summaryrefslogtreecommitdiff
path: root/node
diff options
context:
space:
mode:
Diffstat (limited to 'node')
-rw-r--r--node/AntiRecursion.hpp135
-rw-r--r--node/IncomingPacket.cpp24
-rw-r--r--node/InetAddress.cpp24
-rw-r--r--node/InetAddress.hpp8
-rw-r--r--node/Node.cpp30
-rw-r--r--node/Node.hpp9
-rw-r--r--node/Path.cpp2
-rw-r--r--node/Peer.cpp13
-rw-r--r--node/RuntimeEnvironment.hpp3
-rw-r--r--node/Switch.cpp10
10 files changed, 79 insertions, 179 deletions
diff --git a/node/AntiRecursion.hpp b/node/AntiRecursion.hpp
deleted file mode 100644
index 78ee95c2..00000000
--- a/node/AntiRecursion.hpp
+++ /dev/null
@@ -1,135 +0,0 @@
-/*
- * ZeroTier One - Network Virtualization Everywhere
- * Copyright (C) 2011-2015 ZeroTier, Inc.
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
- * --
- *
- * ZeroTier may be used and distributed under the terms of the GPLv3, which
- * are available at: http://www.gnu.org/licenses/gpl-3.0.html
- *
- * If you would like to embed ZeroTier into a commercial application or
- * redistribute it in a modified binary form, please contact ZeroTier Networks
- * LLC. Start here: http://www.zerotier.com/
- */
-
-#ifndef ZT_ANTIRECURSION_HPP
-#define ZT_ANTIRECURSION_HPP
-
-#include <string.h>
-#include <stdlib.h>
-
-#include "Constants.hpp"
-
-namespace ZeroTier {
-
-/**
- * Size of anti-recursion history
- */
-#define ZT_ANTIRECURSION_HISTORY_SIZE 16
-
-/**
- * Filter to prevent recursion (ZeroTier-over-ZeroTier)
- *
- * This works by logging ZeroTier packets that we send. It's then invoked
- * again against packets read from local Ethernet taps. If the last 32
- * bytes representing the ZeroTier packet match in the tap frame, then
- * the frame is a re-injection of a frame that we sent and is rejected.
- *
- * This means that ZeroTier packets simply will not traverse ZeroTier
- * networks, which would cause all sorts of weird problems.
- *
- * This is highly optimized code since it's checked for every packet.
- */
-class AntiRecursion
-{
-public:
- AntiRecursion()
- {
- for(int i=0;i<ZT_ANTIRECURSION_HISTORY_SIZE;++i) {
- _history[i].tail[0] = 0;
- _history[i].tail[1] = 0;
- _history[i].tail[2] = 0;
- _history[i].tail[3] = 0;
- }
- _ptr = 0;
- }
-
- /**
- * Add an outgoing ZeroTier packet to the circular log
- *
- * @param data ZT packet data
- * @param len Length of packet
- */
- inline void logOutgoingZT(const void *const data,const unsigned int len)
- {
- if (len < 32)
- return;
-#ifdef ZT_NO_TYPE_PUNNING
- memcpy(_history[++_ptr % ZT_ANTIRECURSION_HISTORY_SIZE].tail,reinterpret_cast<const uint8_t *>(data) + (len - 32),32);
-#else
- uint64_t *t = _history[++_ptr % ZT_ANTIRECURSION_HISTORY_SIZE].tail;
- const uint64_t *p = reinterpret_cast<const uint64_t *>(reinterpret_cast<const uint8_t *>(data) + (len - 32));
- *(t++) = *(p++);
- *(t++) = *(p++);
- *(t++) = *(p++);
- *t = *p;
-#endif
- }
-
- /**
- * Check an ethernet frame from a local tap against anti-recursion history
- *
- * @param data Raw frame data
- * @param len Length of frame
- * @return True if frame is OK to be passed, false if it's a ZT frame that we sent
- */
