From 5cf410490e677f524eda5fd5c790e37f81ba7753 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Thu, 4 Aug 2016 10:18:33 -0700 Subject: . --- node/Network.cpp | 69 +++++++++++++++++++++++++++++--------------------------- 1 file changed, 36 insertions(+), 33 deletions(-) (limited to 'node/Network.cpp') diff --git a/node/Network.cpp b/node/Network.cpp index 061cca07..d9ad7838 100644 --- a/node/Network.cpp +++ b/node/Network.cpp @@ -29,6 +29,7 @@ #include "Buffer.hpp" #include "NetworkController.hpp" #include "Node.hpp" +#include "Peer.hpp" #include "../version.h" @@ -384,17 +385,20 @@ bool Network::_isAllowed(const SharedPtr &peer) const { // Assumes _lock is locked try { - if (!_config) - return false; - if (_config.isPublic()) - return true; - return ((_config.com)&&(peer->networkMembershipCertificatesAgree(_id,_config.com))); - } catch (std::exception &exc) { - TRACE("isAllowed() check failed for peer %s: unexpected exception: %s",peer->address().toString().c_str(),exc.what()); + if (_config) { + if (_config.isPublic()) { + return true; + } else { + LockingPtr m(peer->membership(_id,false)); + if (m) { + return _config.com.agreesWith(m->com()); + } + } + } } catch ( ... ) { - TRACE("isAllowed() check failed for peer %s: unexpected exception: unknown exception",peer->address().toString().c_str()); + TRACE("isAllowed() check failed for peer %s: unexpected exception: unexpected exception",peer->address().toString().c_str()); } - return false; // default position on any failure + return false; } class _MulticastAnnounceAll @@ -405,13 +409,13 @@ public: _controller(nw->controller()), _network(nw), _anchors(nw->config().anchors()), - _rootAddresses(renv->topology->rootAddresses()) + _upstreamAddresses(renv->topology->upstreamAddresses()) {} inline void operator()(Topology &t,const SharedPtr &p) { - if ( (_network->_isAllowed(p)) || // FIXME: this causes multicast LIKEs for public networks to get spammed + if ( (_network->_isAllowed(p)) || // FIXME: this causes multicast LIKEs for public networks to get spammed, which isn't terrible but is a bit stupid (p->address() == _controller) || - (std::find(_rootAddresses.begin(),_rootAddresses.end(),p->address()) != _rootAddresses.end()) || + (std::find(_upstreamAddresses.begin(),_upstreamAddresses.end(),p->address()) != _upstreamAddresses.end()) || (std::find(_anchors.begin(),_anchors.end(),p->address()) != _anchors.end()) ) { peers.push_back(p); } @@ -422,7 +426,7 @@ private: const Address _controller; Network *const _network; const std::vector
_anchors; - const std::vector
_rootAddresses; + const std::vector
_upstreamAddresses; }; void Network::_announceMulticastGroups() { @@ -438,31 +442,30 @@ void Network::_announceMulticastGroupsTo(const SharedPtr &peer,const std:: { // Assumes _lock is locked - // We push COMs ahead of MULTICAST_LIKE since they're used for access control -- a COM is a public - // credential so "over-sharing" isn't really an issue (and we only do so with roots). - if ((_config)&&(_config.com)&&(!_config.isPublic())&&(peer->needsOurNetworkMembershipCertificate(_id,RR->node->now(),true))) { - Packet outp(peer->address(),RR->identity.address(),Packet::VERB_NETWORK_MEMBERSHIP_CERTIFICATE); - _config.com.serialize(outp); - RR->sw->send(outp,true,0); - } - + // Anyone we announce multicast groups to will need our COM to authenticate GATHER requests. { - Packet outp(peer->address(),RR->identity.address(),Packet::VERB_MULTICAST_LIKE); + LockingPtr m(peer->membership(_id,false)); + if (m) m->sendCredentialsIfNeeded(RR,RR->node->now(),*peer,_config); + } - for(std::vector::const_iterator mg(allMulticastGroups.begin());mg!=allMulticastGroups.end();++mg) { - if ((outp.size() + 18) >= ZT_UDP_DEFAULT_PAYLOAD_MTU) { - RR->sw->send(outp,true,0); - outp.reset(peer->address(),RR->identity.address(),Packet::VERB_MULTICAST_LIKE); - } + Packet outp(peer->address(),RR->identity.address(),Packet::VERB_MULTICAST_LIKE); - // network ID, MAC, ADI - outp.append((uint64_t)_id); - mg->mac().appendTo(outp); - outp.append((uint32_t)mg->adi()); + for(std::vector::const_iterator mg(allMulticastGroups.begin());mg!=allMulticastGroups.end();++mg) { + if ((outp.size() + 24) >= ZT_PROTO_MAX_PACKET_LENGTH) { + outp.compress(); + RR->sw->send(outp,true,0); + outp.reset(peer->address(),RR->identity.address(),Packet::VERB_MULTICAST_LIKE); } - if (outp.size() > ZT_PROTO_MIN_PACKET_LENGTH) - RR->sw->send(outp,true,0); + // network ID, MAC, ADI + outp.append((uint64_t)_id); + mg->mac().appendTo(outp); + outp.append((uint32_t)mg->adi()); + } + + if (outp.size() > ZT_PROTO_MIN_PACKET_LENGTH) { + outp.compress(); + RR->sw->send(outp,true,0); } } -- cgit v1.2.3