From 4199c56e99ca68b0f7aa01aeab04ceff7e8ece1d Mon Sep 17 00:00:00 2001 From: Grant Limberg Date: Mon, 4 Jun 2018 11:07:12 -0700 Subject: cant compare character arrays with == --- service/OneService.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'service') diff --git a/service/OneService.cpp b/service/OneService.cpp index 04d8c8df..091beacc 100644 --- a/service/OneService.cpp +++ b/service/OneService.cpp @@ -1608,11 +1608,13 @@ public: // Nuke applied routes that are no longer in n.config.routes[] and/or are not allowed for(std::list< SharedPtr >::iterator mr(n.managedRoutes.begin());mr!=n.managedRoutes.end();) { bool haveRoute = false; + if ( (checkIfManagedIsAllowed(n,(*mr)->target())) && (((*mr)->via().ss_family != (*mr)->target().ss_family)||(!matchIpOnly(myIps,(*mr)->via()))) ) { for(unsigned int i=0;i(&(n.config.routes[i].target)); const InetAddress *const via = reinterpret_cast(&(n.config.routes[i].via)); - if ( ((*mr)->target() == *target) && ( ((via->ss_family == target->ss_family)&&((*mr)->via().ipsEqual(*via))) || (tapdev == (*mr)->device()) ) ) { + + if ( ((*mr)->target() == *target) && ( ((via->ss_family == target->ss_family)&&((*mr)->via().ipsEqual(*via))) || (strcmp(tapdev,(*mr)->device())) ) ) { haveRoute = true; break; } -- cgit v1.2.3 From dce9cb27c1f464cb4a5111c27502d8ca1d7297de Mon Sep 17 00:00:00 2001 From: Grant Limberg Date: Mon, 4 Jun 2018 11:24:24 -0700 Subject: helps to have an ==0 on a strcmp --- service/OneService.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'service') diff --git a/service/OneService.cpp b/service/OneService.cpp index 091beacc..91cf49ee 100644 --- a/service/OneService.cpp +++ b/service/OneService.cpp @@ -1614,7 +1614,7 @@ public: const InetAddress *const target = reinterpret_cast(&(n.config.routes[i].target)); const InetAddress *const via = reinterpret_cast(&(n.config.routes[i].via)); - if ( ((*mr)->target() == *target) && ( ((via->ss_family == target->ss_family)&&((*mr)->via().ipsEqual(*via))) || (strcmp(tapdev,(*mr)->device())) ) ) { + if ( ((*mr)->target() == *target) && ( ((via->ss_family == target->ss_family)&&((*mr)->via().ipsEqual(*via))) || (strcmp(tapdev,(*mr)->device())==0) ) ) { haveRoute = true; break; } -- cgit v1.2.3 From d74817f79f52df05e3f201f4ce18d439b83edcdc Mon Sep 17 00:00:00 2001 From: Joseph Henry Date: Fri, 22 Jun 2018 16:46:50 -0700 Subject: Added blurb about allowTcpFallbackRelay to README --- service/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'service') diff --git a/service/README.md b/service/README.md index da29d3d0..8730e567 100644 --- a/service/README.md +++ b/service/README.md @@ -32,7 +32,8 @@ Settings available in `local.conf` (this is not valid JSON, and JSON does not al "softwareUpdateDist": true|false, /* If true, distribute software updates (only really useful to ZeroTier, Inc. itself, default is false) */ "interfacePrefixBlacklist": [ "XXX",... ], /* Array of interface name prefixes (e.g. eth for eth#) to blacklist for ZT traffic */ "allowManagementFrom": "NETWORK/bits"|null, /* If non-NULL, allow JSON/HTTP management from this IP network. Default is 127.0.0.1 only. */ - "bind": [ "ip",... ] /* If present and non-null, bind to these IPs instead of to each interface (wildcard IP allowed) */ + "bind": [ "ip",... ], /* If present and non-null, bind to these IPs instead of to each interface (wildcard IP allowed) */ + "allowTcpFallbackRelay": true|false /* Allow or disallow establishment of TCP relay connections (true by default) */ } } ``` -- cgit v1.2.3 From 5b114791e52c046be3b5db254566928ccc6c7a23 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Fri, 20 Jul 2018 14:01:58 -0700 Subject: Fix a bug that caused a crash on empty HTTP requests (localhost only) and add a lightweight lock to the RX queue to prevent possible threads stepping on each other in parallel receive paths. --- node/Switch.cpp | 5 +++++ node/Switch.hpp | 1 + node/Topology.cpp | 3 --- service/OneService.cpp | 2 ++ 4 files changed, 8 insertions(+), 3 deletions(-) (limited to 'service') diff --git a/node/Switch.cpp b/node/Switch.cpp index 3fa8c31d..eeeca5db 100644 --- a/node/Switch.cpp +++ b/node/Switch.cpp @@ -121,6 +121,7 @@ void Switch::onRemotePacket(void *tPtr,const int64_t localSocket,const InetAddre // seeing a Packet::Fragment? RXQueueEntry *const rq = _findRXQueueEntry(fragmentPacketId); + Mutex::Lock rql(rq->lock); if (rq->packetId != fragmentPacketId) { // No packet found, so we received a fragment without its head. @@ -203,6 +204,7 @@ void Switch::onRemotePacket(void *tPtr,const int64_t localSocket,const InetAddre ); RXQueueEntry *const rq = _findRXQueueEntry(packetId); + Mutex::Lock rql(rq->lock); if (rq->packetId != packetId) { // If we have no other fragments yet, create an entry and save the head @@ -237,6 +239,7 @@ void Switch::onRemotePacket(void *tPtr,const int64_t localSocket,const InetAddre IncomingPacket packet(data,len,path,now); if (!packet.tryDecode(RR,tPtr)) { RXQueueEntry *const rq = _nextRXQueueEntry(); + Mutex::Lock rql(rq->lock); rq->timestamp = now; rq->packetId = packet.packetId(); rq->frag0 = packet; @@ -545,6 +548,7 @@ void Switch::doAnythingWaitingForPeer(void *tPtr,const SharedPtr &peer) const int64_t now = RR->node->now(); for(unsigned int ptr=0;ptrlock); if ((rq->timestamp)&&(rq->complete)) { if ((rq->frag0.tryDecode(RR,tPtr))||((now - rq->timestamp) > ZT_RECEIVE_QUEUE_TIMEOUT)) rq->timestamp = 0; @@ -594,6 +598,7 @@ unsigned long Switch::doTimerTasks(void *tPtr,int64_t now) for(unsigned int ptr=0;ptrlock); if ((rq->timestamp)&&(rq->complete)) { if ((rq->frag0.tryDecode(RR,tPtr))||((now - rq->timestamp) > ZT_RECEIVE_QUEUE_TIMEOUT)) { rq->timestamp = 0; diff --git a/node/Switch.hpp b/node/Switch.hpp index 906f418e..5de17fa0 100644 --- a/node/Switch.hpp +++ b/node/Switch.hpp @@ -159,6 +159,7 @@ private: unsigned int totalFragments; // 0 if only frag0 received, waiting for frags uint32_t haveFragments; // bit mask, LSB to MSB volatile bool complete; // if true, packet is complete + Mutex lock; }; RXQueueEntry _rxQueue[ZT_RX_QUEUE_SIZE]; AtomicCounter _rxQueuePtr; diff --git a/node/Topology.cpp b/node/Topology.cpp index a1b66ac7..7c526b41 100644 --- a/node/Topology.cpp +++ b/node/Topology.cpp @@ -382,8 +382,6 @@ void Topology::doPeriodicTasks(void *tPtr,int64_t now) } } - // Temporarily disable path cleanup to test hypothesis about periodic threading issues as reported by Keysight. -/* { Mutex::Lock _l(_paths_m); Hashtable< Path::HashKey,SharedPtr >::Iterator i(_paths); @@ -394,7 +392,6 @@ void Topology::doPeriodicTasks(void *tPtr,int64_t now) _paths.erase(*k); } } -*/ } void Topology::_memoizeUpstreams(void *tPtr) diff --git a/service/OneService.cpp b/service/OneService.cpp index 91cf49ee..ea336f07 100644 --- a/service/OneService.cpp +++ b/service/OneService.cpp @@ -1063,6 +1063,8 @@ public: else urlArgs[a->substr(0,eqpos)] = a->substr(eqpos + 1); } } + } else { + return 404; } bool isAuth = false; -- cgit v1.2.3 From fa7e7fc6f976e3ad27fd1212d3ba17148764bc21 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Fri, 20 Jul 2018 15:53:19 -0700 Subject: Revert fix for GitHub issue #600 because it causes route objects to build up forever (at least on Mac). Bleh. #600 is a rare issue and will need some other fix after reliable duplication. --- osdep/ManagedRoute.cpp | 1 + service/OneService.cpp | 5 ----- 2 files changed, 1 insertion(+), 5 deletions(-) (limited to 'service') diff --git a/osdep/ManagedRoute.cpp b/osdep/ManagedRoute.cpp index d7c80704..324fada0 100644 --- a/osdep/ManagedRoute.cpp +++ b/osdep/ManagedRoute.cpp @@ -246,6 +246,7 @@ static std::vector<_RTE> _getRTEs(const InetAddress &target,bool contains) static void _routeCmd(const char *op,const InetAddress &target,const InetAddress &via,const char *ifscope,const char *localInterface) { + //char f1[1024],f2[1024]; printf("%s %s %s %s %s\n",op,target.toString(f1),via.toString(f2),ifscope,localInterface); long p = (long)fork(); if (p > 0) { int exitcode = -1; diff --git a/service/OneService.cpp b/service/OneService.cpp index ea336f07..389cdc91 100644 --- a/service/OneService.cpp +++ b/service/OneService.cpp @@ -1610,12 +1610,10 @@ public: // Nuke applied routes that are no longer in n.config.routes[] and/or are not allowed for(std::list< SharedPtr >::iterator mr(n.managedRoutes.begin());mr!