- inline bool checkEthernetFrame(const void *const data,const unsigned int len) const
- {
- if (len < 32)
- return true;
- const uint8_t *const pp = reinterpret_cast<const uint8_t *>(data) + (len - 32);
- const _ArItem *i = _history;
- const _ArItem *const end = i + ZT_ANTIRECURSION_HISTORY_SIZE;
- while (i != end) {
-#ifdef ZT_NO_TYPE_PUNNING
- if (!memcmp(pp,i->tail,32)) {
- return false;
- }
-#else
- const uint64_t *t = i->tail;
- const uint64_t *p = reinterpret_cast<const uint64_t *>(pp);
- uint64_t bits = *(t++) ^ *(p++);
- bits |= *(t++) ^ *(p++);
- bits |= *(t++) ^ *(p++);
- bits |= *t ^ *p;
- if (!bits) {
- return false;
- }
-#endif
- ++i;
- }
- return true;
- }
-
-private:
- struct _ArItem { uint64_t tail[4]; };
- _ArItem _history[ZT_ANTIRECURSION_HISTORY_SIZE];
- volatile unsigned long _ptr;
-};
-
-} // namespace ZeroTier
-
-#endif
diff --git a/node/IncomingPacket.cpp b/node/IncomingPacket.cpp
index 2a51a387..c63d70b7 100644
--- a/node/IncomingPacket.cpp
+++ b/node/IncomingPacket.cpp
@@ -45,7 +45,6 @@
#include "World.hpp"
#include "Cluster.hpp"
#include "Node.hpp"
-#include "AntiRecursion.hpp"
#include "DeferredPackets.hpp"
namespace ZeroTier {
@@ -163,7 +162,6 @@ bool IncomingPacket::_doERROR(const RuntimeEnvironment *RR,const SharedPtr<Peer>
Packet outp(peer->address(),RR->identity.address(),Packet::VERB_NETWORK_MEMBERSHIP_CERTIFICATE);
nconf->com().serialize(outp);
outp.armor(peer->key(),true);
- RR->antiRec->logOutgoingZT(outp.data(),outp.size());
RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
}
}
@@ -345,7 +343,6 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,SharedPtr<Peer> &peer
}
outp.armor(peer->key(),true);
- RR->antiRec->logOutgoingZT(outp.data(),outp.size());
RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
peer->setRemoteVersion(protoVersion,vMajor,vMinor,vRevision); // important for this to go first so received() knows the version
@@ -483,7 +480,6 @@ bool IncomingPacket::_doWHOIS(const RuntimeEnvironment *RR,const SharedPtr<Peer>
outp.append(packetId());
queried.serialize(outp,false);
outp.armor(peer->key(),true);
- RR->antiRec->logOutgoingZT(outp.data(),outp.size());
RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
} else {
#ifdef ZT_ENABLE_CLUSTER
@@ -511,10 +507,12 @@ bool IncomingPacket::_doRENDEZVOUS(const RuntimeEnvironment *RR,const SharedPtr<
const unsigned int port = at<uint16_t>(ZT_PROTO_VERB_RENDEZVOUS_IDX_PORT);
const unsigned int addrlen = (*this)[ZT_PROTO_VERB_RENDEZVOUS_IDX_ADDRLEN];
if ((port > 0)&&((addrlen == 4)||(addrlen == 16))) {
+ peer->received(_localAddress,_remoteAddress,hops(),packetId(),Packet::VERB_RENDEZVOUS,0,Packet::VERB_NOP);
+
InetAddress atAddr(field(ZT_PROTO_VERB_RENDEZVOUS_IDX_ADDRESS,addrlen),addrlen,port);
TRACE("RENDEZVOUS from %s says %s might be at %s, starting NAT-t",peer->address().toString().c_str(),with.toString().c_str(),atAddr.toString().c_str());
- peer->received(_localAddress,_remoteAddress,hops(),packetId(),Packet::VERB_RENDEZVOUS,0,Packet::VERB_NOP);
- RR->sw->rendezvous(withPeer,_localAddress,atAddr);
+ if (RR->node->shouldUsePathForZeroTierTraffic(_localAddress,atAddr))
+ RR->sw->rendezvous(withPeer,_localAddress,atAddr);
