From f119c4a45610bf5774a3fc88d0883b2fe8db6e8d Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Thu, 18 Aug 2016 12:59:48 -0700
Subject: Cache network members for performance, add network non-persisted
 fields.

---
 controller/EmbeddedNetworkController.hpp | 54 ++++++++++++++++++--------------
 1 file changed, 31 insertions(+), 23 deletions(-)

(limited to 'controller/EmbeddedNetworkController.hpp')

diff --git a/controller/EmbeddedNetworkController.hpp b/controller/EmbeddedNetworkController.hpp
index f6e6b098..16a1adbe 100644
--- a/controller/EmbeddedNetworkController.hpp
+++ b/controller/EmbeddedNetworkController.hpp
@@ -37,6 +37,9 @@
 
 #include "../ext/json/json.hpp"
 
+// Expiration time for network member cache entries in ms
+#define ZT_NETCONF_NETWORK_MEMBER_CACHE_EXPIRE 30000
+
 namespace ZeroTier {
 
 class Node;
@@ -80,6 +83,7 @@ public:
 private:
 	static void _circuitTestCallback(ZT_Node *node,ZT_CircuitTest *test,const ZT_CircuitTestReport *report);
 
+	// JSON blob I/O
 	inline nlohmann::json _readJson(const std::string &path)
 	{
 		std::string buf;
@@ -90,20 +94,19 @@ private:
 		}
 		return nlohmann::json::object();
 	}
-
 	inline bool _writeJson(const std::string &path,const nlohmann::json &obj)
 	{
-		std::string buf(obj.dump(2));
-		return OSUtils::writeFile(path.c_str(),buf);
+		return OSUtils::writeFile(path.c_str(),obj.dump(2));
 	}
 
+	// Network base path and network JSON path
 	inline std::string _networkBP(const uint64_t nwid,bool create)
 	{
 		char tmp[64];
-		Utils::snprintf(tmp,sizeof(tmp),"%.16llx",nwid);
 		std::string p(_path + ZT_PATH_SEPARATOR_S + "network");
 		if (create) OSUtils::mkdir(p.c_str());
 		p.push_back(ZT_PATH_SEPARATOR);
+		Utils::snprintf(tmp,sizeof(tmp),"%.16llx",nwid);
 		p.append(tmp);
 		if (create) OSUtils::mkdir(p.c_str());
 		return p;
@@ -112,6 +115,8 @@ private:
 	{
 		return (_networkBP(nwid,create) + ZT_PATH_SEPARATOR + "config.json");
 	}
+
+	// Member base path and member JSON path
 	inline std::string _memberBP(const uint64_t nwid,const Address &member,bool create)
 	{
 		std::string p(_networkBP(nwid,create));
@@ -128,26 +133,29 @@ private:
 		return (_memberBP(nwid,member,create) + ZT_PATH_SEPARATOR + "config.json");
 	}
 
-	inline std::set<InetAddress> _getAlreadyAllocatedIps(const uint64_t nwid)
+	// We cache the members of networks in memory to avoid having to scan the filesystem so much
+	std::map< uint64_t,std::pair< std::map< Address,nlohmann::json >,uint64_t > > _networkMemberCache;
+	Mutex _networkMemberCache_m;
+
+	// Gathers a bunch of statistics about members of a network, IP assignments, etc. that we need in various places
+	// This does lock _networkMemberCache_m
+	struct _NetworkMemberInfo
 	{
-		std::set<InetAddress> ips;
-		std::string bp(_networkBP(nwid,false) + ZT_PATH_SEPARATOR_S + "member");
-		std::vector<std::string> members(OSUtils::listSubdirectories(bp.c_str()));
-		for(std::vector<std::string>::iterator m(members.begin());m!=members.end();++m) {
-			if (m->length() == ZT_ADDRESS_LENGTH_HEX) {
-				nlohmann::json mj = _readJson(bp + ZT_PATH_SEPARATOR_S + *m + ZT_PATH_SEPARATOR_S + "config.json");
-				auto ipAssignments = mj["ipAssignments"];
-				if (ipAssignments.is_array()) {
-					for(unsigned long i=0;i<ipAssignments.size();++i) {
-						std::string ipstr = ipAssignments[i];
-						InetAddress ip(ipstr);
-						if (ip)
-							ips.insert(ip);
-					}
-				}
-			}
-		}
-		return ips;
+		_NetworkMemberInfo() : authorizedMemberCount(0),activeMemberCount(0),totalMemberCount(0) {}
+		std::set<Address> activeBridges;
+		std::set<InetAddress> allocatedIps;
+		unsigned long authorizedMemberCount;
+		unsigned long activeMemberCount;
+		unsigned long totalMemberCount;
+	};
+	void _getNetworkMemberInfo(uint64_t now,uint64_t nwid,_NetworkMemberInfo &nmi);
+
+	inline void _addNetworkNonPersistedFields(nlohmann::json &network,uint64_t now,const _NetworkMemberInfo &nmi)
+	{
+		network["clock"] = now;
+		network["authorizedMemberCount"] = nmi.authorizedMemberCount;
+		network["activeMemberCount"] = nmi.activeMemberCount;
+		network["totalMemberCount"] = nmi.totalMemberCount;
 	}
 
 	// These are const after construction
-- 
cgit v1.2.3


From 212a5af9a549270abc1230b93a80caf4c0cd4b3c Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Thu, 18 Aug 2016 14:37:56 -0700
Subject: Capabilities and tags in POST JSON.