=n.managedRoutes.end();) { bool haveRoute = false; - if ( (checkIfManagedIsAllowed(n,(*mr)->target())) && (((*mr)->via().ss_family != (*mr)->target().ss_family)||(!matchIpOnly(myIps,(*mr)->via()))) ) { for(unsigned int i=0;i(&(n.config.routes[i].target)); const InetAddress *const via = reinterpret_cast(&(n.config.routes[i].via)); - if ( ((*mr)->target() == *target) && ( ((via->ss_family == target->ss_family)&&((*mr)->via().ipsEqual(*via))) || (strcmp(tapdev,(*mr)->device())==0) ) ) { haveRoute = true; break; @@ -1640,15 +1638,12 @@ public: bool haveRoute = false; // Ignore routes implied by local managed IPs since adding the IP adds the route - // Commented out to fix ticket #600 (disappearing routes on macOS). Remove this block when we're sure there's no side effects - /* for(std::vector::iterator ip(n.managedIps.begin());ip!=n.managedIps.end();++ip) { if ((target->netmaskBits() == ip->netmaskBits())&&(target->containsAddress(*ip))) { haveRoute = true; break; } } - */ if (haveRoute) continue; -- cgit v1.2.3 From e01c0adff28602d48ad6f0d618bee072ec7843da Mon Sep 17 00:00:00 2001 From: Joseph Henry Date: Wed, 1 Aug 2018 17:17:04 -0700 Subject: Added ifdef checks to omit some ManagedRoute code in SDK builds --- osdep/ManagedRoute.cpp | 8 +++++++- service/OneService.cpp | 3 ++- 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'service') diff --git a/osdep/ManagedRoute.cpp b/osdep/ManagedRoute.cpp index 324fada0..453d810a 100644 --- a/osdep/ManagedRoute.cpp +++ b/osdep/ManagedRoute.cpp @@ -46,7 +46,9 @@ #include #include #include +#ifndef ZT_SDK #include +#endif #include #ifdef __BSD__ #include @@ -109,6 +111,7 @@ struct _RTE #ifdef __BSD__ // ------------------------------------------------------------ #define ZT_ROUTING_SUPPORT_FOUND 1 +#ifndef ZT_SDK static std::vector<_RTE> _getRTEs(const InetAddress &target,bool contains) { std::vector<_RTE> rtes; @@ -243,6 +246,7 @@ static std::vector<_RTE> _getRTEs(const InetAddress &target,bool contains) return rtes; } +#endif static void _routeCmd(const char *op,const InetAddress &target,const InetAddress &via,const char *ifscope,const char *localInterface) { @@ -409,6 +413,7 @@ static bool _winHasRoute(const NET_LUID &interfaceLuid, const NET_IFINDEX &inter * Linux default route override implies asymmetric routes, which then * trigger Linux's "martian packet" filter. */ +#ifndef ZT_SDK bool ManagedRoute::sync() { #ifdef __WINDOWS__ @@ -519,6 +524,7 @@ bool ManagedRoute::sync() return true; } +#endif void ManagedRoute::remove() { @@ -562,4 +568,4 @@ void ManagedRoute::remove() _applied.clear(); } -} // namespace ZeroTier +} // namespace ZeroTier \ No newline at end of file diff --git a/service/OneService.cpp b/service/OneService.cpp index 389cdc91..a34db4b4 100644 --- a/service/OneService.cpp +++ b/service/OneService.cpp @@ -1646,7 +1646,7 @@ public: } if (haveRoute) continue; - +#ifndef ZT_SDK // If we've already applied this route, just sync it and continue for(std::list< SharedPtr >::iterator mr(n.managedRoutes.begin());mr!=n.managedRoutes.end();++mr) { if ( ((*mr)->target() == *target) && ( ((via->ss_family == target->ss_family)&&((*mr)->via().ipsEqual(*via))) || (tapdev == (*mr)->device()) ) ) { @@ -1662,6 +1662,7 @@ public: n.managedRoutes.push_back(SharedPtr(new ManagedRoute(*target,*via,tapdev))); if (!n.managedRoutes.back()->sync()) n.managedRoutes.pop_back(); +#endif } } } -- cgit v1.2.3