Add a protocol version field to the root set so we can use a new session protocol eventually.

zerotier-network-hypervisor/default-rootset/test-root.json

@@ -5,7 +5,8 @@
   "members": [ {
       "identity": "bc47f54ab2:0:cfb92160bab1da37f31247ded76d8327c00c4d3e49d8a424c6ba16fe3e77b949ab782426584b0169e7b38f7679ea24f38cea637a7a93a9272bfcb0ff461c1e97",
       "endpoints": [ "udp:207.148.9.48/19993" ],
-      "signature": [ 1, 231, 242, 54, 205, 73, 178, 134, 80, 36, 182, 157, 154, 217, 55, 250, 164, 102, 119, 132, 32, 231, 62, 56, 13, 49, 41, 211, 30, 226, 248, 44, 185, 105, 163, 239, 189, 86, 37, 175, 157, 241, 209, 154, 205, 120, 15, 98, 169, 9, 83, 175, 3, 77, 250, 187, 36, 26, 146, 113, 208, 10, 36, 205, 15 ],
-      "priority": 0
+      "signature": [ 1, 245, 109, 237, 214, 63, 96, 169, 196, 122, 200, 142, 64, 240, 230, 212, 109, 84, 136, 72, 101, 127, 75, 243, 56, 4, 140, 117, 131, 184, 94, 156, 153, 33, 8, 70, 12, 108, 107, 240, 180, 30, 7, 32, 161, 85, 15, 151, 247, 91, 197, 68, 30, 157, 229, 245, 162, 120, 123, 2, 191, 104, 255, 212, 6 ],
+      "priority": 0,
+      "protocol_version": 0
     } ]
 }

zerotier-network-hypervisor/src/vl1/node.rs

@@ -398,7 +398,7 @@ impl<SI: SystemInterface> Node<SI> {
                                 if let Some(peer) = peers.get(&m.identity.address) {
                                     new_roots.insert(peer.clone(), m.endpoints.as_ref().unwrap().iter().cloned().collect());
                                 } else {
-                                    if let Some(peer) = Peer::<SI>::new(&self.identity, m.identity.clone(), si.time_clock(), tt) {
+                                    if let Some(peer) = Peer::<SI>::new(&self.identity, m.identity.clone(), tt) {
                                         new_roots.insert(parking_lot::RwLockUpgradableReadGuard::upgrade(peers).entry(m.identity.address).or_insert_with(|| Arc::new(peer)).clone(), m.endpoints.as_ref().unwrap().iter().cloned().collect());
                                     } else {
                                         bad_identities.push(m.identity.clone());

zerotier-network-hypervisor/src/vl1/peer.rs

@@ -186,7 +186,7 @@ impl<SI: SystemInterface> Peer<SI> {
     ///
     /// This only returns None if this_node_identity does not have its secrets or if some
     /// fatal error occurs performing key agreement between the two identities.
-    pub(crate) fn new(this_node_identity: &Identity, id: Identity, time_clock: i64, time_ticks: i64) -> Option<Peer<SI>> {
+    pub(crate) fn new(this_node_identity: &Identity, id: Identity, time_ticks: i64) -> Option<Peer<SI>> {
         this_node_identity.agree(&id).map(|static_secret| -> Self {
             Self {
                 canonical: CanonicalObject::new(),
@@ -201,7 +201,7 @@ impl<SI: SystemInterface> Peer<SI> {
                 last_incoming_message_id: AtomicU64::new(0),
                 create_time_ticks: time_ticks,
                 random_ticks_offset: next_u64_secure(),
-                message_id_counter: AtomicU64::new(((time_clock as u64) / 100).wrapping_shl(28) ^ next_u64_secure().wrapping_shr(36)),
+                message_id_counter: AtomicU64::new(next_u64_secure()),
                 remote_node_info: RwLock::new(RemoteNodeInfo {
                     remote_instance_id: [0_u8; 16],
                     reported_local_endpoints: HashMap::new(),
@@ -642,7 +642,6 @@ impl<SI: SystemInterface> Peer<SI> {
                     verbs::VL1_WHOIS => self.handle_incoming_whois(si, ph, node, time_ticks, message_id, &payload).await,
                     verbs::VL1_RENDEZVOUS => self.handle_incoming_rendezvous(si, node, time_ticks, message_id, source_path, &payload).await,
                     verbs::VL1_ECHO => self.handle_incoming_echo(si, ph, node, time_ticks, message_id, &payload).await,
-                    verbs::VL1_SESSION_ACK => true, // TODO, for forward secrecy
                     verbs::VL1_PUSH_DIRECT_PATHS => self.handle_incoming_push_direct_paths(si, node, time_ticks, source_path, &payload).await,
                     verbs::VL1_USER_MESSAGE => self.handle_incoming_user_message(si, node, time_ticks, source_path, &payload).await,
                     _ => ph.handle_packet(self, &source_path, forward_secrecy, extended_authentication, verb, &payload).await,

