diff options
| -rw-r--r-- | node/Constants.hpp | 11 | ||||
| -rw-r--r-- | node/Node.cpp | 2 | ||||
| -rw-r--r-- | node/Peer.cpp | 3 | ||||
| -rw-r--r-- | node/Peer.hpp | 2 | ||||
| -rw-r--r-- | node/SocketManager.cpp | 2 | ||||
| -rw-r--r-- | node/SocketManager.hpp | 3 | ||||
| -rw-r--r-- | node/Switch.cpp | 2 | ||||
| -rw-r--r-- | node/Topology.hpp | 2 | ||||
| -rw-r--r-- | topology/README.md | 9 | ||||
| -rw-r--r-- | topology/supernodes/36f63d6574 | 5 | ||||
| -rw-r--r-- | topology/supernodes/7e19876aba | 5 | ||||
| -rw-r--r-- | topology/supernodes/8acf059fe3 | 5 |
12 files changed, 48 insertions, 3 deletions
diff --git a/node/Constants.hpp b/node/Constants.hpp index 7650de8b..620f9b0d 100644 --- a/node/Constants.hpp +++ b/node/Constants.hpp @@ -228,7 +228,7 @@ /** * Default number of bits in multicast propagation prefix */ -#define ZT_DEFAULT_MULTICAST_PREFIX_BITS 1 +#define ZT_DEFAULT_MULTICAST_PREFIX_BITS 2 /** * Default max depth (TTL) for multicast propagation @@ -272,8 +272,10 @@ * * This should be lower than the UDP conversation entry timeout in most * stateful firewalls. + * + * Uncomment to disable firewall openers. */ -#define ZT_FIREWALL_OPENER_DELAY 30000 +//#define ZT_FIREWALL_OPENER_DELAY 30000 /** * Number of hops to open via firewall opener packets @@ -284,7 +286,7 @@ * 2 should permit traversal of double-NAT configurations, such as from inside * a VM running behind local NAT on a host that is itself behind NAT. */ -#define ZT_FIREWALL_OPENER_HOPS 2 +//#define ZT_FIREWALL_OPENER_HOPS 2 /** * Delay between requests for updated network autoconf information @@ -363,6 +365,9 @@ /** * Delay in milliseconds between firewall opener and real packet for NAT-t + * + * If firewall openers are disbled, it just waits this long before sending + * NAT-t packets. */ #define ZT_RENDEZVOUS_NAT_T_DELAY 500 diff --git a/node/Node.cpp b/node/Node.cpp index f2e6b3e4..7500e736 100644 --- a/node/Node.cpp +++ b/node/Node.cpp @@ -656,7 +656,9 @@ Node::ReasonForTermination Node::run() lastPingCheck = now; try { _r->topology->eachPeer(Topology::PingPeersThatNeedPing(_r,now)); +#ifdef ZT_FIREWALL_OPENER_DELAY _r->topology->eachPeer(Topology::OpenPeersThatNeedFirewallOpener(_r,now)); +#endif } catch (std::exception &exc) { LOG("unexpected exception running ping check cycle: %s",exc.what()); } catch ( ... ) { diff --git a/node/Peer.cpp b/node/Peer.cpp index e61631e2..b10cc1f2 100644 --- a/node/Peer.cpp +++ b/node/Peer.cpp @@ -25,6 +25,7 @@ * LLC. Start here: http://www.zerotier.com/ */ +#include "Constants.hpp" #include "Peer.hpp" #include "Switch.hpp" #include "AntiRecursion.hpp" @@ -180,6 +181,7 @@ Path::Type Peer::send(const RuntimeEnvironment *_r,const void *data,unsigned int return Path::PATH_TYPE_NULL; } +#ifdef ZT_FIREWALL_OPENER_DELAY bool Peer::sendFirewallOpener(const RuntimeEnvironment *_r,uint64_t now) { bool sent = false; @@ -194,6 +196,7 @@ bool Peer::sendFirewallOpener(const RuntimeEnvironment *_r,uint64_t now) return sent; } +#endif bool Peer::sendPing(const RuntimeEnvironment *_r,uint64_t now) { diff --git a/node/Peer.hpp b/node/Peer.hpp index edb66e21..ce0b79a6 100644 --- a/node/Peer.hpp +++ b/node/Peer.hpp @@ -142,6 +142,7 @@ public: */ Path::Type send(const RuntimeEnvironment *_r,const void *data,unsigned int len,uint64_t now); +#ifdef ZT_FIREWALL_OPENER_DELAY /** * Send firewall opener to all UDP paths * @@ -150,6 +151,7 @@ public: * @return True if send appears successful for at least one address type */ bool sendFirewallOpener(const RuntimeEnvironment *_r,uint64_t now); +#endif /** * Send HELLO to a peer via all direct paths available diff --git a/node/SocketManager.cpp b/node/SocketManager.cpp index 6f491012..37e83b5a 100644 --- a/node/SocketManager.cpp +++ b/node/SocketManager.cpp @@ -463,6 +463,7 @@ bool