From f6033634039b18f4d9756164201c56ea4dba53b9 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Wed, 6 Jul 2022 20:07:05 -0400 Subject: [PATCH] Add a protocol version field to the root set so we can use a new session protocol eventually. --- .../default-rootset/test-root.bin | Bin 204 -> 205 bytes .../default-rootset/test-root.json | 5 +++-- zerotier-network-hypervisor/src/vl1/node.rs | 2 +- zerotier-network-hypervisor/src/vl1/peer.rs | 5 ++--- zerotier-network-hypervisor/src/vl1/protocol.rs | 2 -- zerotier-network-hypervisor/src/vl1/rootset.rs | 11 ++++++++++- 6 files changed, 16 insertions(+), 9 deletions(-) diff --git a/zerotier-network-hypervisor/default-rootset/test-root.bin b/zerotier-network-hypervisor/default-rootset/test-root.bin index 0e55054bf5ea13a55bfef8c12ff3755844e70539..c8dee3a206cba27a4d807ff3d7794adf63baa2ad 100644 GIT binary patch delta 76 zcmV-S0JHzh0nGuBh(+~n?bbhFslIb%VHGoS7jAMht9g i@U$KWAfZ(cm-k!6L>`^x^`dxt0>5bg)CPb60DyqGN+f^) delta 75 zcmV-R0JQ(j0n7oAh(zb|HqA-0hEOE7otoJ<`lM!egdpcWI1Mo=(;njZEV*f;@4Z$f hubuJHn$36*VyOvJuLDi`yCfQtanK4R%@2S8fPkA~Bt8HD diff --git a/zerotier-network-hypervisor/default-rootset/test-root.json b/zerotier-network-hypervisor/default-rootset/test-root.json index 9b01406bd..24e887994 100644 --- a/zerotier-network-hypervisor/default-rootset/test-root.json +++ b/zerotier-network-hypervisor/default-rootset/test-root.json @@ -5,7 +5,8 @@ "members": [ { "identity": "bc47f54ab2:0:cfb92160bab1da37f31247ded76d8327c00c4d3e49d8a424c6ba16fe3e77b949ab782426584b0169e7b38f7679ea24f38cea637a7a93a9272bfcb0ff461c1e97", "endpoints": [ "udp:207.148.9.48/19993" ], - "signature": [ 1, 231, 242, 54, 205, 73, 178, 134, 80, 36, 182, 157, 154, 217, 55, 250, 164, 102, 119, 132, 32, 231, 62, 56, 13, 49, 41, 211, 30, 226, 248, 44, 185, 105, 163, 239, 189, 86, 37, 175, 157, 241, 209, 154, 205, 120, 15, 98, 169, 9, 83, 175, 3, 77, 250, 187, 36, 26, 146, 113, 208, 10, 36, 205, 15 ], - "priority": 0 + "signature": [ 1, 245, 109, 237, 214, 63, 96, 169, 196, 122, 200, 142, 64, 240, 230, 212, 109, 84, 136, 72, 101, 127, 75, 243, 56, 4, 140, 117, 131, 184, 94, 156, 153, 33, 8, 70, 12, 108, 107, 240, 180, 30, 7, 32, 161, 85, 15, 151, 247, 91, 197, 68, 30, 157, 229, 245, 162, 120, 123, 2, 191, 104, 255, 212, 6 ], + "priority": 0, + "protocol_version": 0 } ] } diff --git a/zerotier-network-hypervisor/src/vl1/node.rs b/zerotier-network-hypervisor/src/vl1/node.rs index eaf102dde..6324e86f5 100644 --- a/zerotier-network-hypervisor/src/vl1/node.rs +++ b/zerotier-network-hypervisor/src/vl1/node.rs @@ -398,7 +398,7 @@ impl Node { if let Some(peer) = peers.get(&m.identity.address) { new_roots.insert(peer.clone(), m.endpoints.as_ref().unwrap().iter().cloned().collect()); } else { - if let Some(peer) = Peer::::new(&self.identity, m.identity.clone(), si.time_clock(), tt) { + if let Some(peer) = Peer::::new(&self.identity, m.identity.clone(), tt) { new_roots.insert(parking_lot::RwLockUpgradableReadGuard::upgrade(peers).entry(m.identity.address).or_insert_with(|| Arc::new(peer)).clone(), m.endpoints.as_ref().unwrap().iter().cloned().collect()); } else { bad_identities.push(m.identity.clone()); diff --git a/zerotier-network-hypervisor/src/vl1/peer.rs b/zerotier-network-hypervisor/src/vl1/peer.rs index 34f629a26..3d71e5a92 100644 --- a/zerotier-network-hypervisor/src/vl1/peer.rs +++ b/zerotier-network-hypervisor/src/vl1/peer.rs @@ -186,7 +186,7 @@ impl Peer { /// /// This only returns None if this_node_identity does not have its secrets or if some /// fatal error occurs performing key agreement between the two identities. - pub(crate) fn new(this_node_identity: &Identity, id: Identity, time_clock: i64, time_ticks: i64) -> Option> { + pub(crate) fn new(this_node_identity: &Identity, id: Identity, time_ticks: i64) -> Option> { this_node_identity.agree(&id).map(|static_secret| -> Self { Self { canonical: CanonicalObject::new(), @@ -201,7 +201,7 @@ impl Peer { last_incoming_message_id: AtomicU64::new(0), create_time_ticks: time_ticks, random_ticks_offset: next_u64_secure(), - message_id_counter: AtomicU64::new(((time_clock as u64) / 100).wrapping_shl(28) ^ next_u64_secure().wrapping_shr(36)), + message_id_counter: AtomicU64::new(next_u64_secure()), remote_node_info: RwLock::new(RemoteNodeInfo { remote_instance_id: [0_u8; 16], reported_local_endpoints: HashMap::new(), @@ -642,7 +642,6 @@ impl Peer { verbs::VL1_WHOIS => self.handle_incoming_whois(si, ph, node, time_ticks, message_id, &payload).await, verbs::VL1_RENDEZVOUS => self.handle_incoming_rendezvous(si, node, time_ticks, message_id, source_path, &payload).await, verbs::VL1_ECHO => self.handle_incoming_echo(si, ph, node, time_ticks, message_id, &payload).await, - verbs::VL1_SESSION_ACK => true, // TODO, for forward secrecy verbs::VL1_PUSH_DIRECT_PATHS => self.handle_incoming_push_direct_paths(si, node, time_ticks, source_path, &payload).await, verbs::VL1_USER_MESSAGE => self.handle_incoming_user_message(si, node, time_ticks, source_path, &payload).await, _ => ph.handle_packet(self, &source_path, forward_secrecy, extended_authentication, verb, &payload).await, diff --git a/zerotier-network-hypervisor/src/vl1/protocol.rs b/zerotier-network-hypervisor/src/vl1/protocol.rs index 1a922eaaa..95b3f900e 100644 --- a/zerotier-network-hypervisor/src/vl1/protocol.rs +++ b/zerotier-network-hypervisor/src/vl1/protocol.rs @@ -77,7 +77,6 @@ pub mod verbs { pub const VL1_WHOIS: u8 = 0x04; pub const VL1_RENDEZVOUS: u8 = 0x05; pub const VL1_ECHO: u8 = 0x08; - pub const VL1_SESSION_ACK: u8 = 0x0f; pub const VL1_PUSH_DIRECT_PATHS: u8 = 0x10; pub const VL1_USER_MESSAGE: u8 = 0x14; @@ -90,7 +89,6 @@ pub mod verbs { VL1_WHOIS => "VL1_WHOIS", VL1_RENDEZVOUS => "VL1_RENDEZVOUS", VL1_ECHO => "VL1_ECHO", - VL1_SESSION_ACK => "VL1_SESSION_ACK", VL1_PUSH_DIRECT_PATHS => "VL1_PUSH_DIRECT_PATHS", VL1_USER_MESSAGE => "VL1_USER_MESSAGE", _ => "???", diff --git a/zerotier-network-hypervisor/src/vl1/rootset.rs b/zerotier-network-hypervisor/src/vl1/rootset.rs index 67abf66be..361fba47c 100644 --- a/zerotier-network-hypervisor/src/vl1/rootset.rs +++ b/zerotier-network-hypervisor/src/vl1/rootset.rs @@ -36,6 +36,10 @@ pub struct Root { /// Lower priority roots are only used if NO roots of a higher priority can be reached (in any root set). #[serde(default)] pub priority: u8, + + /// Protocol version for this root or 0 for default/unknown. + #[serde(default)] + pub protocol_version: u8, } impl PartialOrd for Root { @@ -121,6 +125,7 @@ impl RootSet { } buf.append_varint(0)?; // flags, currently always 0 buf.append_u8(m.priority)?; + buf.append_u8(m.protocol_version)?; buf.append_varint(0)?; // size of additional fields for future use } buf.append_varint(0)?; // size of additional fields for future use @@ -151,7 +156,7 @@ impl RootSet { } /// Add a member to this definition, replacing any current entry with this address. - pub fn add<'a, I: Iterator>(&mut self, member_identity: &Identity, endpoints: Option, priority: u8) { + pub fn add<'a, I: Iterator>(&mut self, member_identity: &Identity, endpoints: Option, priority: u8, protocol_version: u8) { self.members.retain(|m| m.identity.address != member_identity.address); let _ = self.members.push(Root { identity: member_identity.clone_without_secret(), @@ -164,6 +169,7 @@ impl RootSet { }), signature: Vec::new(), priority, + protocol_version, }); self.members.sort(); } @@ -186,6 +192,7 @@ impl RootSet { endpoints: unsigned_entry.endpoints, signature: signature.unwrap(), priority: unsigned_entry.priority, + protocol_version: unsigned_entry.protocol_version, }); self.members.sort(); return true; @@ -266,6 +273,7 @@ impl Marshalable for RootSet { endpoints: None, signature: Vec::new(), priority: 0, + protocol_version: 0, }; let endpoint_count = buf.read_varint(cursor)?; @@ -282,6 +290,7 @@ impl Marshalable for RootSet { let _ = buf.read_varint(cursor)?; // flags, currently unused m.priority = buf.read_u8(cursor)?; + m.protocol_version = buf.read_u8(cursor)?; *cursor += buf.read_varint(cursor)? as usize;