diff options
| -rw-r--r-- | node/Packet.hpp | 1 | ||||
| -rw-r--r-- | node/Peer.cpp | 20 | ||||
| -rw-r--r-- | node/SelfAwareness.cpp | 85 | ||||
| -rw-r--r-- | node/SelfAwareness.hpp | 9 | ||||
| -rw-r--r-- | version.h | 4 |
5 files changed, 2 insertions, 117 deletions
diff --git a/node/Packet.hpp b/node/Packet.hpp index 8b17bcd0..fcb81489 100644 --- a/node/Packet.hpp +++ b/node/Packet.hpp @@ -70,7 +70,6 @@ * 9 - 1.2.0 ... 1.2.14 * 10 - 1.4.0 ... CURRENT * + Multipath capability and load balancing - * + Certificates of Delegation (CoDs) for full root decentralization */ #define ZT_PROTO_VERSION 10 diff --git a/node/Peer.cpp b/node/Peer.cpp index 95a26003..da73e9cb 100644 --- a/node/Peer.cpp +++ b/node/Peer.cpp @@ -208,31 +208,12 @@ void Peer::received( const uint64_t sinceLastPush = now - _lastDirectPathPushSent; if (sinceLastPush >= ZT_DIRECT_PATH_PUSH_INTERVAL) { _lastDirectPathPushSent = now; - - // Start with explicitly known direct endpoint paths. std::vector<InetAddress> pathsToPush(RR->node->directPaths()); - -#if 0 - // Do symmetric NAT prediction if we are communicating indirectly. - if (hops > 0) { - std::vector<InetAddress> sym(RR->sa->getSymmetricNatPredictions()); - for(unsigned long i=0,added=0;i<sym.size();++i) { - InetAddress tmp(sym[(unsigned long)RR->node->prng() % sym.size()]); - if (std::find(pathsToPush.begin(),pathsToPush.end(),tmp) == pathsToPush.end()) { - pathsToPush.push_back(tmp); - if (++added >= ZT_PUSH_DIRECT_PATHS_MAX_PER_SCOPE_AND_FAMILY) - break; - } - } - } -#endif - if (pathsToPush.size() > 0) { std::vector<InetAddress>::const_iterator p(pathsToPush.begin()); while (p != pathsToPush.end()) { Packet outp(_id.address(),RR->identity.address(),Packet::VERB_PUSH_DIRECT_PATHS); outp.addSize(2); // leave room for count - unsigned int count = 0; while ((p != pathsToPush.end())&&((outp.size() + 24) < 1200)) { uint8_t addressType = 4; @@ -257,7 +238,6 @@ void Peer::received( ++count; ++p; } - if (count) { outp.setAt(ZT_PACKET_IDX_PAYLOAD,(uint16_t)count); outp.compress(); diff --git a/node/SelfAwareness.cpp b/node/SelfAwareness.cpp index 225d1dc2..0fb9e4a4 100644 --- a/node/SelfAwareness.cpp +++ b/node/SelfAwareness.cpp @@ -124,89 +124,4 @@ void SelfAwareness::clean(int64_t now) } } -#if 0 -std::vector<InetAddress> SelfAwareness::getSymmetricNatPredictions() -{ - /* This is based on ideas and strategies found here: - * https://tools.ietf.org/html/draft-takeda-symmetric-nat-traversal-00 - * - * For each IP address reported by a trusted (upstream) peer, we find - * the external port most recently reported by ANY peer for that IP. - * - * We only do any of this for global IPv4 addresses since private IPs - * and IPv6 are not going to have symmetric NAT. - * - * SECURITY NOTE: - * - * We never use IPs reported by non-trusted peers, since this could lead - * to a minor vulnerability whereby a peer could poison our cache with - * bad external surface reports via OK(HELLO) and then possibly coax us - * into suggesting their IP to other peers via PUSH_DIRECT_PATHS. This - * in turn could allow them to MITM flows. - * - * Since flows are encrypted