mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2025-04-25 08:27:39 +02:00
869 lines
25 KiB
C++
869 lines
25 KiB
C++
/*
|
|
* Copyright (c)2013-2020 ZeroTier, Inc.
|
|
*
|
|
* Use of this software is governed by the Business Source License included
|
|
* in the LICENSE.TXT file in the project's root directory.
|
|
*
|
|
* Change Date: 2024-01-01
|
|
*
|
|
* On the date above, in accordance with the Business Source License, use
|
|
* of this software will be governed by version 2.0 of the Apache License.
|
|
*/
|
|
/****/
|
|
|
|
#ifndef ZT_BUF_HPP
|
|
#define ZT_BUF_HPP
|
|
|
|
#include "Constants.hpp"
|
|
#include "Utils.hpp"
|
|
#include "SharedPtr.hpp"
|
|
#include "Mutex.hpp"
|
|
#include "TriviallyCopyable.hpp"
|
|
#include "FCV.hpp"
|
|
|
|
#include <stdexcept>
|
|
#include <utility>
|
|
#include <algorithm>
|
|
#include <new>
|
|
|
|
// Buffers are 16384 bytes in size because this is the smallest size that can hold any packet
|
|
// and is a power of two. It needs to be a power of two because masking is significantly faster
|
|
// than integer division modulus.
|
|
#define ZT_BUF_MEM_SIZE 0x00004000
|
|
#define ZT_BUF_MEM_MASK 0x00003fffU
|
|
|
|
// Sanity limit on maximum buffer pool size
|
|
#define ZT_BUF_MAX_POOL_SIZE 1024
|
|
|
|
namespace ZeroTier {
|
|
|
|
/**
|
|
* Buffer and methods for branch-free bounds-checked data assembly and parsing
|
|
*
|
|
* This implements an extremely fast buffer for packet assembly and parsing that avoids
|
|
* branching whenever possible. To be safe it must be used correctly!
|
|
*
|
|
* The read methods are prefixed by 'r', and write methods with 'w'. All methods take
|
|
* an iterator, which is just an int that should be initialized to 0 (or whatever starting
|
|
* position is desired). All read methods will advance the iterator regardless of outcome.
|
|
*
|
|
* Read and write methods fail silently in the event of overflow. They do not corrupt or
|
|
* access memory outside the bounds of Buf, but will otherwise produce undefined results.
|
|
*
|
|
* IT IS THE RESPONSIBILITY OF THE USER of this class to use the readOverflow() and
|
|
* writeOverflow() static methods to check the iterator for overflow after each series
|
|
* of reads and writes and BEFORE ANY PARSING or other decisions are made on the basis
|
|
* of the data obtained from a buffer. Failure to do so can result in bugs due
|
|
* to parsing and branching on undefined or corrupt data.
|
|
*
|
|
* ^^ THIS IS VERY IMPORTANT ^^
|
|
*
|
|
* A typical packet assembly consists of repeated calls to the write methods followed by
|
|
* a check to writeOverflow() before final packet armoring and transport. A typical packet
|
|
* disassembly and parsing consists of a series of read calls to obtain the packet's
|
|
* fields followed by a call to readOverflow() to check that these fields are valid. The
|
|
* packet is discarded if readOverflow() returns true. Some packet parsers may make
|
|
* additional reads and in this case readOverflow() must be checked after each set of
|
|
* reads to ensure that overflow did not occur.
|
|
*
|
|
* Buf uses a lock-free pool for extremely fast allocation and deallocation.
|
|
*
|
|
* Buf can optionally take a template parameter that will be placed in the 'data'
|
|
* union as 'fields.' This must be a basic plain data type and must be no larger than
|
|
* ZT_BUF_MEM_SIZE. It's typically a packed struct.
|
|
*
|
|
* Buf instances with different template parameters can freely be cast to one another
|
|
* as there is no actual difference in size or layout.
|
|
*
|
|
* @tparam U Type to overlap with data bytes in data union (can't be larger than ZT_BUF_MEM_SIZE)
|
|
*/
|
|
class Buf
|
|
{
|
|
friend class SharedPtr< Buf >;
|
|
|
|
public:
|
|
// New and delete operators that allocate Buf instances from a shared lock-free memory pool.
|
|
static void *operator new(std::size_t sz);
|
|
|
|
static void operator delete(void *ptr);
|
|
|
|
/**
|
|
* Raw data held in buffer
|
|
*
|
|
* The additional eight bytes should not be used and should be considered undefined.
|
|
* They exist to allow reads and writes of integer types to silently overflow if a
|
|
* read or write is performed at the end of the buffer.
|
|
*/
|
|
uint8_t unsafeData[ZT_BUF_MEM_SIZE + 8];
|
|
|
|
/**
|
|
* Free all instances of Buf in shared pool.