---
 controller/EmbeddedNetworkController.cpp | 102 +++++++++++++++++++++++--------
 controller/EmbeddedNetworkController.hpp |  32 ++++++++++
 2 files changed, 109 insertions(+), 25 deletions(-)

(limited to 'controller/EmbeddedNetworkController.hpp')

diff --git a/controller/EmbeddedNetworkController.cpp b/controller/EmbeddedNetworkController.cpp
index 82a24284..d7d5c92c 100644
--- a/controller/EmbeddedNetworkController.cpp
+++ b/controller/EmbeddedNetworkController.cpp
@@ -438,6 +438,8 @@ NetworkController::ResultCode EmbeddedNetworkController::doNetworkConfigRequest(
 		}
 	}
 
+	_initMember(member);
+
 	// Make sure these are always present no matter what, and increment member revision since we will always at least log something
 	member["id"] = identity.address().toString();
 	member["address"] = member["id"];
@@ -606,7 +608,6 @@ NetworkController::ResultCode EmbeddedNetworkController::doNetworkConfigRequest(
 		}
 	} else {
 		ipAssignments = json::array();
-		member["ipAssignments"] = ipAssignments;
 	}
 
 	if ( (ipAssignmentPools.is_array()) && ((v6AssignMode.is_object())&&(_jB(v6AssignMode["zt"],false))) && (!haveManagedIpv6AutoAssignment) && (!_jB(member["activeBridge"],false)) ) {
@@ -922,6 +923,7 @@ unsigned int EmbeddedNetworkController::handleControlPlaneHttpPOST(
 					Utils::snprintf(addrs,sizeof(addrs),"%.10llx",(unsigned long long)address);
 
 					json member(_readJson(_memberJP(nwid,Address(address),true)));
+					_initMember(member);
 
 					try {
 						if (b.count("authorized")) member["authorized"] = _jB(b["authorized"],false);
@@ -942,19 +944,46 @@ unsigned int EmbeddedNetworkController::handleControlPlaneHttpPOST(
 								member["ipAssignments"] = mipa;
 							}
 						}
+
+						if (b.count("tags")) {
+							auto tags = b["tags"];
+							if (tags.is_array()) {
+								std::map<uint64_t,uint64_t> mtags;
+								for(unsigned long i=0;i<tags.size();++i) {
+									auto tag = tags[i];
+									if ((tag.is_array())&&(tag.size() == 2))
+										mtags[_jI(tag[0],0ULL) & 0xffffffffULL] = _jI(tag[1],0ULL) & 0xffffffffULL;
+								}
+								json mtagsa = json::array();
+								for(std::map<uint64_t,uint64_t>::iterator t(mtags.begin());t!=mtags.end();++t) {
+									json ta = json::array();
+									ta.push_back(t->first);
+									ta.push_back(t->second);
+									mtagsa.push_back(ta);
+								}
+								member["tags"] = mtagsa;
+							}
+						}
+
+						if (b.count("capabilities")) {
+							auto capabilities = b["capabilities"];
+							if (capabilities.is_array()) {
+								json mcaps = json::array();
+								for(unsigned long i=0;i<capabilities.size();++i) {
+									mcaps.push_back(_jI(capabilities[i],0ULL));
+								}
+								std::sort(mcaps.begin(),mcaps.end());
+								mcaps.erase(std::unique(mcaps.begin(),mcaps.end()),mcaps.end());
+								member["capabilities"] = mcaps;
+							}
+						}
 					} catch ( ... ) {
 						return 400;
 					}
 
-					if (!member.count("authorized")) member["authorized"] = false;
-					if (!member.count("ipAssignments")) member["ipAssignments"] = json::array();
-					if (!member.count("recentLog")) member["recentLog"] = json::array();
-					if (!member.count("activeBridge")) member["activeBridge"] = false;
-
 					member["id"] = addrs;
 					member["address"] = addrs; // legacy
 					member["nwid"] = nwids;
-					member["objtype"] = "member";
 					member["lastModified"] = now;
 					{
 						auto revj = member["revision"];
@@ -1041,6 +1070,7 @@ unsigned int EmbeddedNetworkController::handleControlPlaneHttpPOST(
 				}
 
 				json network(_readJson(_networkJP(nwid,true)));
+				_initNetwork(network);
 