SocketManager::send(const InetAddress &to,bool tcp,bool autoConnectTcp,cons return false; } +#ifdef ZT_FIREWALL_OPENER_DELAY bool SocketManager::sendFirewallOpener(const InetAddress &to,int hopLimit) { if (to.isV4()) { @@ -474,6 +475,7 @@ bool SocketManager::sendFirewallOpener(const InetAddress &to,int hopLimit) } return false; } +#endif void SocketManager::poll(unsigned long timeout) { diff --git a/node/SocketManager.hpp b/node/SocketManager.hpp index 40a0c1df..8dee7e91 100644 --- a/node/SocketManager.hpp +++ b/node/SocketManager.hpp @@ -35,6 +35,7 @@ #include <stdexcept> #include "Constants.hpp" + #include "SharedPtr.hpp" #include "InetAddress.hpp" #include "Socket.hpp" @@ -108,7 +109,9 @@ public: * @param to Destination address * @param hopLimit IP TTL */ +#ifdef ZT_FIREWALL_OPENER_DELAY bool sendFirewallOpener(const InetAddress &to,int hopLimit); +#endif /** * Perform I/O polling operation (e.g. select()) diff --git a/node/Switch.cpp b/node/Switch.cpp index 9b0e3e6e..1a28d4a5 100644 --- a/node/Switch.cpp +++ b/node/Switch.cpp @@ -461,7 +461,9 @@ bool Switch::unite(const Address &p1,const Address &p2,bool force) void Switch::contact(const SharedPtr<Peer> &peer,const InetAddress &atAddr) { +#ifdef ZT_FIREWALL_OPENER_HOPS _r->sm->sendFirewallOpener(atAddr,ZT_FIREWALL_OPENER_HOPS); +#endif { Mutex::Lock _l(_contactQueue_m); diff --git a/node/Topology.hpp b/node/Topology.hpp index 293ac446..0585ad1f 100644 --- a/node/Topology.hpp +++ b/node/Topology.hpp @@ -194,6 +194,7 @@ public: f(*this,*p); } +#ifdef ZT_FIREWALL_OPENER_DELAY /** * Function object to collect peers that need a firewall opener sent */ @@ -214,6 +215,7 @@ public: uint64_t _now; const RuntimeEnvironment *_r; }; +#endif /** * Pings all peers that need a ping sent, excluding supernodes diff --git a/topology/README.md b/topology/README.md new file mode 100644 index 00000000..341acdad --- /dev/null +++ b/topology/README.md @@ -0,0 +1,9 @@ +This folder contains the source files to compile the signed network topology dictionary. +Users outside ZeroTier won't find this useful except for documentation purposes, since +this dictionary must be signed by a valid topology signing key to be considered valid. These +keys are hard-coded into the source and distributed with all versions of the app. + +A default value for this dictionary is included in node/Defaults.cpp, and the following +URL is periodically checked for updates: + +http://download.zerotier.com/sys/topology diff --git a/topology/supernodes/36f63d6574 b/topology/supernodes/36f63d6574 new file mode 100644 index 00000000..b90ba8be --- /dev/null +++ b/topology/supernodes/36f63d6574 @@ -0,0 +1,5 @@ +id=36f63d6574:0:67a776487a1a99b32f413329f2b67c43fbf6152e42c6b66e89043e69d93e48314c7d709b58a83016bd2612dd89400b856e18c553da94892f7d3ca16bf2c92c24 +udp=198.211.127.172/9993 +tcp=198.211.127.172/443 +desc=Amsterdam, Netherlands +dns=shub-niggurath.zerotier.com diff --git a/topology/supernodes/7e19876aba b/topology/supernodes/7e19876aba new file mode 100644 index 00000000..23c2ad24 --- /dev/null +++ b/topology/supernodes/7e19876aba @@ -0,0 +1,5 @@ +id=7e19876aba:0:2a6e2b2318930f60eb097f70d0f4b028b2cd6d3d0c63c014b9039ff35390e41181f216fb2e6fa8d95c1ee9667156411905c3dccfea78d8c6dfafba688170b3fa +udp=198.199.97.220/9993 +tcp=198.199.97.220/443 +desc=San Francisco, California, USA +dns=nyarlathotep.zerotier.com diff --git a/topology/supernodes/8acf059fe3 b/topology/supernodes/8acf059fe3 new file mode 100644 index 00000000..438e67a3 --- /dev/null +++ b/topology/supernodes/8acf059fe3 @@ -0,0 +1,5 @@ +id=8acf059fe3:0:482f6ee5dfe902319b419de5bdc765209c0ecda38c4d6e4fcf0d33658398b4527dcd22f93112fb9befd02fd78bf7261b333fc105d192a623ca9e50fc60b374a5 +udp=162.243.77.111/9993 +tcp=162.243.77.111/443 +desc=New York, New York, USA +dns=cthulhu.zerotier.com |