|
|
*
|
|
* New buffers will be created and the pool repopulated if get() is called
|
|
* and outstanding buffers will still be returned to the pool. This just
|
|
* frees buffers currently held in reserve.
|
|
*/
|
|
static void freePool() noexcept;
|
|
|
|
/**
|
|
* @return Number of Buf objects currently allocated via pool mechanism
|
|
*/
|
|
static long poolAllocated() noexcept;
|
|
|
|
/**
|
|
* Slice is almost exactly like the built-in slice data structure in Go
|
|
*/
|
|
struct Slice : TriviallyCopyable
|
|
{
|
|
ZT_INLINE Slice(const SharedPtr< Buf > &b_, const unsigned int s_, const unsigned int e_) noexcept: b(b_), s(s_), e(e_)
|
|
{}
|
|
|
|
ZT_INLINE Slice() noexcept: b(), s(0), e(0)
|
|
{}
|
|
|
|
ZT_INLINE operator bool() const noexcept
|
|
{ return (b); }
|
|
|
|
ZT_INLINE unsigned int size() const noexcept
|
|
{ return (e - s); }
|
|
|
|
ZT_INLINE void zero() noexcept
|
|
{
|
|
b.zero();
|
|
s = 0;
|
|
e = 0;
|
|
}
|
|
|
|
/**
|
|
* Buffer holding slice data
|
|
*/
|
|
SharedPtr< Buf > b;
|
|
|
|
/**
|
|
* Index of start of data in slice
|
|
*/
|
|
unsigned int s;
|
|
|
|
/**
|
|
* Index of end of data in slice (make sure it's greater than or equal to 's'!)
|
|
*/
|
|
unsigned int e;
|
|
};
|
|
|
|
/**
|
|
* A vector of slices making up a packet that might span more than one buffer.
|
|
*/
|
|
class PacketVector : public ZeroTier::FCV< Slice, ZT_MAX_PACKET_FRAGMENTS >
|
|
{
|
|
public:
|
|
ZT_INLINE PacketVector() : ZeroTier::FCV< Slice, ZT_MAX_PACKET_FRAGMENTS >()
|
|
{}
|
|
|
|
ZT_INLINE unsigned int totalSize() const noexcept
|
|
{
|
|
unsigned int size = 0;
|
|
for (PacketVector::const_iterator s(begin()); s != end(); ++s)
|
|
size += s->e - s->s;
|
|
return size;
|
|
}
|
|
|
|
/**
|
|
* Merge this packet vector into a single destination buffer
|
|
*
|
|
* @param b Destination buffer
|
|
* @return Size of data in destination or -1 on error
|
|
*/
|
|
ZT_INLINE int mergeCopy(Buf &b) const noexcept
|
|
{
|
|
unsigned int size = 0;
|
|
for (PacketVector::const_iterator s(begin()); s != end(); ++s) {
|
|
const unsigned int start = s->s;
|
|
const unsigned int rem = s->e - start;
|
|
if (likely((size + rem) <= ZT_BUF_MEM_SIZE)) {
|
|
Utils::copy(b.unsafeData + size, s->b->unsafeData + start, rem);
|
|
size += rem;
|
|
} else {
|
|
return -1;
|
|
}
|
|
}
|
|
return (int)size;
|
|
}
|
|
|
|
/**
|
|
* Merge this packet vector into a single destination buffer with an arbitrary copy function
|
|
*
|
|
* This can be used to e.g. simultaneously merge and decrypt a packet.
