summaryrefslogtreecommitdiff
path: root/node
diff options
context:
space:
mode:
Diffstat (limited to 'node')
-rw-r--r--node/Cluster.cpp6
-rw-r--r--node/Cluster.hpp5
-rw-r--r--node/Switch.cpp12
3 files changed, 15 insertions, 8 deletions
diff --git a/node/Cluster.cpp b/node/Cluster.cpp
index 16ef040b..a24cf99d 100644
--- a/node/Cluster.cpp
+++ b/node/Cluster.cpp
@@ -516,12 +516,11 @@ void Cluster::broadcastNetworkConfigChunk(const void *chunk,unsigned int len)
}
}
-int Cluster::prepSendViaCluster(const Address &toPeerAddress,Packet &outp,bool encrypt)
+int Cluster::prepSendViaCluster(const Address &toPeerAddress,void *peerSecret)
{
const uint64_t now = RR->node->now();
uint64_t mostRecentTs = 0;
int mostRecentMemberId = -1;
- uint8_t mostRecentSecretKey[ZT_PEER_SECRET_KEY_LENGTH];
{
Mutex::Lock _l2(_remotePeers_m);
std::map< std::pair<Address,unsigned int>,_RemotePeer >::const_iterator rpe(_remotePeers.lower_bound(std::pair<Address,unsigned int>(toPeerAddress,0)));
@@ -530,7 +529,7 @@ int Cluster::prepSendViaCluster(const Address &toPeerAddress,Packet &outp,bool e
break;
else if (rpe->second.lastHavePeerReceived > mostRecentTs) {
mostRecentTs = rpe->second.lastHavePeerReceived;
- memcpy(mostRecentSecretKey,rpe->second.key,ZT_PEER_SECRET_KEY_LENGTH);
+ memcpy(peerSecret,rpe->second.key,ZT_PEER_SECRET_KEY_LENGTH);
mostRecentMemberId = (int)rpe->first.second;
}
++rpe;
@@ -566,7 +565,6 @@ int Cluster::prepSendViaCluster(const Address &toPeerAddress,Packet &outp,bool e
}
}
- outp.armor(mostRecentSecretKey,encrypt);
return mostRecentMemberId;
} else return -1;
}
diff --git a/node/Cluster.hpp b/node/Cluster.hpp
index 7ebef0c9..90ea3e7d 100644
--- a/node/Cluster.hpp
+++ b/node/Cluster.hpp
@@ -285,11 +285,10 @@ public:
* Note that outp is only armored (or modified at all) if the return value is a member ID.
*
* @param toPeerAddress Value of outp.destination(), simply to save additional lookup
- * @param outp Packet to armor with peer key (via cluster knowledge of peer shared secret)
- * @param encrypt If true, encrypt packet payload (passed to Packet::armor())
+ * @param peerSecret Buffer to fill with peer secret on valid return value, must be at least ZT_PEER_SECRET_KEY_LENGTH bytes
* @return -1 if cluster does not know this peer, or a member ID to pass to sendViaCluster()
*/
- int prepSendViaCluster(const Address &toPeerAddress,Packet &outp,bool encrypt);
+ int prepSendViaCluster(const Address &toPeerAddress,void *peerSecret);
/**
* Send data via cluster front plane (packet head or fragment)
diff --git a/node/Switch.cpp b/node/Switch.cpp
index 6df84101..d4f477f0 100644
--- a/node/Switch.cpp
+++ b/node/Switch.cpp
@@ -693,6 +693,7 @@ bool Switch::_trySend(Packet &packet,bool encrypt)
const Address destination(packet.destination());
#ifdef ZT_ENABLE_CLUSTER
int clusterMostRecentMemberId = -1;
+ uint8_t clusterPeerSecret[ZT_PEER_SECRET_KEY_LENGTH];
#endif
const SharedPtr<Peer> peer(RR->topology->getPeer(destination));
@@ -714,7 +715,7 @@ bool Switch::_trySend(Packet &packet,bool encrypt)
if (!viaPath) {
#ifdef ZT_ENABLE_CLUSTER
if (RR->cluster)
- clusterMostRecentMemberId = RR->cluster->prepSendViaCluster(destination,packet,encrypt);
+ clusterMostRecentMemberId = RR->cluster->prepSendViaCluster(destination,clusterPeerSecret);
if (clusterMostRecentMemberId < 0) {
#endif
peer->tryMemorizedPath(now); // periodically attempt memorized or statically defined paths, if any are known
@@ -751,12 +752,21 @@ bool Switch::_trySend(Packet &packet,bool encrypt)
unsigned int chunkSize = std::min(packet.size(),(unsigned int)ZT_UDP_DEFAULT_PAYLOAD_MTU);
packet.setFragmented(chunkSize < packet.size());
+#ifdef ZT_ENABLE_CLUSTER
+ const uint64_t trustedPathId = (viaPath) ? RR->topology->getOutboundPathTrust(viaPath->address()) : 0;
+ if (trustedPathId) {
+ packet.setTrusted(trustedPathId);
+ } else {
+ packet.armor((clusterMostRecentMemberId >= 0) ? clusterPeerSecret : peer->key(),encrypt);
+ }
+#else
const uint64_t trustedPathId = RR->topology->getOutboundPathTrust(viaPath->address());
if (trustedPathId) {
packet.setTrusted(trustedPathId);
} else {
packet.armor(peer->key(),encrypt);
}
+#endif
#ifdef ZT_ENABLE_CLUSTER
if ( ((viaPath)&&(viaPath->send(RR,packet.data(),chunkSize,now))) || ((clusterMostRecentMemberId >= 0)&&(RR->cluster->sendViaCluster(clusterMostRecentMemberId,destination,packet.data(),chunkSize))) ) {
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-22 05:44:49 +0000