} else {
TRACE("dropped corrupt RENDEZVOUS from %s(%s) (bad address or port)",peer->address().toString().c_str(),_remoteAddress.toString().c_str());
}
@@ -644,7 +642,6 @@ bool IncomingPacket::_doECHO(const RuntimeEnvironment *RR,const SharedPtr<Peer>
if (size() > ZT_PACKET_IDX_PAYLOAD)
outp.append(reinterpret_cast<const unsigned char *>(data()) + ZT_PACKET_IDX_PAYLOAD,size() - ZT_PACKET_IDX_PAYLOAD);
outp.armor(peer->key(),true);
- RR->antiRec->logOutgoingZT(outp.data(),outp.size());
RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
peer->received(_localAddress,_remoteAddress,hops(),pid,Packet::VERB_ECHO,0,Packet::VERB_NOP);
} catch ( ... ) {
@@ -722,7 +719,6 @@ bool IncomingPacket::_doNETWORK_CONFIG_REQUEST(const RuntimeEnvironment *RR,cons
if (outp.size() > ZT_PROTO_MAX_PACKET_LENGTH) { // sanity check
TRACE("NETWORK_CONFIG_REQUEST failed: internal error: netconf size %u is too large",(unsigned int)netconfStr.length());
} else {
- RR->antiRec->logOutgoingZT(outp.data(),outp.size());
RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
}
}
@@ -735,7 +731,6 @@ bool IncomingPacket::_doNETWORK_CONFIG_REQUEST(const RuntimeEnvironment *RR,cons
outp.append((unsigned char)Packet::ERROR_OBJ_NOT_FOUND);
outp.append(nwid);
outp.armor(peer->key(),true);
- RR->antiRec->logOutgoingZT(outp.data(),outp.size());
RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
} break;
@@ -746,7 +741,6 @@ bool IncomingPacket::_doNETWORK_CONFIG_REQUEST(const RuntimeEnvironment *RR,cons
outp.append((unsigned char)Packet::ERROR_NETWORK_ACCESS_DENIED_);
outp.append(nwid);
outp.armor(peer->key(),true);
- RR->antiRec->logOutgoingZT(outp.data(),outp.size());
RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
} break;
@@ -769,7 +763,6 @@ bool IncomingPacket::_doNETWORK_CONFIG_REQUEST(const RuntimeEnvironment *RR,cons
outp.append((unsigned char)Packet::ERROR_UNSUPPORTED_OPERATION);
outp.append(nwid);
outp.armor(peer->key(),true);
- RR->antiRec->logOutgoingZT(outp.data(),outp.size());
RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
}
} catch ( ... ) {
@@ -815,7 +808,6 @@ bool IncomingPacket::_doMULTICAST_GATHER(const RuntimeEnvironment *RR,const Shar
const unsigned int gatheredLocally = RR->mc->gather(peer->address(),nwid,mg,outp,gatherLimit);
if (gatheredLocally) {
outp.armor(peer->key(),true);
- RR->antiRec->logOutgoingZT(outp.data(),outp.size());
RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
}
@@ -909,7 +901,6 @@ bool IncomingPacket::_doMULTICAST_FRAME(const RuntimeEnvironment *RR,const Share
outp.append((unsigned char)0x02); // flag 0x02 = contains gather results
if (RR->mc->gather(peer->address(),nwid,to,outp,gatherLimit)) {
outp.armor(peer->key(),true);
- RR->antiRec->logOutgoingZT(outp.data(),outp.size());
RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
}
}
@@ -952,7 +943,7 @@ bool IncomingPacket::_doPUSH_DIRECT_PATHS(const RuntimeEnvironment *RR,const Sha
switch(addrType) {
case 4: {
InetAddress a(field(ptr,4),4,at<uint16_t>(ptr + 4));
- if ( ((flags & 0x01) == 0) && (Path::isAddressValidForPath(a)) && (!peer->hasActivePathTo(now,a)) ) {