|
|
*
|
|
* @param b Destination buffer
|
|
* @param simpleCopyBefore Don't start using copyFunction until this index (0 to always use)
|
|
* @param copyFunction Function to invoke with memcpy-like arguments: (dest, source, size)
|
|
* @tparam F Type of copyFunction (typically inferred)
|
|
* @return Size of data in destination or -1 on error
|
|
*/
|
|
template< typename F >
|
|
ZT_INLINE int mergeMap(Buf &b, const unsigned int simpleCopyBefore, F copyFunction) const noexcept
|
|
{
|
|
unsigned int size = 0;
|
|
for (PacketVector::const_iterator s(begin()); s != end(); ++s) {
|
|
unsigned int start = s->s;
|
|
unsigned int rem = s->e - start;
|
|
if (likely((size + rem) <= ZT_BUF_MEM_SIZE)) {
|
|
if (size < simpleCopyBefore) {
|
|
unsigned int sc = simpleCopyBefore - size;
|
|
if (unlikely(sc > rem))
|
|
sc = rem;
|
|
Utils::copy(b.unsafeData + size, s->b->unsafeData + start, sc);
|
|
start += sc;
|
|
rem -= sc;
|
|
}
|
|
|
|
if (likely(rem > 0)) {
|
|
copyFunction(b.unsafeData + size, s->b->unsafeData + start, rem);
|
|
size += rem;
|
|
}
|
|
} else {
|
|
return -1;
|
|
}
|
|
}
|
|
return (int)size;
|
|
}
|
|
};
|
|
|
|
/**
|
|
* Create a new uninitialized buffer with undefined contents (use clear() to zero if needed)
|
|
*/
|
|
ZT_INLINE Buf() noexcept: __nextInPool(0), __refCount(0)
|
|
{}
|
|
|
|
/**
|
|
* Create a new buffer and copy data into it
|
|
*/
|
|
ZT_INLINE Buf(const void *const data, const unsigned int len) noexcept:
|
|
__refCount(0)
|
|
{
|
|
Utils::copy(unsafeData, data, len);
|
|
}
|
|
|
|
ZT_INLINE Buf(const Buf &b2) noexcept:
|
|
__nextInPool(0),
|
|
__refCount(0)
|
|
{
|
|
Utils::copy< ZT_BUF_MEM_SIZE >(unsafeData, b2.unsafeData);
|
|
}
|
|
|
|
ZT_INLINE Buf &operator=(const Buf &b2) noexcept
|
|
{
|
|
if (this != &b2)
|
|
Utils::copy< ZT_BUF_MEM_SIZE >(unsafeData, b2.unsafeData);
|
|
return *this;
|
|
}
|
|
|
|
/**
|
|
* Check for overflow beyond the size of the buffer
|
|
*
|
|
* This is used to check for overflow when writing. It returns true if the iterator
|
|
* has passed beyond the capacity of the buffer.
|
|
*
|
|
* @param ii Iterator to check
|
|
* @return True if iterator has read past the size of the buffer
|
|
*/
|
|
static ZT_INLINE bool writeOverflow(const int &ii) noexcept
|
|
{ return ((ii - ZT_BUF_MEM_SIZE) > 0); }
|
|
|
|
/**
|
|
* Check for overflow beyond the size of the data that should be in the buffer
|
|
*
|
|
* This is used to check for overflow when reading, with the second argument being the
|
|
* size of the meaningful data actually present in the buffer.
|
|
*
|
|
* @param ii Iterator to check
|
|
* @param size Size of data that should be in buffer
|
|
* @return True if iterator has read past the size of the data
|
|
*/
|
|
static ZT_INLINE bool readOverflow(const int &ii, const unsigned int size) noexcept
|
|
{ return ((ii - (int)size) > 0); }
|
|
|
|
/**
|
|
* Set all memory to zero
|
|
*/
|
|
ZT_INLINE void clear() noexcept
|
|
{
|
|
Utils::zero< ZT_BUF_MEM_SIZE >(unsafeData);
|
|
}
|
|
|
|
/**
|
|
* Read a byte
|
|
*
|
|
* @param ii Index value-result parameter (incremented by 1)
|
|
* @return Byte (undefined on overflow)
|
|
*/
|
|
ZT_INLINE uint8_t rI8(int &ii) const noexcept
|
|
{
|
|
const int s = ii++;
|
|
return unsafeData[(unsigned int)s & ZT_BUF_MEM_MASK];
|
|
}
|
|
|
|
/**
|
|
* Read a 16-bit integer
|
|
*
|
|
* @param ii Index value-result parameter (incremented by 2)
|
|
* @return Integer (undefined on overflow)
|
|
*/
|
|
ZT_INLINE uint16_t rI16(int &ii) const noexcept
|
|
{
|
|
const unsigned int s = (unsigned int)ii & ZT_BUF_MEM_MASK;
|
|
ii += 2;
|
|
#ifdef ZT_NO_UNALIGNED_ACCESS
|
|
return (
|
|
((uint16_t)unsafeData[s] << 8U) |
|
|
(uint16_t)unsafeData[s + 1]);
|
|
#else
|
|
return Utils::ntoh(*reinterpret_cast<const uint16_t *>(unsafeData + s));
|
|
#endif
|
|
}
|
|
|
|
/**
|
|
* Read a 32-bit integer
|
|
*
|
|
* @param ii Index value-result parameter (incremented by 4)
|
|
* @return Integer (undefined on overflow)
|
|
*/
|
|
ZT_INLINE uint32_t rI32(int &ii) const noexcept
|
|
{
|
|
const unsigned int s = (unsigned int)ii & ZT_BUF_MEM_MASK;
