From 57b96af2c41ed63a12bfb41044f242fc55ab1358 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Thu, 8 Mar 2018 22:33:08 -0800 Subject: Fix for FileDB _networkChanged / _memberChanged problem. --- controller/DB.cpp | 133 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 130 insertions(+), 3 deletions(-) (limited to 'controller/DB.cpp') diff --git a/controller/DB.cpp b/controller/DB.cpp index 70472e57..680b4120 100644 --- a/controller/DB.cpp +++ b/controller/DB.cpp @@ -222,7 +222,7 @@ void DB::networks(std::vector &networks) networks.push_back(n->first); } -void DB::_memberChanged(nlohmann::json &old,nlohmann::json &member,bool push) +void DB::_memberChanged(nlohmann::json &old,nlohmann::json &memberConfig,bool push) { uint64_t memberId = 0; uint64_t networkId = 0; @@ -230,6 +230,102 @@ void DB::_memberChanged(nlohmann::json &old,nlohmann::json &member,bool push) bool wasAuth = false; std::shared_ptr<_Network> nw; + if (old.is_object()) { + memberId = OSUtils::jsonIntHex(old["id"],0ULL); + networkId = OSUtils::jsonIntHex(old["nwid"],0ULL); + if ((memberId)&&(networkId)) { + { + std::lock_guard l(_networks_l); + auto nw2 = _networks.find(networkId); + if (nw2 != _networks.end()) + nw = nw2->second; + } + if (nw) { + std::lock_guard l(nw->lock); + if (OSUtils::jsonBool(old["activeBridge"],false)) + nw->activeBridgeMembers.erase(memberId); + wasAuth = OSUtils::jsonBool(old["authorized"],false); + if (wasAuth) + nw->authorizedMembers.erase(memberId); + json &ips = old["ipAssignments"]; + if (ips.is_array()) { + for(unsigned long i=0;iallocatedIps.erase(ipa); + } + } + } + } + } + } + + if (memberConfig.is_object()) { + if (!nw) { + memberId = OSUtils::jsonIntHex(memberConfig["id"],0ULL); + networkId = OSUtils::jsonIntHex(memberConfig["nwid"],0ULL); + if ((!memberId)||(!networkId)) + return; + std::lock_guard l(_networks_l); + std::shared_ptr<_Network> &nw2 = _networks[networkId]; + if (!nw2) + nw2.reset(new _Network); + nw = nw2; + } + + { + std::lock_guard l(nw->lock); + + nw->members[memberId] = memberConfig; + + if (OSUtils::jsonBool(memberConfig["activeBridge"],false)) + nw->activeBridgeMembers.insert(memberId); + isAuth = OSUtils::jsonBool(memberConfig["authorized"],false); + if (isAuth) + nw->authorizedMembers.insert(memberId); + json &ips = memberConfig["ipAssignments"]; + if (ips.is_array()) { + for(unsigned long i=0;iallocatedIps.insert(ipa); + } + } + } + + if (!isAuth) { + const int64_t ldt = (int64_t)OSUtils::jsonInt(memberConfig["lastDeauthorizedTime"],0ULL); + if (ldt > nw->mostRecentDeauthTime) + nw->mostRecentDeauthTime = ldt; + } + } + + if (push) + _controller->onNetworkMemberUpdate(networkId,memberId); + } else if (memberId) { + if (nw) { + std::lock_guard l(nw->lock); + nw->members.erase(memberId); + } + if (networkId) { + std::lock_guard l(_networks_l); + auto er = _networkByMember.equal_range(memberId); + for(auto i=er.first;i!