+ if ( ((flags & 0x01) == 0) && (Path::isAddressValidForPath(a)) && (!peer->hasActivePathTo(now,a)) && (RR->node->shouldUsePathForZeroTierTraffic(_localAddress,a)) ) {
if (++countPerScope[(int)a.ipScope()][0] <= ZT_PUSH_DIRECT_PATHS_MAX_PER_SCOPE_AND_FAMILY) {
TRACE("attempting to contact %s at pushed direct path %s",peer->address().toString().c_str(),a.toString().c_str());
peer->sendHELLO(_localAddress,a,now);
@@ -963,7 +954,7 @@ bool IncomingPacket::_doPUSH_DIRECT_PATHS(const RuntimeEnvironment *RR,const Sha
} break;
case 6: {
InetAddress a(field(ptr,16),16,at<uint16_t>(ptr + 16));
- if ( ((flags & 0x01) == 0) && (Path::isAddressValidForPath(a)) && (!peer->hasActivePathTo(now,a)) ) {
+ if ( ((flags & 0x01) == 0) && (Path::isAddressValidForPath(a)) && (!peer->hasActivePathTo(now,a)) && (RR->node->shouldUsePathForZeroTierTraffic(_localAddress,a)) ) {
if (++countPerScope[(int)a.ipScope()][1] <= ZT_PUSH_DIRECT_PATHS_MAX_PER_SCOPE_AND_FAMILY) {
TRACE("attempting to contact %s at pushed direct path %s",peer->address().toString().c_str(),a.toString().c_str());
peer->sendHELLO(_localAddress,a,now);
@@ -1220,7 +1211,6 @@ bool IncomingPacket::_doREQUEST_PROOF_OF_WORK(const RuntimeEnvironment *RR,const
outp.append((uint16_t)sizeof(result));
outp.append(result,sizeof(result));
outp.armor(peer->key(),true);
- RR->antiRec->logOutgoingZT(outp.data(),outp.size());
RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
} else {
Packet outp(peer->address(),RR->identity.address(),Packet::VERB_ERROR);
@@ -1228,7 +1218,6 @@ bool IncomingPacket::_doREQUEST_PROOF_OF_WORK(const RuntimeEnvironment *RR,const
outp.append(pid);
outp.append((unsigned char)Packet::ERROR_INVALID_REQUEST);
outp.armor(peer->key(),true);
- RR->antiRec->logOutgoingZT(outp.data(),outp.size());
RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
}
} break;
@@ -1334,7 +1323,6 @@ void IncomingPacket::_sendErrorNeedCertificate(const RuntimeEnvironment *RR,cons
outp.append((unsigned char)Packet::ERROR_NEED_MEMBERSHIP_CERTIFICATE);
outp.append(nwid);
outp.armor(peer->key(),true);
- RR->antiRec->logOutgoingZT(outp.data(),outp.size());
RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
}
diff --git a/node/InetAddress.cpp b/node/InetAddress.cpp
index f35eb9c3..1b3a8064 100644
--- a/node/InetAddress.cpp
+++ b/node/InetAddress.cpp
@@ -280,6 +280,30 @@ InetAddress InetAddress::network() const
return r;
}
+bool InetAddress::containsAddress(const InetAddress &addr) const
+{
+ if (addr.ss_family == ss_family) {
+ switch(ss_family) {
+ case AF_INET: {
+ const unsigned int bits = netmaskBits();
+ return ( (Utils::ntoh((uint32_t)reinterpret_cast<const struct sockaddr_in *>(&addr)->sin_addr.s_addr) >> (32 - bits)) == (Utils::ntoh((uint32_t)reinterpret_cast<const struct sockaddr_in *>(this)->sin_addr.s_addr) >> (32 - bits)) );
+ }
+ case AF_INET6: {
+ const InetAddress mask(netmask());
+ const uint8_t *m = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(&mask)->sin6_addr.s6_addr);
+ const uint8_t *a = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(&addr)->sin6_addr.s6_addr);
+ const uint8_t *b = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr);
+ for(unsigned int i=0;i<16;++i) {
