summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--controller/DB.cpp1
-rw-r--r--node/Network.cpp146
2 files changed, 96 insertions, 51 deletions
diff --git a/controller/DB.cpp b/controller/DB.cpp
index 64311be7..b2e8878a 100644
--- a/controller/DB.cpp
+++ b/controller/DB.cpp
@@ -41,7 +41,6 @@ void DB::initNetwork(nlohmann::json &network)
if (!network.count("tags")) network["tags"] = nlohmann::json::array();
if (!network.count("routes")) network["routes"] = nlohmann::json::array();
if (!network.count("ipAssignmentPools")) network["ipAssignmentPools"] = nlohmann::json::array();
- //if (!network.count("anchors")) network["anchors"] = nlohmann::json::array();
if (!network.count("mtu")) network["mtu"] = ZT_DEFAULT_MTU;
if (!network.count("remoteTraceTarget")) network["remoteTraceTarget"] = nlohmann::json();
if (!network.count("removeTraceLevel")) network["remoteTraceLevel"] = 0;
diff --git a/node/Network.cpp b/node/Network.cpp
index c12df6c1..d6f66e65 100644
--- a/node/Network.cpp
+++ b/node/Network.cpp
@@ -1072,15 +1072,89 @@ void Network::requestConfiguration(void *tPtr)
if (_destroyed)
return;
- /* ZeroTier addresses can't begin with 0xff, so this is used to mark controllerless
- * network IDs. Controllerless network IDs only support unicast IPv6 using the 6plane
- * addressing scheme and have the following format: 0xffSSSSEEEE000000 where SSSS
- * is the 16-bit starting IP port range allowed and EEEE is the 16-bit ending IP port
- * range allowed. Remaining digits are reserved for future use and must be zero. */
if ((_id >> 56) == 0xff) {
- const uint16_t startPortRange = (uint16_t)((_id >> 40) & 0xffff);
- const uint16_t endPortRange = (uint16_t)((_id >> 24) & 0xffff);
- if (((_id & 0xffffff) == 0)&&(endPortRange >= startPortRange)) {
+ if ((_id & 0xffffff) == 0) {
+ const uint16_t startPortRange = (uint16_t)((_id >> 40) & 0xffff);
+ const uint16_t endPortRange = (uint16_t)((_id >> 24) & 0xffff);
+ if (endPortRange >= startPortRange) {
+ NetworkConfig *const nconf = new NetworkConfig();
+
+ nconf->networkId = _id;
+ nconf->timestamp = RR->node->now();
+ nconf->credentialTimeMaxDelta = ZT_NETWORKCONFIG_DEFAULT_CREDENTIAL_TIME_MAX_MAX_DELTA;
+ nconf->revision = 1;
+ nconf->issuedTo = RR->identity.address();
+ nconf->flags = ZT_NETWORKCONFIG_FLAG_ENABLE_IPV6_NDP_EMULATION;
+ nconf->mtu = ZT_DEFAULT_MTU;
+ nconf->multicastLimit = 0;
+ nconf->staticIpCount = 1;
+ nconf->ruleCount = 14;
+ nconf->staticIps[0] = InetAddress::makeIpv66plane(_id,RR->identity.address().toInt());
+
+ // Drop everything but IPv6
+ nconf->rules[0].t = (uint8_t)ZT_NETWORK_RULE_MATCH_ETHERTYPE | 0x80; // NOT
+ nconf->rules[0].v.etherType = 0x86dd; // IPv6
+ nconf->rules[1].t = (uint8_t)ZT_NETWORK_RULE_ACTION_DROP;