|
|
ii += 4;
|
|
#ifdef ZT_NO_UNALIGNED_ACCESS
|
|
return (
|
|
((uint32_t)unsafeData[s] << 24U) |
|
|
((uint32_t)unsafeData[s + 1] << 16U) |
|
|
((uint32_t)unsafeData[s + 2] << 8U) |
|
|
(uint32_t)unsafeData[s + 3]);
|
|
#else
|
|
return Utils::ntoh(*reinterpret_cast<const uint32_t *>(unsafeData + s));
|
|
#endif
|
|
}
|
|
|
|
/**
|
|
* Read a 64-bit integer
|
|
*
|
|
* @param ii Index value-result parameter (incremented by 8)
|
|
* @return Integer (undefined on overflow)
|
|
*/
|
|
ZT_INLINE uint64_t rI64(int &ii) const noexcept
|
|
{
|
|
const unsigned int s = (unsigned int)ii & ZT_BUF_MEM_MASK;
|
|
ii += 8;
|
|
#ifdef ZT_NO_UNALIGNED_ACCESS
|
|
return (
|
|
((uint64_t)unsafeData[s] << 56U) |
|
|
((uint64_t)unsafeData[s + 1] << 48U) |
|
|
((uint64_t)unsafeData[s + 2] << 40U) |
|
|
((uint64_t)unsafeData[s + 3] << 32U) |
|
|
((uint64_t)unsafeData[s + 4] << 24U) |
|
|
((uint64_t)unsafeData[s + 5] << 16U) |
|
|
((uint64_t)unsafeData[s + 6] << 8U) |
|
|
(uint64_t)unsafeData[s + 7]);
|
|
#else
|
|
return Utils::ntoh(*reinterpret_cast<const uint64_t *>(unsafeData + s));
|
|
#endif
|
|
}
|
|
|
|
/**
|
|
* Read an object supporting the marshal/unmarshal interface
|
|
*
|
|
* If the return value is negative the object's state is undefined. A return value of
|
|
* zero typically also indicates a problem, though this may depend on the object type.
|
|
*
|
|
* Since objects may be invalid even if there is no overflow, it's important to check
|
|
* the return value of this function in all cases and discard invalid packets as it
|
|
* indicates.
|
|
*
|
|
* @tparam T Object type
|
|
* @param ii Index value-result parameter (incremented by object's size in bytes)
|
|
* @param obj Object to read
|
|
* @return Bytes read or a negative value on unmarshal error (passed from object) or overflow
|
|
*/
|
|
template< typename T >
|
|
ZT_INLINE int rO(int &ii, T &obj) const noexcept
|
|
{
|
|
if (likely(ii < ZT_BUF_MEM_SIZE)) {
|
|
int ms = obj.unmarshal(unsafeData + ii, ZT_BUF_MEM_SIZE - ii);
|
|
if (ms > 0)
|
|
ii += ms;
|
|
return ms;
|
|
}
|
|
return -1;
|
|
}
|
|
|
|
/**
|
|
* Read a C-style string from the buffer, making a copy and advancing the iterator
|
|
*
|
|
* Use this if the buffer's memory may get changed between reading and processing
|
|
* what is read.
|
|
*
|
|
* @param ii Index value-result parameter (incremented by length of string)
|
|
* @param buf Buffer to receive string
|
|
* @param bufSize Capacity of buffer in bytes
|
|
* @return Pointer to buf or NULL on overflow or error
|
|
*/
|
|
ZT_INLINE char *rS(int &ii, char *const buf, const unsigned int bufSize) const noexcept
|
|
{
|
|
const char *const s = (const char *)(unsafeData + ii);
|
|
const int sii = ii;
|
|
while (ii < ZT_BUF_MEM_SIZE) {
|
|
if (unsafeData[ii++] == 0) {
|
|
const int l = ii - sii;
|
|
if (unlikely((unsigned int)l > bufSize))
|
|
return nullptr;
|
|
Utils::copy(buf, s, l);
|
|
return buf;
|
|
}
|
|
}
|
|
return nullptr;
|
|
}
|
|
|
|
/**
|
|
* Obtain a pointer to a C-style string in the buffer without copying and advance the iterator
|
|
*
|
|
* The iterator is advanced even if this fails and returns NULL so that readOverflow()
|
|
* will indicate that an overflow occurred. As with other reads the string's contents are
|
|
* undefined if readOverflow() returns true.
|
|
*
|
|
* This version avoids a copy and so is faster if the buffer won't be modified between
|
|
* reading and processing.
|
|
*
|
|
* @param ii Index value-result parameter (incremented by length of string)
|
|
* @return Pointer to null-terminated C-style string or NULL on overflow or error
|
|
*/
|
|
ZT_INLINE const char *rSnc(int &ii) const noexcept
|
|
{
|
|
const char *const s = (const char *)(unsafeData + ii);
|
|
while (ii < ZT_BUF_MEM_SIZE) {
|
|
if (unsafeData[ii++] == 0)
|
|
return s;
|
|
}
|
|
return nullptr;
|
|
}
|
|
|
|
/**
|
|
* Read a byte array from the buffer, making a copy and advancing the iterator
|
|
*
|
|
* Use this if the buffer's memory may get changed between reading and processing
|
|
* what is read.