+ if ((a[i] & m[i]) != b[i])
+ return false;
+ }
+ return true;
+ }
+ }
+ }
+ return false;
+}
+
bool InetAddress::isNetwork() const
throw()
{
diff --git a/node/InetAddress.hpp b/node/InetAddress.hpp
index 2573e694..201271f7 100644
--- a/node/InetAddress.hpp
+++ b/node/InetAddress.hpp
@@ -326,6 +326,14 @@ struct InetAddress : public sockaddr_storage
InetAddress network() const;
/**
+ * Test whether this IP/netmask contains this address
+ *
+ * @param addr Address to check
+ * @return True if this IP/netmask (route) contains this address
+ */
+ bool containsAddress(const InetAddress &addr) const;
+
+ /**
* @return True if this is an IPv4 address
*/
inline bool isV4() const throw() { return (ss_family == AF_INET); }
diff --git a/node/Node.cpp b/node/Node.cpp
index 7e4ad642..f65aa843 100644
--- a/node/Node.cpp
+++ b/node/Node.cpp
@@ -39,7 +39,6 @@
#include "NetworkController.hpp"
#include "Switch.hpp"
#include "Multicaster.hpp"
-#include "AntiRecursion.hpp"
#include "Topology.hpp"
#include "Buffer.hpp"
#include "Packet.hpp"
@@ -65,6 +64,7 @@ Node::Node(
ZT_WirePacketSendFunction wirePacketSendFunction,
ZT_VirtualNetworkFrameFunction virtualNetworkFrameFunction,
ZT_VirtualNetworkConfigFunction virtualNetworkConfigFunction,
+ ZT_PathCheckFunction pathCheckFunction,
ZT_EventCallback eventCallback) :
_RR(this),
RR(&_RR),
@@ -74,6 +74,7 @@ Node::Node(
_wirePacketSendFunction(wirePacketSendFunction),
_virtualNetworkFrameFunction(virtualNetworkFrameFunction),
_virtualNetworkConfigFunction(virtualNetworkConfigFunction),
+ _pathCheckFunction(pathCheckFunction),
_eventCallback(eventCallback),
_networks(),
_networks_m(),
@@ -114,7 +115,6 @@ Node::Node(
try {
RR->sw = new Switch(RR);
RR->mc = new Multicaster(RR);
- RR->antiRec = new AntiRecursion();
RR->topology = new Topology(RR);
RR->sa = new SelfAwareness(RR);
RR->dp = new DeferredPackets(RR);
@@ -122,7 +122,6 @@ Node::Node(
delete RR->dp;
delete RR->sa;
delete RR->topology;
- delete RR->antiRec;
delete RR->mc;
delete RR->sw;
throw;
@@ -141,7 +140,6 @@ Node::~Node()
delete RR->dp;
delete RR->sa;
delete RR->topology;
- delete RR->antiRec;
delete RR->mc;
delete RR->sw;
#ifdef ZT_ENABLE_CLUSTER
@@ -675,6 +673,27 @@ std::string Node::dataStoreGet(const char *name)
return r;
}
+bool Node::shouldUsePathForZeroTierTraffic(const InetAddress &localAddress,const InetAddress &remoteAddress)
+{
+ {
+ Mutex::Lock _l(_networks_m);
+ for(std::vector< std::pair< uint64_t, SharedPtr<Network> > >::const_iterator i=_networks.begin();i!=_networks.end();++i) {
+ SharedPtr<NetworkConfig> nc(i->second->config2());
+ if (nc) {
+ for(std::vector<InetAddress>::const_iterator a(nc->staticIps().begin());a!=nc->staticIps().end();++a) {
+ if (a->containsAddress(remoteAddress)) {
+ return false;
+ }
+ }
+ }
+ }
+ }
+
+ if (_pathCheckFunction)
+ return (_pathCheckFunction(reinterpret_cast<ZT_Node *>(this),_uPtr,reinterpret_cast<const struct sockaddr_storage *>(&localAddress),reinterpret_cast<const struct sockaddr_storage *>(&remoteAddress)) != 0);
+ else return true;
+}
+
#ifdef ZT_TRACE
void Node::postTrace(const char *module,unsigned int line,const char *fmt,...)
