle a 256-bit crypto key based on packet
 	 *
--- a/node/PacketDecoder.cpp
+++ b/node/PacketDecoder.cpp
@ -37,20 +37,6 @@
 #include "Filter.hpp"
 #include "Service.hpp"
 /*
 * The big picture:
 *
 * tryDecode() gets called for a given fully-assembled packet until it returns
 * true or the packet's time to live has been exceeded. The state machine must
 * therefore be re-entrant if it ever returns false. Take care here!
 *
 * Stylistic note:
 *
 * There's a lot of unnecessary if nesting. It's mostly to allow TRACE to
 * print informative messages on every possible reason something gets
 * rejected or fails.
 */
 namespace ZeroTier {
 bool PacketDecoder::tryDecode(const RuntimeEnvironment *_r)
@ -58,15 +44,15 @@ bool PacketDecoder::tryDecode(const RuntimeEnvironment *_r)
 {
 	if ((!encrypted())&&(verb() == Packet::VERB_HELLO)) {
 		// Unencrypted HELLOs are handled here since they are used to
-		// populate our identity cache in the first place. Thus we might get
+		// populate our identity cache in the first place. _doHELLO() is special
-		// a HELLO for someone for whom we don't have a Peer record.
+		// in that it contains its own authentication logic.
 		TRACE("HELLO from %s(%s)",source().toString().c_str(),_remoteAddress.toString().c_str());
 		return _doHELLO(_r);
 	}
 	SharedPtr<Peer> peer = _r->topology->getPeer(source());
 	if (peer) {
-		// Resume saved state?
+		// Resume saved intermediate decode state?
 		if (_step == DECODE_WAITING_FOR_MULTICAST_FRAME_ORIGINAL_SENDER_LOOKUP) {
 			// In this state we have already authenticated and decrypted the
 			// packet and are waiting for the lookup of the original sender
@ -74,22 +60,10 @@ bool PacketDecoder::tryDecode(const RuntimeEnvironment *_r)
 			return _doMULTICAST_FRAME(_r,peer);
 		}
-		// No saved state? Verify MAC before we proceed.
+		if (!dearmor(peer->key())) {
-		if (!macVerify(peer->macKey())) {
+			TRACE("dropped packet from %s(%s), MAC authentication failed (size: %u)",source().toString().c_str(),_remoteAddress.toString().c_str(),size());
 			TRACE("dropped packet from %s(%s), authentication failed (size: %u)",source().toString().c_str(),_remoteAddress.toString().c_str(),size());
 			return true;
 		}
 		// If MAC authentication passed, decrypt and uncompress
 		if (encrypted()) {
 			decrypt(peer->cryptKey());
 		} else {
 			// Unencrypted is tolerated in case we want to run this on
 			// devices where squeezing out cycles matters. MAC is
 			// what's really important. But log it in debug to catch any
 			// packets being mistakenly sent in the clear.
 			TRACE("ODD: %s from %s(%s) wasn't encrypted",Packet::verbString(verb()),source().toString().c_str(),_remoteAddress.toString().c_str());
 		}
 		if (!uncompress()) {
 			TRACE("dropped packet from %s(%s), compressed data invalid",source().toString().c_str(),_remoteAddress.toString().c_str());
 			return true;
@ -107,7 +81,7 @@ bool PacketDecoder::tryDecode(const RuntimeEnvironment *_r)
 				TRACE("NOP from %s(%s)",source().toString().c_str(),_remoteAddress.toString().c_str());
 				return true;
 			case Packet::VERB_HELLO:
-				return _doHELLO(_r);
+				return _doHELLO(_r); // legal, but why? :)
 			case Packet::VERB_ERROR:
 				return _doERROR(_r,peer);
 			case Packet::VERB_OK:
@ -120,6 +94,8 @@ bool PacketDecoder::tryDecode(const RuntimeEnvironment *_r)
 				return _doFRAME(_r,peer);
 			case Packet::VERB_MULTICAST_LIKE:
 				return _doMULTICAST_LIKE(_r,peer);
 			case Packet::VERB_MULTICAST_GOT:
 				return _doMULTICAST_GOT(_r,peer);
 			case Packet::VERB_MULTICAST_FRAME:
 				return _doMULTICAST_FRAME(_r,peer);
 			case Packet::VERB_NETWORK_MEMBERSHIP_CERTIFICATE:
@ -474,6 +450,25 @@ bool PacketDecoder::_doMULTICAST_LIKE(const RuntimeEnvironment *_r,const SharedP
 	} catch ( ... ) {
 		TRACE("dropped MULTICAST_LIKE from %s(%s): unexpected exception: (unknown)",source().toString().c_str(),_remoteAddress.toString().c_str());
 	}
 	return true;
 }
 bool PacketDecoder::_doMULTICAST_GOT(const RuntimeEnvironment *_r,const SharedPtr<Peer> &peer)
 {
 	// Right now only supernodes act as propagation hubs
 	if (!_r->topology->amSupernode()) {
 		TRACE("dropped MULTICAST_GOT from %s: I am not a supernode",source().toString().c_str());
 		return true;
 	}
 	try {
 	} catch (std::exception &ex) {
 		TRACE("dropped MULTICAST_GOT from %s(%s): unexpected exception: %s",source().toString().c_str(),_remoteAddress.toString().c_str(),ex.what());
 	} catch ( ... ) {
 		TRACE("dropped MULTICAST_GOT from %s(%s): unexpected exception: (unknown)",source().toString().c_str(),_remoteAddress.toString().c_str());
 	}
 	return true;
 }
--- a/node/PacketDecoder.hpp
+++ b/node/PacketDecoder.hpp
@ -38,6 +38,22 @@
 #include "AtomicCounter.hpp"
 #include "Peer.hpp"
 /*
 * The big picture:
 *
 * tryDecode gets called for a given fully-assembled packet until it returns
 * true or the packet's time to live has been exceeded, in which case it is
 * discarded as failed decode. Any exception thrown by tryDecode also causes
 * the packet to be discarded.
 *
 * Thus a return of false from tryDecode() indicates that it should be called
 * again. Logic is very simple as to when, and it's in doAnythingWaitingForPeer
 * in Switch. This might be expanded to be more fine grained in the future.
 *
 * A return value of true indicates that the packet is done. tryDecode must
 * never be called again after that.
 */
 namespace ZeroTier {
 class RuntimeEnvironment;
@ -76,7 +92,8 @@ public:
 	 * Note that this returns 'true' if processing is complete. This says nothing
 	 * about whether the packet was valid. A rejection is 'complete.'
 	 *
-	 * Once true is returned, this should not be called again.
+	 * Once true is returned, this must not be called again. The packet's state
 	 * may no longer be valid.
 	 *
 	 * @param _r Runtime environment
 	 * @return True if decoding and processing is complete, false if caller should try again
@ -87,7 +104,7 @@ public:
 		throw(std::out_of_range,std::runtime_error);
 	/**
-	 * @return Time of packet receipt
+	 * @return Time of packet receipt / start of decode
 	 */
 	inline uint64_t receiveTime() const throw() { return _receiveTime; }
@ -121,6 +138,7 @@ private:
 	bool _doRENDEZVOUS(const RuntimeEnvironment *_r,const SharedPtr<Peer> &peer);
 	bool _doFRAME(const RuntimeEnvironment *_r,const SharedPtr<Peer> &peer);
 	bool _doMULTICAST_LIKE(const RuntimeEnvironment *_r,const SharedPtr<Peer> &peer);
 	bool _doMULTICAST_GOT(const RuntimeEnvironment *_r,const SharedPtr<Peer> &peer);
 	bool _doMULTICAST_FRAME(const RuntimeEnvironment *_r,const SharedPtr<Peer> &peer);
 	bool _doNETWORK_MEMBERSHIP_CERTIFICATE(const RuntimeEnvironment *_r,const SharedPtr<Peer> &peer);
 	bool _doNETWORK_CONFIG_REQUEST(const RuntimeEnvironment *_r,const SharedPtr<Peer> &peer);
--- a/node/Poly1305.cpp
+++ b/node/Poly1305.cpp
@ -90,7 +90,7 @@ static void mulmod(unsigned int h[17],const unsigned int r[17])
  squeeze(h);
 }
-static int crypto_onetimeauth(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
+static inline int crypto_onetimeauth(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
 {
  unsigned int j;
  unsigned int r[17];
--- a/objects.mk
+++ b/objects.mk
@ -10,6 +10,7 @@ OBJS=\
 	node/Identity.o \
 	node/InetAddress.o \
 	node/Logger.o \
 	node/Multicaster.o \
 	node/Network.o \
 	node/Node.o \
 	node/NodeConfig.o \