|
|
*
|
|
* @param ii Index value-result parameter (incremented by len)
|
|
* @param bytes Buffer to contain data to read
|
|
* @param len Length of buffer
|
|
* @return Pointer to data or NULL on overflow or error
|
|
*/
|
|
ZT_INLINE uint8_t *rB(int &ii, void *const bytes, const unsigned int len) const noexcept
|
|
{
|
|
if (likely(((ii += (int)len) <= ZT_BUF_MEM_SIZE))) {
|
|
Utils::copy(bytes, unsafeData + ii, len);
|
|
return reinterpret_cast<uint8_t *>(bytes);
|
|
}
|
|
return nullptr;
|
|
}
|
|
|
|
/**
|
|
* Obtain a pointer to a field in the buffer without copying and advance the iterator
|
|
*
|
|
* The iterator is advanced even if this fails and returns NULL so that readOverflow()
|
|
* will indicate that an overflow occurred.
|
|
*
|
|
* This version avoids a copy and so is faster if the buffer won't be modified between
|
|
* reading and processing.
|
|
*
|
|
* @param ii Index value-result parameter (incremented by len)
|
|
* @param len Length of data field to obtain a pointer to
|
|
* @return Pointer to field or NULL on overflow
|
|
*/
|
|
ZT_INLINE const uint8_t *rBnc(int &ii, unsigned int len) const noexcept
|
|
{
|
|
const uint8_t *const b = unsafeData + ii;
|
|
return ((ii += (int)len) <= ZT_BUF_MEM_SIZE) ? b : nullptr;
|
|
}
|
|
|
|
/**
|
|
* Load a value at an index that is compile time checked against the maximum buffer size
|
|
*
|
|
* @tparam I Static index
|
|
* @return Value
|
|
*/
|
|
template< unsigned int I >
|
|
ZT_INLINE uint8_t lI8() const noexcept
|
|
{
|
|
static_assert(I < ZT_BUF_MEM_SIZE, "overflow");
|
|
return unsafeData[I];
|
|
}
|
|
|
|
/**
|
|
* Load a value at an index that is compile time checked against the maximum buffer size
|
|
*
|
|
* @tparam I Static index
|
|
* @return Value
|
|
*/
|
|
template< unsigned int I >
|
|
ZT_INLINE uint8_t lI16() const noexcept
|
|
{
|
|
static_assert((I + 1) < ZT_BUF_MEM_SIZE, "overflow");
|
|
#ifdef ZT_NO_UNALIGNED_ACCESS
|
|
return (
|
|
((uint16_t)unsafeData[I] << 8U) |
|
|
(uint16_t)unsafeData[I + 1]);
|
|
#else
|
|
return Utils::ntoh(*reinterpret_cast<const uint16_t *>(unsafeData + I));
|
|
#endif
|
|
}
|
|
|
|
/**
|
|
* Load a value at an index that is compile time checked against the maximum buffer size
|
|
*
|
|
* @tparam I Static index
|
|
* @return Value
|
|
*/
|
|
template< unsigned int I >
|
|
ZT_INLINE uint8_t lI32() const noexcept
|
|
{
|
|
static_assert((I + 3) < ZT_BUF_MEM_SIZE, "overflow");
|
|
#ifdef ZT_NO_UNALIGNED_ACCESS
|
|
return (
|
|
((uint32_t)unsafeData[I] << 24U) |
|
|
((uint32_t)unsafeData[I + 1] << 16U) |
|
|
((uint32_t)unsafeData[I + 2] << 8U) |
|
|
(uint32_t)unsafeData[I + 3]);
|
|
#else
|
|
return Utils::ntoh(*reinterpret_cast<const uint32_t *>(unsafeData + I));
|
|
#endif
|
|
}
|
|
|
|
/**
|
|
* Load a value at an index that is compile time checked against the maximum buffer size
|
|
*
|
|
* @tparam I Static index
|
|
* @return Value
|
|
*/
|
|
template< unsigned int I >
|
|
ZT_INLINE uint8_t lI64() const noexcept
|
|
{
|
|
static_assert((I + 7) < ZT_BUF_MEM_SIZE, "overflow");
|
|
#ifdef ZT_NO_UNALIGNED_ACCESS
|
|
return (
|
|
((uint64_t)unsafeData[I] << 56U) |
|
|
((uint64_t)unsafeData[I + 1] << 48U) |
|
|
((uint64_t)unsafeData[I + 2] << 40U) |
|
|
((uint64_t)unsafeData[I + 3] << 32U) |
|
|
((uint64_t)unsafeData[I + 4] << 24U) |
|
|
((uint64_t)unsafeData[I + 5] << 16U) |
|
|
((uint64_t)unsafeData[I + 6] << 8U) |
|
|
(uint64_t)unsafeData[I + 7]);
|
|
#else
|
|
return Utils::ntoh(*reinterpret_cast<const uint64_t *>(unsafeData + I));
|
|
#endif
|
|
}
|
|
|
|
/**
|
|
* Load a value at an index without advancing the index
|
|
*
|
|
* Note that unlike the rI??() methods this does not increment ii and therefore
|
|
* will not necessarily result in a 'true' return from readOverflow(). It does
|
|
* however subject 'ii' to soft bounds masking like the gI??() methods.
