Stub out CAN_REACH.

3 files changed, 35 insertions, 6 deletions

diff --git a/node/Constants.hpp b/node/Constants.hpp
index a73d4d89..ab6dfb32 100644
--- a/node/Constants.hpp
+++ b/node/Constants.hpp
@@ -215,6 +215,11 @@
 #define ZT_RECEIVE_QUEUE_TIMEOUT (ZT_WHOIS_RETRY_DELAY * (ZT_MAX_WHOIS_RETRIES + 1))
 
 /**
+ * Maximum latency to allow for OK(HELLO) before packet is discarded
+ */
+#define ZT_HELLO_MAX_ALLOWABLE_LATENCY 60000
+
+/**
  * Maximum number of ZT hops allowed (this is not IP hops/TTL)
  *
  * The protocol allows up to 7, but we limit it to something smaller.
diff --git a/node/IncomingPacket.cpp b/node/IncomingPacket.cpp
index c11b0377..cecbe2fa 100644
--- a/node/IncomingPacket.cpp
+++ b/node/IncomingPacket.cpp
@@ -413,7 +413,10 @@ bool IncomingPacket::_doOK(const RuntimeEnvironment *RR,const SharedPtr<Peer> &p
 		switch(inReVerb) {
 
 			case Packet::VERB_HELLO: {
-				const unsigned int latency = std::min((unsigned int)(RR->node->now() - at<uint64_t>(ZT_PROTO_VERB_HELLO__OK__IDX_TIMESTAMP)),(unsigned int)0xffff);
+				const uint64_t latency = RR->node->now() - at<uint64_t>(ZT_PROTO_VERB_HELLO__OK__IDX_TIMESTAMP);
+				if (latency > ZT_HELLO_MAX_ALLOWABLE_LATENCY)
+					return true;
+
 				const unsigned int vProto = (*this)[ZT_PROTO_VERB_HELLO__OK__IDX_PROTOCOL_VERSION];
 				const unsigned int vMajor = (*this)[ZT_PROTO_VERB_HELLO__OK__IDX_MAJOR_VERSION];
 				const unsigned int vMinor = (*this)[ZT_PROTO_VERB_HELLO__OK__IDX_MINOR_VERSION];
@@ -445,7 +448,7 @@ bool IncomingPacket::_doOK(const RuntimeEnvironment *RR,const SharedPtr<Peer> &p
 				TRACE("%s(%s): OK(HELLO), version %u.%u.%u, latency %u, reported external address %s",source().toString().c_str(),_path->address().toString().c_str(),vMajor,vMinor,vRevision,latency,((externalSurfaceAddress) ? externalSurfaceAddress.toString().c_str() : "(none)"));
 
 				if (!hops())
-					peer->addDirectLatencyMeasurment(latency);
+					peer->addDirectLatencyMeasurment((unsigned int)latency);
 				peer->setRemoteVersion(vProto,vMajor,vMinor,vRevision);
 
 				if ((externalSurfaceAddress)&&(hops() == 0))
diff --git a/node/Packet.hpp b/node/Packet.hpp
index 26e87af8..a5831c8d 100644
--- a/node/Packet.hpp
+++ b/node/Packet.hpp
@@ -536,7 +536,7 @@ public:
 		 *   <[1] software major version>
 		 *   <[1] software minor version>
 		 *   <[2] software revision>
-		 *   <[8] timestamp for determining latench>
+		 *   <[8] timestamp for determining latency>
 		 *   <[...] binary serialized identity (see Identity)>
 		 *   <[1] destination address type>
 		 *   [<[...] destination address to which packet was sent>]
@@ -548,8 +548,9 @@ public:
 		 *   [<[8] 64-bit timestamp of moon>]
 		 *   [... additional moons ...]
 		 *
-		 * This is the only message that ever must be sent in the clear, since it
-		 * is used to push an identity to a new peer.
+		 * Important security note: this message is sent in the clear as it
+		 * contains the initial identity for key agreement. It can therefore
+		 * contain no secrets or sensitive information.
 		 *
 		 * The destination address is the wire address to which this packet is
 		 * being sent, and in OK is *also* the destination address of the OK
@@ -1058,7 +1059,27 @@ public:
 		 * ZeroTier, Inc. itself. We recommend making up random ones for your own
 		 * implementations.
 		 */
-		VERB_USER_MESSAGE = 0x14
+		VERB_USER_MESSAGE = 0x14,
+
+		/**
+		 * Announce that we can reach a particular address:
+		 *   <[1] protocol version>
+		 *   <[1] software major version>
+		 *   <[1] software minor version>
+		 *   <[2] software revision>
+		 *   <[...] binary serialized identity (see Identity)>
+		 *   <[1] 8-bit number of direct addresses where peer is reachable (if any)>
+		 *   [... serialized direct addresses ...]
+		 *
+		 * This message can be sent upstream to announce that we can reach a
+		 * particular address. It can optionally report physical paths upstream
+		 * to allow upstream peers to send RENDEZVOUS, but this may be omitted
+		 * if it is not known or if endpoint address privacy is desired.
+		 *
+		 * The receiving peer should confirm this message by sending a message
+		 * downstream and waiting for a reply.
+		 */
+		VERB_CAN_REACH = 0x15
 	};
 
 	/**