+
+ // Allow ICMPv6
+ nconf->rules[2].t = (uint8_t)ZT_NETWORK_RULE_MATCH_IP_PROTOCOL;
+ nconf->rules[2].v.ipProtocol = 0x3a; // ICMPv6
+ nconf->rules[3].t = (uint8_t)ZT_NETWORK_RULE_ACTION_ACCEPT;
+
+ // Allow destination ports within range
+ nconf->rules[4].t = (uint8_t)ZT_NETWORK_RULE_MATCH_IP_PROTOCOL;
+ nconf->rules[4].v.ipProtocol = 0x11; // UDP
+ nconf->rules[5].t = (uint8_t)ZT_NETWORK_RULE_MATCH_IP_PROTOCOL | 0x40; // OR
+ nconf->rules[5].v.ipProtocol = 0x06; // TCP
+ nconf->rules[6].t = (uint8_t)ZT_NETWORK_RULE_MATCH_IP_DEST_PORT_RANGE;
+ nconf->rules[6].v.port[0] = startPortRange;
+ nconf->rules[6].v.port[1] = endPortRange;
+ nconf->rules[7].t = (uint8_t)ZT_NETWORK_RULE_ACTION_ACCEPT;
+
+ // Allow non-SYN TCP packets to permit non-connection-initiating traffic
+ nconf->rules[8].t = (uint8_t)ZT_NETWORK_RULE_MATCH_CHARACTERISTICS | 0x80; // NOT
+ nconf->rules[8].v.characteristics = ZT_RULE_PACKET_CHARACTERISTICS_TCP_SYN;
+ nconf->rules[9].t = (uint8_t)ZT_NETWORK_RULE_ACTION_ACCEPT;
+
+ // Also allow SYN+ACK which are replies to SYN
+ nconf->rules[10].t = (uint8_t)ZT_NETWORK_RULE_MATCH_CHARACTERISTICS;
+ nconf->rules[10].v.characteristics = ZT_RULE_PACKET_CHARACTERISTICS_TCP_SYN;
+ nconf->rules[11].t = (uint8_t)ZT_NETWORK_RULE_MATCH_CHARACTERISTICS;
+ nconf->rules[11].v.characteristics = ZT_RULE_PACKET_CHARACTERISTICS_TCP_ACK;
+ nconf->rules[12].t = (uint8_t)ZT_NETWORK_RULE_ACTION_ACCEPT;
+
+ nconf->rules[13].t = (uint8_t)ZT_NETWORK_RULE_ACTION_DROP;
+
+ nconf->type = ZT_NETWORK_TYPE_PUBLIC;
+
+ nconf->name[0] = 'a';
+ nconf->name[1] = 'd';
+ nconf->name[2] = 'h';
+ nconf->name[3] = 'o';
+ nconf->name[4] = 'c';
+ nconf->name[5] = '-';
+ Utils::hex((uint16_t)startPortRange,nconf->name + 6);
+ nconf->name[10] = '-';
+ Utils::hex((uint16_t)endPortRange,nconf->name + 11);
+ nconf->name[15] = (char)0;
+
+ this->setConfiguration(tPtr,*nconf,false);
+ delete nconf;
+ } else {
+ this->setNotFound();
+ }
+ } else if ((_id & 0xff) == 0x01) {
+ // ffAA__________01
+ const uint64_t myAddress = RR->identity.address().toInt();
+ uint8_t ipv4[4];
+ ipv4[0] = (uint8_t)((_id >> 48) & 0xff);
+ ipv4[1] = (uint8_t)((myAddress >> 16) & 0xff);
+ ipv4[2] = (uint8_t)((myAddress >> 8) & 0xff);
+ ipv4[3] = (uint8_t)(myAddress & 0xff);
+
+ char v4ascii[24];
+ Utils::decimal(ipv4[0],v4ascii);
+
NetworkConfig *const nconf = new NetworkConfig();
nconf->networkId = _id;
@@ -1091,43 +1165,12 @@ void Network::requestConfiguration(void *tPtr)
nconf->flags = ZT_NETWORKCONFIG_FLAG_ENABLE_IPV6_NDP_EMULATION;
nconf->mtu = ZT_DEFAULT_MTU;
nconf->multicastLimit = 0;
- nconf->staticIpCount = 1;
+ nconf->staticIpCount = 2;
nconf->ruleCount = 14;