=er.second;++i) { + if (i->second == networkId) { + _networkByMember.erase(i); + break; + } + } + } + } + + /* if (old.is_object()) { json &config = old["config"]; if (config.is_object()) { @@ -330,16 +426,46 @@ void DB::_memberChanged(nlohmann::json &old,nlohmann::json &member,bool push) } } } + */ if ((push)&&((wasAuth)&&(!isAuth)&&(networkId)&&(memberId))) _controller->onNetworkMemberDeauthorize(networkId,memberId); } -void DB::_networkChanged(nlohmann::json &old,nlohmann::json &network,bool push) +void DB::_networkChanged(nlohmann::json &old,nlohmann::json &networkConfig,bool push) { + if (networkConfig.is_object()) { + const std::string ids = networkConfig["id"]; + const uint64_t id = Utils::hexStrToU64(ids.c_str()); + if (id) { + std::shared_ptr<_Network> nw; + { + std::lock_guard l(_networks_l); + std::shared_ptr<_Network> &nw2 = _networks[id]; + if (!nw2) + nw2.reset(new _Network); + nw = nw2; + } + { + std::lock_guard l2(nw->lock); + nw->config = networkConfig; + } + if (push) + _controller->onNetworkUpdate(id); + } + } else if (old.is_object()) { + const std::string ids = old["id"]; + const uint64_t id = Utils::hexStrToU64(ids.c_str()); + if (id) { + std::lock_guard l(_networks_l); + _networks.erase(id); + } + } + + /* if (network.is_object()) { json &config = network["config"]; - if (config.is_object()) { + if (networkConfig.is_object()) { const std::string ids = config["id"]; const uint64_t id = Utils::hexStrToU64(ids.c_str()); if (id) { @@ -367,6 +493,7 @@ void DB::_networkChanged(nlohmann::json &old,nlohmann::json &network,bool push) _networks.erase(id); } } + */ } void DB::_fillSummaryInfo(const std::shared_ptr<_Network> &nw,NetworkSummaryInfo &info) -- cgit v1.2.3 From 574b24c0826cea575b77f36aa0238d7a26aeac7b Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Thu, 8 Mar 2018 22:41:42 -0800 Subject: docs --- controller/DB.cpp | 2 +- controller/DB.hpp | 2 +- controller/EmbeddedNetworkController.cpp | 2 +- controller/EmbeddedNetworkController.hpp | 2 +- controller/FileDB.hpp | 2 +- controller/RethinkDB.cpp | 2 +- controller/RethinkDB.hpp | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) (limited to 'controller/DB.cpp') diff --git a/controller/DB.cpp b/controller/DB.cpp index 680b4120..64311be7 100644 --- a/controller/DB.cpp +++ b/controller/DB.cpp @@ -1,6 +1,6 @@ /* * ZeroTier One - Network Virtualization Everywhere - * Copyright (C) 2011-2015 ZeroTier, Inc. + * Copyright (C) 2011-2018 ZeroTier, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/controller/DB.hpp b/controller/DB.hpp index 86626009..4757bb40 100644 --- a/controller/DB.hpp +++ b/controller/DB.hpp @@ -1,6 +1,6 @@ /* * ZeroTier One - Network Virtualization Everywhere - * Copyright (C) 2011-2015 ZeroTier, Inc. + * Copyright (C) 2011-2018 ZeroTier, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/controller/EmbeddedNetworkController.cpp b/controller/EmbeddedNetworkController.cpp index f88f8cff..9a07b285 100644 --- a/controller/EmbeddedNetworkController.cpp +++ b/controller/EmbeddedNetworkController.cpp @@ -1,6 +1,6 @@ /* * ZeroTier One - Network Virtualization Everywhere - * Copyright (C) 2011-2015 ZeroTier, Inc-> + * Copyright (C) 2011-2018 ZeroTier, Inc * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/controller/EmbeddedNetworkController.hpp b/controller/EmbeddedNetworkController.hpp index 1dda9f45..417005a4 100644 --- a/controller/EmbeddedNetworkController.hpp +++ b/controller/EmbeddedNetworkController.hpp @@ -1,6 +1,6 @@ /* * ZeroTier One - Network Virtualization Everywhere - * Copyright (C) 2011-2015 ZeroTier, Inc. + * Copyright (C) 2011-2018 ZeroTier, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/controller/FileDB.hpp b/controller/FileDB.hpp index b02da8cb..1e275a36 100644 --- a/controller/FileDB.hpp +++ b/controller/FileDB.hpp @@ -1,6 +1,6 @@ /* * ZeroTier One - Network Virtualization Everywhere - * Copyright (C) 2011-2015 ZeroTier, Inc. + * Copyright (C) 2011-2018 ZeroTier, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/controller/RethinkDB.cpp b/controller/RethinkDB.cpp index 279d6ec2..f6c8a59c 100644 --- a/controller/RethinkDB.cpp +++ b/controller/RethinkDB.cpp @@ -1,6 +1,6 @@ /* * ZeroTier One - Network Virtualization Everywhere - * Copyright (C) 2011-2015 ZeroTier, Inc. + * Copyright (C) 2011-2018 ZeroTier, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/controller/RethinkDB.hpp b/controller/RethinkDB.hpp index 01b46a47..b1049ac3 100644 --- a/controller/RethinkDB.hpp +++ b/controller/RethinkDB.hpp @@ -1,6 +1,6 @@ /* * ZeroTier One - Network Virtualization Everywhere - * Copyright (C) 2011-2015 ZeroTier, Inc. + * Copyright (C) 2011-2018 ZeroTier, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by -- cgit v1.2.3 From bbdb2aa67252372ce7fc72c86415a93bba69ffb9 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Thu, 8 Mar 2018 23:53:57 -0800 Subject: Some work on IPv4 enabled ad-hoc networks. --- controller/DB.cpp | 1 - node/Network.cpp | 146 +++++++++++++++++++++++++++++++++++------------------- 2 files changed, 96 insertions(+), 51 deletions(-) (limited to 'controller/DB.cpp') diff --git a/controller/DB.cpp b/controller/DB.cpp index 64311be7..b2e8878a 100644 --- a/controller/DB.cpp +++ b/controller/DB.cpp @@ -41,7 +41,6 @@ void DB::initNetwork(nlohmann::json &network) if (!network.count("tags")) network["tags"] = nlohmann::json::array(); if (!network.count("routes")) network["routes"] = nlohmann::json::array(); if (!network.count("ipAssignmentPools")) network["ipAssignmentPools"] = nlohmann::json::array(); - //if (!network.count("anchors")) network["anchors"] = nlohmann::json::array(); if (!network.count("mtu")) network["mtu"] = ZT_DEFAULT_MTU; if (!network.count("remoteTraceTarget")) network["remoteTraceTarget"] = nlohmann::json(); if (!network.count("removeTraceLevel")) network["remoteTraceLevel"] = 0; diff --git a/node/Network.cpp b/node/Network.cpp index c12df6c1..d6f66e65 100644 --- a/node/Network.cpp +++ b/node/Network.cpp @@ -1072,15 +1072,89 @@ void Network::requestConfiguration(void *tPtr) if (_destroyed) return; - /* ZeroTier addresses can't begin with 0xff, so this is used to mark controllerless - * network IDs. Controllerless network IDs only support unicast IPv6 using the 6plane - * addressing scheme and have the following format: 0xffSSSSEEEE000000 where SSSS - * is the 16-bit starting IP port range allowed and EEEE is the 16-bit ending IP port - * range allowed. Remaining digits are reserved for future use and must be zero. */ if ((_id >> 56) == 0xff) { - const uint16_t startPortRange = (uint16_t)((_id >> 40) & 0xffff); - const uint16_t endPortRange = (uint16_t)((_id >> 24) & 0xffff); - if (((_id & 0xffffff) == 0)&&(endPortRange >= startPortRange)) { + if ((_id & 0xffffff) == 0) { + const uint16_t startPortRange = (uint16_t)((_id >> 40) & 0xffff); + const uint16_t endPortRange = (uint16_t)((_id >> 24) & 0xffff); + if (endPortRange >= startPortRange) { + NetworkConfig *const nconf = new NetworkConfig(); + + nconf->networkId = _id; + nconf->timestamp = RR->node->now(); + nconf->credentialTimeMaxDelta = ZT_NETWORKCONFIG_DEFAULT_CREDENTIAL_TIME_MAX_MAX_DELTA; + nconf->revision = 1; + nconf->issuedTo = RR->identity.address(); + nconf->flags = ZT_NETWORKCONFIG_FLAG_ENABLE_IPV6_NDP_EMULATION; + nconf->mtu = ZT_DEFAULT_MTU; + nconf->multicastLimit = 0; + nconf->staticIpCount = 1; + nconf->ruleCount = 14; + nconf->staticIps[0] = InetAddress::makeIpv66plane(_id,RR->identity.address().toInt()); + + // Drop everything but IPv6 + nconf->rules[0].t = (uint8_t)ZT_NETWORK_RULE_MATCH_ETHERTYPE | 0x80; // NOT + nconf->rules[0].v.etherType = 0x86dd; // IPv6 + nconf->rules[1].t = (uint8_t)ZT_NETWORK_RULE_ACTION_DROP; + + // Allow ICMPv6 + nconf->rules[2].t = (uint8_t)ZT_NETWORK_RULE_MATCH_IP_PROTOCOL; + nconf->rules[2].v.ipProtocol = 0x3a; // ICMPv6 + nconf->rules[3].t = (uint8_t)ZT_NETWORK_RULE_ACTION_ACCEPT; + + // Allow destination ports within range + nconf->rules[4].t = (uint8_t)ZT_NETWORK_RULE_MATCH_IP_PROTOCOL; + nconf->rules[4].v.ipProtocol = 0x11; // UDP + nconf->rules[5].t = (uint8_t)ZT_NETWORK_RULE_MATCH_IP_PROTOCOL | 0x40; // OR + nconf->rules[5].v.ipProtocol = 0x06; // TCP + nconf->rules[6].t = (uint8_t)ZT_NETWORK_RULE_MATCH_IP_DEST_PORT_RANGE; + nconf->rules[6].v.port[0] = startPortRange; + nconf->rules[6].v.port[1] = endPortRange; + nconf->rules[7].t = (uint8_t)ZT_NETWORK_RULE_ACTION_ACCEPT; + + // Allow non-SYN TCP packets to permit non-connection-initiating traffic + nconf->rules[8].t = (uint8_t)ZT_NETWORK_RULE_MATCH_CHARACTERISTICS | 0x80; // NOT + nconf->rules[8].v.characteristics = ZT_RULE_PACKET_CHARACTERISTICS_TCP_SYN; + nconf->rules[9].t = (uint8_t)ZT_NETWORK_RULE_ACTION_ACCEPT; + + // Also allow SYN+ACK which are replies to SYN + nconf->rules[10].t = (uint8_t)ZT_NETWORK_RULE_MATCH_CHARACTERISTICS; + nconf->rules[10].v.characteristics = ZT_RULE_PACKET_CHARACTERISTICS_TCP_SYN; + nconf->rules[11].t = (uint8_t)ZT_NETWORK_RULE_MATCH_CHARACTERISTICS; + nconf->rules[11].v.characteristics = ZT_RULE_PACKET_CHARACTERISTICS_TCP_ACK; + nconf->rules[12].t = (uint8_t)ZT_NETWORK_RULE_ACTION_ACCEPT; + + nconf->rules[13].t = (uint8_t)ZT_NETWORK_RULE_ACTION_DROP; + + nconf->type = ZT_NETWORK_TYPE_PUBLIC; + + nconf->name[0] = 'a'; + nconf->name[1] = 'd'; + nconf->name[2] = 'h'; + nconf->name[3] = 'o'; + nconf->name[4] = 'c'; + nconf->name[5] = '-'; + Utils::hex((uint16_t)startPortRange,nconf->name + 6); + nconf->name[10] = '-'; + Utils::hex((uint16_t)endPortRange,nconf->name + 11); + nconf->name[15] = (char)0; + + this->setConfiguration(tPtr,*nconf,false); + delete nconf; + } else { + this->setNotFound(); + } + } else if ((_id & 0xff) == 0x01) { + // ffAA__________01 + const uint64_t myAddress = RR->identity.address().toInt(); + uint8_t ipv4[4]; + ipv4[0] = (uint8_t)((_id >> 48) & 0xff); + ipv4[1] = (uint8_t)((myAddress >> 