|
|
*/
|
|
ZT_INLINE uint8_t lI8(const int ii) const noexcept
|
|
{
|
|
return unsafeData[(unsigned int)ii & ZT_BUF_MEM_MASK];
|
|
}
|
|
|
|
/**
|
|
* Load a value at an index without advancing the index
|
|
*
|
|
* Note that unlike the rI??() methods this does not increment ii and therefore
|
|
* will not necessarily result in a 'true' return from readOverflow(). It does
|
|
* however subject 'ii' to soft bounds masking like the gI??() methods.
|
|
*/
|
|
ZT_INLINE uint16_t lI16(const int ii) const noexcept
|
|
{
|
|
const unsigned int s = (unsigned int)ii & ZT_BUF_MEM_MASK;
|
|
#ifdef ZT_NO_UNALIGNED_ACCESS
|
|
return (
|
|
((uint16_t)unsafeData[s] << 8U) |
|
|
(uint16_t)unsafeData[s + 1]);
|
|
#else
|
|
return Utils::ntoh(*reinterpret_cast<const uint16_t *>(unsafeData + s));
|
|
#endif
|
|
}
|
|
|
|
/**
|
|
* Load a value at an index without advancing the index
|
|
*
|
|
* Note that unlike the rI??() methods this does not increment ii and therefore
|
|
* will not necessarily result in a 'true' return from readOverflow(). It does
|
|
* however subject 'ii' to soft bounds masking like the gI??() methods.
|
|
*/
|
|
ZT_INLINE uint32_t lI32(const int ii) const noexcept
|
|
{
|
|
const unsigned int s = (unsigned int)ii & ZT_BUF_MEM_MASK;
|
|
#ifdef ZT_NO_UNALIGNED_ACCESS
|
|
return (
|
|
((uint32_t)unsafeData[s] << 24U) |
|
|
((uint32_t)unsafeData[s + 1] << 16U) |
|
|
((uint32_t)unsafeData[s + 2] << 8U) |
|
|
(uint32_t)unsafeData[s + 3]);
|
|
#else
|
|
return Utils::ntoh(*reinterpret_cast<const uint32_t *>(unsafeData + s));
|
|
#endif
|
|
}
|
|
|
|
/**
|
|
* Load a value at an index without advancing the index
|
|
*
|
|
* Note that unlike the rI??() methods this does not increment ii and therefore
|
|
* will not necessarily result in a 'true' return from readOverflow(). It does
|
|
* however subject 'ii' to soft bounds masking like the gI??() methods.
|
|
*/
|
|
ZT_INLINE uint8_t lI64(const int ii) const noexcept
|
|
{
|
|
const unsigned int s = (unsigned int)ii & ZT_BUF_MEM_MASK;
|
|
#ifdef ZT_NO_UNALIGNED_ACCESS
|
|
return (
|
|
((uint64_t)unsafeData[s] << 56U) |
|
|
((uint64_t)unsafeData[s + 1] << 48U) |
|
|
((uint64_t)unsafeData[s + 2] << 40U) |
|
|
((uint64_t)unsafeData[s + 3] << 32U) |
|
|
((uint64_t)unsafeData[s + 4] << 24U) |
|
|
((uint64_t)unsafeData[s + 5] << 16U) |
|
|
((uint64_t)unsafeData[s + 6] << 8U) |
|
|
(uint64_t)unsafeData[s + 7]);
|
|
#else
|
|
return Utils::ntoh(*reinterpret_cast<const uint64_t *>(unsafeData + s));
|
|
#endif
|
|
}
|
|
|
|
/**
|
|
* Write a byte
|
|
*
|
|
* @param ii Index value-result parameter (incremented by 1)
|
|
* @param n Byte
|
|
*/
|
|
ZT_INLINE void wI8(int &ii, const uint8_t n) noexcept
|
|
{
|
|
const int s = ii++;
|
|
unsafeData[(unsigned int)s & ZT_BUF_MEM_MASK] = n;
|
|
}
|
|
|
|
/**
|
|
* Write a 16-bit integer in big-endian byte order
|
|
*
|
|
* @param ii Index value-result parameter (incremented by 2)
|
|
* @param n Integer
|
|
*/
|
|
ZT_INLINE void wI16(int &ii, const uint16_t n) noexcept
|
|
{
|
|
const unsigned int s = ((unsigned int)ii) & ZT_BUF_MEM_MASK;
