From 8d30d51cf3925007a4f773928b62269836228b44 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Thu, 1 Aug 2013 10:42:02 -0400 Subject: Rename netconf-plugin subdir. --- netconf-service/Makefile | 6 + netconf-service/netconf.cpp | 297 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 303 insertions(+) create mode 100644 netconf-service/Makefile create mode 100644 netconf-service/netconf.cpp (limited to 'netconf-service') diff --git a/netconf-service/Makefile b/netconf-service/Makefile new file mode 100644 index 00000000..bd6b052c --- /dev/null +++ b/netconf-service/Makefile @@ -0,0 +1,6 @@ +all: + gcc -O6 -c ../ext/lz4/lz4hc.c ../ext/lz4/lz4.c + g++ -DZT_OSNAME="linux" -DZT_ARCH="x86_64" -I/usr/include/mysql -I../ext/bin/libcrypto/include -O -o netconf.service netconf.cpp ../node/Utils.cpp ../node/Identity.cpp ../node/EllipticCurveKeyPair.cpp ../node/Salsa20.cpp ../node/HMAC.cpp lz4.o lz4hc.o ../ext/bin/libcrypto/linux-x86_64/libcrypto.a -lmysqlpp + +clean: + rm -f *.o netconf.service diff --git a/netconf-service/netconf.cpp b/netconf-service/netconf.cpp new file mode 100644 index 00000000..a92ff8a0 --- /dev/null +++ b/netconf-service/netconf.cpp @@ -0,0 +1,297 @@ +/* + * ZeroTier One - Global Peer to Peer Ethernet + * Copyright (C) 2012-2013 ZeroTier Networks LLC + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + * -- + * + * ZeroTier may be used and distributed under the terms of the GPLv3, which + * are available at: http://www.gnu.org/licenses/gpl-3.0.html + * + * If you would like to embed ZeroTier into a commercial application or + * redistribute it in a modified binary form, please contact ZeroTier Networks + * LLC. Start here: http://www.zerotier.com/ + */ + +/* + * This is the netconf service. It's currently used only by netconf nodes that + * are run by ZeroTier itself. There is nothing to prevent you from running + * your own if you wanted to create your own networks outside our system. + * + * That being said, we'd like to charge for private networks to support + * ZeroTier One and future development efforts. So while this software is + * open source and we're not going to stop you from sidestepping this, we + * do ask -- honor system here -- that you pay for private networks if you + * are going to use them for any commercial purpose such as a business VPN + * alternative. + * + * This will at the moment only build on Linux and requires the mysql++ + * library, which is available here: + * + * http://tangentsoft.net/mysql++/ + * + * (Packages are available for CentOS via EPEL and for any Debian distro.) + * + * This program must be built and installed in the services.d subfolder of + * the ZeroTier One home folder of the node designated to act as a master + * for networks. Doing so will enable the NETWORK_CONFIG_REQUEST protocol + * verb. + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +#include + +#include "../node/Dictionary.hpp" +#include "../node/Identity.hpp" +#include "../node/Utils.hpp" + +using namespace ZeroTier; +using namespace mysqlpp; + +static Connection *dbCon = (Connection *)0; +static char mysqlHost[64],mysqlPort[64],mysqlDatabase[64],mysqlUser[64],mysqlPassword[64]; + +static void connectOrReconnect() +{ + for(;;) { + if (dbCon) + delete dbCon; + dbCon = new Connection(mysqlDatabase,mysqlHost,mysqlUser,mysqlPassword,(unsigned int)strtol(mysqlPort,(char **)0,10)); + if (dbCon->connected()) + break; + else { + fprintf(stderr,"Unable to connect to database server.\n"); + usleep(1000); + } + } +} + +int main(int argc,char **argv) +{ + { + char *ee = getenv("ZT_NETCONF_MYSQL_HOST"); + if (!ee) { + fprintf(stderr,"Missing environment variable: ZT_NETCONF_MYSQL_HOST\n"); + return -1; + } + strcpy(mysqlHost,ee); + ee = getenv("ZT_NETCONF_MYSQL_PORT"); + if (!ee) + strcpy(mysqlPort,"3306"); + else strcpy(mysqlPort,ee); + ee = getenv("ZT_NETCONF_MYSQL_DATABASE"); + if (!ee) { + fprintf(stderr,"Missing environment variable: ZT_NETCONF_MYSQL_DATABASE\n"); + return -1; + } + strcpy(mysqlDatabase,ee); + ee = getenv("ZT_NETCONF_MYSQL_USER"); + if (!ee) { + fprintf(stderr,"Missing environment variable: ZT_NETCONF_MYSQL_USER\n"); + return -1; + } + strcpy(mysqlUser,ee); + ee = getenv("ZT_NETCONF_MYSQL_PASSWORD"); + if (!ee) { + fprintf(stderr,"Missing environment variable: ZT_NETCONF_MYSQL_PASSWORD\n"); + return -1; + } + strcpy(mysqlPassword,ee); + } + + char buf[4096]; + std::string dictBuf; + + connectOrReconnect(); + for(;;) { + if (read(STDIN_FILENO,buf,4) != 4) { + fprintf(stderr,"Error reading frame size from stdin\n"); + return -1; + } + unsigned int fsize = (unsigned int)ntohl(*((const uint32_t *)buf)); + while (dictBuf.length() < fsize) { + int n = (int)read(STDIN_FILENO,buf,std::min((int)sizeof(buf),(int)(fsize - dictBuf.length()))); + for(int i=0;iconnected()) + connectOrReconnect(); + + try { + const std::string &command = msg.get("command"); + if (command == "config") { // NETWORK_CONFIG_REQUEST packet + Identity peerIdentity(msg.get("peerIdentity")); + uint64_t nwid = strtoull(msg.get("nwid").c_str(),(char **)0,16); + Dictionary meta; + if (msg.contains("meta")) + meta.fromString(msg.get("meta")); + + // Do quick signature check / sanity check + if (!peerIdentity.locallyValidate(false)) { + fprintf(stderr,"identity failed signature check: %s",peerIdentity.toString(false).c_str()); + continue; + } + + // Save identity if unknown + { + Query q = dbCon->query(); + q << "SELECT identity,identityValidated FROM Node WHERE id = " << peerIdentity.address().toInt(); + StoreQueryResult rs = q.store(); + if (rs.num_rows() > 0) { + if (rs[0]["identity"] != peerIdentity.toString(false)) { + // TODO: handle collisions... + continue; + } else if ((int)rs[0]["identityValidated"] == 0) { + // TODO: launch background validation + } + } else { + q = dbCon->query(); + uint64_t now = Utils::now(); + q << "INSERT INTO Node (id,creationTime,lastSeen,identity) VALUES (" << peerIdentity.address().toInt() << "," << now << "," << now << "," << peerIdentity.toString(false) << ")"; + if (!q.exec()) { + fprintf(stderr,"Error inserting Node row for peer %s, aborting netconf request",peerIdentity.address().toString().c_str()); + continue; + } + // TODO: launch background validation + } + } + + bool isOpen = false; + { + Query q = dbCon->query(); + q << "SELECT isOpen FROM Network WHERE id = " << nwid; + StoreQueryResult rs = q.store(); + if (rs.num_rows() > 0) + isOpen = ((int)rs[0]["isOpen"] > 0); + } + + Dictionary netconf; + + netconf["peer"] = peerIdentity.address().toString(); + sprintf(buf,"%.16llx",(unsigned long long)nwid); + netconf["nwid"] = buf; + netconf["isOpen"] = (isOpen ? "1" : "0"); + + if (!isOpen) { + // TODO: handle closed networks, look up private membership, + // generate signed cert. + } + + std::string ipv4Static,ipv6Static; + + { + // Check for IPv4 static assignments + Query q = dbCon->query(); + q << "SELECT INET_NTOA(ip) AS ip,netmaskBits FROM IPv4Static WHERE Node_id = " << peerIdentity.address().toInt() << " AND Network_id = " << nwid; + StoreQueryResult rs = q.store(); + if (rs.num_rows() > 0) { + for(int i=0;iquery(); + q << "SELECT ipNet,netmaskBits FROM IPv4AutoAssign WHERE Network_id = " << nwid; + rs = q.store(); + if (rs.num_rows() > 0) { + for(int aaRow=0;aaRow> netmaskBits); + tryIp |= ipNet; + + for(int k=0;k<100000;++k) { + Query q2 = dbCon->query(); + q2 << "INSERT INTO IPv4Static (Network_id,Node_id,ip,netmaskBits) VALUES (" << nwid << "," << peerIdentity.address().toInt() << "," << tryIp << "," << netmaskBits << ")"; + if (q2.exec()) { + sprintf(buf,"%u.%u.%u.%u",(unsigned int)((tryIp >> 24) & 0xff),(unsigned int)((tryIp >> 16) & 0xff),(unsigned int)((tryIp >> 8) & 0xff),(unsigned int)(tryIp & 0xff)); + if (ipv4Static.length()) + ipv4Static.push_back(','); + ipv4Static.append(buf); + ipv4Static.push_back('/'); + sprintf(buf,"%u",netmaskBits); + ipv4Static.append(buf); + break; + } else { // insert will fail if IP is in use due to uniqueness constraints in DB + ++tryIp; + if ((tryIp & 0xff) == 0) + tryIp |= 1; + tryIp &= (0xffffffff >> netmaskBits); + tryIp |= ipNet; + } + } + + if (ipv4Static.length()) + break; + } + } + } + } + + if (ipv4Static.length()) + netconf["ipv4Static"] = ipv4Static; + if (ipv6Static.length()) + netconf["ipv6Static"] = ipv6Static; + + Dictionary resp; + resp["peer"] = peerIdentity.address().toString(); + resp["nwid"] = msg.get("nwid"); + resp["requestId"] = msg.get("requestId"); + resp["netconf"] = netconf.toString(); + std::string respm = resp.toString(); + uint32_t respml = (uint32_t)htonl((uint32_t)respm.length()); + write(STDOUT_FILENO,&respml,4); + write(STDOUT_FILENO,respm.data(),respm.length()); + } + } catch (std::exception &exc) { + fprintf(stderr,"unexpected exception handling message: %s",exc.what()); + } catch ( ... ) { + fprintf(stderr,"unexpected exception handling message: unknown exception"); + } + } +} -- cgit v1.2.3