and authenticated they could not actually - * read or modify traffic, but they could gather meta-data for forensics - * purposes or use this as a DOS attack vector. */ - - std::map< uint32_t,unsigned int > maxPortByIp; - InetAddress theOneTrueSurface; - { - Mutex::Lock _l(_phy_m); - - // First check to see if this is a symmetric NAT and enumerate external IPs learned from trusted peers - bool symmetric = false; - { - Hashtable< PhySurfaceKey,PhySurfaceEntry >::Iterator i(_phy); - PhySurfaceKey *k = (PhySurfaceKey *)0; - PhySurfaceEntry *e = (PhySurfaceEntry *)0; - while (i.next(k,e)) { - if ((e->trusted)&&(e->mySurface.ss_family == AF_INET)&&(e->mySurface.ipScope() == InetAddress::IP_SCOPE_GLOBAL)) { - if (!theOneTrueSurface) - theOneTrueSurface = e->mySurface; - else if (theOneTrueSurface != e->mySurface) - symmetric = true; - maxPortByIp[reinterpret_cast<const struct sockaddr_in *>(&(e->mySurface))->sin_addr.s_addr] = e->mySurface.port(); - } - } - } - if (!symmetric) - return std::vector<InetAddress>(); - - { // Then find the highest issued port per IP - Hashtable< PhySurfaceKey,PhySurfaceEntry >::Iterator i(_phy); - PhySurfaceKey *k = (PhySurfaceKey *)0; - PhySurfaceEntry *e = (PhySurfaceEntry *)0; - while (i.next(k,e)) { - if ((e->mySurface.ss_family == AF_INET)&&(e->mySurface.ipScope() == InetAddress::IP_SCOPE_GLOBAL)) { - const unsigned int port = e->mySurface.port(); - std::map< uint32_t,unsigned int >::iterator mp(maxPortByIp.find(reinterpret_cast<const struct sockaddr_in *>(&(e->mySurface))->sin_addr.s_addr)); - if ((mp != maxPortByIp.end())&&(mp->second < port)) - mp->second = port; - } - } - } - } - - std::vector<InetAddress> r; - - // Try next port up from max for each - for(std::map< uint32_t,unsigned int >::iterator i(maxPortByIp.begin());i!=maxPortByIp.end();++i) { - unsigned int p = i->second + 1; - if (p > 65535) p -= 64511; - const InetAddress pred(&(i->first),4,p); - if (std::find(r.begin(),r.end(),pred) == r.end()) - r.push_back(pred); - } - - // Try a random port for each -- there are only 65535 so eventually it should work - for(std::map< uint32_t,unsigned int >::iterator i(maxPortByIp.begin());i!=maxPortByIp.end();++i) { - const InetAddress pred(&(i->first),4,1024 + ((unsigned int)RR->node->prng() % 64511)); - if (std::find(r.begin(),r.end(),pred) == r.end()) - r.push_back(pred); - } - - return r; -} -#endif - } // namespace ZeroTier diff --git a/node/SelfAwareness.hpp b/node/SelfAwareness.hpp index c03d4cb6..7940f5ac 100644 --- a/node/SelfAwareness.hpp +++ b/node/SelfAwareness.hpp @@ -64,15 +64,6 @@ public: */ void clean(int64_t now); -#if 0 - /** - * If we appear to be behind a symmetric NAT, get predictions for possible external endpoints - * - * @return Symmetric NAT predictions or empty vector if none - */ - std::vector<InetAddress> getSymmetricNatPredictions(); -#endif - private: struct PhySurfaceKey { @@ -35,12 +35,12 @@ /** * Minor version */ -#define ZEROTIER_ONE_VERSION_MINOR 2 +#define ZEROTIER_ONE_VERSION_MINOR 4 /** * Revision */ -#define ZEROTIER_ONE_VERSION_REVISION 13 +#define ZEROTIER_ONE_VERSION_REVISION 0 /** * Build version |