|
|
ii += 2;
|
|
#ifdef ZT_NO_UNALIGNED_ACCESS
|
|
unsafeData[s] = (uint8_t)(n >> 8U);
|
|
unsafeData[s + 1] = (uint8_t)n;
|
|
#else
|
|
*reinterpret_cast<uint16_t *>(unsafeData + s) = Utils::hton(n);
|
|
#endif
|
|
}
|
|
|
|
/**
|
|
* Write a 32-bit integer in big-endian byte order
|
|
*
|
|
* @param ii Index value-result parameter (incremented by 4)
|
|
* @param n Integer
|
|
*/
|
|
ZT_INLINE void wI32(int &ii, const uint32_t n) noexcept
|
|
{
|
|
const unsigned int s = ((unsigned int)ii) & ZT_BUF_MEM_MASK;
|
|
ii += 4;
|
|
#ifdef ZT_NO_UNALIGNED_ACCESS
|
|
unsafeData[s] = (uint8_t)(n >> 24U);
|
|
unsafeData[s + 1] = (uint8_t)(n >> 16U);
|
|
unsafeData[s + 2] = (uint8_t)(n >> 8U);
|
|
unsafeData[s + 3] = (uint8_t)n;
|
|
#else
|
|
*reinterpret_cast<uint32_t *>(unsafeData + s) = Utils::hton(n);
|
|
#endif
|
|
}
|
|
|
|
/**
|
|
* Write a 64-bit integer in big-endian byte order
|
|
*
|
|
* @param ii Index value-result parameter (incremented by 8)
|
|
* @param n Integer
|
|
*/
|
|
ZT_INLINE void wI64(int &ii, const uint64_t n) noexcept
|
|
{
|
|
const unsigned int s = ((unsigned int)ii) & ZT_BUF_MEM_MASK;
|
|
ii += 8;
|
|
#ifdef ZT_NO_UNALIGNED_ACCESS
|
|
unsafeData[s] = (uint8_t)(n >> 56U);
|
|
unsafeData[s + 1] = (uint8_t)(n >> 48U);
|
|
unsafeData[s + 2] = (uint8_t)(n >> 40U);
|
|
unsafeData[s + 3] = (uint8_t)(n >> 32U);
|
|
unsafeData[s + 4] = (uint8_t)(n >> 24U);
|
|
unsafeData[s + 5] = (uint8_t)(n >> 16U);
|
|
unsafeData[s + 6] = (uint8_t)(n >> 8U);
|
|
unsafeData[s + 7] = (uint8_t)n;
|
|
#else
|
|
*reinterpret_cast<uint64_t *>(unsafeData + s) = Utils::hton(n);
|
|
#endif
|
|
}
|
|
|
|
/**
|
|
* Write an object implementing the marshal interface
|
|
*
|
|
* @tparam T Object type
|
|
* @param ii Index value-result parameter (incremented by size of object)
|
|
* @param t Object to write
|
|
*/
|
|
template< typename T >
|
|
ZT_INLINE void wO(int &ii, T &t) noexcept
|
|
{
|
|
const int s = ii;
|
|
if (likely((s + T::marshalSizeMax()) <= ZT_BUF_MEM_SIZE)) {
|
|
int ms = t.marshal(unsafeData + s);
|
|
if (ms > 0)
|
|
ii += ms;
|
|
} else {
|
|
ii += T::marshalSizeMax(); // mark as overflowed even if we didn't do anything
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Write a C-style null-terminated string (including the trailing zero)
|
|
*
|
|
* @param ii Index value-result parameter (incremented by length of string)
|
|
* @param s String to write (writes an empty string if this is NULL)
|
|
*/
|
|
ZT_INLINE void wS(int &ii, const char *s) noexcept
|
|
{
|
|
if (s) {
|
|
char c;
|
|
do {
|
|
c = *(s++);
|
|
wI8(ii, (uint8_t)c);
|
|
} while (c);
|
|
} else {
|
|
wI8(ii, 0);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Write a byte array
|
|
*
|
|
* @param ii Index value-result parameter (incremented by len)
|
|
* @param bytes Bytes to write
|
|
* @param len Size of data in bytes
|
|
*/
|
|
ZT_INLINE void wB(int &ii, const void *const bytes, const unsigned int len) noexcept
|
|
{
|
|
const int s = ii;
|
|
if (likely((ii += (int)len) <= ZT_BUF_MEM_SIZE))