- nconf->staticIps[0] = InetAddress::makeIpv66plane(_id,RR->identity.address().toInt());
-
- // Drop everything but IPv6
- nconf->rules[0].t = (uint8_t)ZT_NETWORK_RULE_MATCH_ETHERTYPE | 0x80; // NOT
- nconf->rules[0].v.etherType = 0x86dd; // IPv6
- nconf->rules[1].t = (uint8_t)ZT_NETWORK_RULE_ACTION_DROP;
-
- // Allow ICMPv6
- nconf->rules[2].t = (uint8_t)ZT_NETWORK_RULE_MATCH_IP_PROTOCOL;
- nconf->rules[2].v.ipProtocol = 0x3a; // ICMPv6
- nconf->rules[3].t = (uint8_t)ZT_NETWORK_RULE_ACTION_ACCEPT;
-
- // Allow destination ports within range
- nconf->rules[4].t = (uint8_t)ZT_NETWORK_RULE_MATCH_IP_PROTOCOL;
- nconf->rules[4].v.ipProtocol = 0x11; // UDP
- nconf->rules[5].t = (uint8_t)ZT_NETWORK_RULE_MATCH_IP_PROTOCOL | 0x40; // OR
- nconf->rules[5].v.ipProtocol = 0x06; // TCP
- nconf->rules[6].t = (uint8_t)ZT_NETWORK_RULE_MATCH_IP_DEST_PORT_RANGE;
- nconf->rules[6].v.port[0] = startPortRange;
- nconf->rules[6].v.port[1] = endPortRange;
- nconf->rules[7].t = (uint8_t)ZT_NETWORK_RULE_ACTION_ACCEPT;
-
- // Allow non-SYN TCP packets to permit non-connection-initiating traffic
- nconf->rules[8].t = (uint8_t)ZT_NETWORK_RULE_MATCH_CHARACTERISTICS | 0x80; // NOT
- nconf->rules[8].v.characteristics = ZT_RULE_PACKET_CHARACTERISTICS_TCP_SYN;
- nconf->rules[9].t = (uint8_t)ZT_NETWORK_RULE_ACTION_ACCEPT;
-
- // Also allow SYN+ACK which are replies to SYN
- nconf->rules[10].t = (uint8_t)ZT_NETWORK_RULE_MATCH_CHARACTERISTICS;
- nconf->rules[10].v.characteristics = ZT_RULE_PACKET_CHARACTERISTICS_TCP_SYN;
- nconf->rules[11].t = (uint8_t)ZT_NETWORK_RULE_MATCH_CHARACTERISTICS;
- nconf->rules[11].v.characteristics = ZT_RULE_PACKET_CHARACTERISTICS_TCP_ACK;
- nconf->rules[12].t = (uint8_t)ZT_NETWORK_RULE_ACTION_ACCEPT;
-
- nconf->rules[13].t = (uint8_t)ZT_NETWORK_RULE_ACTION_DROP;
+ nconf->staticIps[0] = InetAddress::makeIpv66plane(_id,myAddress);
+ nconf->staticIps[1].set(ipv4,4,8);
+
+ nconf->rules[0].t = (uint8_t)ZT_NETWORK_RULE_ACTION_ACCEPT;
nconf->type = ZT_NETWORK_TYPE_PUBLIC;
@@ -1137,15 +1180,18 @@ void Network::requestConfiguration(void *tPtr)
nconf->name[3] = 'o';
nconf->name[4] = 'c';
nconf->name[5] = '-';
- Utils::hex((uint16_t)startPortRange,nconf->name + 6);
- nconf->name[10] = '-';
- Utils::hex((uint16_t)endPortRange,nconf->name + 11);
- nconf->name[15] = (char)0;
+ unsigned long nn = 6;
+ while ((nconf->name[nn] = v4ascii[nn - 6])) ++nn;
+ nconf->name[nn++] = '.';
+ nconf->name[nn++] = '0';
+ nconf->name[nn++] = '.';
+ nconf->name[nn++] = '0';
+ nconf->name[nn++] = '.';
+ nconf->name[nn++] = '0';
+ nconf->name[nn++] = (char)0;
this->setConfiguration(tPtr,*nconf,false);
delete nconf;
- } else {
- this->setNotFound();
}
return;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 07:57:15 +0000