16) & 0xff); + ipv4[2] = (uint8_t)((myAddress >> 8) & 0xff); + ipv4[3] = (uint8_t)(myAddress & 0xff); + + char v4ascii[24]; + Utils::decimal(ipv4[0],v4ascii); + NetworkConfig *const nconf = new NetworkConfig(); nconf->networkId = _id; @@ -1091,43 +1165,12 @@ void Network::requestConfiguration(void *tPtr) nconf->flags = ZT_NETWORKCONFIG_FLAG_ENABLE_IPV6_NDP_EMULATION; nconf->mtu = ZT_DEFAULT_MTU; nconf->multicastLimit = 0; - nconf->staticIpCount = 1; + nconf->staticIpCount = 2; nconf->ruleCount = 14; - nconf->staticIps[0] = InetAddress::makeIpv66plane(_id,RR->identity.address().toInt()); - - // Drop everything but IPv6 - nconf->rules[0].t = (uint8_t)ZT_NETWORK_RULE_MATCH_ETHERTYPE | 0x80; // NOT - nconf->rules[0].v.etherType = 0x86dd; // IPv6 - nconf->rules[1].t = (uint8_t)ZT_NETWORK_RULE_ACTION_DROP; - - // Allow ICMPv6 - nconf->rules[2].t = (uint8_t)ZT_NETWORK_RULE_MATCH_IP_PROTOCOL; - nconf->rules[2].v.ipProtocol = 0x3a; // ICMPv6 - nconf->rules[3].t = (uint8_t)ZT_NETWORK_RULE_ACTION_ACCEPT; - - // Allow destination ports within range - nconf->rules[4].t = (uint8_t)ZT_NETWORK_RULE_MATCH_IP_PROTOCOL; - nconf->rules[4].v.ipProtocol = 0x11; // UDP - nconf->rules[5].t = (uint8_t)ZT_NETWORK_RULE_MATCH_IP_PROTOCOL | 0x40; // OR - nconf->rules[5].v.ipProtocol = 0x06; // TCP - nconf->rules[6].t = (uint8_t)ZT_NETWORK_RULE_MATCH_IP_DEST_PORT_RANGE; - nconf->rules[6].v.port[0] = startPortRange; - nconf->rules[6].v.port[1] = endPortRange; - nconf->rules[7].t = (uint8_t)ZT_NETWORK_RULE_ACTION_ACCEPT; - - // Allow non-SYN TCP packets to permit non-connection-initiating traffic - nconf->rules[8].t = (uint8_t)ZT_NETWORK_RULE_MATCH_CHARACTERISTICS | 0x80; // NOT - nconf->rules[8].v.characteristics = ZT_RULE_PACKET_CHARACTERISTICS_TCP_SYN; - nconf->rules[9].t = (uint8_t)ZT_NETWORK_RULE_ACTION_ACCEPT; - - // Also allow SYN+ACK which are replies to SYN - nconf->rules[10].t = (uint8_t)ZT_NETWORK_RULE_MATCH_CHARACTERISTICS; - nconf->rules[10].v.characteristics = ZT_RULE_PACKET_CHARACTERISTICS_TCP_SYN; - nconf->rules[11].t = (uint8_t)ZT_NETWORK_RULE_MATCH_CHARACTERISTICS; - nconf->rules[11].v.characteristics = ZT_RULE_PACKET_CHARACTERISTICS_TCP_ACK; - nconf->rules[12].t = (uint8_t)ZT_NETWORK_RULE_ACTION_ACCEPT; - - nconf->rules[13].t = (uint8_t)ZT_NETWORK_RULE_ACTION_DROP; + nconf->staticIps[0] = InetAddress::makeIpv66plane(_id,myAddress); + nconf->staticIps[1].set(ipv4,4,8); + + nconf->rules[0].t = (uint8_t)ZT_NETWORK_RULE_ACTION_ACCEPT; nconf->type = ZT_NETWORK_TYPE_PUBLIC; @@ -1137,15 +1180,18 @@ void Network::requestConfiguration(void *tPtr) nconf->name[3] = 'o'; nconf->name[4] = 'c'; nconf->name[5] = '-'; - Utils::hex((uint16_t)startPortRange,nconf->name + 6); - nconf->name[10] = '-'; - Utils::hex((uint16_t)endPortRange,nconf->name + 11); - nconf->name[15] = (char)0; + unsigned long nn = 6; + while ((nconf->name[nn] = v4ascii[nn - 6])) ++nn; + nconf->name[nn++] = '.'; + nconf->name[nn++] = '0'; + nconf->name[nn++] = '.'; + nconf->name[nn++] = '0'; + nconf->name[nn++] = '.'; + nconf->name[nn++] = '0'; + nconf->name[nn++] = (char)0; this->setConfiguration(tPtr,*nconf,false); delete nconf; - } else { - this->setNotFound(); } return; } -- cgit v1.2.3