|
|
Utils::copy(unsafeData + s, bytes, len);
|
|
}
|
|
|
|
/**
|
|
* Write zeroes
|
|
*
|
|
* @param ii Index value-result parameter (incremented by len)
|
|
* @param len Number of zero bytes to write
|
|
*/
|
|
ZT_INLINE void wZ(int &ii, const unsigned int len) noexcept
|
|
{
|
|
const int s = ii;
|
|
if (likely((ii += (int)len) <= ZT_BUF_MEM_SIZE))
|
|
Utils::zero(unsafeData + s, len);
|
|
}
|
|
|
|
/**
|
|
* Write secure random bytes
|
|
*
|
|
* @param ii Index value-result parameter (incremented by len)
|
|
* @param len Number of random bytes to write
|
|
*/
|
|
ZT_INLINE void wR(int &ii, const unsigned int len) noexcept
|
|
{
|
|
const int s = ii;
|
|
if (likely((ii += (int)len) <= ZT_BUF_MEM_SIZE))
|
|
Utils::getSecureRandom(unsafeData + s, len);
|
|
}
|
|
|
|
/**
|
|
* Store a byte without advancing the index
|
|
*/
|
|
ZT_INLINE void sI8(const int ii, const uint8_t n) noexcept
|
|
{
|
|
unsafeData[(unsigned int)ii & ZT_BUF_MEM_MASK] = n;
|
|
}
|
|
|
|
/**
|
|
* Store an integer without advancing the index
|
|
*/
|
|
ZT_INLINE void sI16(const int ii, const uint16_t n) noexcept
|
|
{
|
|
const unsigned int s = ((unsigned int)ii) & ZT_BUF_MEM_MASK;
|
|
#ifdef ZT_NO_UNALIGNED_ACCESS
|
|
unsafeData[s] = (uint8_t)(n >> 8U);
|
|
unsafeData[s + 1] = (uint8_t)n;
|
|
#else
|
|
*reinterpret_cast<uint16_t *>(unsafeData + s) = Utils::hton(n);
|
|
#endif
|
|
}
|
|
|
|
/**
|
|
* Store an integer without advancing the index
|
|
*/
|
|
ZT_INLINE void sI32(const int ii, const uint32_t n) noexcept
|
|
{
|
|
const unsigned int s = ((unsigned int)ii) & ZT_BUF_MEM_MASK;
|
|
#ifdef ZT_NO_UNALIGNED_ACCESS
|
|
unsafeData[s] = (uint8_t)(n >> 24U);
|
|
unsafeData[s + 1] = (uint8_t)(n >> 16U);
|
|
unsafeData[s + 2] = (uint8_t)(n >> 8U);
|
|
unsafeData[s + 3] = (uint8_t)n;
|
|
#else
|
|
*reinterpret_cast<uint32_t *>(unsafeData + s) = Utils::hton(n);
|
|
#endif
|
|
}
|
|
|
|
/**
|
|
* Store an integer without advancing the index
|
|
*/
|
|
ZT_INLINE void sI64(const int ii, const uint64_t n) noexcept
|
|
{
|
|
const unsigned int s = ((unsigned int)ii) & ZT_BUF_MEM_MASK;
|
|
#ifdef ZT_NO_UNALIGNED_ACCESS
|
|
unsafeData[s] = (uint8_t)(n >> 56U);
|
|
unsafeData[s + 1] = (uint8_t)(n >> 48U);
|
|
unsafeData[s + 2] = (uint8_t)(n >> 40U);
|
|
unsafeData[s + 3] = (uint8_t)(n >> 32U);
|
|
unsafeData[s + 4] = (uint8_t)(n >> 24U);
|
|
unsafeData[s + 5] = (uint8_t)(n >> 16U);
|
|
unsafeData[s + 6] = (uint8_t)(n >> 8U);
|
|
unsafeData[s + 7] = (uint8_t)n;
|
|
#else
|
|
*reinterpret_cast<uint64_t *>(unsafeData + s) = Utils::hton(n);
|
|
#endif
|
|
}
|
|
|
|
/**
|
|
* @return Capacity of this buffer (usable size of data.bytes)
|
|
*/
|
|
static constexpr unsigned int capacity() noexcept
|
|
{ return ZT_BUF_MEM_SIZE; }
|
|
|
|
private:
|
|
// Next item in free buffer pool linked list if Buf is placed in pool, undefined and unused otherwise
|
|
std::atomic< uintptr_t > __nextInPool;
|
|
|
|
// Reference counter for SharedPtr<>
|
|
std::atomic< int > __refCount;
|
|
};
|
|
|
|
} // namespace ZeroTier
|
|
|
|
#endif
|