zerotier-network-hypervisor/src/vl1/protocol.rs

@@ -77,7 +77,6 @@ pub mod verbs {
     pub const VL1_WHOIS: u8 = 0x04;
     pub const VL1_RENDEZVOUS: u8 = 0x05;
     pub const VL1_ECHO: u8 = 0x08;
-    pub const VL1_SESSION_ACK: u8 = 0x0f;
     pub const VL1_PUSH_DIRECT_PATHS: u8 = 0x10;
     pub const VL1_USER_MESSAGE: u8 = 0x14;
 
@@ -90,7 +89,6 @@ pub mod verbs {
             VL1_WHOIS => "VL1_WHOIS",
             VL1_RENDEZVOUS => "VL1_RENDEZVOUS",
             VL1_ECHO => "VL1_ECHO",
-            VL1_SESSION_ACK => "VL1_SESSION_ACK",
             VL1_PUSH_DIRECT_PATHS => "VL1_PUSH_DIRECT_PATHS",
             VL1_USER_MESSAGE => "VL1_USER_MESSAGE",
             _ => "???",

zerotier-network-hypervisor/src/vl1/rootset.rs

@@ -36,6 +36,10 @@ pub struct Root {
     /// Lower priority roots are only used if NO roots of a higher priority can be reached (in any root set).
     #[serde(default)]
     pub priority: u8,
+
+    /// Protocol version for this root or 0 for default/unknown.
+    #[serde(default)]
+    pub protocol_version: u8,
 }
 
 impl PartialOrd for Root {
@@ -121,6 +125,7 @@ impl RootSet {
             }
             buf.append_varint(0)?; // flags, currently always 0
             buf.append_u8(m.priority)?;
+            buf.append_u8(m.protocol_version)?;
             buf.append_varint(0)?; // size of additional fields for future use
         }
         buf.append_varint(0)?; // size of additional fields for future use
@@ -151,7 +156,7 @@ impl RootSet {
     }
 
     /// Add a member to this definition, replacing any current entry with this address.
-    pub fn add<'a, I: Iterator<Item = &'a Endpoint>>(&mut self, member_identity: &Identity, endpoints: Option<I>, priority: u8) {
+    pub fn add<'a, I: Iterator<Item = &'a Endpoint>>(&mut self, member_identity: &Identity, endpoints: Option<I>, priority: u8, protocol_version: u8) {
         self.members.retain(|m| m.identity.address != member_identity.address);
         let _ = self.members.push(Root {
             identity: member_identity.clone_without_secret(),
@@ -164,6 +169,7 @@ impl RootSet {
             }),
             signature: Vec::new(),
             priority,
+            protocol_version,
         });
         self.members.sort();
     }
@@ -186,6 +192,7 @@ impl RootSet {
                 endpoints: unsigned_entry.endpoints,
                 signature: signature.unwrap(),
                 priority: unsigned_entry.priority,
+                protocol_version: unsigned_entry.protocol_version,
             });
             self.members.sort();
             return true;
@@ -266,6 +273,7 @@ impl Marshalable for RootSet {
                 endpoints: None,
                 signature: Vec::new(),
                 priority: 0,
+                protocol_version: 0,
             };
 
             let endpoint_count = buf.read_varint(cursor)?;
@@ -282,6 +290,7 @@ impl Marshalable for RootSet {
 
             let _ = buf.read_varint(cursor)?; // flags, currently unused
             m.priority = buf.read_u8(cursor)?;
+            m.protocol_version = buf.read_u8(cursor)?;
 
             *cursor += buf.read_varint(cursor)? as usize;