 				try {
 					if (b.count("name")) network["name"] = _jS(b["name"],"");
@@ -1168,32 +1198,54 @@ unsigned int EmbeddedNetworkController::handleControlPlaneHttpPOST(
 							network["authTokens"] = nat;
 						}
 					}
+
+					if (b.count("capabilities")) {
+						auto capabilities = b["capabilities"];
+						if (capabilities.is_array()) {
+							std::map< uint64_t,json > ncaps;
+							for(unsigned long i=0;i<capabilities.size();++i) {
+								auto cap = capabilities[i];
+								if (cap.is_object()) {
+									json ncap = json::object();
+									const uint64_t capId = _jI(cap["id"],0ULL);
+									ncap["id"] = capId;
+
+									auto rules = cap["rules"];
+									json nrules = json::array();
+									if (rules.is_array()) {
+										for(unsigned long i=0;i<rules.size();++i) {
+											json rule = rules[i];
+											if (rule.is_object()) {
+												ZT_VirtualNetworkRule ztr;
+												if (_parseRule(rule,ztr)) {
+													rule = _renderRule(ztr);
+													if ((rule.is_object())&&(rule.count("type"))) {
+														nrules.push_back(rule);
+													}
+												}
+											}
+										}
+									}
+									ncap["rules"] = nrules;
+
+									ncaps[capId] = ncap;
+								}
+							}
+
+							json ncapsa = json::array();
+							for(std::map< uint64_t,json >::iterator c(ncaps.begin());c!=ncaps.end();++c)
+								ncapsa.push_back(c->second);
+							network["capabilities"] = ncapsa;
+						}
+					}
 				} catch ( ... ) {
 					return 400;
 				}
 
-				if (!network.count("private")) network["private"] = true;
-				if (!network.count("creationTime")) network["creationTime"] = OSUtils::now();
-				if (!network.count("name")) network["name"] = "";
-				if (!network.count("multicastLimit")) network["multicastLimit"] = (uint64_t)32;
-				if (!network.count("v4AssignMode")) network["v4AssignMode"] = {{"zt",false}};
-				if (!network.count("v6AssignMode")) network["v6AssignMode"] = {{"rfc4193",false},{"zt",false},{"6plane",false}};
-				if (!network.count("activeBridges")) network["activeBridges"] = json::array();
-				if (!network.count("authTokens")) network["authTokens"] = json::array();
-
-				if (!network.count("rules")) {
-					// If unspecified, rules are set to allow anything and behave like a flat L2 segment
-					network["rules"] = {
-						{ "not",false },
-						{ "type","ACTION_ACCEPT" }
-					};
-				}
-
 				network["id"] = nwids;
 				network["nwid"] = nwids; // legacy
 				auto rev = network["revision"];
 				network["revision"] = (rev.is_number() ? ((uint64_t)rev + 1ULL) : 1ULL);
-				network["objtype"] = "network";
 				network["lastModified"] = now;
 
 				_writeJson(_networkJP(nwid,true),network);
diff --git a/controller/EmbeddedNetworkController.hpp b/controller/EmbeddedNetworkController.hpp
index 16a1adbe..e6b4bb59 100644
--- a/controller/EmbeddedNetworkController.hpp
+++ b/controller/EmbeddedNetworkController.hpp
@@ -150,6 +150,38 @@ private:
 	};
 	void _getNetworkMemberInfo(uint64_t now,uint64_t nwid,_NetworkMemberInfo &nmi);
 
+	// These init objects with default and static/informational fields
+	inline void _initMember(nlohmann::json &member)
+	{
+		if (!member.count("authorized")) member["authorized"] = false;
+		if (!member.count("ipAssignments")) member["ipAssignments"] = nlohmann::json::array();
+		if (!member.count("recentLog")) member["recentLog"] = nlohmann::json::array();
+		if (!member.count("activeBridge")) member["activeBridge"] = false;
+		if (!member.count("tags")) member["tags"] = nlohmann::json::array();
+		if (!member.count("capabilities")) member["capabilities"] = nlohmann::json::array();
+		if (!member.count("creationTime")) member["creationTime"] = OSUtils::now();
+		member["objtype"] = "member";
+	}
+	inline void _initNetwork(nlohmann::json &network)
+	{
+		if (!network.count("private")) network["private"] = true;
+		if (!network.count("creationTime")) network["creationTime"] = OSUtils::now();
+		if (!network.count("name")) network["name"] = "";
+		if (!network.count("multicastLimit")) network["multicastLimit"] = (uint64_t)32;
+		if (!network.count("v4AssignMode")) network["v4AssignMode"] = {{"zt",false}};
+		if (!network.count("v6AssignMode")) network["v6AssignMode"] = {{"rfc4193",false},{"zt",false},{"6plane",false}};
+		if (!network.count("activeBridges")) network["activeBridges"] = nlohmann::json::array();
+		if (!network.count("authTokens")) network["authTokens"] = nlohmann::json::array();
+		if (!network.count("capabilities")) network["capabilities"] = nlohmann::json::array();
+		if (!network.count("rules")) {
+			// If unspecified, rules are set to allow anything and behave like a flat L2 segment
+			network["rules"] = {
+				{ "not",false },
+				{ "type","ACTION_ACCEPT" }
+			};
+		}
+		network["objtype"] = "network";
+	}
 	inline void _addNetworkNonPersistedFields(nlohmann::json &network,uint64_t now,const _NetworkMemberInfo &nmi)
 	{
 		network["clock"] = now;
-- 
cgit v1.2.3