diff options
| author | Adam Ierymenko <adam.ierymenko@gmail.com> | 2014-12-16 09:29:40 -0800 |
|---|---|---|
| committer | Adam Ierymenko <adam.ierymenko@gmail.com> | 2014-12-16 09:29:40 -0800 |
| commit | ff539c22f9f90924c7bde05a1c4961534a73595d (patch) | |
| tree | 92fc462597011d80d69a4be35e08a991ff751f6b /node | |
| parent | 0324ef2a4757b6f199e34d0329f51a57cb461ce6 (diff) | |
| download | infinitytier-ff539c22f9f90924c7bde05a1c4961534a73595d.tar.gz infinitytier-ff539c22f9f90924c7bde05a1c4961534a73595d.zip | |
locallyValidate() is expensive -- stop doing it on every HELLO since in most cases we already know the identity and know it is valid
Diffstat (limited to 'node')
| -rw-r--r-- | node/IncomingPacket.cpp | 32 |
1 files changed, 24 insertions, 8 deletions
diff --git a/node/IncomingPacket.cpp b/node/IncomingPacket.cpp index a73ee1de..c8197eb6 100644 --- a/node/IncomingPacket.cpp +++ b/node/IncomingPacket.cpp @@ -178,14 +178,13 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR) return true; } - if (!id.locallyValidate()) { - TRACE("dropped HELLO from %s(%s): identity invalid",source().toString().c_str(),_remoteAddress.toString().c_str()); - return true; - } - SharedPtr<Peer> peer(RR->topology->getPeer(id.address())); if (peer) { + // We already have an identity with this address -- check for collisions + if (peer->identity() != id) { + // Identity is different from the one we already have -- address collision + unsigned char key[ZT_PEER_SECRET_KEY_LENGTH]; if (RR->identity.agree(id,key,ZT_PEER_SECRET_KEY_LENGTH)) { if (dearmor(key)) { // ensure packet is authentic, otherwise drop @@ -202,18 +201,35 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR) } else { LOG("rejected HELLO from %s(%s): key agreement failed",source().toString().c_str(),_remoteAddress.toString().c_str()); } + return true; - } else if (!dearmor(peer->key())) { - LOG("rejected HELLO from %s(%s): packet failed authentication",source().toString().c_str(),_remoteAddress.toString().c_str()); - return true; + } else { + // Identity is the same as the one we already have -- check packet integrity + + if (!dearmor(peer->key())) { + LOG("rejected HELLO from %s(%s): packet failed authentication",source().toString().c_str(),_remoteAddress.toString().c_str()); + return true; + } + + // If packet was valid, continue below... } } else { + // We don't already have an identity with this address -- validate and learn it + + if (!id.locallyValidate()) { + TRACE("dropped HELLO from %s(%s): identity invalid",source().toString().c_str(),_remoteAddress.toString().c_str()); + return true; + } + SharedPtr<Peer> newPeer(new Peer(RR->identity,id)); if (!dearmor(newPeer->key())) { LOG("rejected HELLO from %s(%s): packet failed authentication",source().toString().c_str(),_remoteAddress.toString().c_str()); return true; } + peer = RR->topology->addPeer(newPeer); + + // New peer learned, continue below... } peer->received(RR,_fromSock,_remoteAddress,hops(),packetId(),Packet::VERB_HELLO,0,Packet::VERB_NOP,Utils::now()); |