{
@@ -747,11 +766,12 @@ enum ZT_ResultCode ZT_Node_new(
ZT_WirePacketSendFunction wirePacketSendFunction,
ZT_VirtualNetworkFrameFunction virtualNetworkFrameFunction,
ZT_VirtualNetworkConfigFunction virtualNetworkConfigFunction,
+ ZT_PathCheckFunction pathCheckFunction,
ZT_EventCallback eventCallback)
{
*node = (ZT_Node *)0;
try {
- *node = reinterpret_cast<ZT_Node *>(new ZeroTier::Node(now,uptr,dataStoreGetFunction,dataStorePutFunction,wirePacketSendFunction,virtualNetworkFrameFunction,virtualNetworkConfigFunction,eventCallback));
+ *node = reinterpret_cast<ZT_Node *>(new ZeroTier::Node(now,uptr,dataStoreGetFunction,dataStorePutFunction,wirePacketSendFunction,virtualNetworkFrameFunction,virtualNetworkConfigFunction,pathCheckFunction,eventCallback));
return ZT_RESULT_OK;
} catch (std::bad_alloc &exc) {
return ZT_RESULT_FATAL_ERROR_OUT_OF_MEMORY;
diff --git a/node/Node.hpp b/node/Node.hpp
index 15295139..b6b32363 100644
--- a/node/Node.hpp
+++ b/node/Node.hpp
@@ -71,6 +71,7 @@ public:
ZT_WirePacketSendFunction wirePacketSendFunction,
ZT_VirtualNetworkFrameFunction virtualNetworkFrameFunction,
ZT_VirtualNetworkConfigFunction virtualNetworkConfigFunction,
+ ZT_PathCheckFunction pathCheckFunction,
ZT_EventCallback eventCallback);
~Node();
@@ -189,6 +190,13 @@ public:
len);
}
+ /**
+ * @param localAddress Local address
+ * @param remoteAddress Remote address
+ * @return True if path should be used
+ */
+ bool shouldUsePathForZeroTierTraffic(const InetAddress &localAddress,const InetAddress &remoteAddress);
+
inline SharedPtr<Network> network(uint64_t nwid) const
{
Mutex::Lock _l(_networks_m);
@@ -288,6 +296,7 @@ private:
ZT_WirePacketSendFunction _wirePacketSendFunction;
ZT_VirtualNetworkFrameFunction _virtualNetworkFrameFunction;
ZT_VirtualNetworkConfigFunction _virtualNetworkConfigFunction;
+ ZT_PathCheckFunction _pathCheckFunction;
ZT_EventCallback _eventCallback;
std::vector< std::pair< uint64_t, SharedPtr<Network> > > _networks;
diff --git a/node/Path.cpp b/node/Path.cpp
index c67352de..6f595189 100644
--- a/node/Path.cpp
+++ b/node/Path.cpp
@@ -26,7 +26,6 @@
*/
#include "Path.hpp"
-#include "AntiRecursion.hpp"
#include "RuntimeEnvironment.hpp"
#include "Node.hpp"
@@ -34,7 +33,6 @@ namespace ZeroTier {
bool Path::send(const RuntimeEnvironment *RR,const void *data,unsigned int len,uint64_t now)
{
- RR->antiRec->logOutgoingZT(data,len);
if (RR->node->putPacket(_localAddress,address(),data,len)) {
sent(now);
return true;
diff --git a/node/Peer.cpp b/node/Peer.cpp
index 1914da97..c75a3e46 100644
--- a/node/Peer.cpp
+++ b/node/Peer.cpp
@@ -32,7 +32,6 @@
#include "Node.hpp"
#include "Switch.hpp"
#include "Network.hpp"
-#include "AntiRecursion.hpp"
#include "SelfAwareness.hpp"
#include "Cluster.hpp"
#include "Packet.hpp"
@@ -104,7 +103,6 @@ void Peer::received(
}
outp.append((uint16_t)redirectTo.port());
outp.armor(_key,true);
- RR->antiRec->logOutgoingZT(outp.data(),outp.size());
RR->node->putPacket(localAddr,remoteAddr,outp.data(),outp.size());
} else {
// For older peers we use RENDEZVOUS to coax them into contacting us elsewhere.
@@ -120,7 +118,6 @@ void Peer::received(
outp.append(redirectTo.rawIpData(),16);
}
outp.armor(_key,true);
- RR->antiRec->logOutgoingZT(outp.data(),outp.size());
RR->node->putPacket(localAddr,remoteAddr,outp.data(),outp.size());
}
suboptimalPath = true;
@@ -159,7 +156,7 @@ void Peer::received(
}
}
- if (!pathIsConfirmed) {
+ if ((!pathIsConfirmed)&&(RR->node->shouldUsePathForZeroTierTraffic(localAddr,remoteAddr))) {
if (verb == Packet::VERB_OK) {
Path *slot = (Path *)0;
@@ -232,7 +229,6 @@ void Peer::sendHELLO(const InetAddress &localAddr,const InetAddress &atAddress,u
outp.append((uint64_t)RR->topology->worldTimestamp());
outp.armor(_key,false); // HELLO is sent in the clear
- RR->antiRec->logOutgoingZT(outp.data(),outp.size());
RR->node->putPacket(localAddr,atAddress,outp.data(),outp.size(),ttl);
}
@@ -512,7 +508,12 @@ bool Peer::_checkPath(Path &p,const uint64_t now)
* counter is reset on any packet receive over this path. If it reaches the
* MAX_PROBATION threshold the path is considred dead. */
- if ( (p.lastSend() > p.lastReceived()) && ((p.lastSend() - p.lastReceived()) >= ZT_PEER_DEAD_PATH_DETECTION_NO_ANSWER_TIMEOUT) && ((now - p.lastPing()) >= ZT_PEER_DEAD_PATH_DETECTION_NO_ANSWER_TIMEOUT) ) {
+ if (
+ (p.lastSend() > p.lastReceived()) &&
+ ((p.lastSend() - p.lastReceived()) >= ZT_PEER_DEAD_PATH_DETECTION_NO_ANSWER_TIMEOUT) &&
+ ((now - p.lastPing()) >= ZT_PEER_DEAD_PATH_DETECTION_NO_ANSWER_TIMEOUT) &&
+ (!RR->topology->amRoot())
+ ) {
TRACE("%s(%s) does not seem to be answering in a timely manner, checking if dead (probation == %u)",_id.address().toString().c_str(),p.address().toString().c_str(),p.probation());
if ( (_vProto >= 5) && ( !((_vMajor == 1)&&(_vMinor == 1)&&(_vRevision == 0)) ) ) {
diff --git a/node/RuntimeEnvironment.hpp b/node/RuntimeEnvironment.hpp
index 4846c9df..c9990c4a 100644
--- a/node/RuntimeEnvironment.hpp
+++ b/node/RuntimeEnvironment.hpp
@@ -41,7 +41,6 @@ class Switch;
class Topology;
class Node;
class Multicaster;
-class AntiRecursion;
class NetworkController;
class SelfAwareness;
class Cluster;
@@ -59,7 +58,6 @@ public:
,localNetworkController((NetworkController *)0)
,sw((Switch *)0)
,mc((Multicaster *)0)
- ,antiRec((AntiRecursion *)0)
,topology((Topology *)0)
,sa((SelfAwareness *)0)
,dp((DeferredPackets *)0)
@@ -91,7 +89,6 @@ public:
Switch *sw;
Multicaster *mc;
- AntiRecursion *antiRec;
Topology *topology;
SelfAwareness *sa;
DeferredPackets *dp;
diff --git a/node/Switch.cpp b/node/Switch.cpp
index a6575836..9ef8611a 100644
--- a/node/Switch.cpp
+++ b/node/Switch.cpp
@@ -42,7 +42,6 @@
#include "InetAddress.hpp"
#include "Topology.hpp"
#include "Peer.hpp"
-#include "AntiRecursion.hpp"
#include "SelfAwareness.hpp"
#include "Packet.hpp"
#include "Cluster.hpp"
@@ -124,15 +123,6 @@ void Switch::onLocalEthernet(const SharedPtr<Network> &network,const MAC &from,c
if (to == network->mac())
return;
- /* Check anti-recursion module to ensure that this is not ZeroTier talking over its own links.
- * Note: even when we introduce a more purposeful binding of the main UDP port, this can
- * still happen because Windows likes to send broadcasts over interfaces that have little
- * to do with their intended target audience. :P */
- if (!RR->antiRec->checkEthernetFrame(data,len)) {
- TRACE("%.16llx: rejected recursively addressed ZeroTier packet by tail match (type %s, length: %u)",network->id(),etherTypeName(etherType),len);
- return;
- }
-
// Check to make sure this protocol is allowed on this network
if (!nconf->permitsEtherType(etherType)) {
TRACE("%.16llx: ignored tap: %s -> %s: ethertype %s not allowed on network %.16llx",network->id(),from.toString().c_str(),to.toString().c_str(),etherTypeName(etherType),(unsigned long long)network->id());
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-22 02:18:12 +0000